I've used my laptop for over a year without any issues using Microsoft Security Essentials.
Last night I acquired the websearch mocaflix.com virus.
I wanted to read a document online but I had to download a pdf reader. I think it was pdf.complete or something like that.
I stupidly just clicked the next buttons (just like adwcleaner tells you not to do) and zap Google chrome went down and was infected.
It took all my tabs away but kept my bookmarks.
I searched on the web and tried the following:
In safe mode
I ran malware bytes- It found two pdf downloaded files and deleted them.
I then ran spybot- It found 84 items and deleted them. There was some 34 macro flash media?? files I don't remember.
I ran TDSSkiller- It did not find anything
I ran adwcleaner- It did not find anything.
I then tried my laptop as normal but chrome and explorer still had the mocaflix search in it. I've managed to delete them out of chrome and explorer in the settings but Google Chrome is still affected.
I cannot set up a home page or tabs, it keeps going back to the chrome home page, I can't set in "on start up" for it to open a specific set of pages. It has the test site that I've put in recorded but doesn't act on it. In "appearance" I've set the new page tab which is recorded but it still opens with chrome home page. The mocaflix.com was in there and then tagged itself on to the back of the web site I inserted. I deleted it manually, it's gone but nothings changed.
Today I downloaded AVG free download and ran a scan it found one item but I wasn't able to see what it was in it's report.
Internet explorer doesn't seem to be so badly affected if at all. I can set it up to open a specific set of pages and seems to work.
I much prefer chrome. I therefore uninstalled it (losing all my bookmarks!) and reinstalled but it's the same.
I want everything back to normal. I was thinking of transferring to a back up drive and restoring to factory settings but this might not even work. I would rather avoid this.
Have I removed the bulk of it? with traces left? It doesn't seem to be affecting the computer much but I don't want what's left there.
Please can somebody help.
I'm not the most computer savvy person so I'll try my best with any instructions.
I've run an OTL report with minimal output, attached below. Thanks in advance for your fantastic help.
OTL logfile created on: 12/10/2012 9:57:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gary\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.92 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 55.33% Memory free
5.84 Gb Paging File | 3.29 Gb Available in Paging File | 56.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 280.80 Gb Total Space | 133.44 Gb Free Space | 47.52% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.39 Gb Free Space | 70.03% Space Free | Partition Type: FAT32
Computer Name: GARY-HP | User Name: Gary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\Gary\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe (Portrait Displays, Inc)
PRC - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
PRC - c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
PRC - C:\Windows\system\uArcCapture.exe (ArcSoft, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
========== Modules (No Company Name) ==========
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.3.2\SiteSafety.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.3.2\avgdttbx.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avcodec-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.95\avformat-54.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3a7eb7595728baf4078ec5f97b44180c\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - c:\Program Files (x86)\MocaFlix\sprotector.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Windows\SysWOW64\SUPSDK.dll ()
MOD - C:\Windows\SysWOW64\flcdlmsg.dll ()
========== Services (SafeList) ==========
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (HP Power Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Macrovision Europe Ltd.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV:64bit: - (DpHost) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV:64bit: - (Bluetooth Device Manager) -- C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe (Motorola, Inc.)
SRV:64bit: - (Bluetooth OBEX Service) -- C:\Program Files\Motorola\Bluetooth\obexsrv.exe (Motorola, Inc.)
SRV:64bit: - (Bluetooth Media Service) -- C:\Program Files\Motorola\Bluetooth\audiosrv.exe (Motorola, Inc.)
SRV:64bit: - (HPDayStarterService) -- c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe (Hewlett-Packard Company)
SRV:64bit: - (HpFkCryptService) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
SRV:64bit: - (DEBridge) -- C:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe (McAfee, Inc.)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)
SRV - (vToolbarUpdater13.3.2) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (AdobeActiveFileMonitor11.0) -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (PdiService) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (HP ProtectTools Service) -- C:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (hpHotkeyMonitor) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (HPFSService) -- C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
SRV - (uArcCapture) -- C:\Windows\system\uArcCapture.exe (ArcSoft, Inc.)
SRV - (FLCDLOCK) -- c:\Windows\SysWOW64\flcdlock.exe (Hewlett-Packard Ltd)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Corel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (ewusbmbb) -- C:\Windows\SysNative\drivers\ewusbwwan.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_usbenumfilter) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (BTMUSB) -- C:\Windows\SysNative\drivers\btmusb.sys (Motorola, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (rtsuvc) -- C:\Windows\SysNative\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (BTMCOM) -- C:\Windows\SysNative\drivers\btmcom.sys (Motorola, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV:64bit: - (SbFsLock) -- C:\windows\SysNative\drivers\SbFsLock.sys (McAfee, Inc.)
DRV:64bit: - (RsvLock) -- C:\windows\SysNative\drivers\RsvLock.sys (McAfee, Inc.)
DRV:64bit: - (SafeBoot) -- C:\windows\SysNative\drivers\SafeBoot.sys ()
DRV:64bit: - (ARCVCAM) -- C:\Windows\SysNative\drivers\ArcSoftVCapture.sys (ArcSoft, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (DAMDrv) -- C:\Windows\SysNative\drivers\DAMDrv64.sys (Hewlett-Packard Development Company L.P.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SbAlg) -- C:\windows\SysNative\drivers\SbAlg.sys (McAfee, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (mdvrmng) -- C:\Windows\SysWOW64\drivers\mdvrmng.sys ()
DRV - (SbAlg) -- C:\windows\SysWow64\drivers\SbAlg.sys (McAfee, Inc.)
DRV - (SbFsLock) -- C:\windows\SysWow64\drivers\SbFsLock.sys (McAfee, Inc.)
DRV - (RsvLock) -- C:\windows\SysWow64\drivers\rsvlock.sys (McAfee, Inc.)
DRV - (SafeBoot) -- C:\windows\SysWow64\drivers\SafeBoot.sys (McAfee, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/2
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPCOM/2
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{DF5247E6-47D0-4F54-ACE2-C49B58501087}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/2
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://websearch.mocaflix.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{DF5247E6-47D0-4F54-ACE2-C49B58501087}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPCOM/2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\SearchScopes,DefaultScope = {92626D26-4700-44DB-B416-AB6EF962019F}
IE - HKCU\..\SearchScopes\{92626D26-4700-44DB-B416-AB6EF962019F}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.3.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012/03/16 15:50:10 | 000,000,000 | ---D | M]
========== Chrome ==========
CHR - homepage: http://http//forum.mflenses.com
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\13.3.0.17_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooomdpbaoicbfpjcnjalcdfamdfmjbhl\2_0\
CHR - Extension: No name found = C:\Users\Gary\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files\Motorola\Bluetooth\btmshell.dll (Motorola, Inc.)
O4:64bit: - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DTRun] c:\Program Files (x86)\Arcsoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [History Killer Pro] C:\Users\Gary\AppData\Roaming\Emergency Soft\History Killer Pro\HistoryKillerPro.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.)
O9:64bit: - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Motorola\Bluetooth\btmshell.dll,-137 - {bd707fe6-39f6-4bda-9265-86a76719bdc5} - C:\Program Files\Motorola\Bluetooth\btmiesend.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08D5220E-2AAC-4722-A4D0-2A2F00E89750}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{98299122-F33E-4982-9933-13C7AC928161}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll ()
O20 - AppInit_DLLs: (c:\progra~2\mocaflix\sprote~1.dll) - c:\Program Files (x86)\MocaFlix\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe) - C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe (DigitalPersona, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\SysWow64\DeviceNP.dll (Hewlett-Packard Limited)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{61e662e4-9689-11e1-9aeb-8ed5a4000177}\Shell - "" = AutoRun
O33 - MountPoints2\{61e662e4-9689-11e1-9aeb-8ed5a4000177}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{61e662fa-9689-11e1-9aeb-8ed5a4000177}\Shell - "" = AutoRun
O33 - MountPoints2\{61e662fa-9689-11e1-9aeb-8ed5a4000177}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{6fc2e366-9770-11e1-b075-f53be4f83a78}\Shell - "" = AutoRun
O33 - MountPoints2\{6fc2e366-9770-11e1-b075-f53be4f83a78}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{daf7ebb0-9911-11e1-b5ae-001e101f2c0e}\Shell - "" = AutoRun
O33 - MountPoints2\{daf7ebb0-9911-11e1-b5ae-001e101f2c0e}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{f1b6fbe6-96df-11e1-b43c-ec331bd97575}\Shell - "" = AutoRun
O33 - MountPoints2\{f1b6fbe6-96df-11e1-b43c-ec331bd97575}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/12/10 19:21:31 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\AVG2013
[2012/12/10 19:21:01 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\AVG Secure Search
[2012/12/10 19:20:59 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\TuneUp Software
[2012/12/10 19:20:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/12/10 19:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/12/10 19:20:56 | 000,030,568 | ---- | C] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2012/12/10 19:20:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/12/10 19:20:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/12/10 19:20:31 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/12/10 19:20:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/12/10 19:20:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/12/10 19:17:32 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/12/10 19:17:32 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\MFAData
[2012/12/10 19:17:32 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/12/10 19:17:32 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\Avg2013
[2012/12/09 21:22:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/12/09 20:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/12/09 20:17:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012/12/09 20:17:33 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\windows\SysNative\sdnclean64.exe
[2012/12/09 20:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012/12/09 17:22:22 | 000,000,000 | ---D | C] -- C:\ProgramData\PDFC
[2012/12/09 17:20:55 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/12/09 17:19:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MocaFlix
[2012/12/09 17:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SaveAs
[2012/12/09 17:19:44 | 000,000,000 | ---D | C] -- C:\ProgramData\SaveAs
[2012/12/07 14:40:51 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\pt
[2012/12/07 14:40:51 | 000,000,000 | ---D | C] -- C:\windows\SysNative\pt
[2012/12/07 14:33:43 | 000,515,584 | ---- | C] (IDT, Inc.) -- C:\windows\SysNative\drivers\stwrt64.sys
[2012/12/07 14:33:42 | 001,484,288 | ---- | C] (IDT, Inc.) -- C:\windows\SysNative\stapo64.dll
[2012/12/07 14:33:42 | 000,651,264 | ---- | C] (IDT, Inc.) -- C:\windows\SysNative\stapi64.dll
[2012/12/07 14:33:42 | 000,431,616 | ---- | C] (IDT, Inc.) -- C:\windows\SysNative\stcplx64.dll
[2012/12/07 14:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\IDT
[2012/12/07 14:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis
[2012/12/07 14:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2012/12/07 14:27:46 | 003,839,376 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\windows\SysWow64\cdintf300.dll
[2012/12/07 14:27:40 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Home Office
[2012/12/01 18:45:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
[2012/12/01 18:43:52 | 000,000,000 | ---D | C] -- C:\ProgramData\{9BF4D58B-C6D6-467B-BC5A-FD0C1278F4AF}
[2012/11/26 12:44:23 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft ICE
[2012/11/26 12:44:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Research
[2012/11/26 09:47:32 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\{00134F60-4B1A-4F20-B971-9750C6B2C9B1}
[2012/11/25 20:14:30 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\{88A8E1DE-B1D5-4DC3-867C-534721E90AD5}
[2012/11/25 20:14:17 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\{401CDA9E-92D2-4591-BCDB-BC6489BB6CA1}
[2012/11/24 18:08:11 | 000,056,336 | ---- | C] (Corel Corporation) -- C:\windows\SysNative\drivers\PxHlpa64.sys
[2012/11/24 18:08:11 | 000,011,376 | ---- | C] (Corel Corporation) -- C:\windows\SysNative\drivers\cdralw2k.sys
[2012/11/24 18:08:11 | 000,010,864 | ---- | C] (Corel Corporation) -- C:\windows\SysNative\drivers\cdr4_xp.sys
[2012/11/24 13:55:17 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\{8E4442AC-9EEE-4EE7-9A95-1D4D5369281A}
[2012/11/24 13:24:53 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Local\{89BEC739-D6B0-4A16-8023-11AE79478562}
[2012/11/24 07:04:28 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012/11/24 06:56:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2012/11/24 06:56:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012/11/24 06:55:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012/11/23 23:12:32 | 000,000,000 | ---D | C] -- C:\Users\Gary\Adobe Premiere Elements 11
[2012/11/23 23:11:04 | 000,000,000 | ---D | C] -- C:\Users\Gary\Adobe Photoshop Elements 11
[2012/11/23 23:05:50 | 000,000,000 | ---D | C] -- C:\Users\Gary\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/11/23 23:05:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2012/11/23 07:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/23 07:36:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/12/10 21:00:03 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/10 21:00:03 | 000,019,760 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/10 20:57:45 | 000,727,310 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/12/10 20:57:45 | 000,629,318 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/12/10 20:57:45 | 000,111,212 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/12/10 20:51:37 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/12/10 20:51:32 | 3136,741,376 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/10 19:20:59 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/12/10 19:20:52 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\windows\SysNative\drivers\avgtpx64.sys
[2012/12/09 21:22:38 | 000,002,293 | ---- | M] () -- C:\Users\Gary\Desktop\Google Chrome.lnk
[2012/12/09 21:21:53 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/09 20:17:37 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/12/09 20:17:37 | 000,000,632 | ---- | M] () -- C:\windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/12/09 20:17:37 | 000,000,628 | ---- | M] () -- C:\windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/12/09 20:17:37 | 000,000,458 | ---- | M] () -- C:\windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/12/09 17:20:55 | 000,001,268 | ---- | M] () -- C:\Users\Gary\Desktop\Revo Uninstaller.lnk
[2012/12/07 14:40:53 | 000,000,473 | ---- | M] () -- C:\windows\SysNative\MAPISVC.INF
[2012/12/07 14:40:52 | 000,000,976 | ---- | M] () -- C:\windows\SysWow64\mapisvc.inf
[2012/12/07 14:37:08 | 000,000,000 | RHS- | M] () -- C:\windows\SysWow64\drivers\103C_HP_bNB_ProBook 4320s_Y5336AN_0U_QCNF11712J8_EPO647283-B2A_4A_I1421_SHP_V53.36_B68AHH F.21_T120613_W73-1_L409_M2992_J320_7Intel_8655_92.53_#101212_N10EC8168;18143090_(XX826EA#ABU)_XMOBILE_CN10_Z_2_G100268E0.MRK
[2012/12/07 14:37:08 | 000,000,000 | RHS- | M] () -- C:\windows\SysNative\drivers\103C_HP_bNB_ProBook 4320s_Y5336AN_0U_QCNF11712J8_EPO647283-B2A_4A_I1421_SHP_V53.36_B68AHH F.21_T120613_W73-1_L409_M2992_J320_7Intel_8655_92.53_#101212_N10EC8168;18143090_(XX826EA#ABU)_XMOBILE_CN10_Z_2_G100268E0.MRK
[2012/12/07 14:33:07 | 000,515,584 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\drivers\stwrt64.sys
[2012/12/07 14:33:07 | 000,489,472 | ---- | M] (IDT, Inc.) -- C:\windows\sttray64.exe
[2012/12/07 14:33:06 | 001,952,256 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\stlang64.dll
[2012/12/07 14:33:06 | 001,484,288 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\stapo64.dll
[2012/12/07 14:33:06 | 000,651,264 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\stapi64.dll
[2012/12/07 14:33:06 | 000,431,616 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\stcplx64.dll
[2012/12/07 14:33:05 | 012,861,952 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\idtcpl64.cpl
[2012/12/07 14:33:05 | 000,219,648 | ---- | M] (IDT, Inc.) -- C:\windows\SysNative\staco64.dll
[2012/12/07 14:27:57 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Corel Home Office.lnk
[2012/12/01 19:14:08 | 000,000,328 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForGary.job
[2012/12/01 18:45:42 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/11/24 18:09:37 | 001,913,672 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[1 C:\windows\SysWow64\*.tmp files -> C:\windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/12/10 19:20:59 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/12/09 21:22:38 | 000,002,293 | ---- | C] () -- C:\Users\Gary\Desktop\Google Chrome.lnk
[2012/12/09 21:21:53 | 000,000,890 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/09 20:17:37 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012/12/09 20:17:37 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012/12/09 20:17:37 | 000,000,632 | ---- | C] () -- C:\windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012/12/09 20:17:37 | 000,000,628 | ---- | C] () -- C:\windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012/12/09 20:17:37 | 000,000,458 | ---- | C] () -- C:\windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2012/12/09 17:20:55 | 000,001,268 | ---- | C] () -- C:\Users\Gary\Desktop\Revo Uninstaller.lnk
[2012/12/07 14:40:53 | 000,000,473 | ---- | C] () -- C:\windows\SysNative\MAPISVC.INF
[2012/12/07 14:37:08 | 000,000,000 | RHS- | C] () -- C:\windows\SysWow64\drivers\103C_HP_bNB_ProBook 4320s_Y5336AN_0U_QCNF11712J8_EPO647283-B2A_4A_I1421_SHP_V53.36_B68AHH F.21_T120613_W73-1_L409_M2992_J320_7Intel_8655_92.53_#101212_N10EC8168;18143090_(XX826EA#ABU)_XMOBILE_CN10_Z_2_G100268E0.MRK
[2012/12/07 14:37:08 | 000,000,000 | RHS- | C] () -- C:\windows\SysNative\drivers\103C_HP_bNB_ProBook 4320s_Y5336AN_0U_QCNF11712J8_EPO647283-B2A_4A_I1421_SHP_V53.36_B68AHH F.21_T120613_W73-1_L409_M2992_J320_7Intel_8655_92.53_#101212_N10EC8168;18143090_(XX826EA#ABU)_XMOBILE_CN10_Z_2_G100268E0.MRK
[2012/12/07 14:34:17 | 000,001,653 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDT HD Audio.lnk
[2012/12/07 14:27:57 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Corel Home Office.lnk
[2012/12/01 18:45:42 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk
[2012/11/24 06:56:55 | 000,001,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 11.lnk
[2012/11/23 23:05:47 | 000,001,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012/11/14 03:06:19 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/14 03:00:16 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/10/28 10:40:31 | 000,000,017 | ---- | C] () -- C:\Users\Gary\AppData\Local\resmon.resmoncfg
[2012/05/05 08:11:42 | 000,067,156 | ---- | C] () -- C:\windows\Huawei ModemsUninstall.exe
[2012/05/05 08:11:36 | 000,010,240 | ---- | C] () -- C:\windows\SysWow64\drivers\mdvrmng.sys
[2012/02/24 18:15:46 | 000,014,051 | ---- | C] () -- C:\windows\SysWow64\RaCoInst.dat
[2011/09/15 19:06:04 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/09/15 11:21:18 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat
[2011/09/14 19:06:33 | 000,736,592 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPPassFilter.dll.hpsign
[2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\DPCrProv.dll.hpsign
[2011/02/24 10:47:23 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/12/12 13:07:33 | 000,003,120 | ---- | C] () -- C:\windows\SysWow64\drivers\wdgeec.sys
[2010/12/12 12:45:07 | 000,000,188 | ---- | C] () -- C:\windows\SysWow64\HPWA.ini
========== ZeroAccess Check ==========
[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 05:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/12/10 19:21:31 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\AVG2013
[2011/10/15 15:47:38 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2012/05/05 08:12:30 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Birdstep Technology
[2012/11/23 23:05:50 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/09/14 16:57:38 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\DigitalPersona
[2012/01/04 23:24:28 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\Emergency Soft
[2011/12/28 23:15:57 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\HandBrake
[2012/12/09 18:25:35 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\SoftGrid Client
[2011/09/15 10:40:27 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\TP
[2012/12/10 19:20:59 | 000,000,000 | ---D | M] -- C:\Users\Gary\AppData\Roaming\TuneUp Software
========== Purity Check ==========
< End of report >