[mawmaw]

Sad to say I am back again with another virus. But I had Malwarebytes and AVG and paid for them too. I cant use the internet. firewall is shut down. sound doesnt work, anti virus wont work. Malwarebytes found it and quarantined it but still cant get these turned on (Got malwarebytes to partially work. I restarted it trying to enter safe mode and couldnt. When I clicked on safe mode it moved up to computer restore asking if I wanted to restore to factory settings. I cancelled it cause I really dont want to do that unless I have to. I am using another comp to talk to You. I have 6 items in malware quarantine- would it help to delete these? I was able to copy the malware log.

 mbam-log-2012-10-24 (06-00-39).txt   2.12KB   74 downloads
I hope I did this right.

[Advertisements]

Hello mawmaw, welcome to GeeksToGo! My name is Cruise475 and I will be helping you with your malware problems! Please be patient with my responses as I have just recently returned from a extended absence from GeeksToGo. This being said, to protect you and help me keep my sanity, I will be having a resident staff member checking my responses before they get to you!

Before we begin, I would like to mention a few things!

• Malware removal is not an instantanious task, researching the logs our tools create can sometimes be a lengthy process. So I ask, please be patient with me!
• Read each of my posts PRIOR to following the tasks I ask you to perform.
• Follow the instructions exactly as I have written them, in the order they were written.
• If you are unsure how to proceed, are unable to perform any tasks, stop what you are doing and ask me for clairification!
• It is very important that you stay with me until I give you the all clear! A lack of symptioms does not mean the infection is gone.
• Please do not attach any logs to your posts unless I specifically request it! It makes my job a lot easier if you copy and paste them into your reply!
• For the time that we are working together, do not run any tools, install or uninstall any program, or make any changes to your system without my direction. This can hinder the cleaning process, and make it hard to clean your computer!

While I work on a plan of attack! I have a few questions!

• How long ago did this start?
• Aside from MBAM have you run any other tools?
• Are you still able to boot into Windows normally? If so, do other files run?
• On your spare computer, are you able to write to a CD/DVD (if we need to)
• Do you have a spare USB stick (if we need it)

I look forward to hearing back from you, and we will be on our way!

Thanks
Cruise

[Cruise475]

Hello mawmaw, welcome to GeeksToGo! My name is Cruise475 and I will be helping you with your malware problems! Please be patient with my responses as I have just recently returned from a extended absence from GeeksToGo. This being said, to protect you and help me keep my sanity, I will be having a resident staff member checking my responses before they get to you!

Before we begin, I would like to mention a few things!

• Malware removal is not an instantanious task, researching the logs our tools create can sometimes be a lengthy process. So I ask, please be patient with me!
• Read each of my posts PRIOR to following the tasks I ask you to perform.
• Follow the instructions exactly as I have written them, in the order they were written.
• If you are unsure how to proceed, are unable to perform any tasks, stop what you are doing and ask me for clairification!
• It is very important that you stay with me until I give you the all clear! A lack of symptioms does not mean the infection is gone.
• Please do not attach any logs to your posts unless I specifically request it! It makes my job a lot easier if you copy and paste them into your reply!
• For the time that we are working together, do not run any tools, install or uninstall any program, or make any changes to your system without my direction. This can hinder the cleaning process, and make it hard to clean your computer!

While I work on a plan of attack! I have a few questions!

• How long ago did this start?
• Aside from MBAM have you run any other tools?
• Are you still able to boot into Windows normally? If so, do other files run?
• On your spare computer, are you able to write to a CD/DVD (if we need to)
• Do you have a spare USB stick (if we need it)

I look forward to hearing back from you, and we will be on our way!

Thanks
Cruise

[mawmaw]

1. Happened about 2/3 days ago except an issue I didnt mention previously. Internet explorer doesnt work and hasn't for several months. (A problem caused a problem and windows will shut it down til a fix is available) I also just checked to see if system restore worked (not to restore, just to see if it would pull up) and I recieved the same message to shut down.
2. I use AVG, Malware bytes, and I have spybot on the comp but rarely use it since I use mbam.
3. The only programs I know to be affected are Firewall, AVG, MBAM, and my sound stopped working all 2/3 days ago.
4. I have a dvdrw on my desk top. My laptop is the sick one.
5. I have several sticks but none empty. If I need to move programs to another let me know.

If I dont reply in a couple days dont give up on me. Going out of town and may not find anyone to follow your steps right away.

[Cruise475]

Hi mawmaw,

Thanks for letting me know you will be going out of town! Let's try this out!

If you are able to (using Google Chorme, Firefox, ect)

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  nnetsvcs
  %SYSTEMDRIVE%\*.exe
  %systemroot%\assembly\GAC_32\*.ini
  %systemroot%\assembly\GAC_64\*.ini
  msconfig
  safebootminimal
  safebootnetwork
  activex
  drivers32
  %SYSTEMDRIVE%\*.exe
  %ALLUSERSPROFILE%\Application Data\*.exe
  %APPDATA%\*.
  /md5start
  rsvpsp.dll
  pnrpnsp.dll 
  nwprovau.dll
  nlaapi.dll
  napinsp.dll
  mswsock.dll
  winrnr.dll
  wshelper.dll
  services.exe
  atapi.sys
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  csrss.exe
  PrintIsolationHost.exe
  consrv.dll
  user32.dll
  /md5stop
  C:\Windows\assembly\tmp\U\*.* /s
  %systemroot%\*. /mp /s
  hklm\software\clients\startmenuinternet|command /rs
  hklm\software\clients\startmenuinternet|command /64 /rs
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\system32\drivers\*.sys /lockedfiles
  %systemdrive%\$Recycle.Bin|@;true;true;true /fp 
  CREATERESTOREPOINT
  

• Please select the Scan All Users checkbox.
• Change the File Age dropdown list from 30 days to 60 days.
• Under Extra Registry heading, select Use Safelist.
• Select LOP Check and Purity Check.
• Then click the Run Scan button at the top
• Let the program run unhindered, until it is done
• Post the log it produces in your next reply.

Thanks
Cruise

[mawmaw]

OTL logfile created on: 10/25/2012 5:08:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jnewsome1385\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.11 Gb Available Physical Memory | 37.84% Memory free
6.10 Gb Paging File | 4.19 Gb Available in Paging File | 68.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.54 Gb Total Space | 136.02 Gb Free Space | 61.12% Space Free | Partition Type: NTFS
Drive D: | 10.34 Gb Total Space | 1.78 Gb Free Space | 17.17% Space Free | Partition Type: NTFS
Drive F: | 14.92 Gb Total Space | 11.63 Gb Free Space | 77.92% Space Free | Partition Type: FAT32

Computer Name: JNEWSOME1385-PC | User Name: jnewsome1385 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 60 Days

========== Processes (SafeList) ==========

PRC - [2012/10/25 17:05:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jnewsome1385\Downloads\OTL (2).exe
PRC - [2012/10/10 14:22:32 | 003,116,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/10/02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/02 03:32:28 | 001,113,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/02 03:32:28 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/02 03:31:54 | 000,793,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/02 03:31:48 | 000,439,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/27 06:25:24 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/09/03 12:04:09 | 000,722,528 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/07/16 13:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/07/16 13:23:56 | 000,975,800 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/12/13 07:49:44 | 005,247,624 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
PRC - [2009/10/05 12:44:52 | 000,390,464 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\CenturyLink\Home Network Manager\AffinegyService.exe
PRC - [2009/10/05 12:44:50 | 001,144,128 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\CenturyLink\Home Network Manager\HomeNetworkManager.exe
PRC - [2009/05/08 05:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/10 05:06:15 | 000,460,312 | ---- | M] () -- C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012/10/10 05:06:13 | 012,435,992 | ---- | M] () -- C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
MOD - [2012/10/10 05:06:12 | 004,005,912 | ---- | M] () -- C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 05:04:57 | 000,578,072 | ---- | M] () -- C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
MOD - [2012/10/10 05:04:55 | 000,123,928 | ---- | M] () -- C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll
MOD - [2012/10/10 05:04:44 | 000,156,712 | ---- | M] () -- C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 05:04:43 | 000,275,496 | ---- | M] () -- C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 05:04:42 | 002,168,360 | ---- | M] () -- C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012/09/27 06:25:24 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/09/03 12:04:15 | 000,564,832 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012/09/03 12:04:13 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012/07/18 13:00:23 | 014,336,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\4d87d775fe42967b4f8cd11ee5252863\Kies.Theme.ni.dll
MOD - [2012/07/18 13:00:22 | 000,033,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\1137776a4570c78b970eacdd314007f3\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2012/07/18 13:00:18 | 000,506,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\d2bc057169af41354b280376edbb0755\Kies.Common.MediaDB.ni.dll
MOD - [2012/07/18 13:00:17 | 000,194,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\4401f8d840e3d7a09d7f555a53d713ef\ASF_cSharpAPI.ni.dll
MOD - [2012/07/18 13:00:17 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\7659186cf36ec04feb3156802c29507d\Kies.Common.StoreManager.ni.dll
MOD - [2012/07/18 13:00:16 | 000,062,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\0d10782d5bb3202de9f6ac5525e2e4dd\Kies.Common.AllShare.ni.dll
MOD - [2012/07/18 13:00:14 | 000,276,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\5c1373e76812767ea3ac89d590428cf5\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2012/07/18 13:00:14 | 000,189,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\0ba08ce2721202a5563fe0e8fd9b4089\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2012/07/18 13:00:14 | 000,046,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AdminCmdAgent\8c8e5aa9d6ccbb5d34bc24fb6c626953\AdminCmdAgent.ni.dll
MOD - [2012/07/18 13:00:11 | 000,563,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\c110809ea71a0da915bff8c3564de677\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2012/07/18 13:00:11 | 000,174,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\96cb2ec6e8aeaacd26c6034d876f3ac2\Interop.DevFileServiceLib.ni.dll
MOD - [2012/07/18 13:00:10 | 000,561,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\e9efb1cd764cc6834826231e56b94645\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2012/07/18 13:00:05 | 001,012,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\8b3b7c83a494d68ad4e627900cdc7fe0\Kies.Common.DeviceService.ni.dll
MOD - [2012/07/18 13:00:05 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d94dc15b2daff1d72d41f1def3a0b021\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2012/07/18 13:00:04 | 000,895,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\430047a5774939668595812299a2fcda\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2012/07/18 13:00:02 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\c99811c6a988ca6c2104a5b45acbddbb\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2012/07/18 13:00:02 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\cbeefee33636e0d0be226cf11e180ba3\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2012/07/18 13:00:02 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\ef9f4aaffdadfc31070e1a838951b277\Interop.PRPLAYERCORELib.ni.dll
MOD - [2012/07/18 13:00:01 | 002,187,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\e2fa09a234ceb42d7010dcf50310e526\Kies.Common.Multimedia.ni.dll
MOD - [2012/07/18 13:00:01 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\b0b31095249cec5ef5c0407fa6b7fc22\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2012/07/18 12:59:55 | 000,183,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\9d5f73031e82f2c167795a8f97a0639b\Kies.Common.MainUI.ni.dll
MOD - [2012/07/18 12:59:52 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\9f36dc97f64f8fa3af14aafecd52e227\Kies.Common.DBManager.ni.dll
MOD - [2012/07/18 12:59:50 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\6265ffca46eab52d5f798847b5ea908c\CabLib.ni.dll
MOD - [2012/07/18 12:59:44 | 000,530,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\2d7161baa59dd2c1c39f4a192d760e7d\ICSharpCode.SharpZipLib.ni.dll
MOD - [2012/07/18 12:59:44 | 000,261,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\d9bfdca5d5db4c60618c84025158a207\Kies.Common.Util.ni.dll
MOD - [2012/07/18 12:59:41 | 001,689,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\7500c4d25baa63d88698f97d1824fa78\Kies.UI.ni.dll
MOD - [2012/07/18 12:59:41 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\9a6bad5be6518d4a975893676a49a82c\Interop.DeviceSearchLib.ni.dll
MOD - [2012/07/18 12:59:40 | 001,381,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\7a59be2dfd1d3f99b3489eea8df66016\Kies.Locale.ni.dll
MOD - [2012/07/18 12:59:37 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\adb0105c92aaf42f571a2fd25a4228a9\Kies.MVVM.ni.dll
MOD - [2012/07/18 12:59:36 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\3f6f79987f17c00edce423932abd1cf2\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2012/07/18 12:59:34 | 001,181,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\73962fb5234895e46e79de6e1711d093\Kies.Interface.ni.dll
MOD - [2012/07/18 12:59:08 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll
MOD - [2012/07/18 12:59:00 | 000,771,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ef221aa0472b0870b6689ab044fad227\System.Runtime.Remoting.ni.dll
MOD - [2012/07/18 12:58:45 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012/07/18 12:58:45 | 001,691,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\4f298fff2a50c324d5b07d75b3bace38\Kies.ni.exe
MOD - [2012/07/18 12:45:53 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012/07/18 12:45:32 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012/07/18 12:44:46 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012/07/18 12:43:50 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012/07/18 12:43:05 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012/07/18 12:42:38 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012/07/18 12:42:37 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012/07/18 12:42:17 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
MOD - [2012/07/18 12:41:41 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012/07/18 12:41:28 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012/06/14 03:46:46 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:46:35 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 03:46:06 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 03:44:31 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 06:20:54 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/10 06:19:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 06:19:43 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll
MOD - [2012/05/10 06:19:43 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll
MOD - [2012/05/10 06:19:43 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.Wrapper.dll
MOD - [2012/05/10 06:19:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 03:46:08 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 03:45:23 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll
MOD - [2012/05/10 03:45:08 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 03:44:31 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 03:44:27 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 03:44:00 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2010/12/13 07:49:44 | 005,247,624 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
MOD - [2010/12/13 07:49:20 | 000,684,032 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\libexpat.dll
MOD - [2010/12/13 07:49:20 | 000,466,975 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\sqlite3.dll
MOD - [2010/12/13 07:49:20 | 000,100,352 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\avutil-50.dll
MOD - [2009/10/05 12:44:56 | 000,020,288 | ---- | M] () -- C:\Program Files\CenturyLink\Home Network Manager\AffinegyServicePS.dll
MOD - [2009/04/11 01:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/04/10 21:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/29 23:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/29 23:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2008/09/30 18:56:06 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008/09/30 18:52:02 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008/09/30 18:52:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008/09/30 18:51:52 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008/09/30 18:51:52 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008/09/30 18:51:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008/09/30 18:51:36 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008/09/30 18:51:36 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2012/10/09 05:59:57 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/03 12:04:09 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2011/11/10 08:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/10/05 12:44:52 | 000,390,464 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\CenturyLink\Home Network Manager\AffinegyService.exe -- (AffinegyService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTDMWWAN.sys -- (PTDMWWAN)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTDMVsp.sys -- (PTDMVsp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTDMMdm.sys -- (PTDMMdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTDMBus.sys -- (PTDMBus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandmodem.sys -- (ANDModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandgps.sys -- (AndGps)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lganddiag.sys -- (AndDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandbus.sys -- (Andbus)
DRV - [2012/10/05 03:26:22 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/21 03:45:52 | 000,055,008 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/09/13 03:11:20 | 000,177,504 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/09/03 12:04:13 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/06/04 02:59:20 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/06/04 02:59:20 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2010/12/21 00:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/12/21 00:55:02 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2010/12/21 00:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2010/12/21 00:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/09/26 21:13:10 | 001,882,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/03/15 08:44:48 | 000,127,488 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009/10/26 21:01:06 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HtcVComV32.sys -- (HtcVCom32)
DRV - [2009/10/26 21:01:06 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HtcUsbMdmV32.sys -- (HtcUsbMdmV32)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/01/20 06:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/20 21:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - SOFTWARE\Classes\CLSID\{1a71246c-3eb0-4d6c-af77-3ab756017c3a}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{7DC7C2A9-63BE-4EDF-99EF-028F49D65B85}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{86336D6B-C1D5-4EC7-B038-A0D3290449FD}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1529850

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/1me10IE9ENUS/110
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?...?l=dis&o=14196"
FF - prefs.js..keyword.URL: "http://websearch.ask...TES002U0US&&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.defaultengine: "Ask.com"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Windows\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\14\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\jnewsome1385\AppData\Local\Roblox\Versions\version-5e3e8a498c5b4d63\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jnewsome1385\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jnewsome1385\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\jnewsome1385\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/01/20 18:16:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/04/07 19:54:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.34\ [2012/09/27 06:25:44 | 000,000,000 | ---D | M]

[2010/05/27 20:15:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Extensions
[2009/05/08 23:59:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/07/02 13:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\extensions
[2010/01/08 19:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/10 14:58:56 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/06/10 14:59:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/07/07 15:53:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/01/18 02:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\extensions\{ee1a404c-5714-451f-9365-a94936993d19}
[2010/01/08 19:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\extensions\staged-xpis
[2009/03/18 14:40:42 | 000,019,153 | ---- | M] () (No name found) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\extensions\staged-xpis\{20a82645-c095-46ed-80e3-08825760534b}\MicrosoftDotNetFrameworkAssistant.xpi
[2011/11/17 20:25:44 | 000,002,333 | ---- | M] () -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\searchplugins\askcom.xml
[2009/03/25 12:49:20 | 000,000,944 | ---- | M] () -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\searchplugins\icqplugin.xml
[2008/12/12 13:23:54 | 000,002,158 | ---- | M] () -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\searchplugins\MySpace.xml
[2010/12/29 21:16:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/05/02 15:37:47 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

========== Chrome ==========

CHR - homepage: http://www.centurylink.net/
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = https://isearch.avg....fr&d=2012-06-02 22:02:31&v=12.2.5.32&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.goog...outputEncoding},
CHR - homepage: http://www.centurylink.net/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\jnewsome1385\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\jnewsome1385\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: getPlusPlus for Adobe 162100 (Enabled) = C:\Program Files\NOS\bin\np_gp.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\jnewsome1385\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Windows\Downloaded Program Files\npsoe.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Angry Birds = C:\Users\jnewsome1385\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\jnewsome1385\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\jnewsome1385\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Secure Search = C:\Users\jnewsome1385\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.34_0\
CHR - Extension: Gmail = C:\Users\jnewsome1385\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (BTjunkie Toolbar) - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTju.dll File not found
O3 - HKLM\..\Toolbar: (Profile Pimp) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\IEToolbar\Profile Pimp\tbcore3.dll File not found
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (BTjunkie Toolbar) - {1A71246C-3EB0-4D6C-AF77-3AB756017C3A} - C:\Program Files\BTjunkie\tbBTju.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Profile Pimp) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\IEToolbar\Profile Pimp\tbcore3.dll File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\CenturyLink\Home Network Manager\HomeNetworkManager.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" File not found
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [EPSON Stylus DX5000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent File not found
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = File not found
O4 - Startup: C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\V CAST Media Monitor.lnk = File not found
O9 - Extra Button: Profile Pimp - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\IEToolbar\Profile Pimp\tbcore3.dll File not found
O9 - Extra 'Tools' menuitem : Profile Pimp - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\IEToolbar\Profile Pimp\tbcore3.dll File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab (SOE Web Installer)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Emerald%20City%20Confidential/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect119.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Emerald%20City%20Confidential/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} http://download-game...ameLauncher.cab (Playtime Games Launcher)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5433B0E1-0824-433C-9B73-BBD8DB9E0FC5}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1a285ace-f9c4-11de-9988-7a8020000200}\Shell - "" = AutoRun
O33 - MountPoints2\{1a285ace-f9c4-11de-9988-7a8020000200}\Shell\AutoRun\command - "" = H:\VideoConvert.exe
O33 - MountPoints2\{232b2763-76ab-11df-a03e-001f165f23bb}\Shell\AutoRun\command - "" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe
O33 - MountPoints2\{333e3365-fcfc-11df-b4fa-001f165f23bb}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe
O33 - MountPoints2\{333e3365-fcfc-11df-b4fa-001f165f23bb}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe
O33 - MountPoints2\{7d1f4d04-80b4-11df-ac4e-001f165f23bb}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe
O33 - MountPoints2\{7d1f4d04-80b4-11df-ac4e-001f165f23bb}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - State: "startup" - 0
MsConfig - State: "services" - 0

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {00F0EE7F-2C61-4EBD-A209-00281BDC869C} - Yahoo! Toolbar
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {3CE02F38-C912-44CF-B02E-60F7964E61FF} - BingPack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\system32\rundll32.exe C:\Windows\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EE330FEC-4206-4FD0-891C-7216477A74B3} - NoIE8Tour
ActiveX: {F390FCA4-7CCF-4A1A-A849-C381E489A3CA} - Yahoo! Search Settings Update
ActiveX: >{184906ff-ed62-4ee5-bd9c-fd55a3fb7b2d} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} -

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co....thors/VA012897/)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel® Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel® Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.yvu9 - C:\Windows\System32\iyvu9_32.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 60 Days ==========

[2012/10/22 20:54:57 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Awakening - The Skyward Castle
[2012/10/22 20:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Awakening - The Skyward Castle
[2012/10/21 21:44:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Lifetime_KeysToM
[2012/10/20 22:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/10/20 17:30:34 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Redemption Cemetery - Grave Testimony
[2012/10/20 17:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Redemption Cemetery - Grave Testimony
[2012/10/20 08:32:54 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Lost in the City
[2012/10/19 21:31:37 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Jane s Hotel Family Hero
[2012/10/19 21:15:28 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Keys to Manhattan
[2012/10/19 21:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Keys to Manhattan
[2012/10/19 20:49:47 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lost in the City
[2012/10/19 20:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lost in the City
[2012/10/19 20:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jane`s Hotel - Family Hero
[2012/10/18 18:56:45 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\Desktop\Miller - Aluminations (3) Shedding Light on Aluminum Welding Issues_files
[2012/10/17 19:51:33 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Natalie Brooks - Secrets of Treasure House
[2012/10/17 19:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Natalie Brooks - Secrets of Treasure House
[2012/10/17 19:27:03 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Three Musketeers Secret - Constance's Mission
[2012/10/17 19:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Three Musketeers Secret - Constance's Mission
[2012/10/15 18:38:53 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\James Patterson Women's Murder Club - Death in Scarlet
[2012/10/15 18:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\James Patterson Women's Murder Club - Death in Scarlet
[2012/10/15 18:17:03 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Build-a-lot 2 - Town of the Year
[2012/10/15 18:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Build-a-lot 2 - Town of the Year
[2012/10/15 17:31:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/10/15 16:21:25 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Azada
[2012/10/15 16:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Azada
[2012/10/14 16:01:32 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hodgepodge Hollow
[2012/10/14 16:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hodgepodge Hollow
[2012/10/14 07:48:17 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Awakening - The Goblin Kingdom
[2012/10/14 07:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Awakening - The Goblin Kingdom
[2012/10/13 20:53:52 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Hidden Objects Romance
[2012/10/13 19:44:41 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\The Drama Queen Murder
[2012/10/13 13:06:41 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\PlataGames
[2012/10/10 14:33:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/10/10 14:33:25 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/10/10 14:33:25 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/10/06 15:14:57 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\Documents\Alibi in Ashes
[2012/10/05 03:26:22 | 000,093,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2012/10/02 03:30:38 | 000,159,712 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2012/09/27 06:26:56 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\AVG2013
[2012/09/27 06:26:09 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\TuneUp Software
[2012/09/27 06:25:23 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/09/27 06:19:21 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/09/27 05:52:51 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Local\MFAData
[2012/09/27 05:52:51 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Local\Avg2013
[2012/09/23 03:01:22 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/23 03:01:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/23 03:01:20 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/23 03:01:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/23 03:01:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/23 03:01:19 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/09/23 03:01:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/23 03:01:18 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/21 03:46:06 | 000,164,832 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/09/21 03:46:00 | 000,177,376 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avglogx.sys
[2012/09/21 03:45:54 | 000,019,936 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidsshimx.sys
[2012/09/21 03:45:52 | 000,055,008 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[2012/09/18 17:37:50 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Local\aladdin
[2012/09/15 19:40:37 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\quickclick
[2012/09/14 03:05:20 | 000,035,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2012/09/13 03:11:20 | 000,177,504 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidsdriverx.sys
[2012/09/11 18:25:32 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\kingdom
[2012/09/11 18:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/09/11 17:12:56 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\YoudaGames
[2012/09/07 20:21:30 | 000,000,000 | ---D | C] -- C:\ProgramData\NeptunesAdve
[2012/09/03 12:04:13 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/09/01 17:51:18 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Amulet_of_time
[2012/08/31 20:18:09 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\DragonsEye Studios
[2012/08/31 20:18:09 | 000,000,000 | ---D | C] -- C:\ProgramData\DragonsEye Studios
[2012/08/30 16:25:15 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Games
[2012/08/28 22:57:24 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\LegacyInteractive
[2012/07/08 09:13:07 | 000,990,448 | ---- | C] (Solid State Networks) -- C:\Users\jnewsome1385\install_flashplayer11x32ax_gtbp_chra_aih.exe
[2012/06/02 11:24:26 | 000,212,224 | ---- | C] (Big Fish Games) -- C:\Users\jnewsome1385\bigfishgames_p144602085_s1_l1.exe
[2011/12/06 17:29:19 | 000,212,224 | ---- | C] (Big Fish Games) -- C:\Users\jnewsome1385\bigfishgames_p1757515_s1_l1.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 60 Days ==========

[2012/10/25 17:09:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/25 17:05:30 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForjnewsome1385.job
[2012/10/25 17:03:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/25 17:02:02 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-336909821-1831755368-2757767675-1000UA.job
[2012/10/25 17:01:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/25 09:00:20 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/25 09:00:20 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/25 06:03:11 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/25 03:13:46 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-336909821-1831755368-2757767675-1000Core.job
[2012/10/24 20:54:57 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/10/24 20:42:44 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/22 20:57:58 | 000,001,220 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2012/10/22 20:57:58 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Play Awakening - The Skyward Castle.lnk
[2012/10/20 22:14:31 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/10/20 22:05:12 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/20 22:03:43 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/10/20 17:58:54 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\Play Redemption Cemetery - Grave Testimony.lnk
[2012/10/19 21:28:31 | 000,000,685 | ---- | M] () -- C:\Users\Public\Desktop\Play Keys to Manhattan.lnk
[2012/10/19 20:57:03 | 000,000,670 | ---- | M] () -- C:\Users\Public\Desktop\Play Lost in the City.lnk
[2012/10/19 20:49:35 | 000,000,734 | ---- | M] () -- C:\Users\Public\Desktop\Play Jane`s Hotel - Family Hero.lnk
[2012/10/18 05:45:36 | 000,002,206 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
[2012/10/18 05:45:35 | 000,001,053 | ---- | M] () -- C:\WildTangent Games App - wildgames.lnk
[2012/10/17 19:54:57 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\Play Natalie Brooks - Secrets of Treasure House.lnk
[2012/10/17 19:31:18 | 000,000,865 | ---- | M] () -- C:\Users\Public\Desktop\Play Three Musketeers Secret - Constance's Mission.lnk
[2012/10/15 18:45:52 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Play James Patterson Women's Murder Club - Death in Scarlet.lnk
[2012/10/15 18:22:10 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Play Build-a-lot 2 - Town of the Year.lnk
[2012/10/15 17:31:38 | 000,000,758 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/10/15 16:26:41 | 000,000,573 | ---- | M] () -- C:\Users\Public\Desktop\Play Azada.lnk
[2012/10/14 16:07:52 | 000,000,683 | ---- | M] () -- C:\Users\Public\Desktop\Play Hodgepodge Hollow.lnk
[2012/10/14 07:50:36 | 000,000,794 | ---- | M] () -- C:\Users\Public\Desktop\Play Awakening - The Goblin Kingdom.lnk
[2012/10/14 06:30:10 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/14 06:30:10 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/10 19:28:08 | 000,002,039 | ---- | M] () -- C:\Users\jnewsome1385\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/09 05:59:56 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/10/09 05:59:56 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/05 03:26:22 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/09/22 09:06:59 | 000,001,160 | ---- | M] () -- C:\Users\jnewsome1385\Desktop\ROBLOX Player.lnk
[2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avglogx.sys
[2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidsshimx.sys
[2012/09/21 03:45:52 | 000,055,008 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgrkx86.sys
[2012/09/13 08:28:08 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012/09/13 03:11:20 | 000,177,504 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidsdriverx.sys
[2012/09/03 12:04:13 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/08/29 06:27:41 | 003,602,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/08/29 06:27:41 | 003,550,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/24 17:15:22 | 000,001,673 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/10/24 17:15:22 | 000,000,802 | ---- | C] () -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
[2012/10/24 17:15:06 | 000,001,111 | ---- | C] () -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/10/24 17:15:06 | 000,000,887 | ---- | C] () -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\V CAST Media Monitor.lnk
[2012/10/22 20:57:58 | 000,001,220 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2012/10/22 20:57:58 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Play Awakening - The Skyward Castle.lnk
[2012/10/20 17:58:54 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\Play Redemption Cemetery - Grave Testimony.lnk
[2012/10/19 21:28:31 | 000,000,685 | ---- | C] () -- C:\Users\Public\Desktop\Play Keys to Manhattan.lnk
[2012/10/19 20:57:03 | 000,000,670 | ---- | C] () -- C:\Users\Public\Desktop\Play Lost in the City.lnk
[2012/10/19 20:49:35 | 000,000,734 | ---- | C] () -- C:\Users\Public\Desktop\Play Jane`s Hotel - Family Hero.lnk
[2012/10/17 19:54:57 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\Play Natalie Brooks - Secrets of Treasure House.lnk
[2012/10/17 19:31:18 | 000,000,865 | ---- | C] () -- C:\Users\Public\Desktop\Play Three Musketeers Secret - Constance's Mission.lnk
[2012/10/15 18:45:52 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Play James Patterson Women's Murder Club - Death in Scarlet.lnk
[2012/10/15 18:22:10 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Play Build-a-lot 2 - Town of the Year.lnk
[2012/10/15 16:26:41 | 000,000,573 | ---- | C] () -- C:\Users\Public\Desktop\Play Azada.lnk
[2012/10/14 16:07:52 | 000,000,683 | ---- | C] () -- C:\Users\Public\Desktop\Play Hodgepodge Hollow.lnk
[2012/10/14 07:50:36 | 000,000,794 | ---- | C] () -- C:\Users\Public\Desktop\Play Awakening - The Goblin Kingdom.lnk
[2012/10/03 19:02:17 | 3149,078,528 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/03 18:35:33 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/09/27 06:26:09 | 000,000,758 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/06/26 16:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/06/26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/06/26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/06/26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/06/26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/06/24 19:19:19 | 002,337,172 | ---- | C] () -- C:\Users\jnewsome1385\home images.zip
[2011/11/05 15:52:47 | 000,020,843 | ---- | C] () -- C:\Users\jnewsome1385\373873_311249795555806_100000123649283_1469964_803062868_n.jpg
[2011/10/15 16:34:51 | 055,303,820 | ---- | C] () -- C:\Users\jnewsome1385\610_b034_multilanguage (2).exe.sshhc0k.partial
[2011/10/15 16:21:13 | 120,485,720 | ---- | C] () -- C:\Users\jnewsome1385\610_b034_multilanguage.exe
[2011/10/15 15:49:27 | 120,485,720 | ---- | C] () -- C:\Users\jnewsome1385\610_b034_multilanguage (1).exe
[2011/10/13 11:31:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/10/13 11:30:24 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/05/07 15:23:44 | 000,043,520 | ---- | C] () -- C:\Windows\System32\sutil32.dll
[2011/02/16 17:43:57 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/12/30 16:50:29 | 000,000,503 | ---- | C] () -- C:\Windows\eReg.dat
[2010/08/21 17:32:21 | 000,031,007 | ---- | C] () -- C:\Users\jnewsome1385\AppData\Roaming\UserTile.png
[2009/06/25 06:12:37 | 000,000,116 | ---- | C] () -- C:\Users\jnewsome1385\AppData\Roaming\wklnhst.dat
[2009/06/22 19:37:32 | 000,023,552 | ---- | C] () -- C:\Users\jnewsome1385\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/04 20:53:34 | 000,032,940 | ---- | C] () -- C:\Users\jnewsome1385\AppData\Local\slot1.mm1
[2009/02/26 17:11:58 | 000,000,680 | ---- | C] () -- C:\Users\jnewsome1385\AppData\Local\d3d9caps.dat
[2009/01/05 15:34:51 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== ZeroAccess Check ==========

[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/07/21 23:13:30 | 000,000,000 | -HSD | M] -- C:\Users\jnewsome1385\AppData\Roaming\.#
[2012/04/29 06:24:09 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Alawar
[2011/10/22 15:00:26 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Alawar Entertainment
[2012/06/05 21:08:57 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Alawar Stargaze
[2012/10/06 18:53:10 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\AlawarEntertainment
[2012/09/01 17:51:18 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Amulet_of_time
[2011/12/30 21:43:48 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Atari
[2012/09/27 06:26:56 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\AVG2013
[2011/10/23 18:25:45 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Awem
[2011/12/26 23:08:23 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Azureus
[2011/11/01 18:59:44 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Big Finish
[2011/03/05 15:45:19 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Big Fish Games
[2012/09/07 19:03:09 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\blg
[2009/04/02 18:50:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Boolat Games
[2012/10/22 19:34:06 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Boomzap
[2012/01/29 16:02:55 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\cerasus.media
[2012/06/02 12:59:15 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\ChaYoWo Games
[2012/01/28 11:23:03 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Deep Shadows
[2011/03/05 22:41:24 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Dekovir
[2012/08/31 20:18:09 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\DragonsEye Studios
[2012/10/20 20:17:07 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\ERS Game Studios
[2011/12/04 20:58:43 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\EscapeTheMuseum2
[2009/07/26 21:08:49 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Fabulous Finds
[2012/08/18 17:18:02 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\FBI
[2012/10/15 18:50:31 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Flood Light Games
[2012/04/20 21:26:41 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Floodlight Games
[2012/08/03 20:55:51 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Freeze Tag
[2012/09/08 20:04:15 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Friday's games
[2011/12/05 10:56:43 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\FrostWire
[2009/10/26 20:51:25 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\funkitron
[2012/10/18 21:22:35 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Funlinker
[2011/11/23 18:53:08 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\GameHouse
[2009/11/12 17:29:04 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Gamelab
[2010/08/07 14:00:15 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\GamersDigital
[2012/08/30 16:25:15 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Games
[2011/04/06 19:01:23 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\GestaltGames
[2011/11/16 18:06:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\GO Games
[2009/08/06 23:25:59 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2011/04/02 23:45:45 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Gogii
[2012/08/18 21:11:55 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Gogii Games
[2009/11/17 13:58:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Gold Casual Games
[2011/04/22 18:59:02 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\GuardiansOfMagic
[2012/10/13 23:12:30 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Hidden Objects Romance
[2011/12/13 17:16:10 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\HitPoint Studios
[2009/11/18 22:13:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\iWin
[2012/10/19 21:31:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Jane s Hotel Family Hero
[2009/03/08 10:37:59 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Jetsetter
[2012/08/22 18:57:59 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Jigsaws Galore
[2011/03/26 14:42:22 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\KingArthur
[2012/09/11 21:51:35 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\kingdom
[2012/09/22 20:12:33 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\LegacyGames
[2012/08/28 22:57:24 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\LegacyInteractive
[2010/12/22 17:19:52 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\LimeWire
[2012/10/22 18:33:14 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Lost in the City
[2010/03/01 02:26:58 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Ludia
[2011/10/19 18:41:33 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\MagicIndie
[2011/03/05 17:30:22 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\margrave3_full
[2011/10/23 11:36:21 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\MumboJumbo
[2010/07/26 17:51:38 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\muvee Technologies
[2009/09/16 23:11:54 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\My Games
[2011/02/05 10:23:21 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Mystery of Mortlake Mansion
[2011/04/18 18:24:38 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\MysteryStudio
[2011/03/05 21:08:34 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Namco
[2011/03/13 19:42:12 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Old Castle
[2011/04/03 15:25:25 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\OpenCandy
[2012/08/10 19:51:21 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Orneon
[2010/08/21 17:32:21 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\PeerNetworking
[2012/06/07 23:15:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Persha Studia
[2011/03/22 18:17:41 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Phantasmat_wildgames_se
[2012/10/13 13:06:41 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\PlataGames
[2011/04/10 17:11:31 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\PlayFirst
[2009/03/09 18:47:34 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\PoBros
[2009/12/26 02:06:41 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Princess Isabella
[2012/09/15 19:40:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\quickclick
[2011/10/15 16:40:26 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Research In Motion
[2012/07/18 13:00:50 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Samsung
[2011/04/19 17:55:11 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Sanna
[2011/03/30 19:28:21 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\SecretIslandEng
[2009/10/22 22:18:09 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Shape games
[2009/04/15 01:13:59 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\ShinyTales
[2011/12/26 17:12:15 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Skunk Studios
[2011/03/26 20:15:43 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Sleepwalker Games
[2012/07/08 21:01:50 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\SMIGames
[2011/02/16 17:17:43 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Smith Micro
[2012/07/21 21:59:26 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Specialbit
[2009/03/25 17:40:13 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\SpinTop
[2011/11/04 16:47:03 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\SpinTop Games
[2009/02/15 18:53:28 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\SPORE Creature Creator
[2012/07/07 15:52:34 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Systweak
[2009/06/25 06:12:39 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Template
[2012/10/13 19:44:41 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\The Drama Queen Murder
[2011/10/23 18:28:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\TOMI3
[2012/07/09 16:20:42 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Top Evidence
[2009/03/22 19:29:15 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Total Eclipse
[2012/09/27 06:26:09 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\TuneUp Software
[2009/11/07 16:03:30 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Utherverse
[2010/03/03 23:09:21 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\ValuSoft
[2012/02/25 16:43:54 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Vast Studios
[2012/06/30 13:23:22 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\VendelGAMES
[2011/04/13 19:59:09 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\WhiteBirdsProductions
[2009/08/27 22:44:03 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\WildGames 3 Days Zoo Mystery
[2012/07/29 20:26:24 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\WildTangent
[2009/08/30 00:57:31 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\WildTangentv1002
[2012/09/11 17:12:56 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\YoudaGames

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2009/07/21 23:13:30 | 000,000,000 | -HSD | M] -- C:\Users\jnewsome1385\AppData\Roaming\.#
[2012/06/27 14:52:32 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Adobe
[2012/04/29 06:24:09 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Alawar
[2011/10/22 15:00:26 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Alawar Entertainment
[2012/06/05 21:08:57 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Alawar Stargaze
[2012/10/06 18:53:10 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\AlawarEntertainment
[2012/09/01 17:51:18 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Amulet_of_time
[2011/04/05 11:06:51 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Apple Computer
[2011/12/30 21:43:48 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Atari
[2012/09/27 06:26:56 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\AVG2013
[2009/06/22 19:19:19 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\AVS4YOU
[2011/10/23 18:25:45 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Awem
[2011/12/26 23:08:23 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Azureus
[2011/11/01 18:59:44 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Big Finish
[2011/03/05 15:45:19 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Big Fish Games
[2012/06/03 17:42:43 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\BigFish All My Gods
[2012/09/07 19:03:09 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\blg
[2009/04/02 18:50:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Boolat Games
[2012/10/22 19:34:06 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Boomzap
[2012/01/29 16:02:55 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\cerasus.media
[2012/06/02 12:59:15 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\ChaYoWo Games
[2010/01/12 18:20:12 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\CyberLink
[2012/01/28 11:23:03 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Deep Shadows
[2011/03/05 22:41:24 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Dekovir
[2012/08/31 20:18:09 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\DragonsEye Studios
[2012/06/30 13:23:47 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\dvdcss
[2012/10/20 20:17:07 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\ERS Game Studios
[2011/12/04 20:58:43 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\EscapeTheMuseum2
[2009/07/26 21:08:49 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Fabulous Finds
[2012/08/18 17:18:02 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\FBI
[2012/10/15 18:50:31 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Flood Light Games
[2012/04/20 21:26:41 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Floodlight Games
[2012/08/03 20:55:51 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Freeze Tag
[2012/09/08 20:04:15 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Friday's games
[2011/12/05 10:56:43 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\FrostWire
[2009/10/26 20:51:25 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\funkitron
[2012/10/18 21:22:35 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Funlinker
[2011/11/23 18:53:08 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\GameHouse
[2009/11/12 17:29:04 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Gamelab
[2010/08/07 14:00:15 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\GamersDigital
[2012/08/30 16:25:15 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Games
[2011/04/06 19:01:23 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\GestaltGames
[2011/11/16 18:06:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\GO Games
[2009/08/06 23:25:59 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2011/04/02 23:45:45 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Gogii
[2012/08/18 21:11:55 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Gogii Games
[2009/11/17 13:58:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Gold Casual Games
[2009/02/19 00:26:36 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Google
[2009/09/24 21:34:05 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\GTek
[2011/04/22 18:59:02 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\GuardiansOfMagic
[2010/01/14 15:50:33 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Hewlett-Packard
[2012/10/13 23:12:30 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Hidden Objects Romance
[2011/12/13 17:16:10 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\HitPoint Studios
[2009/02/07 17:22:05 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\HP TCS
[2012/10/20 20:00:10 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\HpUpdate
[2009/02/07 17:32:12 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Identities
[2010/10/14 20:08:45 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\InstallShield
[2009/02/10 19:46:32 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Intuit
[2009/11/18 22:13:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\iWin
[2012/10/19 21:31:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Jane s Hotel Family Hero
[2009/03/08 10:37:59 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Jetsetter
[2012/08/22 18:57:59 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Jigsaws Galore
[2011/03/26 14:42:22 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\KingArthur
[2012/09/11 21:51:35 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\kingdom
[2012/09/22 20:12:33 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\LegacyGames
[2012/08/28 22:57:24 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\LegacyInteractive
[2010/12/22 17:19:52 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\LimeWire
[2012/10/22 18:33:14 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Lost in the City
[2010/03/01 02:26:58 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Ludia
[2009/07/26 01:08:40 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Macromedia
[2011/10/19 18:41:33 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\MagicIndie
[2009/03/01 10:31:48 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Malwarebytes
[2011/03/05 17:30:22 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\margrave3_full
[2012/10/21 08:59:11 | 000,000,000 | --SD | M] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft
[2009/05/08 23:59:34 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla
[2011/10/23 11:36:21 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\MumboJumbo
[2010/07/26 17:51:38 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\muvee Technologies
[2009/09/16 23:11:54 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\My Games
[2009/03/19 22:11:34 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\MySpace
[2011/02/05 10:23:21 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Mystery of Mortlake Mansion
[2011/04/18 18:24:38 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\MysteryStudio
[2011/03/05 21:08:34 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Namco
[2011/03/13 19:42:12 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Old Castle
[2011/04/03 15:25:25 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\OpenCandy
[2012/08/10 19:51:21 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Orneon
[2010/08/21 17:32:21 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\PeerNetworking
[2012/06/07 23:15:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Persha Studia
[2011/03/22 18:17:41 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Phantasmat_wildgames_se
[2012/10/13 13:06:41 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\PlataGames
[2011/04/10 17:11:31 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\PlayFirst
[2009/03/09 18:47:34 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\PoBros
[2009/12/26 02:06:41 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Princess Isabella
[2012/09/15 19:40:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\quickclick
[2011/10/15 16:40:26 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Research In Motion
[2010/01/13 13:29:17 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Roxio
[2012/07/18 13:00:50 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Samsung
[2011/04/19 17:55:11 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Sanna
[2011/03/30 19:28:21 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\SecretIslandEng
[2009/10/22 22:18:09 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Shape games
[2009/04/15 01:13:59 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\ShinyTales
[2011/12/26 17:12:15 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Skunk Studios
[2011/03/26 20:15:43 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Sleepwalker Games
[2012/07/08 21:01:50 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\SMIGames
[2011/02/16 17:17:43 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Smith Micro
[2012/07/21 21:59:26 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Specialbit
[2009/03/25 17:40:13 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\SpinTop
[2011/11/04 16:47:03 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\SpinTop Games
[2009/02/15 18:53:28 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\SPORE Creature Creator
[2012/07/07 15:52:34 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Systweak
[2009/02/28 22:16:28 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Talkback
[2009/06/25 06:12:39 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Template
[2012/10/13 19:44:41 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\The Drama Queen Murder
[2011/10/23 18:28:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\TOMI3
[2012/07/09 16:20:42 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Top Evidence
[2009/03/22 19:29:15 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Total Eclipse
[2012/09/27 06:26:09 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\TuneUp Software
[2009/11/07 16:03:30 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Utherverse
[2010/03/03 23:09:21 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\ValuSoft
[2012/02/25 16:43:54 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Vast Studios
[2012/06/30 13:23:22 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\VendelGAMES
[2012/06/30 13:23:48 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\vlc
[2011/04/13 19:59:09 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\WhiteBirdsProductions
[2009/08/27 22:44:03 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\WildGames 3 Days Zoo Mystery
[2012/07/29 20:26:24 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\WildTangent
[2009/08/30 00:57:31 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\WildTangentv1002
[2010/06/13 23:46:04 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Yahoo!
[2012/09/11 17:12:56 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\YoudaGames

< MD5 for: ATAPI.SYS >
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 01:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 21:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 21:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 04:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/10/23 00:54:22 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7f3e4ed9\atapi.sys
[2008/10/23 00:54:22 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=9C0E70031905ADBF94EDB9EA14AF943B -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22193_none_dd6376773aedb5e4\atapi.sys
[2008/10/23 00:54:22 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b7393fc6\atapi.sys
[2008/10/23 00:54:22 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E26DDFE464B464DAF1C739122978D1D6 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20847_none_dbb74a7b3d9afbc1\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/01/20 21:34:43 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\System32\csrss.exe
[2008/01/20 21:34:43 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=ABCA209EBA02CB59233614DB83B4F50D -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_58e3e3d7e415ae4c\csrss.exe

< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 21:34:05 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2009/04/11 01:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\System32\mswsock.dll
[2009/04/11 01:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 21:33:36 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2008/01/20 21:34:16 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\System32\NapiNSP.dll
[2008/01/20 21:34:16 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2008/01/20 21:33:15 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\System32\nlaapi.dll
[2008/01/20 21:33:15 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\x86_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_6785f5c70aea4565\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2008/01/20 21:35:17 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\System32\pnrpnsp.dll
[2008/01/20 21:35:17 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\x86_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_717f15b322749509\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2008/01/20 21:34:36 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\System32\services.exe
[2009/04/11 01:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 21:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/20 21:33:13 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USER32.DLL >
[2009/04/11 01:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009/04/11 01:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008/01/20 21:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

< MD5 for: USERINIT.EXE >
[2008/01/20 21:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/20 21:34:37 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/09/29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 21:34:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINRNR.DLL >
[2009/04/11 01:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\System32\winrnr.dll
[2009/04/11 01:28:25 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 04:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790f3532b2696\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2006/11/02 04:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\System32\wshelper.dll
[2006/11/02 04:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\wshelper.dll

< C:\Windows\assembly\tmp\U\*.* /s >
[2006/11/02 07:58:10 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006/11/02 07:58:10 | 000,032,612 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/02/16 16:47:31 | 000,000,882 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2010/02/16 16:47:36 | 000,000,886 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2010/05/27 14:47:36 | 000,000,350 | ---- | C] () -- C:\Windows\Tasks\HPCeeScheduleForjnewsome1385.job
[2011/05/19 16:07:51 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-336909821-1831755368-2757767675-1000Core.job
[2011/05/19 16:07:53 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-336909821-1831755368-2757767675-1000UA.job
[2012/04/07 19:07:50 | 000,000,830 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/10/10 05:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/10/10 05:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/10/10 05:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/10/10 05:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/03 15:58:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/03 15:58:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/03 15:58:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/08/24 02:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/08/24 02:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\chrome.exe" --show-icons [2012/10/10 05:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\chrome.exe" --hide-icons [2012/10/10 05:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/10/10 05:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\chrome.exe" [2012/10/10 05:06:17 | 001,239,064 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/03 15:58:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/03 15:58:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/03 15:58:46 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2012/08/24 02:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2012/08/24 02:34:41 | 000,748,680 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2010/11/03 20:11:24 | 002,388,264 | ---- | M] (Apple Inc.)

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemdrive%\$Recycle.Bin|@;true;true;true /fp >

========== Alternate Data Streams ==========

@Alternate Data Stream - 256 bytes -> C:\ProgramData\Temp:D8A1AC56
@Alternate Data Stream - 254 bytes -> C:\ProgramData\Temp:E402E439
@Alternate Data Stream - 248 bytes -> C:\ProgramData\Temp:9C7A32BB
@Alternate Data Stream - 245 bytes -> C:\ProgramData\Temp:8B79243A
@Alternate Data Stream - 240 bytes -> C:\ProgramData\Temp:70E897B5
@Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:AD020DC3
@Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:341C1FBD
@Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:9195103F
@Alternate Data Stream - 227 bytes -> C:\ProgramData\Temp:E6C6EB3B
@Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:6F0B6A5A
@Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:2AE74FF9
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:FC4EA67C
@Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:57EE48CA
@Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:206470A5
@Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:63210866
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:97C4F81F
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:5EF1AD34
@Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:124322E4
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:3D922890
@Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:1CDEDE11
@Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:CBAF0C30
@Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:064877B6
@Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:CF61CE5A
@Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:7A0EFE63
@Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:708BB0FA
@Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:0D3CE40A
@Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:55E1514E
@Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:78E0DF72
@Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:6444B424
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:922DA2DB
@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:258D2F8B
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:FF717A18
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:1E87A273
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:E8B61305
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:4D729D61
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:8FC1A8C4
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:E8C44CB4
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:11590865
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:869C6B4A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:97AAB7F2
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:2CB9631F
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0BACBDD9
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:A3B8F70C
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:FBD274CF
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:ADA83999
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:7DC5D762
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:B54E4B5A
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:398EFF0F
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:F72306CC
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D115F6E4
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:98982C88
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:5DABFF83
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:12258D63
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:90A2BDE4
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:6B50A605
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:A7DA2BCD
@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:BB71BBA2
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:3559A02E
@Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:663B62CA
@Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:71441FEF

< End of report >
I woke up this morning to a working computer. Have no idea why since I didn't do anything with it. mbam and avg are on. Firewall is on Sound is fine and I can get on the internet. I am using it now. I would try internet explorer but dont have a short cut also it isnt in my programs. I have been using chrome. Weird!

[mawmaw]

double post?

Edited by mawmaw, 28 October 2012 - 06:48 PM.

[Cruise475]

Hi mawmaw,

That is great news about your computer! Is it experiencing any other sorts of problems? I don't see anything in this initial log. Let's do an online scan to make sure!


But first, let's see if we can get Internet Explorer to open! -> Let's try this

• Press the Windows Key + R together.
• The Run window should now be open.
• Type iexplore.exe

Does Internet Explorer Open up?


NOTE: For the following instructions please make sure TeaTimer is disabled. There will be a reboot or two so be sure to double check it on the reboot.
To do so:

• Right click Spybot's TeaTimer System Tray Icon > click Exit Spybot-S&D Resident.
• TeaTimer should close.

Step 1
Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O3 - HKLM\..\Toolbar: (BTjunkie Toolbar) - {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - C:\Program Files\BTjunkie\tbBTju.dll File not found
  O3 - HKLM\..\Toolbar: (Profile Pimp) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\IEToolbar\Profile Pimp\tbcore3.dll File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (BTjunkie Toolbar) - {1A71246C-3EB0-4D6C-AF77-3AB756017C3A} - C:\Program Files\BTjunkie\tbBTju.dll File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (Profile Pimp) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\IEToolbar\Profile Pimp\tbcore3.dll File not found
  O4 - HKLM..\Run: [NWEReboot] File not found
  O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found
  O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
  O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre7\bin\jusched.exe" File not found
  O4 - HKCU..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent File not found
  O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
  O4 - Startup: C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = File not found
  O4 - Startup: C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\V CAST Media Monitor.lnk = File not found
  O9 - Extra Button: Profile Pimp - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\IEToolbar\Profile Pimp\tbcore3.dll File not found
  O9 - Extra 'Tools' menuitem : Profile Pimp - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - C:\Program Files\IEToolbar\Profile Pimp\tbcore3.dll File not found
  O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
  O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
  O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
  O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.0)
  O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.0)
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
  O33 - MountPoints2\{1a285ace-f9c4-11de-9988-7a8020000200}\Shell - "" = AutoRun
  O33 - MountPoints2\{1a285ace-f9c4-11de-9988-7a8020000200}\Shell\AutoRun\command - "" = H:\VideoConvert.exe
  O33 - MountPoints2\{232b2763-76ab-11df-a03e-001f165f23bb}\Shell\AutoRun\command - "" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe
  O33 - MountPoints2\{333e3365-fcfc-11df-b4fa-001f165f23bb}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe
  O33 - MountPoints2\{333e3365-fcfc-11df-b4fa-001f165f23bb}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe
  O33 - MountPoints2\{7d1f4d04-80b4-11df-ac4e-001f165f23bb}\Shell\AutoRun\command - "" = F:\slacker.synclauncher.exe
  O33 - MountPoints2\{7d1f4d04-80b4-11df-ac4e-001f165f23bb}\Shell\slacker\command - "" = F:\slacker.synclauncher.exe
  @Alternate Data Stream - 256 bytes -> C:\ProgramData\Temp:D8A1AC56
  @Alternate Data Stream - 254 bytes -> C:\ProgramData\Temp:E402E439
  @Alternate Data Stream - 248 bytes -> C:\ProgramData\Temp:9C7A32BB
  @Alternate Data Stream - 245 bytes -> C:\ProgramData\Temp:8B79243A
  @Alternate Data Stream - 240 bytes -> C:\ProgramData\Temp:70E897B5
  @Alternate Data Stream - 236 bytes -> C:\ProgramData\Temp:AD020DC3
  @Alternate Data Stream - 231 bytes -> C:\ProgramData\Temp:341C1FBD
  @Alternate Data Stream - 230 bytes -> C:\ProgramData\Temp:9195103F
  @Alternate Data Stream - 227 bytes -> C:\ProgramData\Temp:E6C6EB3B
  @Alternate Data Stream - 224 bytes -> C:\ProgramData\Temp:6F0B6A5A
  @Alternate Data Stream - 223 bytes -> C:\ProgramData\Temp:2AE74FF9
  @Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:FC4EA67C
  @Alternate Data Stream - 220 bytes -> C:\ProgramData\Temp:57EE48CA
  @Alternate Data Stream - 218 bytes -> C:\ProgramData\Temp:206470A5
  @Alternate Data Stream - 217 bytes -> C:\ProgramData\Temp:63210866
  @Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:97C4F81F
  @Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:5EF1AD34
  @Alternate Data Stream - 215 bytes -> C:\ProgramData\Temp:124322E4
  @Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:3D922890
  @Alternate Data Stream - 214 bytes -> C:\ProgramData\Temp:1CDEDE11
  @Alternate Data Stream - 213 bytes -> C:\ProgramData\Temp:CBAF0C30
  @Alternate Data Stream - 212 bytes -> C:\ProgramData\Temp:064877B6
  @Alternate Data Stream - 211 bytes -> C:\ProgramData\Temp:CF61CE5A
  @Alternate Data Stream - 210 bytes -> C:\ProgramData\Temp:7A0EFE63
  @Alternate Data Stream - 206 bytes -> C:\ProgramData\Temp:708BB0FA
  @Alternate Data Stream - 203 bytes -> C:\ProgramData\Temp:0D3CE40A
  @Alternate Data Stream - 201 bytes -> C:\ProgramData\Temp:55E1514E
  @Alternate Data Stream - 195 bytes -> C:\ProgramData\Temp:78E0DF72
  @Alternate Data Stream - 194 bytes -> C:\ProgramData\Temp:6444B424
  @Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:922DA2DB
  @Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:258D2F8B
  @Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:FF717A18
  @Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:1E87A273
  @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:E8B61305
  @Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:4D729D61
  @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:8FC1A8C4
  @Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:E8C44CB4
  @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:11590865
  @Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:869C6B4A
  @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:9E22BBE8
  @Alternate Data Stream - 141 bytes -> C:\ProgramData\Temp:97AAB7F2
  @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:2CB9631F
  @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:0BACBDD9
  @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:A3B8F70C
  @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:FBD274CF
  @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:ADA83999
  @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:7DC5D762
  @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:B54E4B5A
  @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:398EFF0F
  @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:F72306CC
  @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D115F6E4
  @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:98982C88
  @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:5DABFF83
  @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:12258D63
  @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:90A2BDE4
  @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:6B50A605
  @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:A7DA2BCD
  @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:BB71BBA2
  @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:3559A02E
  @Alternate Data Stream - 102 bytes -> C:\ProgramData\Temp:663B62CA
  @Alternate Data Stream - 100 bytes -> C:\ProgramData\Temp:71441FEF
  
  :Commands
  [resethosts]
  [emptytemp]
  [Reboot]
  

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Step 2
Please run a free online scan with the ESET Online Scanner
Note: If you use Firefox or Chrome for this, it will require you to install a small tool. Please allow it!

• Tick the box next to YES, I accept the Terms of Use
• Please make sure that Remove found Threats is NOT checked!
• Click Advanced Settings
• Make sure Scan for potentially unwanted applications is Checked
• Click Start
• Once the scan is completed, you may close the window
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
• Copy and paste that log as a reply to this topic

Step 3

Download AdwCleaner from here to your desktop
Run AdwCleaner for Vista and 7 right click and select Run as administrator

Select Delete



Once done it will ask to reboot, allow this
On reboot a log will be produced please post it

In your next post please include the following:

• OTL Log
• ESET Log
• ADWCleaner Log

Thanks
Cruise

[mawmaw]

Back in town. I couldn't keep internet for more than 1 to 2 min and took forever to post the otl. But that may be a post to another board as I cant seem to use any wireless but my home wireless.

1.Pressed window key+ R entered iexplorer.exe and it found none
2.ran fix and it stopped responding with empty temp and reboot left to do.
will let it sit a while to see if it responds on its own.
will finish tom.

Tried again and noticed i put in iexplorer instead of iexplore.exe. I found it and clicked on it but only got yahoo.com in the tab with all white screen. Nothing else.

Edited by mawmaw, 29 October 2012 - 06:49 PM.

[mawmaw]

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=398ca74881e3f742af1d73de06164859
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-10-30 01:47:28
# local_time=2012-10-29 08:47:28 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1024 16777215 100 0 1861777 1861777 0 0
# compatibility_mode=5892 16776574 100 100 9256756 188158536 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=403412
# found=2
# cleaned=0
# scan_time=10684
C:\Program Files\WildGames\Time to Hurry Nicoles Story\TownShops.exe a variant of Win32/Kryptik.BCY trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\jnewsome1385\AppData\LocalLow\RadioPI_4eEI\Installr\Cache\3095DAB4.exe a variant of Win32/Toolbar.MyWebSearch.O application (unable to clean) 00000000000000000000000000000000 I
esets_scanner_update returned -1 esets_gle=53251

Edited by mawmaw, 29 October 2012 - 08:17 PM.

[mawmaw]

OTL logfile created on: 10/29/2012 5:15:01 PM - Run 2
OTL by OldTimer - Version 3.2.70.2 Folder = c:\Users\jnewsome1385\Downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.64 Gb Available Physical Memory | 55.90% Memory free
6.09 Gb Paging File | 4.58 Gb Available in Paging File | 75.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.54 Gb Total Space | 134.05 Gb Free Space | 60.24% Space Free | Partition Type: NTFS
Drive D: | 10.34 Gb Total Space | 1.78 Gb Free Space | 17.17% Space Free | Partition Type: NTFS
Drive F: | 14.92 Gb Total Space | 11.63 Gb Free Space | 77.92% Space Free | Partition Type: FAT32

Computer Name: JNEWSOME1385-PC | User Name: jnewsome1385 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/10 14:22:32 | 003,116,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/10/04 18:11:45 | 000,601,088 | ---- | M] (OldTimer Tools) -- c:\Users\jnewsome1385\Downloads\OTL (1).exe
PRC - [2012/10/02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/02 03:32:28 | 001,113,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/02 03:32:28 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/02 03:31:54 | 000,793,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/02 03:31:48 | 000,439,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/27 06:25:24 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/09/03 12:04:09 | 000,722,528 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/07/16 13:24:06 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/07/16 13:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/07/16 13:23:56 | 000,975,800 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/12/13 07:49:44 | 005,247,624 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
PRC - [2009/10/05 12:44:52 | 000,390,464 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\CenturyLink\Home Network Manager\AffinegyService.exe
PRC - [2009/10/05 12:44:50 | 001,144,128 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\CenturyLink\Home Network Manager\HomeNetworkManager.exe
PRC - [2009/05/08 05:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/10/09 09:58:56 | 000,075,008 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/24 20:55:13 | 000,115,137 | ---- | M] () -- C:\Users\jnewsome1385\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
MOD - [2012/09/27 06:25:24 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/09/03 12:04:15 | 000,564,832 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012/09/03 12:04:13 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012/07/18 13:22:34 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll
MOD - [2012/07/18 13:00:23 | 014,336,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\4d87d775fe42967b4f8cd11ee5252863\Kies.Theme.ni.dll
MOD - [2012/07/18 13:00:22 | 000,033,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\1137776a4570c78b970eacdd314007f3\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2012/07/18 13:00:18 | 000,506,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\d2bc057169af41354b280376edbb0755\Kies.Common.MediaDB.ni.dll
MOD - [2012/07/18 13:00:17 | 000,194,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\4401f8d840e3d7a09d7f555a53d713ef\ASF_cSharpAPI.ni.dll
MOD - [2012/07/18 13:00:17 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\7659186cf36ec04feb3156802c29507d\Kies.Common.StoreManager.ni.dll
MOD - [2012/07/18 13:00:16 | 000,062,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\0d10782d5bb3202de9f6ac5525e2e4dd\Kies.Common.AllShare.ni.dll
MOD - [2012/07/18 13:00:14 | 000,276,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\5c1373e76812767ea3ac89d590428cf5\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2012/07/18 13:00:14 | 000,189,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\0ba08ce2721202a5563fe0e8fd9b4089\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2012/07/18 13:00:14 | 000,046,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AdminCmdAgent\8c8e5aa9d6ccbb5d34bc24fb6c626953\AdminCmdAgent.ni.dll
MOD - [2012/07/18 13:00:11 | 000,563,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\c110809ea71a0da915bff8c3564de677\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2012/07/18 13:00:11 | 000,174,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\96cb2ec6e8aeaacd26c6034d876f3ac2\Interop.DevFileServiceLib.ni.dll
MOD - [2012/07/18 13:00:10 | 000,561,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\e9efb1cd764cc6834826231e56b94645\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2012/07/18 13:00:05 | 001,012,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\8b3b7c83a494d68ad4e627900cdc7fe0\Kies.Common.DeviceService.ni.dll
MOD - [2012/07/18 13:00:05 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d94dc15b2daff1d72d41f1def3a0b021\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2012/07/18 13:00:04 | 000,895,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\430047a5774939668595812299a2fcda\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2012/07/18 13:00:02 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\c99811c6a988ca6c2104a5b45acbddbb\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2012/07/18 13:00:02 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\cbeefee33636e0d0be226cf11e180ba3\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2012/07/18 13:00:02 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\ef9f4aaffdadfc31070e1a838951b277\Interop.PRPLAYERCORELib.ni.dll
MOD - [2012/07/18 13:00:01 | 002,187,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\e2fa09a234ceb42d7010dcf50310e526\Kies.Common.Multimedia.ni.dll
MOD - [2012/07/18 13:00:01 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\b0b31095249cec5ef5c0407fa6b7fc22\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2012/07/18 12:59:55 | 000,183,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\9d5f73031e82f2c167795a8f97a0639b\Kies.Common.MainUI.ni.dll
MOD - [2012/07/18 12:59:52 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\9f36dc97f64f8fa3af14aafecd52e227\Kies.Common.DBManager.ni.dll
MOD - [2012/07/18 12:59:50 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\6265ffca46eab52d5f798847b5ea908c\CabLib.ni.dll
MOD - [2012/07/18 12:59:48 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
MOD - [2012/07/18 12:59:44 | 000,530,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\2d7161baa59dd2c1c39f4a192d760e7d\ICSharpCode.SharpZipLib.ni.dll
MOD - [2012/07/18 12:59:44 | 000,261,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\d9bfdca5d5db4c60618c84025158a207\Kies.Common.Util.ni.dll
MOD - [2012/07/18 12:59:41 | 001,689,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\7500c4d25baa63d88698f97d1824fa78\Kies.UI.ni.dll
MOD - [2012/07/18 12:59:41 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\9a6bad5be6518d4a975893676a49a82c\Interop.DeviceSearchLib.ni.dll
MOD - [2012/07/18 12:59:40 | 001,381,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\7a59be2dfd1d3f99b3489eea8df66016\Kies.Locale.ni.dll
MOD - [2012/07/18 12:59:37 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\adb0105c92aaf42f571a2fd25a4228a9\Kies.MVVM.ni.dll
MOD - [2012/07/18 12:59:36 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\3f6f79987f17c00edce423932abd1cf2\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2012/07/18 12:59:34 | 001,181,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\73962fb5234895e46e79de6e1711d093\Kies.Interface.ni.dll
MOD - [2012/07/18 12:59:08 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll
MOD - [2012/07/18 12:59:00 | 000,771,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ef221aa0472b0870b6689ab044fad227\System.Runtime.Remoting.ni.dll
MOD - [2012/07/18 12:58:45 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012/07/18 12:58:45 | 001,691,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\4f298fff2a50c324d5b07d75b3bace38\Kies.ni.exe
MOD - [2012/07/18 12:45:53 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012/07/18 12:45:32 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012/07/18 12:44:46 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012/07/18 12:43:50 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012/07/18 12:43:14 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012/07/18 12:43:05 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012/07/18 12:42:38 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012/07/18 12:42:37 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012/07/18 12:42:17 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
MOD - [2012/07/18 12:41:41 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012/07/18 12:41:28 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012/07/16 13:24:06 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012/06/14 03:46:46 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:46:35 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/06/14 03:46:06 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012/06/14 03:44:31 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012/05/10 06:20:54 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/05/10 06:19:45 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012/05/10 06:19:43 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll
MOD - [2012/05/10 06:19:43 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll
MOD - [2012/05/10 06:19:43 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.Wrapper.dll
MOD - [2012/05/10 06:19:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/05/10 03:46:08 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/05/10 03:45:23 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll
MOD - [2012/05/10 03:45:08 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012/05/10 03:44:31 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012/05/10 03:44:27 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/10 03:44:00 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2010/12/13 07:49:44 | 005,247,624 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
MOD - [2010/12/13 07:49:20 | 000,684,032 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\libexpat.dll
MOD - [2010/12/13 07:49:20 | 000,466,975 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\sqlite3.dll
MOD - [2010/12/13 07:49:20 | 000,100,352 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\avutil-50.dll
MOD - [2009/10/05 12:44:56 | 000,020,288 | ---- | M] () -- C:\Program Files\CenturyLink\Home Network Manager\AffinegyServicePS.dll
MOD - [2009/04/11 01:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009/04/10 21:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009/03/29 23:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009/03/29 23:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009/02/20 15:22:30 | 000,913,408 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll
MOD - [2008/09/30 18:56:06 | 000,032,768 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008/09/30 18:52:02 | 000,007,168 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008/09/30 18:52:00 | 000,057,344 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008/09/30 18:51:52 | 000,118,784 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008/09/30 18:51:52 | 000,010,240 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008/09/30 18:51:36 | 000,040,960 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008/09/30 18:51:36 | 000,028,672 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008/09/30 18:51:36 | 000,005,632 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP Advisor\MessagingInterface.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2012/10/09 05:59:57 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/03 12:04:09 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2011/11/16 11:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2011/11/10 08:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/10/05 12:44:52 | 000,390,464 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\CenturyLink\Home Network Manager\AffinegyService.exe -- (AffinegyService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTDMWWAN.sys -- (PTDMWWAN)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTDMVsp.sys -- (PTDMVsp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTDMMdm.sys -- (PTDMMdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTDMBus.sys -- (PTDMBus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandmodem.sys -- (ANDModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandgps.sys -- (AndGps)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lganddiag.sys -- (AndDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandbus.sys -- (Andbus)
DRV - [2012/10/05 03:26:22 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/21 03:45:52 | 000,055,008 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/09/13 03:11:20 | 000,177,504 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/09/03 12:04:13 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/06/04 02:59:20 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/06/04 02:59:20 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2010/12/21 00:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/12/21 00:55:02 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2010/12/21 00:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2010/12/21 00:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/09/26 21:13:10 | 001,882,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/03/15 08:44:48 | 000,127,488 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009/10/26 21:01:06 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HtcVComV32.sys -- (HtcVCom32)
DRV - [2009/10/26 21:01:06 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HtcUsbMdmV32.sys -- (HtcUsbMdmV32)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/01/20 06:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/20 21:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\URLSearchHook: {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{7DC7C2A9-63BE-4EDF-99EF-028F49D65B85}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{86336D6B-C1D5-4EC7-B038-A0D3290449FD}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT1529850

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://www.ask.com/?...?l=dis&o=14196"
FF - prefs.js..keyword.URL: "http://websearch.ask...TES002U0US&&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.defaultengine: "Ask.com"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Windows\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\14\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\jnewsome1385\AppData\Local\Roblox\Versions\version-5e3e8a498c5b4d63\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jnewsome1385\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jnewsome1385\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\jnewsome1385\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/01/20 18:16:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/04/07 19:54:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.34\ [2012/09/27 06:25:44 | 000,000,000 | ---D | M]

[2010/05/27 20:15:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Extensions
[2009/05/08 23:59:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/07/02 13:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\extensions
[2010/01/08 19:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/10 14:58:56 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/06/10 14:59:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/07/07 15:53:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/01/18 02:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\extensions\{ee1a404c-5714-451f-9365-a94936993d19}
[2010/01/08 19:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\extensions\staged-xpis
[2009/03/18 14:40:42 | 000,019,153 | ---- | M] () (No name found) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\extensions\staged-xpis\{20a82645-c095-46ed-80e3-08825760534b}\MicrosoftDotNetFrameworkAssistant.xpi
[2011/11/17 20:25:44 | 000,002,333 | ---- | M] () -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\searchplugins\askcom.xml
[2009/03/25 12:49:20 | 000,000,944 | ---- | M] () -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\searchplugins\icqplugin.xml
[2008/12/12 13:23:54 | 000,002,158 | ---- | M] () -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\searchplugins\MySpace.xml
[2010/12/29 21:16:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/05/02 15:37:47 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

========== Chrome ==========

CHR - homepage: http://www.centurylink.net/
CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = https://isearch.avg....fr&d=2012-06-02 22:02:31&v=12.2.5.32&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.goog...outputEncoding},
CHR - homepage: http://www.centurylink.net/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\22.0.1229.94\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\jnewsome1385\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\jnewsome1385\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: getPlusPlus for Adobe 162100 (Enabled) = C:\Program Files\NOS\bin\np_gp.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\6\NP_wtapp.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\jnewsome1385\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Windows\Downloaded Program Files\npsoe.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Angry Birds = C:\Users\jnewsome1385\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\jnewsome1385\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\jnewsome1385\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Secure Search = C:\Users\jnewsome1385\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.34_0\
CHR - Extension: Gmail = C:\Users\jnewsome1385\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/28 19:58:28 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\CenturyLink\Home Network Manager\HomeNetworkManager.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" File not found
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [EPSON Stylus DX5000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab (SOE Web Installer)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Emerald%20City%20Confidential/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect119.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Reg Error: Unable to open value key)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Unable to open value key)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Unable to open value key)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Emerald%20City%20Confidential/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Unable to open value key)
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} http://download-game...ameLauncher.cab (Playtime Games Launcher)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/28 19:57:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/28 17:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/10/22 20:54:57 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Awakening - The Skyward Castle
[2012/10/22 20:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Awakening - The Skyward Castle
[2012/10/22 18:59:00 | 000,233,640 | ---- | C] (Big Fish Games) -- C:\Users\jnewsome1385\Desktop\awakening-the-skyward-castle_s1_l1_gF7374T1L1_d1896912889.exe
[2012/10/21 21:44:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Lifetime_KeysToM
[2012/10/20 22:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/10/20 17:30:34 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Redemption Cemetery - Grave Testimony
[2012/10/20 17:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Redemption Cemetery - Grave Testimony
[2012/10/20 08:32:54 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Lost in the City
[2012/10/19 21:31:37 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Jane s Hotel Family Hero
[2012/10/19 21:15:28 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Keys to Manhattan
[2012/10/19 21:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Keys to Manhattan
[2012/10/19 20:49:47 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lost in the City
[2012/10/19 20:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lost in the City
[2012/10/19 20:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jane`s Hotel - Family Hero
[2012/10/18 18:56:45 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\Desktop\Miller - Aluminations (3) Shedding Light on Aluminum Welding Issues_files
[2012/10/17 19:51:33 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Natalie Brooks - Secrets of Treasure House
[2012/10/17 19:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Natalie Brooks - Secrets of Treasure House
[2012/10/17 19:27:03 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Three Musketeers Secret - Constance's Mission
[2012/10/17 19:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Three Musketeers Secret - Constance's Mission
[2012/10/15 18:38:53 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\James Patterson Women's Murder Club - Death in Scarlet
[2012/10/15 18:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\James Patterson Women's Murder Club - Death in Scarlet
[2012/10/15 18:17:03 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Build-a-lot 2 - Town of the Year
[2012/10/15 18:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Build-a-lot 2 - Town of the Year
[2012/10/15 16:21:25 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Azada
[2012/10/15 16:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Azada
[2012/10/14 16:01:32 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hodgepodge Hollow
[2012/10/14 16:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hodgepodge Hollow
[2012/10/14 07:48:17 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Awakening - The Goblin Kingdom
[2012/10/14 07:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Awakening - The Goblin Kingdom
[2012/10/13 20:53:52 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Hidden Objects Romance
[2012/10/13 19:44:41 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\The Drama Queen Murder
[2012/10/13 13:06:41 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\PlataGames
[2012/10/06 15:14:57 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\Documents\Alibi in Ashes
[2012/10/05 03:26:22 | 000,093,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2012/10/02 03:30:38 | 000,159,712 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2012/07/08 09:13:07 | 000,990,448 | ---- | C] (Solid State Networks) -- C:\Users\jnewsome1385\install_flashplayer11x32ax_gtbp_chra_aih.exe
[2012/06/02 11:24:26 | 000,212,224 | ---- | C] (Big Fish Games) -- C:\Users\jnewsome1385\bigfishgames_p144602085_s1_l1.exe
[2011/12/06 17:29:19 | 000,212,224 | ---- | C] (Big Fish Games) -- C:\Users\jnewsome1385\bigfishgames_p1757515_s1_l1.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/29 17:11:53 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/10/29 17:10:20 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/29 17:09:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/29 17:09:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/29 17:09:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/29 17:09:22 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/29 06:00:21 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-336909821-1831755368-2757767675-1000Core.job
[2012/10/29 06:00:21 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForjnewsome1385.job
[2012/10/29 05:58:12 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-336909821-1831755368-2757767675-1000UA.job
[2012/10/29 05:58:10 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/29 05:58:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/28 19:58:28 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/10/28 17:12:40 | 000,000,758 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/10/22 20:57:58 | 000,001,220 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2012/10/22 20:57:58 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Play Awakening - The Skyward Castle.lnk
[2012/10/22 18:59:04 | 000,233,640 | ---- | M] (Big Fish Games) -- C:\Users\jnewsome1385\Desktop\awakening-the-skyward-castle_s1_l1_gF7374T1L1_d1896912889.exe
[2012/10/20 22:14:31 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/10/20 22:05:12 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/20 22:03:43 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/10/20 17:58:54 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\Play Redemption Cemetery - Grave Testimony.lnk
[2012/10/19 21:28:31 | 000,000,685 | ---- | M] () -- C:\Users\Public\Desktop\Play Keys to Manhattan.lnk
[2012/10/19 20:57:03 | 000,000,670 | ---- | M] () -- C:\Users\Public\Desktop\Play Lost in the City.lnk
[2012/10/19 20:49:35 | 000,000,734 | ---- | M] () -- C:\Users\Public\Desktop\Play Jane`s Hotel - Family Hero.lnk
[2012/10/18 05:45:36 | 000,002,206 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
[2012/10/18 05:45:35 | 000,001,053 | ---- | M] () -- C:\WildTangent Games App - wildgames.lnk
[2012/10/17 19:54:57 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\Play Natalie Brooks - Secrets of Treasure House.lnk
[2012/10/17 19:31:18 | 000,000,865 | ---- | M] () -- C:\Users\Public\Desktop\Play Three Musketeers Secret - Constance's Mission.lnk
[2012/10/15 18:45:52 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Play James Patterson Women's Murder Club - Death in Scarlet.lnk
[2012/10/15 18:22:10 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Play Build-a-lot 2 - Town of the Year.lnk
[2012/10/15 16:26:41 | 000,000,573 | ---- | M] () -- C:\Users\Public\Desktop\Play Azada.lnk
[2012/10/14 16:07:52 | 000,000,683 | ---- | M] () -- C:\Users\Public\Desktop\Play Hodgepodge Hollow.lnk
[2012/10/14 07:50:36 | 000,000,794 | ---- | M] () -- C:\Users\Public\Desktop\Play Awakening - The Goblin Kingdom.lnk
[2012/10/14 06:30:10 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/14 06:30:10 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/10 19:28:08 | 000,002,039 | ---- | M] () -- C:\Users\jnewsome1385\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/05 03:26:22 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/29 14:19:39 | 3149,078,528 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/24 17:15:22 | 000,001,673 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/10/24 17:15:06 | 000,001,111 | ---- | C] () -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/10/22 20:57:58 | 000,001,220 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2012/10/22 20:57:58 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Play Awakening - The Skyward Castle.lnk
[2012/10/20 17:58:54 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\Play Redemption Cemetery - Grave Testimony.lnk
[2012/10/19 21:28:31 | 000,000,685 | ---- | C] () -- C:\Users\Public\Desktop\Play Keys to Manhattan.lnk
[2012/10/19 20:57:03 | 000,000,670 | ---- | C] () -- C:\Users\Public\Desktop\Play Lost in the City.lnk
[2012/10/19 20:49:35 | 000,000,734 | ---- | C] () -- C:\Users\Public\Desktop\Play Jane`s Hotel - Family Hero.lnk
[2012/10/17 19:54:57 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\Play Natalie Brooks - Secrets of Treasure House.lnk
[2012/10/17 19:31:18 | 000,000,865 | ---- | C] () -- C:\Users\Public\Desktop\Play Three Musketeers Secret - Constance's Mission.lnk
[2012/10/15 18:45:52 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Play James Patterson Women's Murder Club - Death in Scarlet.lnk
[2012/10/15 18:22:10 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Play Build-a-lot 2 - Town of the Year.lnk
[2012/10/15 16:26:41 | 000,000,573 | ---- | C] () -- C:\Users\Public\Desktop\Play Azada.lnk
[2012/10/14 16:07:52 | 000,000,683 | ---- | C] () -- C:\Users\Public\Desktop\Play Hodgepodge Hollow.lnk
[2012/10/14 07:50:36 | 000,000,794 | ---- | C] () -- C:\Users\Public\Desktop\Play Awakening - The Goblin Kingdom.lnk
[2012/10/03 18:35:33 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/26 16:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/06/26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/06/26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/06/26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/06/26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/06/24 19:19:19 | 002,337,172 | ---- | C] () -- C:\Users\jnewsome1385\home images.zip
[2011/11/05 15:52:47 | 000,020,843 | ---- | C] () -- C:\Users\jnewsome1385\373873_311249795555806_100000123649283_1469964_803062868_n.jpg
[2011/10/15 16:34:51 | 055,303,820 | ---- | C] () -- C:\Users\jnewsome1385\610_b034_multilanguage (2).exe.sshhc0k.partial
[2011/10/15 16:21:13 | 120,485,720 | ---- | C] () -- C:\Users\jnewsome1385\610_b034_multilanguage.exe
[2011/10/15 15:49:27 | 120,485,720 | ---- | C] () -- C:\Users\jnewsome1385\610_b034_multilanguage (1).exe
[2011/10/13 11:31:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/10/13 11:30:24 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/05/07 15:23:44 | 000,043,520 | ---- | C] () -- C:\Windows\System32\sutil32.dll
[2011/02/16 17:43:57 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/12/30 16:50:29 | 000,000,503 | ---- | C] () -- C:\Windows\eReg.dat
[2010/08/21 17:32:21 | 000,031,007 | ---- | C] () -- C:\Users\jnewsome1385\AppData\Roaming\UserTile.png
[2009/06/25 06:12:37 | 000,000,116 | ---- | C] () -- C:\Users\jnewsome1385\AppData\Roaming\wklnhst.dat
[2009/06/22 19:37:32 | 000,023,552 | ---- | C] () -- C:\Users\jnewsome1385\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/04 20:53:34 | 000,032,940 | ---- | C] () -- C:\Users\jnewsome1385\AppData\Local\slot1.mm1
[2009/02/26 17:11:58 | 000,000,680 | ---- | C] () -- C:\Users\jnewsome1385\AppData\Local\d3d9caps.dat
[2009/01/05 15:34:51 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== ZeroAccess Check ==========

[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/07/21 23:13:30 | 000,000,000 | -HSD | M] -- C:\Users\jnewsome1385\AppData\Roaming\.#
[2012/04/29 06:24:09 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Alawar
[2011/10/22 15:00:26 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Alawar Entertainment
[2012/06/05 21:08:57 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Alawar Stargaze
[2012/10/06 18:53:10 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\AlawarEntertainment
[2012/09/01 17:51:18 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Amulet_of_time
[2011/12/30 21:43:48 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Atari
[2012/09/27 06:26:56 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\AVG2013
[2011/10/23 18:25:45 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Awem
[2011/12/26 23:08:23 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Azureus
[2011/11/01 18:59:44 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Big Finish
[2011/03/05 15:45:19 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Big Fish Games
[2012/09/07 19:03:09 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\blg
[2009/04/02 18:50:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Boolat Games
[2012/10/22 19:34:06 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Boomzap
[2012/01/29 16:02:55 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\cerasus.media
[2012/06/02 12:59:15 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\ChaYoWo Games
[2012/01/28 11:23:03 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Deep Shadows
[2011/03/05 22:41:24 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Dekovir
[2012/08/31 20:18:09 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\DragonsEye Studios
[2012/10/20 20:17:07 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\ERS Game Studios
[2011/12/04 20:58:43 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\EscapeTheMuseum2
[2009/07/26 21:08:49 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Fabulous Finds
[2012/08/18 17:18:02 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\FBI
[2012/10/15 18:50:31 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Flood Light Games
[2012/04/20 21:26:41 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Floodlight Games
[2012/08/03 20:55:51 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Freeze Tag
[2012/09/08 20:04:15 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Friday's games
[2011/12/05 10:56:43 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\FrostWire
[2009/10/26 20:51:25 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\funkitron
[2012/10/18 21:22:35 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Funlinker
[2011/11/23 18:53:08 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\GameHouse
[2009/11/12 17:29:04 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Gamelab
[2010/08/07 14:00:15 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\GamersDigital
[2012/08/30 16:25:15 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Games
[2011/04/06 19:01:23 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\GestaltGames
[2011/11/16 18:06:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\GO Games
[2009/08/06 23:25:59 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2011/04/02 23:45:45 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Gogii
[2012/08/18 21:11:55 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Gogii Games
[2009/11/17 13:58:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Gold Casual Games
[2011/04/22 18:59:02 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\GuardiansOfMagic
[2012/10/13 23:12:30 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Hidden Objects Romance
[2011/12/13 17:16:10 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\HitPoint Studios
[2009/11/18 22:13:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\iWin
[2012/10/19 21:31:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Jane s Hotel Family Hero
[2009/03/08 10:37:59 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Jetsetter
[2012/08/22 18:57:59 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Jigsaws Galore
[2011/03/26 14:42:22 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\KingArthur
[2012/09/11 21:51:35 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\kingdom
[2012/09/22 20:12:33 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\LegacyGames
[2012/08/28 22:57:24 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\LegacyInteractive
[2010/12/22 17:19:52 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\LimeWire
[2012/10/22 18:33:14 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Lost in the City
[2010/03/01 02:26:58 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Ludia
[2011/10/19 18:41:33 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\MagicIndie
[2011/03/05 17:30:22 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\margrave3_full
[2011/10/23 11:36:21 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\MumboJumbo
[2010/07/26 17:51:38 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\muvee Technologies
[2009/09/16 23:11:54 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\My Games
[2011/02/05 10:23:21 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Mystery of Mortlake Mansion
[2011/04/18 18:24:38 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\MysteryStudio
[2011/03/05 21:08:34 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Namco
[2011/03/13 19:42:12 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Old Castle
[2011/04/03 15:25:25 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\OpenCandy
[2012/08/10 19:51:21 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Orneon
[2010/08/21 17:32:21 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\PeerNetworking
[2012/06/07 23:15:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Persha Studia
[2011/03/22 18:17:41 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Phantasmat_wildgames_se
[2012/10/13 13:06:41 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\PlataGames
[2011/04/10 17:11:31 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\PlayFirst
[2009/03/09 18:47:34 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\PoBros
[2009/12/26 02:06:41 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Princess Isabella
[2012/09/15 19:40:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\quickclick
[2011/10/15 16:40:26 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Research In Motion
[2012/07/18 13:00:50 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Samsung
[2011/04/19 17:55:11 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Sanna
[2011/03/30 19:28:21 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\SecretIslandEng
[2009/10/22 22:18:09 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Shape games
[2009/04/15 01:13:59 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\ShinyTales
[2011/12/26 17:12:15 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Skunk Studios
[2011/03/26 20:15:43 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Sleepwalker Games
[2012/07/08 21:01:50 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\SMIGames
[2011/02/16 17:17:43 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Smith Micro
[2012/07/21 21:59:26 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Specialbit
[2009/03/25 17:40:13 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\SpinTop
[2011/11/04 16:47:03 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\SpinTop Games
[2009/02/15 18:53:28 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\SPORE Creature Creator
[2012/07/07 15:52:34 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Systweak
[2009/06/25 06:12:39 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Template
[2012/10/13 19:44:41 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\The Drama Queen Murder
[2011/10/23 18:28:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\TOMI3
[2012/07/09 16:20:42 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Top Evidence
[2009/03/22 19:29:15 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Total Eclipse
[2012/09/27 06:26:09 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\TuneUp Software
[2009/11/07 16:03:30 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Utherverse
[2010/03/03 23:09:21 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\ValuSoft
[2012/02/25 16:43:54 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Vast Studios
[2012/06/30 13:23:22 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\VendelGAMES
[2011/04/13 19:59:09 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\WhiteBirdsProductions
[2009/08/27 22:44:03 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\WildGames 3 Days Zoo Mystery
[2012/07/29 20:26:24 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\WildTangent
[2009/08/30 00:57:31 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\WildTangentv1002
[2012/09/11 17:12:56 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\YoudaGames

========== Purity Check ==========



< End of report >

[mawmaw]

# AdwCleaner v2.005 - Logfile created 10/29/2012 at 21:27:08
# Updated 14/10/2012 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : jnewsome1385 - JNEWSOME1385-PC
# Boot Mode : Normal
# Running from : C:\Users\jnewsome1385\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search
File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\searchplugins\Askcom.xml
File Deleted : C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\searchplugins\icqplugin.xml
Folder Deleted : C:\Program Files\AVG Secure Search
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ICQ6Toolbar
Folder Deleted : C:\ProgramData\AVG Secure Search
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\JNEWSO~1\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\JNEWSO~1\AppData\Local\Temp\avg@toolbar
Folder Deleted : C:\Users\JNEWSO~1\AppData\Local\Temp\OpenCandy
Folder Deleted : C:\Users\jnewsome1385\AppData\Local\APN
Folder Deleted : C:\Users\jnewsome1385\AppData\Local\AVG Secure Search
Folder Deleted : C:\Users\jnewsome1385\AppData\Local\OpenCandy
Folder Deleted : C:\Users\jnewsome1385\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\jnewsome1385\AppData\LocalLow\BTjunkie
Folder Deleted : C:\Users\jnewsome1385\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\jnewsome1385\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\jnewsome1385\AppData\LocalLow\Hotbar
Folder Deleted : C:\Users\jnewsome1385\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\jnewsome1385\AppData\LocalLow\ShoppingReport
Folder Deleted : C:\Users\jnewsome1385\AppData\Roaming\iWin
Folder Deleted : C:\Users\jnewsome1385\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\BTjunkie
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\FunWebProducts
Key Deleted : HKCU\Software\AppDataLow\Software\Hotbar
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AVG Secure Search
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\Software\BTjunkie
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{483F8D0D-06CC-42B8-B854-8303EA5F3359}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB00001.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB00001.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB00001.TBSB00001
Key Deleted : HKLM\SOFTWARE\Classes\TBSB00001.TBSB00001.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1529850
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92E5039E-FF1E-4AFB-8F24-87592D20C383}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{483F8D0D-06CC-42B8-B854-8303EA5F3359}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1A71246C-3EB0-4D6C-AF77-3AB756017C3A}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v [Unable to get version]

Profile name : default
File : C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\prefs.js

C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("browser.startup.homepage", "hxxp://www.ask.com/?l=dis&o=14196");
Deleted : user_pref("extensions.snipit.askTbInstalled", true);
Deleted : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FWV5&o=14193&locale=[...]
Deleted : user_pref("startup.homepage_override_url", "hxxp://www.ask.com/?o=20011&l=dis");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.yahoo.com/search?ei=UTF-8&fr=yt[...]

-\\ Google Chrome v22.0.1229.94

File : C:\Users\jnewsome1385\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.20] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]
Deleted [l.60] : icon_url = "hxxps://isearch.avg.com/favicon.ico",
Deleted [l.63] : keyword = "isearch.avg.com",
Deleted [l.66] : search_url = "hxxps://isearch.avg.com/search?cid={56E5206A-899E-48CC-923D-227F02A6E63C}&mid=4866777107e447d6b4c3d15650bbca48-b0d4f81a8999f5981f04537c5ec8468fd5234593&lang=en&ds=AVG&pr=fr&d=2012-06-02 22:02:31&v=12.2.5.32&sap=dsp&q={searchTerms}",
Deleted [l.2071] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/406" ]

*************************

AdwCleaner[S1].txt - [10986 octets] - [29/10/2012 21:27:08]

########## EOF - C:\AdwCleaner[S1].txt - [11047 octets] ##########

[Cruise475]

Hi mawmaw,

Thanks for the logs, I will start looking through them. Did the OTL Fix produce a log?

It should be here C:\_OTL\MovedFiles in the form of a .txt document. If it is there, can you please copy and paste it here?

Also, how is your computer running now?

Thanks
Cruise

[mawmaw]

No, it didn't produce a file. That was the one that froze my computer (not responding). I searched thru notepad anyway and didn't find it. The computer has been doing good the last couple days. I was a bit worried when it froze but it has done good since.

Edited by mawmaw, 30 October 2012 - 03:48 PM.

[Cruise475]

Hi mawmaw,

No problem. How is the computer running? What are your current issues?

Thanks
Cruise

[mawmaw]

The thing i am most worried about now are the web search and the kryptik trojan found in the eset scan. Should we remove those?