Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Virus disabled start up, malware, and antivirus. [Solved]


  • This topic is locked This topic is locked

#16
Cruise475

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hi mawmaw,

I completely understand - I assure we we will take care of any malware issues. I am trying to get a picture of how your system is running so I can plan out the next steps. Can I get an update on any issues you are experiencing in the actual operation of your computer. Is the Internet operating good, any boot issues, error messages ect :)

Thanks
Cruise
  • 0

Advertisements


#17
mawmaw

mawmaw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
It is doing great. No problems. all programs are running fine. Also not being redirected to search-nu site anymore. But that one is on my desk top.
  • 0

#18
Cruise475

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hi mawmaw,

Thanks for your patience! I have gone through the logs, and we just have a few more things to do!

The thing i am most worried about now are the web search and the kryptik trojan found in the eset scan. Should we remove those?

I believe C:\Program Files\WildGames\Time to Hurry Nicoles Story\TownShops.exe is a false positive, as it appears to be a game installed on your system. We will take care of the other file in the steps that follow!


For these instructions - again make sure that TeaTimer is disabled!

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :COMMANDS
    [CREATERESTOREPOINT]
    
    :OTL
    IE - HKLM\..\URLSearchHook: {1a71246c-3eb0-4d6c-af77-3ab756017c3a} - No CLSID value found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Reg Error: Unable to open value key)
    O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Unable to open value key)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Unable to open value key)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Unable to open value key)
    
    :FILES
    C:\Users\jnewsome1385\AppData\LocalLow\RadioPI_4eEI\Installr\Cache\3095DAB4.exe
    
    :Commands
    [emptytemp]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

In your next post please include the following:

  • OTL Logs
  • Checkup.txt


Thanks
Cruise
  • 0

#19
mawmaw

mawmaw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
OTL logfile created on: 10/31/2012 5:09:23 PM - Run 3
OTL by OldTimer - Version 3.2.70.1 Folder = c:\users\jnewsome1385\downloads
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 1.59 Gb Available Physical Memory | 54.38% Memory free
6.09 Gb Paging File | 4.56 Gb Available in Paging File | 74.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.54 Gb Total Space | 133.49 Gb Free Space | 59.98% Space Free | Partition Type: NTFS
Drive D: | 10.34 Gb Total Space | 1.78 Gb Free Space | 17.17% Space Free | Partition Type: NTFS
Drive F: | 14.92 Gb Total Space | 11.63 Gb Free Space | 77.92% Space Free | Partition Type: FAT32

Computer Name: JNEWSOME1385-PC | User Name: jnewsome1385 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/10 14:22:32 | 003,116,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/10/03 17:52:52 | 000,600,064 | ---- | M] (OldTimer Tools) -- c:\Users\jnewsome1385\Downloads\OTL.exe
PRC - [2012/10/02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/10/02 03:32:28 | 001,113,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/10/02 03:32:28 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/10/02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/02 03:31:54 | 000,793,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/10/02 03:31:48 | 000,439,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/03 12:04:09 | 000,722,528 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/07/16 13:24:06 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012/07/16 13:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012/07/16 13:23:56 | 000,975,800 | ---- | M] (Samsung) -- C:\Program Files\Samsung\Kies\Kies.exe
PRC - [2011/02/18 11:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/12/13 07:49:44 | 005,247,624 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
PRC - [2009/10/05 12:44:52 | 000,390,464 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\CenturyLink\Home Network Manager\AffinegyService.exe
PRC - [2009/10/05 12:44:50 | 001,144,128 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\CenturyLink\Home Network Manager\HomeNetworkManager.exe
PRC - [2009/05/08 05:53:34 | 000,174,424 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/24 20:55:13 | 000,115,137 | ---- | M] () -- C:\Users\jnewsome1385\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
MOD - [2012/10/10 05:06:15 | 000,460,312 | ---- | M] () -- C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012/10/10 05:06:12 | 004,005,912 | ---- | M] () -- C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 05:04:57 | 000,578,072 | ---- | M] () -- C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
MOD - [2012/10/10 05:04:55 | 000,123,928 | ---- | M] () -- C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\22.0.1229.94\libegl.dll
MOD - [2012/10/10 05:04:44 | 000,156,712 | ---- | M] () -- C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 05:04:43 | 000,275,496 | ---- | M] () -- C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 05:04:42 | 002,168,360 | ---- | M] () -- C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012/07/18 13:22:34 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll
MOD - [2012/07/18 13:00:23 | 014,336,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\4d87d775fe42967b4f8cd11ee5252863\Kies.Theme.ni.dll
MOD - [2012/07/18 13:00:22 | 000,033,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\1137776a4570c78b970eacdd314007f3\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
MOD - [2012/07/18 13:00:18 | 000,506,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MediaDB\d2bc057169af41354b280376edbb0755\Kies.Common.MediaDB.ni.dll
MOD - [2012/07/18 13:00:17 | 000,194,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\4401f8d840e3d7a09d7f555a53d713ef\ASF_cSharpAPI.ni.dll
MOD - [2012/07/18 13:00:17 | 000,029,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.StoreMa#\7659186cf36ec04feb3156802c29507d\Kies.Common.StoreManager.ni.dll
MOD - [2012/07/18 13:00:16 | 000,062,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.AllShare\0d10782d5bb3202de9f6ac5525e2e4dd\Kies.Common.AllShare.ni.dll
MOD - [2012/07/18 13:00:14 | 000,276,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\5c1373e76812767ea3ac89d590428cf5\Kies.Common.DeviceServiceLib.FirmwareUpdate.Common.ni.dll
MOD - [2012/07/18 13:00:14 | 000,189,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\0ba08ce2721202a5563fe0e8fd9b4089\Kies.Common.DeviceServiceLib.FirmwareUpdate.Downloader.ni.dll
MOD - [2012/07/18 13:00:14 | 000,046,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\AdminCmdAgent\8c8e5aa9d6ccbb5d34bc24fb6c626953\AdminCmdAgent.ni.dll
MOD - [2012/07/18 13:00:11 | 000,563,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\c110809ea71a0da915bff8c3564de677\Kies.Common.DeviceServiceLib.FileService.ni.dll
MOD - [2012/07/18 13:00:11 | 000,174,592 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DevFileServ#\96cb2ec6e8aeaacd26c6034d876f3ac2\Interop.DevFileServiceLib.ni.dll
MOD - [2012/07/18 13:00:10 | 000,561,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\e9efb1cd764cc6834826231e56b94645\Kies.Common.DeviceServiceLib.DeviceDataService.ni.dll
MOD - [2012/07/18 13:00:05 | 001,012,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\8b3b7c83a494d68ad4e627900cdc7fe0\Kies.Common.DeviceService.ni.dll
MOD - [2012/07/18 13:00:05 | 000,184,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\d94dc15b2daff1d72d41f1def3a0b021\Kies.Common.DeviceServiceLib.Interface.ni.dll
MOD - [2012/07/18 13:00:04 | 000,895,488 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\430047a5774939668595812299a2fcda\Kies.Common.DeviceServiceLib.DeviceManagement.ni.dll
MOD - [2012/07/18 13:00:02 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.MP3FileInfo#\c99811c6a988ca6c2104a5b45acbddbb\Interop.MP3FileInfoCOMLib.ni.dll
MOD - [2012/07/18 13:00:02 | 000,032,256 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.OGGFileInfo#\cbeefee33636e0d0be226cf11e180ba3\Interop.OGGFileInfoCOMLib.ni.dll
MOD - [2012/07/18 13:00:02 | 000,030,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.PRPLAYERCOR#\ef9f4aaffdadfc31070e1a838951b277\Interop.PRPLAYERCORELib.ni.dll
MOD - [2012/07/18 13:00:01 | 002,187,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Multime#\e2fa09a234ceb42d7010dcf50310e526\Kies.Common.Multimedia.ni.dll
MOD - [2012/07/18 13:00:01 | 000,171,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.P3MPINTERFA#\b0b31095249cec5ef5c0407fa6b7fc22\Interop.P3MPINTERFACECTRLLib.ni.dll
MOD - [2012/07/18 12:59:55 | 000,183,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.MainUI\9d5f73031e82f2c167795a8f97a0639b\Kies.Common.MainUI.ni.dll
MOD - [2012/07/18 12:59:52 | 000,067,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DBManag#\9f36dc97f64f8fa3af14aafecd52e227\Kies.Common.DBManager.ni.dll
MOD - [2012/07/18 12:59:50 | 000,395,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CabLib\6265ffca46eab52d5f798847b5ea908c\CabLib.ni.dll
MOD - [2012/07/18 12:59:48 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
MOD - [2012/07/18 12:59:44 | 000,530,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ICSharpCode.SharpZi#\2d7161baa59dd2c1c39f4a192d760e7d\ICSharpCode.SharpZipLib.ni.dll
MOD - [2012/07/18 12:59:44 | 000,261,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.Util\d9bfdca5d5db4c60618c84025158a207\Kies.Common.Util.ni.dll
MOD - [2012/07/18 12:59:41 | 001,689,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\7500c4d25baa63d88698f97d1824fa78\Kies.UI.ni.dll
MOD - [2012/07/18 12:59:41 | 000,052,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Interop.DeviceSearc#\9a6bad5be6518d4a975893676a49a82c\Interop.DeviceSearchLib.ni.dll
MOD - [2012/07/18 12:59:40 | 001,381,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Locale\7a59be2dfd1d3f99b3489eea8df66016\Kies.Locale.ni.dll
MOD - [2012/07/18 12:59:37 | 000,078,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\adb0105c92aaf42f571a2fd25a4228a9\Kies.MVVM.ni.dll
MOD - [2012/07/18 12:59:36 | 000,119,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\GongSolutions.Wpf.D#\3f6f79987f17c00edce423932abd1cf2\GongSolutions.Wpf.DragDrop.ni.dll
MOD - [2012/07/18 12:59:34 | 001,181,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies.Interface\73962fb5234895e46e79de6e1711d093\Kies.Interface.ni.dll
MOD - [2012/07/18 12:59:08 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll
MOD - [2012/07/18 12:59:00 | 000,771,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ef221aa0472b0870b6689ab044fad227\System.Runtime.Remoting.ni.dll
MOD - [2012/07/18 12:58:45 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012/07/18 12:58:45 | 001,691,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Kies\4f298fff2a50c324d5b07d75b3bace38\Kies.ni.exe
MOD - [2012/07/18 12:45:53 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012/07/18 12:45:32 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012/07/18 12:44:46 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012/07/18 12:43:50 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012/07/18 12:43:14 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012/07/18 12:43:05 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012/07/18 12:42:38 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012/07/18 12:42:37 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012/07/18 12:42:17 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
MOD - [2012/07/18 12:41:41 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012/07/18 12:41:28 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012/07/16 13:24:06 | 000,021,432 | ---- | M] () -- C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2010/12/13 07:49:44 | 005,247,624 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
MOD - [2010/12/13 07:49:20 | 000,684,032 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\libexpat.dll
MOD - [2010/12/13 07:49:20 | 000,466,975 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\sqlite3.dll
MOD - [2010/12/13 07:49:20 | 000,100,352 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\avutil-50.dll
MOD - [2009/10/05 12:44:56 | 000,020,288 | ---- | M] () -- C:\Program Files\CenturyLink\Home Network Manager\AffinegyServicePS.dll


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe -- (RoxLiveShare9)
SRV - [2012/10/09 05:59:57 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/02 03:32:58 | 000,193,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/02 03:32:04 | 005,783,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/03 12:04:09 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2011/11/16 11:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2011/11/10 08:17:31 | 000,167,264 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/10/05 12:44:52 | 000,390,464 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\CenturyLink\Home Network Manager\AffinegyService.exe -- (AffinegyService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/10/06 11:54:52 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/01/20 21:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTDMWWAN.sys -- (PTDMWWAN)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTDMVsp.sys -- (PTDMVsp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTDMMdm.sys -- (PTDMMdm)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\PTDMBus.sys -- (PTDMBus)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandmodem.sys -- (ANDModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandgps.sys -- (AndGps)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lganddiag.sys -- (AndDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgandbus.sys -- (Andbus)
DRV - [2012/10/05 03:26:22 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/09/21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/09/21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/09/21 03:45:52 | 000,055,008 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/09/14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/09/13 03:11:20 | 000,177,504 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/09/03 12:04:13 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/06/04 02:59:20 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm)
DRV - [2012/06/04 02:59:20 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2010/12/21 00:55:02 | 000,132,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2010/12/21 00:55:02 | 000,110,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdserd.sys -- (sscdserd)
DRV - [2010/12/21 00:55:02 | 000,104,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2010/12/21 00:55:02 | 000,014,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2010/09/26 21:13:10 | 001,882,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/03/15 08:44:48 | 000,127,488 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2009/10/26 21:01:06 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HtcVComV32.sys -- (HtcVCom32)
DRV - [2009/10/26 21:01:06 | 000,105,984 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HtcUsbMdmV32.sys -- (HtcUsbMdmV32)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2009/01/20 06:49:26 | 000,142,848 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/10/03 03:39:28 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/20 21:32:45 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2007/10/17 18:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/18 19:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{7DC7C2A9-63BE-4EDF-99EF-028F49D65B85}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{86336D6B-C1D5-4EC7-B038-A0D3290449FD}: "URL" = http://www.ask.com/w...}&l=dis&o=uscql

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGLL_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3: C:\Windows\Downloaded Program Files\npsoe.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\14\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\jnewsome1385\AppData\Local\Roblox\Versions\version-5e3e8a498c5b4d63\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jnewsome1385\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jnewsome1385\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\jnewsome1385\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/01/20 18:16:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared [2011/04/07 19:54:51 | 000,000,000 | ---D | M]

[2010/05/27 20:15:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Extensions
[2009/05/08 23:59:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Extensions\[email protected]
[2012/07/02 13:11:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\extensions
[2010/01/08 19:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/06/10 14:58:56 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/06/10 14:59:09 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/07/07 15:53:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/01/18 02:25:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\extensions\{ee1a404c-5714-451f-9365-a94936993d19}
[2010/01/08 19:43:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\extensions\staged-xpis
[2009/03/18 14:40:42 | 000,019,153 | ---- | M] () (No name found) -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\extensions\staged-xpis\{20a82645-c095-46ed-80e3-08825760534b}\MicrosoftDotNetFrameworkAssistant.xpi
[2008/12/12 13:23:54 | 000,002,158 | ---- | M] () -- C:\Users\jnewsome1385\AppData\Roaming\Mozilla\Firefox\Profiles\kd64el6c.default\searchplugins\MySpace.xml
[2010/12/29 21:16:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/05/02 15:37:47 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = https://isearch.avg....fr&d=2012-06-02 22:02:31&v=12.2.5.32&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.goog...outputEncoding}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\jnewsome1385\AppData\Local\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: WildTangent Games App V2 Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\14\NP_wtapp.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\jnewsome1385\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\jnewsome1385\AppData\Local\Roblox\Versions\version-5e3e8a498c5b4d63\\NPRobloxProxy.dll
CHR - plugin: SOE Web Installer (Enabled) = C:\Windows\Downloaded Program Files\npsoe.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

O1 HOSTS File: ([2012/10/28 19:58:28 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn6\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HF_G_Jul] "C:\Program Files\AVG Secure Search\HF_G_Jul.exe" /DoAction File not found
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\CenturyLink\Home Network Manager\HomeNetworkManager.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" File not found
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [YMailAdvisor] C:\Program Files\Yahoo!\Common\YMailAdvisor.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [EPSON Stylus DX5000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [DeleteOnReboot] C:\Windows\DeleteOnReboot.bat ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.co...ebInstaller.cab (SOE Web Installer)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Emerald%20City%20Confidential/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.h...hpdetect119.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} Reg Error: Value error. (Reg Error: Unable to open value key)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Unable to open value key)
O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Unable to open value key)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Emerald%20City%20Confidential/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} Reg Error: Value error. (Reg Error: Unable to open value key)
O16 - DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} http://download-game...ameLauncher.cab (Playtime Games Launcher)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5433B0E1-0824-433C-9B73-BBD8DB9E0FC5}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/29 17:36:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/10/28 19:57:35 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/28 17:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/10/22 20:54:57 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Awakening - The Skyward Castle
[2012/10/22 20:54:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Awakening - The Skyward Castle
[2012/10/22 18:59:00 | 000,233,640 | ---- | C] (Big Fish Games) -- C:\Users\jnewsome1385\Desktop\awakening-the-skyward-castle_s1_l1_gF7374T1L1_d1896912889.exe
[2012/10/21 21:44:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Lifetime_KeysToM
[2012/10/20 22:26:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/10/20 17:30:34 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Redemption Cemetery - Grave Testimony
[2012/10/20 17:30:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Redemption Cemetery - Grave Testimony
[2012/10/20 08:32:54 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Lost in the City
[2012/10/19 21:31:37 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Jane s Hotel Family Hero
[2012/10/19 21:15:28 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Keys to Manhattan
[2012/10/19 21:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Keys to Manhattan
[2012/10/19 20:49:47 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lost in the City
[2012/10/19 20:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lost in the City
[2012/10/19 20:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jane`s Hotel - Family Hero
[2012/10/18 18:56:45 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\Desktop\Miller - Aluminations (3) Shedding Light on Aluminum Welding Issues_files
[2012/10/17 19:51:33 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Natalie Brooks - Secrets of Treasure House
[2012/10/17 19:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Natalie Brooks - Secrets of Treasure House
[2012/10/17 19:27:03 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Three Musketeers Secret - Constance's Mission
[2012/10/17 19:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Three Musketeers Secret - Constance's Mission
[2012/10/15 18:38:53 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\James Patterson Women's Murder Club - Death in Scarlet
[2012/10/15 18:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\James Patterson Women's Murder Club - Death in Scarlet
[2012/10/15 18:17:03 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Build-a-lot 2 - Town of the Year
[2012/10/15 18:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Build-a-lot 2 - Town of the Year
[2012/10/15 16:21:25 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Azada
[2012/10/15 16:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Azada
[2012/10/14 16:01:32 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hodgepodge Hollow
[2012/10/14 16:01:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hodgepodge Hollow
[2012/10/14 07:48:17 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Awakening - The Goblin Kingdom
[2012/10/14 07:48:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Awakening - The Goblin Kingdom
[2012/10/13 20:53:52 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\Hidden Objects Romance
[2012/10/13 19:44:41 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\The Drama Queen Murder
[2012/10/13 13:06:41 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\AppData\Roaming\PlataGames
[2012/10/06 15:14:57 | 000,000,000 | ---D | C] -- C:\Users\jnewsome1385\Documents\Alibi in Ashes
[2012/10/05 03:26:22 | 000,093,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2012/10/02 03:30:38 | 000,159,712 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2012/07/08 09:13:07 | 000,990,448 | ---- | C] (Solid State Networks) -- C:\Users\jnewsome1385\install_flashplayer11x32ax_gtbp_chra_aih.exe
[2012/06/02 11:24:26 | 000,212,224 | ---- | C] (Big Fish Games) -- C:\Users\jnewsome1385\bigfishgames_p144602085_s1_l1.exe
[2011/12/06 17:29:19 | 000,212,224 | ---- | C] (Big Fish Games) -- C:\Users\jnewsome1385\bigfishgames_p1757515_s1_l1.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/31 17:09:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/31 17:04:16 | 000,000,284 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/10/31 17:03:11 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/31 17:03:07 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/31 17:01:56 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/31 17:01:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/31 17:01:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/31 17:01:45 | 3149,078,528 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/31 16:30:17 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-336909821-1831755368-2757767675-1000UA.job
[2012/10/31 05:56:45 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-336909821-1831755368-2757767675-1000Core.job
[2012/10/29 21:28:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/10/29 21:27:46 | 000,000,115 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2012/10/29 06:00:21 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForjnewsome1385.job
[2012/10/28 19:58:28 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/10/28 17:12:40 | 000,000,758 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/10/22 20:57:58 | 000,001,220 | ---- | M] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2012/10/22 20:57:58 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Play Awakening - The Skyward Castle.lnk
[2012/10/22 18:59:04 | 000,233,640 | ---- | M] (Big Fish Games) -- C:\Users\jnewsome1385\Desktop\awakening-the-skyward-castle_s1_l1_gF7374T1L1_d1896912889.exe
[2012/10/20 22:05:12 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/20 22:03:43 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/10/20 17:58:54 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\Play Redemption Cemetery - Grave Testimony.lnk
[2012/10/19 21:28:31 | 000,000,685 | ---- | M] () -- C:\Users\Public\Desktop\Play Keys to Manhattan.lnk
[2012/10/19 20:57:03 | 000,000,670 | ---- | M] () -- C:\Users\Public\Desktop\Play Lost in the City.lnk
[2012/10/19 20:49:35 | 000,000,734 | ---- | M] () -- C:\Users\Public\Desktop\Play Jane`s Hotel - Family Hero.lnk
[2012/10/18 05:45:36 | 000,002,206 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - wildgames.lnk
[2012/10/18 05:45:35 | 000,001,053 | ---- | M] () -- C:\WildTangent Games App - wildgames.lnk
[2012/10/17 19:54:57 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\Play Natalie Brooks - Secrets of Treasure House.lnk
[2012/10/17 19:31:18 | 000,000,865 | ---- | M] () -- C:\Users\Public\Desktop\Play Three Musketeers Secret - Constance's Mission.lnk
[2012/10/15 18:45:52 | 000,000,916 | ---- | M] () -- C:\Users\Public\Desktop\Play James Patterson Women's Murder Club - Death in Scarlet.lnk
[2012/10/15 18:22:10 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\Play Build-a-lot 2 - Town of the Year.lnk
[2012/10/15 16:26:41 | 000,000,573 | ---- | M] () -- C:\Users\Public\Desktop\Play Azada.lnk
[2012/10/14 16:07:52 | 000,000,683 | ---- | M] () -- C:\Users\Public\Desktop\Play Hodgepodge Hollow.lnk
[2012/10/14 07:50:36 | 000,000,794 | ---- | M] () -- C:\Users\Public\Desktop\Play Awakening - The Goblin Kingdom.lnk
[2012/10/14 06:30:10 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/14 06:30:10 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/10 19:28:08 | 000,002,039 | ---- | M] () -- C:\Users\jnewsome1385\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/05 03:26:22 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2012/10/02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/29 21:27:16 | 000,000,115 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2012/10/29 14:19:39 | 3149,078,528 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/24 17:15:22 | 000,001,673 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2012/10/24 17:15:06 | 000,001,111 | ---- | C] () -- C:\Users\jnewsome1385\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/10/22 20:57:58 | 000,001,220 | ---- | C] () -- C:\Users\Public\Desktop\More Great Games.lnk
[2012/10/22 20:57:58 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Play Awakening - The Skyward Castle.lnk
[2012/10/20 17:58:54 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\Play Redemption Cemetery - Grave Testimony.lnk
[2012/10/19 21:28:31 | 000,000,685 | ---- | C] () -- C:\Users\Public\Desktop\Play Keys to Manhattan.lnk
[2012/10/19 20:57:03 | 000,000,670 | ---- | C] () -- C:\Users\Public\Desktop\Play Lost in the City.lnk
[2012/10/19 20:49:35 | 000,000,734 | ---- | C] () -- C:\Users\Public\Desktop\Play Jane`s Hotel - Family Hero.lnk
[2012/10/17 19:54:57 | 000,000,834 | ---- | C] () -- C:\Users\Public\Desktop\Play Natalie Brooks - Secrets of Treasure House.lnk
[2012/10/17 19:31:18 | 000,000,865 | ---- | C] () -- C:\Users\Public\Desktop\Play Three Musketeers Secret - Constance's Mission.lnk
[2012/10/15 18:45:52 | 000,000,916 | ---- | C] () -- C:\Users\Public\Desktop\Play James Patterson Women's Murder Club - Death in Scarlet.lnk
[2012/10/15 18:22:10 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\Play Build-a-lot 2 - Town of the Year.lnk
[2012/10/15 16:26:41 | 000,000,573 | ---- | C] () -- C:\Users\Public\Desktop\Play Azada.lnk
[2012/10/14 16:07:52 | 000,000,683 | ---- | C] () -- C:\Users\Public\Desktop\Play Hodgepodge Hollow.lnk
[2012/10/14 07:50:36 | 000,000,794 | ---- | C] () -- C:\Users\Public\Desktop\Play Awakening - The Goblin Kingdom.lnk
[2012/10/03 18:35:33 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/26 16:02:40 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/06/26 16:02:38 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012/06/26 16:02:38 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012/06/26 16:02:38 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012/06/26 16:02:38 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012/06/24 19:19:19 | 002,337,172 | ---- | C] () -- C:\Users\jnewsome1385\home images.zip
[2011/11/05 15:52:47 | 000,020,843 | ---- | C] () -- C:\Users\jnewsome1385\373873_311249795555806_100000123649283_1469964_803062868_n.jpg
[2011/10/15 16:34:51 | 055,303,820 | ---- | C] () -- C:\Users\jnewsome1385\610_b034_multilanguage (2).exe.sshhc0k.partial
[2011/10/15 16:21:13 | 120,485,720 | ---- | C] () -- C:\Users\jnewsome1385\610_b034_multilanguage.exe
[2011/10/15 15:49:27 | 120,485,720 | ---- | C] () -- C:\Users\jnewsome1385\610_b034_multilanguage (1).exe
[2011/10/13 11:31:48 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/10/13 11:30:24 | 000,000,268 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/05/07 15:23:44 | 000,043,520 | ---- | C] () -- C:\Windows\System32\sutil32.dll
[2011/02/16 17:43:57 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/12/30 16:50:29 | 000,000,503 | ---- | C] () -- C:\Windows\eReg.dat
[2010/08/21 17:32:21 | 000,031,007 | ---- | C] () -- C:\Users\jnewsome1385\AppData\Roaming\UserTile.png
[2009/06/25 06:12:37 | 000,000,116 | ---- | C] () -- C:\Users\jnewsome1385\AppData\Roaming\wklnhst.dat
[2009/06/22 19:37:32 | 000,023,552 | ---- | C] () -- C:\Users\jnewsome1385\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/03/04 20:53:34 | 000,032,940 | ---- | C] () -- C:\Users\jnewsome1385\AppData\Local\slot1.mm1
[2009/02/26 17:11:58 | 000,000,680 | ---- | C] () -- C:\Users\jnewsome1385\AppData\Local\d3d9caps.dat
[2009/01/05 15:34:51 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== ZeroAccess Check ==========

[2006/11/02 07:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2009/07/21 23:13:30 | 000,000,000 | -HSD | M] -- C:\Users\jnewsome1385\AppData\Roaming\.#
[2012/04/29 06:24:09 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Alawar
[2011/10/22 15:00:26 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Alawar Entertainment
[2012/06/05 21:08:57 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Alawar Stargaze
[2012/10/06 18:53:10 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\AlawarEntertainment
[2012/09/01 17:51:18 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Amulet_of_time
[2011/12/30 21:43:48 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Atari
[2012/09/27 06:26:56 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\AVG2013
[2011/10/23 18:25:45 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Awem
[2011/12/26 23:08:23 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Azureus
[2011/11/01 18:59:44 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Big Finish
[2011/03/05 15:45:19 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Big Fish Games
[2012/09/07 19:03:09 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\blg
[2009/04/02 18:50:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Boolat Games
[2012/10/22 19:34:06 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Boomzap
[2012/01/29 16:02:55 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\cerasus.media
[2012/06/02 12:59:15 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\ChaYoWo Games
[2012/01/28 11:23:03 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Deep Shadows
[2011/03/05 22:41:24 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Dekovir
[2012/08/31 20:18:09 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\DragonsEye Studios
[2012/10/20 20:17:07 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\ERS Game Studios
[2011/12/04 20:58:43 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\EscapeTheMuseum2
[2009/07/26 21:08:49 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Fabulous Finds
[2012/08/18 17:18:02 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\FBI
[2012/10/15 18:50:31 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Flood Light Games
[2012/04/20 21:26:41 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Floodlight Games
[2012/08/03 20:55:51 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Freeze Tag
[2012/09/08 20:04:15 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Friday's games
[2011/12/05 10:56:43 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\FrostWire
[2009/10/26 20:51:25 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\funkitron
[2012/10/18 21:22:35 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Funlinker
[2011/11/23 18:53:08 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\GameHouse
[2009/11/12 17:29:04 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Gamelab
[2010/08/07 14:00:15 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\GamersDigital
[2012/08/30 16:25:15 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Games
[2011/04/06 19:01:23 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\GestaltGames
[2011/11/16 18:06:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\GO Games
[2009/08/06 23:25:59 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2011/04/02 23:45:45 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Gogii
[2012/08/18 21:11:55 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Gogii Games
[2009/11/17 13:58:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Gold Casual Games
[2011/04/22 18:59:02 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\GuardiansOfMagic
[2012/10/13 23:12:30 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Hidden Objects Romance
[2011/12/13 17:16:10 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\HitPoint Studios
[2012/10/19 21:31:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Jane s Hotel Family Hero
[2009/03/08 10:37:59 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Jetsetter
[2012/08/22 18:57:59 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Jigsaws Galore
[2011/03/26 14:42:22 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\KingArthur
[2012/09/11 21:51:35 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\kingdom
[2012/09/22 20:12:33 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\LegacyGames
[2012/08/28 22:57:24 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\LegacyInteractive
[2010/12/22 17:19:52 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\LimeWire
[2012/10/22 18:33:14 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Lost in the City
[2010/03/01 02:26:58 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Ludia
[2011/10/19 18:41:33 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\MagicIndie
[2011/03/05 17:30:22 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\margrave3_full
[2011/10/23 11:36:21 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\MumboJumbo
[2010/07/26 17:51:38 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\muvee Technologies
[2009/09/16 23:11:54 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\My Games
[2011/02/05 10:23:21 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Mystery of Mortlake Mansion
[2011/04/18 18:24:38 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\MysteryStudio
[2011/03/05 21:08:34 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Namco
[2011/03/13 19:42:12 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Old Castle
[2012/08/10 19:51:21 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Orneon
[2010/08/21 17:32:21 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\PeerNetworking
[2012/06/07 23:15:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Persha Studia
[2011/03/22 18:17:41 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Phantasmat_wildgames_se
[2012/10/13 13:06:41 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\PlataGames
[2011/04/10 17:11:31 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\PlayFirst
[2009/03/09 18:47:34 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\PoBros
[2009/12/26 02:06:41 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Princess Isabella
[2012/09/15 19:40:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\quickclick
[2011/10/15 16:40:26 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Research In Motion
[2012/07/18 13:00:50 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Samsung
[2011/04/19 17:55:11 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Sanna
[2011/03/30 19:28:21 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\SecretIslandEng
[2009/10/22 22:18:09 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Shape games
[2009/04/15 01:13:59 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\ShinyTales
[2011/12/26 17:12:15 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Skunk Studios
[2011/03/26 20:15:43 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Sleepwalker Games
[2012/07/08 21:01:50 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\SMIGames
[2011/02/16 17:17:43 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Smith Micro
[2012/07/21 21:59:26 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Specialbit
[2009/03/25 17:40:13 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\SpinTop
[2011/11/04 16:47:03 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\SpinTop Games
[2009/02/15 18:53:28 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\SPORE Creature Creator
[2012/07/07 15:52:34 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Systweak
[2009/06/25 06:12:39 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Template
[2012/10/13 19:44:41 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\The Drama Queen Murder
[2011/10/23 18:28:37 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\TOMI3
[2012/07/09 16:20:42 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Top Evidence
[2009/03/22 19:29:15 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Total Eclipse
[2012/09/27 06:26:09 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\TuneUp Software
[2009/11/07 16:03:30 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Utherverse
[2010/03/03 23:09:21 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\ValuSoft
[2012/02/25 16:43:54 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\Vast Studios
[2012/06/30 13:23:22 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\VendelGAMES
[2011/04/13 19:59:09 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\WhiteBirdsProductions
[2009/08/27 22:44:03 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\WildGames 3 Days Zoo Mystery
[2012/07/29 20:26:24 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\WildTangent
[2009/08/30 00:57:31 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\WildTangentv1002
[2012/09/11 17:12:56 | 000,000,000 | ---D | M] -- C:\Users\jnewsome1385\AppData\Roaming\YoudaGames

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 248 bytes -> C:\ProgramData\Temp:D8A1AC56

< End of report >
  • 0

#20
mawmaw

mawmaw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
Results of screen317's Security Check version 0.99.54
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Anti-Virus Free Edition 2013
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java™ 6 Update 33
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.4.402.287
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (for.)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
  • 0

#21
Cruise475

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hi mawmaw,

Congratulations, You now have a clean computer!

The first thing we are going to do is clean up the tools we used, as well as the logs cluttering the desktop

  • Double-click OTL.exe to run
  • Click on the CleanUp! button
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


Any other tools or logs remaining on the desktop can be removed, except for Malwarebytes Anti-Malware. I would recommend keeping this free program and running it regularly! It's free and a great tool!

Your Java is out of date.
Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

Your adobe reader is out of date, you can update it here
Now, we can talk about some things to help keep your computer safe!

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice is avoid these types of software applications.

Your presently installed security application, AVG Anti-Virus Free Edition 2013 automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this at least once per week.

Firewall
Just as important as the Anti-Virus, but again you should only have one active firewall!
I would recommend either of the following.
Online Armor or Zone Alarm
Again, both of these are free options!

Keeping these updated is very important to prevent future infections! I would also recommend that you run MalwareBytes Anti-Malware regularly to make sure your good to go!


Be sure to keep your Java up to date, and remove any old versions! Java is a frequently targeted to deliver malware to your computer. Keeping it up to date will help protect your computer from these security risks!


Browsers: I would recommend using FireFox or Chrome.
If you choose FireFox it has a few add-on's that will assist in keeping your computer safe. These include Web of Trust: which will warn you about potentially harmful websites. Another is Ad-Block plus which will help stop thoes anooying pop-ups!


If you do not already have automatic updates set then it is recommended that you do set Windows to check, download and install your updates automatically.
Click Start > Control Panel > System and Security > Windows Update
Under Windows Update click on Turn automatic updating on or off
Check items shown to ensure you receive updates automatically. Click OK.


And finally,

Click to read about how to prevent infection.

Take Care!
Cruise
  • 0

#22
mawmaw

mawmaw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
When my laptop did the restart after the otl clean it went to a blue screen for several minutes. Then a box popped up with Malwarebytes Anti malware(shell_notifyicon)failed to perform desired action. error 2. I clicked ok stayed on the blue screen for over 5 min. I shut it down for a restart again. The box didn't pop up again but took several min to get to the password page. It never stayed on the blue screen before, always went right to the password screen. Also I noticed this once before but didn't think it would happen again( stupid me) after installing password and loading desk top (icons, programs) when hp total care finishes loading it is usually done but then my arrow starts jumping around with the busy circle jumping with it. Any ideas? I believe these started after the adware removal.
Also I use the firewall that was installed on the computer. I knew you couldn't have 2. Is this not a good firewall? If I put a different one on, it will keep telling me I'm not using it. Thats why I just use this one. If it's not good enough I will get another.
Is that what game sites are? p2p? If I can download to a removable drive and scan before using them will it be safer? I use them for down time after work. I would hate to have to tell myself no. I don't listen to myself very well.
One more thing I have been meaning to say. When you tell me to download to desktop it wouldn't do that. Just had a space at the bottom of the screen to say it downloaded and if I needed it again I had to search for it. I thought vista didn't offer that like xp did. Hope I didnt mess anything up. Now I have to get back to the homework you gave me. Sorry such a long post.
  • 0

#23
Cruise475

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hi mawmaw,

Can you please try another reboot to verify the problems are still present.

Thanks
Cruise
  • 0

#24
mawmaw

mawmaw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
I did a restart and a complete shutdown and it goes to the password screen. after putting in the password it stayed busy on that page for a little over 2 min then went to the blue screen for about 3 min. Didn't get any errors this time just too a little longer to boot up.
  • 0

#25
Cruise475

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hi mawmaw,

Do you happen to have the Windows Vista installation DVD available? If not, don't worry about it - Just let me know!

Thanks
Cruise
  • 0

Advertisements


#26
mawmaw

mawmaw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
No, one didn't come with this laptop.
  • 0

#27
Cruise475

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hi mawmaw,

Thanks for letting me know that you do not have a Windows Vista DVD.

Let's give this a shot!

Vista Startup Repair:

Visit this Microsoft page, then click on How do I use Startup Repair?

Scroll down to:-

If Startup Repair is a preinstalled recovery option on your computer:

And follow the instructions. Once it is complete let me know how the computer is running. If you are unable to complete the instructions please let me know as well!

Thanks
Cruise
  • 0

#28
mawmaw

mawmaw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
After running that it is alot better. Back to normal. Thank you.
  • 0

#29
Cruise475

Cruise475

    Trusted Helper

  • Member
  • PipPipPipPip
  • 1,348 posts
Hi mawmaw,

Great news! Are there anymore outstanding issues?

Thanks
Cruise
  • 0

#30
mawmaw

mawmaw

    Member

  • Topic Starter
  • Member
  • PipPip
  • 85 posts
The only problem I still have is internet explorer wont work. It used to say it encountered a problem and will shut down but I did the window key plus R and it did nothing. the busy circle came up for a few seconds but then nothing.

Since it doesnt seem to be a virus issue, I will go to the microsoft page and fix it there.

I thank you for helping me get rid of the virus and will work diligently to not get infected again.
Thanks again,
Mawmaw

Edited by mawmaw, 12 November 2012 - 06:32 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP