Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help! CXPFY! [Solved]


  • This topic is locked This topic is locked

#1
jaydeegilmore

jaydeegilmore

    New Member

  • Member
  • Pip
  • 2 posts
For several days I have this incredibly annoying problem. When surfing I get loads of underlined (in blue) words. They are hyperlinks and all take, via cxpfy.com to monstermarketplace.com.
I have tried running Spybot, AVG, Malwarebytes, Adaware. To no avail!
Any help available? A simple FREE removal tool :)
I'm not very tech-savvy so need some simple help.

Here is the OTL report:

OTL logfile created on: 10/6/2012 5:00:25 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\JD\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.97 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 35.11% Memory free
5.93 Gb Paging File | 2.83 Gb Available in Paging File | 47.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 15.30 Gb Free Space | 20.53% Space Free | Partition Type: NTFS
Drive D: | 206.97 Gb Total Space | 20.34 Gb Free Space | 9.83% Space Free | Partition Type: NTFS
Drive E: | 232.83 Gb Total Space | 8.98 Gb Free Space | 3.85% Space Free | Partition Type: FAT32

Computer Name: JD-ASUS | User Name: JD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/06 16:59:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JD\Desktop\OTL.exe
PRC - [2012/09/20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/09/20 15:03:16 | 018,941,832 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/09/04 18:55:02 | 001,193,176 | ---- | M] () -- C:\Users\JD\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/08/27 08:57:34 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/08/27 08:57:31 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/08/10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\JD\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/08/08 09:17:00 | 000,540,056 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/07/27 21:51:28 | 001,498,552 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/06/08 04:02:02 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/06/03 09:24:59 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\JD\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/04 15:43:20 | 001,561,768 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/02/18 06:39:44 | 000,031,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\prevhost.exe
PRC - [2010/08/19 09:52:14 | 000,241,664 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2010/08/19 09:52:04 | 000,229,376 | ---- | M] () -- C:\ProgramData\DatacardService\DCService.exe
PRC - [2010/05/30 16:20:04 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/01/13 17:19:42 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2010/01/13 17:11:52 | 007,109,248 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2010/01/05 21:59:12 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2010/01/05 01:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/11/24 21:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/08/03 00:54:16 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/07/31 18:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/06/19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2009/06/19 18:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/23 01:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 05:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2007/08/08 08:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/25 10:42:58 | 000,460,312 | ---- | M] () -- C:\Users\JD\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppgooglenaclpluginchrome.dll
MOD - [2012/09/25 10:42:57 | 012,278,808 | ---- | M] () -- C:\Users\JD\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
MOD - [2012/09/25 10:42:55 | 004,005,912 | ---- | M] () -- C:\Users\JD\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
MOD - [2012/09/25 10:41:39 | 000,578,072 | ---- | M] () -- C:\Users\JD\AppData\Local\Google\Chrome\Application\22.0.1229.79\libglesv2.dll
MOD - [2012/09/25 10:41:38 | 000,123,416 | ---- | M] () -- C:\Users\JD\AppData\Local\Google\Chrome\Application\22.0.1229.79\libegl.dll
MOD - [2012/09/25 10:41:27 | 000,156,712 | ---- | M] () -- C:\Users\JD\AppData\Local\Google\Chrome\Application\22.0.1229.79\avutil-51.dll
MOD - [2012/09/25 10:41:26 | 000,275,496 | ---- | M] () -- C:\Users\JD\AppData\Local\Google\Chrome\Application\22.0.1229.79\avformat-54.dll
MOD - [2012/09/25 10:41:24 | 002,168,360 | ---- | M] () -- C:\Users\JD\AppData\Local\Google\Chrome\Application\22.0.1229.79\avcodec-54.dll
MOD - [2012/09/04 18:55:02 | 001,193,176 | ---- | M] () -- C:\Users\JD\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/08/27 08:57:37 | 000,564,832 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012/08/27 08:57:35 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012/08/27 08:57:31 | 000,947,808 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/07/27 21:51:28 | 000,249,272 | ---- | M] () -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\sqlite.dll
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/01/05 01:43:36 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009/11/24 21:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe


========== Services (SafeList) ==========

SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/12/08 00:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/08/03 00:54:14 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2012/09/22 06:57:32 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/20 15:03:20 | 001,236,368 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/09/08 21:33:05 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/27 08:57:34 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/08/19 09:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/27 08:57:36 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/08/24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/07/26 03:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/12/19 12:44:24 | 000,084,600 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbwtis.sys -- (sbwtis)
DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/09/29 12:16:18 | 000,119,416 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2011/06/27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/04 18:52:46 | 000,093,696 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys -- (huawei_cdcacm)
DRV:64bit: - [2010/10/09 15:49:52 | 000,085,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV:64bit: - [2010/08/31 19:09:00 | 000,256,000 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2010/08/07 18:49:04 | 000,121,600 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2010/07/29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010/07/27 10:52:16 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2010/01/18 13:37:57 | 000,128,512 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/12/15 11:46:38 | 000,039,552 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tcpipBM.sys -- (tcpipBM)
DRV:64bit: - [2009/12/15 11:46:30 | 000,016,512 | ---- | M] (Bytemobile, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BMLoad.sys -- (BMLoad)
DRV:64bit: - [2009/12/14 11:26:49 | 008,034,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/12/14 00:13:13 | 000,144,896 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/11/04 16:44:12 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009/11/04 16:44:04 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009/11/04 16:43:56 | 000,119,680 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009/09/04 06:39:07 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/08/21 07:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/08/06 22:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/20 10:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/17 09:52:01 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/01 05:46:51 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 05:46:47 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 05:46:39 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 02:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/04/07 08:33:07 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2007/07/24 19:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT1060933

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://safesearchr.l...5CB82506E77AA53
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://safesearchr.l...q={searchTerms}
IE - HKCU\..\SearchScopes\{79C3F990-BC01-4844-9521-453DA06F11BF}: "URL" = http://uk.search.yah...p={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg....fr&d=2012-06-09 09:45:41&v=12.2.5.32&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2102}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.condui...&ctid=CT1060933
IE - HKCU\..\SearchScopes\{BBA74902-AB3E-4B75-849D-12F0F450886F}: "URL" = http://start.funmood...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "blekko"
FF - prefs.js..browser.startup.homepage: "http://safesearchr.l...CB82506E77AA53"
FF - prefs.js..extensions.enabledAddons: [email protected]:2.0.2.039
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.BringMeSports_1c.com/Plugin: C:\Program Files (x86)\BringMeSports_1cEI\Installr\1.bin\NP1cEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\JD\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\JD\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\JD\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\JD\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/11 09:28:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\SearchPredict\PRFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/06 21:18:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\ProgramData\AVG Secure Search\12.2.5.32\ [2012/08/27 08:57:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/05 07:08:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/08 21:32:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files (x86)\AVG\AVG2012\Thunderbird\ [2011/12/23 09:50:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/05 07:08:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/08 21:32:57 | 000,000,000 | ---D | M]

[2012/07/27 13:15:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JD\AppData\Roaming\Mozilla\Extensions
[2012/10/05 07:08:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\wwyqe3f8.default\extensions
[2012/10/05 07:01:26 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\wwyqe3f8.default\extensions\[email protected]
[2012/09/27 22:17:28 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\JD\AppData\Roaming\Mozilla\Firefox\Profiles\wwyqe3f8.default\extensions\[email protected]
[2012/09/08 21:32:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/08 21:33:06 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/03 09:25:16 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/10/05 07:01:20 | 000,000,616 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml
[2012/08/27 08:57:31 | 000,003,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/29 18:31:17 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/10 11:23:34 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012/08/29 18:31:17 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.co...=DSGO&bmod=DSGO
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.co...=DSGO&bmod=DSGO
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\JD\AppData\Local\Google\Chrome\Application\22.0.1229.79\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\JD\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\JD\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\JD\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\JD\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: BringMeSports Installer Plugin Stub (Enabled) = C:\Program Files (x86)\BringMeSports_1cEI\Installr\1.bin\NP1cEISB.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll
CHR - Extension: Google Drive = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: PlayBryte = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkppmehliomnfafdedmigdkinpdcnidh\1.0_0\
CHR - Extension: Ocean Pacific = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecaabliejjdikjnkahhikeelbblahgoi\3_0\
CHR - Extension: Gmail Offline = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_0\
CHR - Extension: AdBlock = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.45_0\
CHR - Extension: LastPass = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd\2.0.12_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Safe Search = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: AVG Secure Search = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.32_0\
CHR - Extension: Gmail = C:\Users\JD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/05 04:47:18 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O2 - BHO: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.3\ytdToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.3\ytdToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ooVoo toolbar, powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SBRegRebootCleaner] C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe (GFI Software)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\InternetManager_H\DataCardMonitor.exe (Huawei Technologies Co., Ltd.)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\JD\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files (x86)\T-Mobile\InternetManager_H\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\JD\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\BBC iPlayer Desktop.lnk = File not found
O4 - Startup: C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\JD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67E0C80E-91E4-409C-9F02-A51CAE41EF19}: NameServer = 83.224.70.78 83.224.70.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6F40A8F-2288-45A4-B546-3D4A199BAF21}: DhcpNameServer = 192.168.11.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/06 16:59:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\JD\Desktop\OTL.exe
[2012/10/05 08:17:46 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Roaming\LavasoftStatistics
[2012/10/05 07:01:32 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\adawarebp
[2012/10/05 07:01:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/10/05 07:01:20 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Roaming\blekko
[2012/10/05 06:40:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/05 06:38:48 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/10/05 06:19:13 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/05 06:05:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/05 06:05:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/05 06:05:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/04 11:48:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/04 11:48:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/04 07:58:18 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{80881672-ADA2-46EB-B806-C0A02BB3BA54}
[2012/10/03 21:25:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/10/03 21:25:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/10/03 21:25:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/10/03 19:42:20 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{AB34D6C8-64C4-42AB-8E6E-D0956B0C3C6B}
[2012/10/03 07:42:09 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{C1923FD1-251B-4A7D-8E07-E9915A63D7F7}
[2012/10/02 19:40:34 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{BF8DCC55-EFFB-4B97-95DA-ED51428EF488}
[2012/10/02 13:34:15 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/10/02 07:40:09 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{2E26E51B-0B92-4FAF-84D5-DA4632CF566C}
[2012/10/01 19:39:58 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{596EDB7A-C521-404B-9474-1D5611973EA9}
[2012/10/01 07:39:47 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{83212E45-8C83-4D1D-9A62-22073B4C5449}
[2012/09/30 15:57:11 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{278E3F15-B8A1-46CF-8797-9CAE6A331E0E}
[2012/09/29 09:27:38 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{83C102DE-8DC8-45E4-8EBC-C97CE8AD4A31}
[2012/09/29 09:23:58 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{7D0EB7D7-37E2-4D10-8FE8-E8A054F8D201}
[2012/09/27 07:52:08 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{33A75FC3-6E74-4292-9185-C8E6D8C75565}
[2012/09/26 19:47:33 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{37C0CB71-0404-4FCD-A9D4-6D81834391A0}
[2012/09/26 07:50:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YTD Toolbar
[2012/09/26 07:47:22 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{688BB00F-CA09-4F0B-B55E-1C921CB27CFD}
[2012/09/24 13:51:02 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{1751E61F-52CA-48FE-AE76-EAB094142874}
[2012/09/24 10:31:43 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{3BC865D5-EC64-4C9A-986B-7509573D4F14}
[2012/09/24 10:04:41 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{5BC690F8-468F-4259-B555-E9E35A039E65}
[2012/09/23 20:09:58 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{0C7EB1EB-7465-4FDE-9FF8-FBD50CDDE300}
[2012/09/23 00:06:29 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{06E9FF4C-68FD-4A54-9885-D93B6CA1DBB5}
[2012/09/22 11:14:40 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{BA9A7BAB-7346-4480-86B5-392DED8E03EF}
[2012/09/21 23:14:14 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{97485E72-A05A-424E-85AD-EF8FF113DD68}
[2012/09/21 11:14:22 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{55EF4536-F98B-4C7B-A808-0EA87F38F03C}
[2012/09/20 23:59:04 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{98B913C3-0C5C-46D8-8818-1835643A8992}
[2012/09/20 23:57:50 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{F8316C16-0712-491F-A6E2-BDF575C97125}
[2012/09/20 19:47:04 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{62BE9202-9D33-4398-B342-250C28F07B10}
[2012/09/20 07:46:53 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{E0CC7486-4E97-4315-9E57-5488532317C3}
[2012/09/19 19:46:40 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{88B3A8F0-482A-4DA1-B0A2-D1BD9D92EADF}
[2012/09/19 07:27:31 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{90A9BF29-27D7-4E83-9F9B-D1B1C8EC534C}
[2012/09/18 19:27:20 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{BDA43582-EA05-4E49-B0D3-5F3409E4E852}
[2012/09/18 07:22:12 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{B9DB12AA-690E-4224-B2B2-FA322F5DA7DB}
[2012/09/13 20:00:38 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{5A1DD890-F19E-4983-8389-D5B22C727E2A}
[2012/09/13 07:26:11 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{C6ADD6D9-0B58-46E4-B4E1-BB0FF656C5E6}
[2012/09/11 23:12:42 | 000,000,000 | ---D | C] -- C:\password reset
[2012/09/11 09:28:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/09/10 14:00:04 | 000,000,000 | ---D | C] -- C:\Users\JD\Desktop\temp rox
[2012/09/09 21:45:33 | 000,000,000 | ---D | C] -- C:\Users\JD\AppData\Local\{3E51F71E-1B52-4A3F-82C0-A460FE28C2E7}
[2012/09/08 21:32:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/09/07 00:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[3 C:\Users\JD\Desktop\*.tmp files -> C:\Users\JD\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/06 17:06:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-721766576-2541526803-4150455649-1001UA.job
[2012/10/06 16:59:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\JD\Desktop\OTL.exe
[2012/10/06 16:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/06 16:20:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/06 11:30:37 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/06 11:30:37 | 000,628,874 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/06 11:30:37 | 000,111,026 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/06 09:29:31 | 096,726,842 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/10/06 09:20:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/06 08:39:18 | 000,465,047 | ---- | M] () -- C:\Users\JD\Desktop\path.jpg
[2012/10/06 08:30:21 | 000,366,643 | ---- | M] () -- C:\Users\JD\Desktop\percorsi-logo-per-web.jpg
[2012/10/06 08:16:18 | 001,433,394 | ---- | M] () -- C:\Users\JD\Desktop\Roll_up_85x205cm.pdf
[2012/10/06 07:48:52 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/06 07:48:52 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/06 07:32:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/05 21:17:06 | 000,005,068 | ---- | M] () -- C:\Users\JD\Desktop\EEMA logo.png
[2012/10/05 19:06:00 | 000,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-721766576-2541526803-4150455649-1001Core.job
[2012/10/05 18:42:27 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/10/05 18:41:19 | 2388,557,824 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/05 12:55:04 | 000,003,044 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/10/05 05:37:27 | 000,017,205 | ---- | M] () -- C:\Users\JD\Desktop\Interpretation equipment quote.pdf
[2012/10/05 05:03:03 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012/10/05 04:47:18 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/10/04 17:43:34 | 000,467,037 | ---- | M] () -- C:\Users\JD\Desktop\Piper invitation 2014.pdf
[2012/10/04 08:34:32 | 000,001,368 | ---- | M] () -- C:\Windows\wininit.ini
[2012/10/03 21:25:26 | 000,001,220 | ---- | M] () -- C:\Users\JD\Desktop\Spybot - Search & Destroy.lnk
[2012/10/03 14:20:59 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/03 14:07:39 | 000,095,578 | ---- | M] () -- C:\Users\JD\Desktop\Sep-2011-tourguide-rates.pdf
[2012/10/03 09:55:01 | 000,292,798 | ---- | M] () -- C:\Users\JD\Desktop\Mission Net Council of Reference Application.pdf
[2012/10/02 13:34:19 | 000,002,352 | ---- | M] () -- C:\Users\JD\Desktop\Google Chrome.lnk
[2012/09/28 08:36:07 | 000,343,331 | ---- | M] () -- C:\Users\JD\Desktop\Percorsi Responso Residenziale 2012.pdf
[2012/09/28 08:35:00 | 000,393,216 | ---- | M] () -- C:\Users\JD\Desktop\Percorsi Responso Residenziale 2012.pub
[2012/09/26 22:25:06 | 000,319,647 | ---- | M] () -- C:\Users\JD\Desktop\RoxCertAsperger001.pdf
[2012/09/26 16:48:45 | 107,763,388 | ---- | M] () -- C:\Users\JD\Desktop\BluefishTV-Work_as_Worship-HD[1].mp4
[2012/09/26 09:07:44 | 000,734,359 | ---- | M] () -- C:\Users\JD\Desktop\proposte001.jpg
[2012/09/25 17:56:50 | 000,651,297 | ---- | M] () -- C:\Users\JD\Desktop\GMI resoconto 21 settembre 2012.pdf
[2012/09/24 16:26:05 | 000,052,736 | ---- | M] () -- C:\Users\JD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/21 22:29:08 | 000,121,527 | ---- | M] () -- C:\Users\JD\Desktop\owitalia 2.JPG
[2012/09/21 22:27:54 | 000,035,334 | ---- | M] () -- C:\Users\JD\Desktop\owitalia 1.JPG
[2012/09/20 13:28:32 | 071,662,893 | ---- | M] () -- C:\Users\JD\Desktop\George & Rox.wmv
[2012/09/20 13:26:22 | 000,009,141 | ---- | M] () -- C:\Users\JD\Desktop\George & Rox.wlmp
[2012/09/20 12:52:56 | 000,277,058 | ---- | M] () -- C:\Users\JD\Desktop\AEMI Project.pdf
[2012/09/20 08:44:39 | 000,990,587 | ---- | M] () -- C:\Users\JD\Desktop\percorsi copertina.jpg
[2012/09/20 08:41:14 | 000,850,586 | ---- | M] () -- C:\Users\JD\Desktop\2012-09-20 08.20.13.jpg
[2012/09/19 22:05:03 | 005,197,940 | ---- | M] () -- C:\Users\JD\Desktop\Braveheart ITA (Discorso prima della battaglia).flv
[2012/09/19 21:55:36 | 227,972,841 | ---- | M] () -- C:\Users\JD\Desktop\Percorsi - Hannity contro Hitchens.wmv
[2012/09/19 21:40:26 | 000,009,879 | ---- | M] () -- C:\Users\JD\Desktop\Percorsi - Hannity contro Hitchens.wlmp
[2012/09/19 21:14:09 | 009,287,315 | ---- | M] () -- C:\Users\JD\Desktop\Sean Hannity vs Christopher Hitchens Debate Does God Exist.flv
[2012/09/16 08:19:14 | 039,053,312 | ---- | M] () -- C:\Users\JD\Desktop\George 2 Rox.MOD
[2012/09/13 13:55:12 | 043,207,923 | ---- | M] () -- C:\Users\JD\Desktop\The Atheism Tapes Sub Ita Parte 1.flv
[2012/09/13 09:49:41 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2012/09/12 19:52:14 | 000,435,734 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[3 C:\Users\JD\Desktop\*.tmp files -> C:\Users\JD\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/06 08:39:18 | 000,465,047 | ---- | C] () -- C:\Users\JD\Desktop\path.jpg
[2012/10/06 08:16:18 | 001,433,394 | ---- | C] () -- C:\Users\JD\Desktop\Roll_up_85x205cm.pdf
[2012/10/05 21:17:05 | 000,005,068 | ---- | C] () -- C:\Users\JD\Desktop\EEMA logo.png
[2012/10/05 07:02:53 | 000,001,830 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/10/05 06:05:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/05 06:05:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/05 06:05:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/05 06:05:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/05 06:05:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/05 05:37:27 | 000,017,205 | ---- | C] () -- C:\Users\JD\Desktop\Interpretation equipment quote.pdf
[2012/10/04 17:43:31 | 000,467,037 | ---- | C] () -- C:\Users\JD\Desktop\Piper invitation 2014.pdf
[2012/10/04 08:34:22 | 000,001,368 | ---- | C] () -- C:\Windows\wininit.ini
[2012/10/03 21:25:26 | 000,001,220 | ---- | C] () -- C:\Users\JD\Desktop\Spybot - Search & Destroy.lnk
[2012/10/03 14:20:59 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/03 14:07:39 | 000,095,578 | ---- | C] () -- C:\Users\JD\Desktop\Sep-2011-tourguide-rates.pdf
[2012/10/03 09:54:58 | 000,292,798 | ---- | C] () -- C:\Users\JD\Desktop\Mission Net Council of Reference Application.pdf
[2012/10/02 13:34:19 | 000,002,352 | ---- | C] () -- C:\Users\JD\Desktop\Google Chrome.lnk
[2012/09/28 10:09:21 | 000,366,643 | ---- | C] () -- C:\Users\JD\Desktop\percorsi-logo-per-web.jpg
[2012/09/28 08:26:40 | 000,343,331 | ---- | C] () -- C:\Users\JD\Desktop\Percorsi Responso Residenziale 2012.pdf
[2012/09/28 08:23:41 | 000,393,216 | ---- | C] () -- C:\Users\JD\Desktop\Percorsi Responso Residenziale 2012.pub
[2012/09/26 22:25:06 | 000,319,647 | ---- | C] () -- C:\Users\JD\Desktop\RoxCertAsperger001.pdf
[2012/09/26 16:48:41 | 107,763,388 | ---- | C] () -- C:\Users\JD\Desktop\BluefishTV-Work_as_Worship-HD[1].mp4
[2012/09/26 09:07:44 | 000,734,359 | ---- | C] () -- C:\Users\JD\Desktop\proposte001.jpg
[2012/09/25 17:56:48 | 000,651,297 | ---- | C] () -- C:\Users\JD\Desktop\GMI resoconto 21 settembre 2012.pdf
[2012/09/21 22:29:08 | 000,121,527 | ---- | C] () -- C:\Users\JD\Desktop\owitalia 2.JPG
[2012/09/21 22:27:53 | 000,035,334 | ---- | C] () -- C:\Users\JD\Desktop\owitalia 1.JPG
[2012/09/20 13:26:33 | 071,662,893 | ---- | C] () -- C:\Users\JD\Desktop\George & Rox.wmv
[2012/09/20 13:04:56 | 000,009,141 | ---- | C] () -- C:\Users\JD\Desktop\George & Rox.wlmp
[2012/09/20 12:52:55 | 000,277,058 | ---- | C] () -- C:\Users\JD\Desktop\AEMI Project.pdf
[2012/09/20 08:44:36 | 000,990,587 | ---- | C] () -- C:\Users\JD\Desktop\percorsi copertina.jpg
[2012/09/20 08:41:13 | 000,850,586 | ---- | C] () -- C:\Users\JD\Desktop\2012-09-20 08.20.13.jpg
[2012/09/19 22:03:53 | 005,197,940 | ---- | C] () -- C:\Users\JD\Desktop\Braveheart ITA (Discorso prima della battaglia).flv
[2012/09/19 21:40:50 | 227,972,841 | ---- | C] () -- C:\Users\JD\Desktop\Percorsi - Hannity contro Hitchens.wmv
[2012/09/19 21:40:26 | 000,009,879 | ---- | C] () -- C:\Users\JD\Desktop\Percorsi - Hannity contro Hitchens.wlmp
[2012/09/19 21:10:40 | 009,287,315 | ---- | C] () -- C:\Users\JD\Desktop\Sean Hannity vs Christopher Hitchens Debate Does God Exist.flv
[2012/09/19 19:58:34 | 039,053,312 | ---- | C] () -- C:\Users\JD\Desktop\George 2 Rox.MOD
[2012/09/13 13:45:59 | 043,207,923 | ---- | C] () -- C:\Users\JD\Desktop\The Atheism Tapes Sub Ita Parte 1.flv
[2012/09/13 09:49:41 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2012/09/06 12:07:56 | 000,001,137 | ---- | C] () -- C:\Users\JD\Desktop - Shortcut.lnk
[2012/08/15 15:33:06 | 000,027,520 | ---- | C] () -- C:\Users\JD\AppData\Local\dt.dat
[2012/08/05 16:52:10 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012/05/26 10:05:17 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\Converter_sysquict.dat
[2012/05/26 10:03:17 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/05/26 10:03:13 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/05/26 10:03:12 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/05/11 18:52:39 | 000,021,219 | ---- | C] () -- C:\Users\JD\AppData\Local\Temp15.html
[2012/05/11 18:52:03 | 000,001,955 | ---- | C] () -- C:\Users\JD\AppData\Local\Temp1.html
[2012/05/01 15:47:52 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/04/03 19:05:24 | 000,000,166 | ---- | C] () -- C:\Users\JD\AppData\Roaming\Battery Meter_Settings.ini
[2012/03/24 21:51:30 | 000,004,135 | ---- | C] () -- C:\ProgramData\dkelscwb.bbq
[2012/03/24 21:45:24 | 000,004,910 | ---- | C] () -- C:\ProgramData\qjaxlkio.dss
[2011/07/09 08:56:31 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/07/09 08:56:31 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/07/08 12:01:21 | 000,000,595 | ---- | C] () -- C:\Users\JD\SGJApps.SBLHSApparatus.recentFilesList
[2011/07/05 15:25:23 | 000,052,736 | ---- | C] () -- C:\Users\JD\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/07 11:13:38 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/06/07 11:13:38 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/06/07 11:13:38 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/06/07 11:13:38 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/06/07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/05 08:27:02 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Ad-Aware Antivirus
[2012/06/08 08:19:37 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Asus WebStorage
[2012/07/25 22:01:27 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Audacity
[2012/07/16 09:38:37 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Auslogics
[2012/07/27 12:32:11 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\AVG
[2011/10/23 08:01:00 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\AVG2012
[2012/03/24 20:49:03 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2012/10/05 07:01:20 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\blekko
[2011/12/09 09:50:26 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\com.Shutterfly.ExpressUploader
[2012/10/06 08:45:00 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Dropbox
[2011/07/05 08:28:48 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\EeeStorageUploader
[2011/07/13 10:45:58 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\EPSON
[2012/02/10 18:59:19 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Foxit Software
[2012/06/28 00:00:19 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\FreeTorrentViewer
[2011/08/31 12:33:58 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\GetRightToGo
[2012/05/09 22:35:34 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\GHISLER
[2012/01/26 17:27:54 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\LaParola
[2012/03/24 21:47:48 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\MOVAVI
[2011/10/06 22:19:42 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\ooVoo Details
[2011/07/19 16:31:40 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\OpenOffice.org
[2011/11/25 09:56:01 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Philipp Winterberg
[2012/03/16 15:04:57 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Publish Providers
[2012/06/27 11:33:53 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Samsung
[2011/06/29 11:05:57 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Sony
[2012/09/04 20:20:40 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Spotify
[2011/09/21 08:51:21 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\T-Mobile
[2012/08/08 00:07:21 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\T-Mobile Internet Manager
[2011/06/28 17:25:10 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Tatara Systems
[2012/05/25 22:13:36 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\temp
[2011/07/17 18:01:13 | 000,000,000 | ---D | M] -- C:\Users\JD\AppData\Roaming\Thunderbird

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:888AFB86

< End of report >
  • 0

Advertisements


#2
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hello jaydee, :wave:
:welcome:. My name is godawgs and I will be assisting you with your Virus / Malware issues.
I will start working on your Malware issues. This may, or may not, solve other issues you have with your machine. The fixes are specific to your problem and should only be used for this issue on this machine!

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.
If you have not, please adhere to the guidelines below and then carefully follow all future instructions:

You must reply to posts within four days. If you haven't replied within that time, the topic will be closed! If you need additional time to complete things, just let me know.
If you're not sure, or if something unexpected happens, Do NOT continue! Stop and ask!

This board can notify you when a new reply is added to a topic. Please read this topic to find out how to do that.

Please do not run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability. Do as the instructions ask, nothing extra. Do Not run things twice unless instructed.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • If I ask a Question just answer it, don't run anything unless directed to.
Please read every post completely before doing anything.
  • Pay special attention to the NOTE: lines, or anything in red. These entries identify an individual issue or important step in the cleanup process.
  • Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. Some of the steps I will be asking you to do may require you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
Logs from malware diagnostic or removal programs (OTL is one of them) can take some time to analyze.
  • I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forum, (sometimes :lol: )
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
In light of this be prepared to back up your data. Have means of backing up your data available.


Your log shows that both AVG antivirus and Ad-Aware antivirus are running on the system. You need to uninstall one of them. If you will let me know which one you want to keep we'll get rid of the other.

I see that you have run ComboFix. Please post the ComboFix log in your next reply. You can find it at C:\ComboFix.txt

I want a more indepth OTL scan along with the Extras.txt so we're gonna get some new scans. I'm gonna change the settings for the scan so be sure to read the directions carefully.


Step-1.

Posted Image OTL Custom Scan

1. Please copy the text in the Quote box below, (Do Not copy the word Quote), and paste it in the Posted Image box in OTL. To do that:
  • Highlight everything inside the quote box, (except the word Quote), right click the mouse and click Copy.

netsvcs
baseservices
%SYSTEMDRIVE%\*.exe
%SYSTEMDRIVE%\user.js
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
qmgr.dll
services.*
consrv.dll
wshelper.dll
/md5stop
HKEY_CLASSES_ROOT\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F} /s
HKEY_CLASSES_ROOT\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9} /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
DRIVES
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
del c:\commands.txt^|y /hide /c
/wait
del c:\diskreport.txt^|y /hide /c


2. Re-open OTL on the desktop. To do that:
  • Double click on the Posted Image OTL icon to run it. (Vista / 7 Users:Right click on the icon and click Run as Administrator)
    Make sure all other windows are closed.
  • You will see a console like the one below:

    Posted Image
  • Check the box beside Scan All Users and Include 64bit Scans at the top of the console<---Very Important
  • Under the Extra Registry section click the radio button beside Use SafeList<---Very Important
  • Make sure the Output box at the top is set to Standard Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Place the mouse pointer inside thePosted Image box, right click and click Paste. This will put the above script inside OTL
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so.
  • Let the scan run uninterrupted. The scan won't take long.
  • When the scan completes, it will open OTL.Txt on the desktop. The Extras.txt file will be minimized. These files are also saved in the same location as OTL (it should be on your desktop).
  • Please copy the contents of these files and paste them into your reply. To do that:
  • On the OTL.txt file Menu Bar click Edit then click Select All. This will highlight the contents of the file. Then click Copy.
  • Right click inside the forum post window then click Paste. This will paste the contents of the OTL.txt file in the in the post window.
Repeat for the Extras.txt file.


Step-2.

Run aswMBR
  • Download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe file to run it. (Windows /7 users: Right click the file and click Run as Administrator. If you get a UAC window, allow the file to run.
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click save log. Save it to your desktop and post in your next reply.
    Posted Image
NOTE: When you run aswMBR, if it is shutdown automatically, then it is most likely the infection detecting that aswMBR is running and terminating it. In this situation you should rename executable to iexplore.exe and try it again.


Step-3.

Things For Your Next Post:
1. Let me know which antivirus you want to keep
2. The ComboFix log
3. The new OTL.txt log
4. The Extras.txt log
5. The aswMBR log
  • 0

#3
jaydeegilmore

jaydeegilmore

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
The problem seems resolved.
CCleaner may have done the trick.

J
  • 0

#4
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

The problem seems resolved.
CCleaner may have done the trick.

J

Hi J,

That good news. I will close the topic but if the problem reoccurs in the next day or so and you need the topic reopened, just shoot me a PM. ;)

Also, if I may, a word about CCleaner. It can be a good and useful program, as you've seen above...but please do not use the registry cleaning feature of CCleaner....or any other registry cleaner. GeeksToGo does not recommend using any registry cleaner. They don't offer any real results as far as speeding up the computer and unless you know exactly which registry key, value or value data the registry cleaner entry is gonna target there is a possibility of rendering the computer un-bootable.

Keep Safe! :wave:
  • 0

#5
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP