Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Suspected Trojan Infection Causes SpamBot on Windows Live

Started by Amako , Feb 27 2013 07:30 PM

  • Please log in to reply

#1
Amako
Posted 27 February 2013 - 07:30 PM

Amako

    New Member

  • Member
  • Pip
  • 1 posts
Good evening.

I have developed a recent problem. Somewhere that I have been on the net apparently gave me a trojan (or multiples). I was first alerted to the problem when my Windows Live/MSN started receiving messages from a spambot ([email protected]) immediately after I logged in and periodically throughout the day.

I once encountered this exact same spambot quite a few years ago (2004-2005, I think), and back then, it existed because of a trojan infection, which I got rid of as soon as possible.

The first time (recently), I found and healed the trojan (actually 2 of them) with MalwareBytes Anti-Malware. This was around a week ago. And at first, the spambot ceased---I thought I was done with it and that was that.

Unfortunately, some 3-4 days later, it mysteriously returned out of the blue. I ran Malwarebytes immediately and this time came up with nothing. So I proceeded into Safe Mode and tried to run scans there, also receiving no results.

I have tried the following tools/services: Avast, AVG, Ad-Aware, Comodo, MalwareBytes (also their Chameleon tool and Rootkit tool), Spybot: Search and Destroy, and Emsisoft Anti-Malware.

AVG did manage to find another trojan that the others could not, early this morning, when I ran it in Safe Mode. However, after rebooting after that, the spambot was there to greet me once more.

I'm worried that the virus is hiding and multiplying or something. I have been fretting about this for days now, and I'm really not sure what to do at this point. I've tried so many things, but whatever this is, it's hiding really well. And I would appreciate some professional help, if I may ask for it.

Thank you very much for your time.

Here's the Log from the OTL:

OTL logfile created on: 2/27/2013 8:15:02 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Amako\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.75 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 53.60% Memory free
9.50 Gb Paging File | 6.67 Gb Available in Paging File | 70.21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.34 Gb Total Space | 388.80 Gb Free Space | 56.73% Space Free | Partition Type: NTFS
Drive D: | 13.20 Gb Total Space | 1.62 Gb Free Space | 12.30% Space Free | Partition Type: NTFS

Computer Name: CIELO | User Name: Amako | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2013/02/27 20:13:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Amako\Downloads\OTL.exe
PRC - [2013/02/27 12:37:10 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
PRC - [2013/02/26 21:11:22 | 001,820,016 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_171.exe
PRC - [2013/02/19 13:28:33 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/01/30 18:01:56 | 003,089,320 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2013/01/30 18:01:52 | 003,365,288 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
PRC - [2013/01/14 22:20:53 | 004,239,872 | ---- | M] () -- C:\Users\Amako\Desktop\DreamerRO\exe.exe
PRC - [2012/12/25 00:23:55 | 000,038,808 | ---- | M] (Tablet Driver) -- C:\Windows\SysWOW64\WTClient.exe
PRC - [2012/12/11 18:20:50 | 000,542,104 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/20 07:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/09/28 10:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/02/27 12:37:10 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
MOD - [2013/02/27 10:42:22 | 000,156,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2013/02/26 21:11:22 | 014,718,320 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
MOD - [2013/02/19 13:28:33 | 003,067,288 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2013/01/14 22:20:53 | 004,239,872 | ---- | M] () -- C:\Users\Amako\Desktop\DreamerRO\exe.exe
MOD - [2010/02/17 22:09:26 | 000,010,784 | ---- | M] () -- C:\Users\Amako\Desktop\DreamerRO\dinput.dll
MOD - [2002/10/01 21:11:48 | 000,358,963 | ---- | M] () -- C:\Users\Amako\Desktop\DreamerRO\binkw32.dll
MOD - [2002/07/06 12:16:02 | 000,125,952 | ---- | M] () -- C:\Users\Amako\Desktop\DreamerRO\Mp3dec.asi
MOD - [2002/07/06 12:16:02 | 000,062,976 | ---- | M] () -- C:\Users\Amako\Desktop\DreamerRO\Mssfast.m3d
MOD - [2001/03/31 09:41:26 | 000,346,624 | ---- | M] () -- C:\Users\Amako\Desktop\DreamerRO\Mss32.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/25 00:23:55 | 000,081,200 | ---- | M] (UC-Logic Technology Corp.) [Auto | Running] -- C:\Windows\SysNative\drivers\WTSrv.exe -- (WinTabService)
SRV:64bit: - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/05 21:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/05/11 10:16:12 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/27 10:42:22 | 000,968,880 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2013/02/26 21:11:23 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/19 13:28:33 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/30 18:01:56 | 003,089,320 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/02/28 17:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/09/28 10:09:28 | 001,119,768 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/09/11 03:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/18 20:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/27 10:42:22 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/01/27 10:40:48 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)
DRV:64bit: - [2012/12/25 00:23:55 | 000,031,536 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\TClass2k.sys -- (TClass2k)
DRV:64bit: - [2012/12/25 00:23:55 | 000,031,536 | ---- | M] (PenTablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PTSimBus.sys -- (PTSimBus)
DRV:64bit: - [2012/12/25 00:23:55 | 000,026,928 | ---- | M] (Tablet Driver) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UCTblHid.sys -- (UCTblHid)
DRV:64bit: - [2012/12/25 00:23:55 | 000,022,320 | ---- | M] (UC-Logic Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PTSimHid.sys -- (PTSimHid)
DRV:64bit: - [2012/10/30 18:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 18:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 18:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 18:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 18:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/15 11:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/03/08 17:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/06 02:11:16 | 000,066,728 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/18 15:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/03 01:59:26 | 000,349,800 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/08/13 08:35:36 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/08/13 08:35:36 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/05/11 10:46:18 | 006,790,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/05/11 09:24:20 | 000,221,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 10:33:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2009/12/22 04:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/04/30 17:45:28 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2012/04/30 17:45:00 | 000,044,688 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys -- (a2injectiondriver)
DRV - [2011/05/19 13:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2010/05/05 08:40:54 | 000,014,720 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys -- (a2util)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKCU\..\URLSearchHook: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2013-01-23 18:57:37&v=13.2.0.4&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{d944bb61-2e34-4dbf-a683-47e505c587dc}: "URL" = http://rover.ebay.co...s}&mfe=Desktops
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "http://mysearch.avg....fr&d=2013-02-27 12:37:19&v=14.2.0.1&pid=safeguard&sg=1&sap=hp"
FF - prefs.js..extensions.enabledAddons: sam%40samfind.com:2.2.6
FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.2.6
FF - prefs.js..extensions.enabledAddons: %7B4a313247-8330-4a81-948e-b79936516f78%7D:2.0.2
FF - prefs.js..extensions.enabledAddons: %7B59c81df5-4b7a-477b-912d-4e0fdf64e5f2%7D:0.9.88.2
FF - prefs.js..extensions.enabledAddons: %7Bad4ee9e5-49c7-4589-acf3-db9fa76a95c9%7D:2.2.1
FF - prefs.js..extensions.enabledAddons: %7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:2.2
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.7.1
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.7
FF - prefs.js..extensions.enabledAddons: avg%40toolbar:14.2.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {ad4ee9e5-49c7-4589-acf3-db9fa76a95c9}:2.1.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}:6.0.27
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8442
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
FF - prefs.js..extensions.enabledItems: avg@toolbar:9.0.0.18.1
FF - prefs.js..extensions.enabledItems: {4a313247-8330-4a81-948e-b79936516f78}:2.0.2
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.88.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/02/21 14:50:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG SafeGuard toolbar\FireFoxExt\14.2.0.1 [2013/02/27 10:42:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/21 13:29:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/21 13:29:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/21 13:29:10 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/21 13:29:10 | 000,000,000 | ---D | M]

[2011/01/27 22:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amako\AppData\Roaming\Mozilla\Extensions
[2013/02/25 09:46:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Amako\AppData\Roaming\Mozilla\Firefox\Profiles\hbo9bvou.default\extensions
[2012/01/14 13:36:43 | 000,000,000 | ---D | M] (Image Search Options) -- C:\Users\Amako\AppData\Roaming\Mozilla\Firefox\Profiles\hbo9bvou.default\extensions\{4a313247-8330-4a81-948e-b79936516f78}
[2012/05/30 09:19:09 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Amako\AppData\Roaming\Mozilla\Firefox\Profiles\hbo9bvou.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2013/01/27 10:39:42 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\Amako\AppData\Roaming\Mozilla\Firefox\Profiles\hbo9bvou.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c}
[2013/01/27 10:35:28 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\Amako\AppData\Roaming\Mozilla\Firefox\Profiles\hbo9bvou.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack
[2012/07/11 23:17:43 | 000,000,000 | ---D | M] (samfind Bookmarks Bar) -- C:\Users\Amako\AppData\Roaming\Mozilla\Firefox\Profiles\hbo9bvou.default\extensions\[email protected]
[2012/09/28 18:07:33 | 000,664,301 | ---- | M] () (No name found) -- C:\Users\Amako\AppData\Roaming\Mozilla\Firefox\Profiles\hbo9bvou.default\extensions\[email protected]
[2012/06/11 14:02:35 | 000,258,567 | ---- | M] () (No name found) -- C:\Users\Amako\AppData\Roaming\Mozilla\Firefox\Profiles\hbo9bvou.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi
[2013/02/25 09:46:47 | 000,530,982 | ---- | M] () (No name found) -- C:\Users\Amako\AppData\Roaming\Mozilla\Firefox\Profiles\hbo9bvou.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/06/08 12:52:20 | 000,025,991 | ---- | M] () (No name found) -- C:\Users\Amako\AppData\Roaming\Mozilla\Firefox\Profiles\hbo9bvou.default\extensions\{ad4ee9e5-49c7-4589-acf3-db9fa76a95c9}.xpi
[2012/08/30 15:54:02 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Amako\AppData\Roaming\Mozilla\Firefox\Profiles\hbo9bvou.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/02/13 18:19:01 | 000,242,136 | ---- | M] () (No name found) -- C:\Users\Amako\AppData\Roaming\Mozilla\Firefox\Profiles\hbo9bvou.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/02/21 13:27:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/21 13:29:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/02/21 14:50:50 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/02/27 10:42:57 | 000,000,000 | ---D | M] (AVG SafeGuard toolbar) -- C:\PROGRAMDATA\AVG SAFEGUARD TOOLBAR\FIREFOXEXT\14.2.0.1
[2013/02/19 13:28:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/26 19:51:34 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/11/13 10:05:24 | 000,003,572 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/29 20:50:00 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/27 12:37:28 | 000,003,723 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\safeguard-secure-search.xml
[2013/02/19 13:28:33 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Amako\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Amako\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Hulu Desktop (Enabled) = C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: avast! WebRep = C:\Users\Amako\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Skype Click to Call = C:\Users\Amako\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files (x86)\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKLM..\Run: [WTClient] C:\Windows\SysWow64\WTClient.exe (Tablet Driver)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [1] C:\Users\Amako\Desktop\GuchiGoo\mbam-chameleon.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DF7E675-FD1C-49FE-9436-CE56B161DB7D}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/27 16:47:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2013/02/27 16:47:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2013/02/27 16:47:13 | 000,000,000 | ---D | C] -- C:\Users\Amako\Documents\Anti-Malware
[2013/02/27 14:14:23 | 000,000,000 | ---D | C] -- C:\Users\Amako\Desktop\GuchiGoo
[2013/02/27 12:37:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/02/27 11:40:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Sidebar
[2013/02/27 11:39:54 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Roaming\AVG
[2013/02/27 11:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2013/02/27 11:38:56 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013/02/27 11:27:27 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{24E68CA7-A7C8-4C2E-805E-51769548D772}
[2013/02/27 10:44:04 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Roaming\AVG2013
[2013/02/27 10:43:19 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\AVG SafeGuard toolbar
[2013/02/27 10:43:02 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Roaming\TuneUp Software
[2013/02/27 10:42:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG SafeGuard toolbar
[2013/02/27 10:42:46 | 000,039,768 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/02/27 10:42:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/02/27 10:40:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/02/27 02:40:58 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\MFAData
[2013/02/27 02:40:58 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\Avg2013
[2013/02/26 20:27:15 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{25558D70-08A9-4C19-A53F-8013A0ACA324}
[2013/02/26 08:27:03 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{5A578E7D-744D-4CBE-9B0F-BF430F595610}
[2013/02/25 20:26:50 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{1093178C-F0BB-4790-B226-82CB3F3C013D}
[2013/02/25 08:26:17 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{EF4DAF4F-417A-4350-9837-10CCA637E279}
[2013/02/24 22:32:25 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Roaming\Roxio Log Files
[2013/02/24 20:24:07 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{210F3589-5AB3-40B9-ABA7-10F18FDD87B1}
[2013/02/24 08:23:54 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{CAF30902-B5BA-451F-9BB8-CBD9815596EC}
[2013/02/23 20:23:42 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{9D6B4A71-799B-4441-AB67-A8D294F24734}
[2013/02/23 08:23:30 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{83E176B5-3489-4B47-9373-B8C828FA2D10}
[2013/02/22 20:23:18 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{1565DC2A-49D1-495F-BECA-5F031B518991}
[2013/02/22 08:23:06 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{FC7E8616-A66E-4FA0-ADB4-7053FA5BDB36}
[2013/02/21 20:22:54 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{9CBEC4D5-944A-4F1C-AB19-049AA0361E7C}
[2013/02/21 14:51:20 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/02/21 14:51:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/02/21 14:51:18 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/02/21 14:51:13 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/02/21 14:51:10 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/02/21 14:51:07 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/02/21 14:51:01 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/02/21 14:51:01 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/02/21 14:50:39 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/02/21 14:50:38 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2013/02/21 14:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/02/21 14:50:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/02/21 13:22:05 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{725B5160-3AEF-4260-9ADB-03089E61BAE3}
[2013/02/21 08:22:28 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{35FEAC2A-5778-42CC-805E-8640CB9D6478}
[2013/02/20 20:22:16 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{40F77D67-D50C-45FF-83AF-CE149A014FD1}
[2013/02/20 08:22:04 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{F67A1038-41F2-41DE-B0E7-FEA6E92F53AF}
[2013/02/19 20:21:39 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{12B11811-5714-41E4-8142-7936F2DC4D65}
[2013/02/19 13:28:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/02/19 08:21:24 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{6BDDD3DE-A93F-4DF7-A4AE-0B7B508B877C}
[2013/02/18 20:20:59 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{31EABB1E-D74C-43E9-9A01-EF73BCFF08DE}
[2013/02/18 08:20:47 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{9AB0E6B3-5A7E-433B-9E33-3E54CE06A673}
[2013/02/17 20:20:35 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{EFA465B4-529C-4740-B782-22001DBA022A}
[2013/02/17 08:20:23 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{AFF12874-537C-462E-9491-D623E86EF7A2}
[2013/02/16 20:19:57 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{E830C83D-F733-4FC4-BEAA-8C8A5C836EBD}
[2013/02/16 08:19:32 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{9CB50B3E-EE56-49B7-B998-F9695B76CD68}
[2013/02/15 20:19:20 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{A9E26C91-0139-4E47-8126-12C03CCC5F8E}
[2013/02/15 08:19:08 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{D1F1523E-B9E9-49CE-8032-2198FEA89CB0}
[2013/02/14 20:18:56 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{97EB3C5E-28C0-4FAB-8F07-EF36A34133C0}
[2013/02/14 08:18:45 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{6F21CD99-E82F-4E31-A345-C7E589D86743}
[2013/02/13 20:18:20 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{28BB76BF-6FBC-47B1-9E48-1571BCDFF058}
[2013/02/13 08:18:08 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{6B9EB2F3-4339-4EF4-98B3-1A1B4E14F878}
[2013/02/12 20:17:42 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{E7DA096D-4861-4D99-8DF2-7633998E475F}
[2013/02/12 08:17:30 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{7C518099-073F-4912-BF2F-363B023608EB}
[2013/02/11 20:17:18 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{DC8FA08E-5E2A-43A0-A411-F55297A44D52}
[2013/02/11 08:17:06 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{7C64DF8F-FFF0-4B04-BEF4-ECE1AB16F3B1}
[2013/02/10 20:16:55 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{29FE0560-38A9-4F35-9352-17F64D21D02F}
[2013/02/10 08:16:43 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{F2A33EA0-44EB-4C84-B9DB-6A125F829148}
[2013/02/09 20:16:30 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{A5F72206-3F1C-47A1-808F-4DE16062500C}
[2013/02/09 08:16:18 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{2B4EB1B9-4144-4C5A-99DF-48C2DB03D14F}
[2013/02/08 20:16:06 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{F1EBC182-FC0E-43BA-B34C-FCD4AE371881}
[2013/02/08 08:15:54 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{1A64EEA4-643A-43A5-9952-C13D4B58B8A1}
[2013/02/07 20:15:42 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{7D6C5FE3-6C6E-4257-8222-4F258BC06C2D}
[2013/02/07 08:15:30 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{3573672A-2E08-476C-A356-A3485A117BC5}
[2013/02/06 20:15:18 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{9888F454-02E2-497E-92FC-960841924482}
[2013/02/06 08:15:06 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{D2098078-ECC9-447E-8086-C698BEF93DAF}
[2013/02/06 02:45:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak
[2013/02/05 20:14:54 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{3FA91C91-6320-49A2-9301-95FDD59D878A}
[2013/02/05 08:14:42 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{4079EE00-8E57-4C44-9F52-9652C5AE2A7C}
[2013/02/04 20:14:31 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{7115A1A9-54B4-44F1-908A-C7AF3590D996}
[2013/02/04 08:14:19 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{FFEA8AC3-DE3F-4FF5-908E-DE9747CEB205}
[2013/02/03 20:14:07 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{C7C430DA-5B11-4580-9890-5B937980EB78}
[2013/02/03 08:13:55 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{6A1EC988-1D37-486E-BC7C-734311ABEEF9}
[2013/02/02 20:13:43 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{143128D3-26B3-4369-8E3D-FD494CCF2222}
[2013/02/02 08:13:31 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{4FC655CA-ACF8-41AF-9710-8083EDB0F53F}
[2013/02/01 20:13:19 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{5996111A-EC7E-4DA2-829D-055BC5C53BA3}
[2013/02/01 08:13:07 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{ACBDCAE9-F779-493E-8A2D-02BDE9E2FC03}
[2013/01/31 20:12:54 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{2FB8C313-AFED-4204-947D-466BFEA7A103}
[2013/01/31 08:12:29 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{A1A83554-9D6C-41FD-B990-1AAB1282A591}
[2013/01/30 20:12:17 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{03A569D5-0E71-4153-8AA2-F88AA384E9C6}
[2013/01/30 18:57:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/01/30 18:57:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/01/30 08:12:05 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{1D10D7B3-4F4F-48CD-AA4A-65B4A041A808}
[2013/01/29 20:11:53 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{8F0AECC1-F026-41EF-A73F-9BD540318BCD}
[2013/01/29 08:11:41 | 000,000,000 | ---D | C] -- C:\Users\Amako\AppData\Local\{E04A3163-2D65-4232-8C46-F89F34A2AAC0}
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/27 20:10:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/27 19:34:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/27 19:08:09 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/27 19:08:09 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/27 19:03:44 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/27 19:01:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/27 19:01:03 | 3824,640,000 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/27 16:47:44 | 000,001,117 | ---- | M] () -- C:\Users\Amako\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2013/02/27 16:47:44 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2013/02/27 11:31:49 | 000,723,198 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/27 11:31:49 | 000,622,210 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/27 11:31:49 | 000,105,448 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/27 10:43:02 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/02/27 10:42:22 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/02/27 00:43:59 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013/02/25 09:25:55 | 000,007,607 | ---- | M] () -- C:\Users\Amako\AppData\Local\Resmon.ResmonCfg
[2013/02/24 22:53:26 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAmako.job
[2013/02/24 10:39:21 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2013/02/24 10:39:21 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2013/02/21 18:37:42 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/02/21 14:51:20 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/02/21 14:51:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/02/19 21:07:35 | 000,002,046 | ---- | M] () -- C:\Users\Amako\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/02/16 22:00:06 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForCIELO$.job
[2013/02/13 05:19:01 | 000,864,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/30 18:57:01 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/27 16:47:44 | 000,001,117 | ---- | C] () -- C:\Users\Amako\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2013/02/27 16:47:43 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2013/02/27 10:43:02 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/02/21 14:51:20 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/02/21 14:51:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/01/23 19:40:54 | 000,000,626 | ---- | C] () -- C:\Windows\Tablet16000x10000.ini
[2012/12/25 00:25:26 | 000,042,904 | ---- | C] () -- C:\Windows\SysWow64\lhtool.exe
[2012/12/25 00:23:55 | 000,335,872 | ---- | C] () -- C:\Windows\SetupX32.EXE
[2012/05/14 02:38:49 | 000,007,607 | ---- | C] () -- C:\Users\Amako\AppData\Local\Resmon.ResmonCfg
[2012/02/13 02:36:54 | 000,772,398 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/05/28 11:29:33 | 000,001,854 | ---- | C] () -- C:\Users\Amako\AppData\Roaming\GhostObjGAFix.xml
[2011/04/27 09:38:02 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/04/27 09:38:02 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/27 10:34:16 | 000,000,000 | ---D | M] -- C:\Users\Amako\AppData\Roaming\Ad-Aware Antivirus
[2013/02/27 11:39:54 | 000,000,000 | ---D | M] -- C:\Users\Amako\AppData\Roaming\AVG
[2013/02/27 10:44:04 | 000,000,000 | ---D | M] -- C:\Users\Amako\AppData\Roaming\AVG2013
[2012/02/13 03:40:03 | 000,000,000 | ---D | M] -- C:\Users\Amako\AppData\Roaming\avidemux
[2013/02/24 22:45:40 | 000,000,000 | ---D | M] -- C:\Users\Amako\AppData\Roaming\BitTorrent
[2011/03/03 14:22:27 | 000,000,000 | ---D | M] -- C:\Users\Amako\AppData\Roaming\GetRightToGo
[2012/02/11 20:38:39 | 000,000,000 | ---D | M] -- C:\Users\Amako\AppData\Roaming\Jasc
[2011/01/31 00:25:22 | 000,000,000 | ---D | M] -- C:\Users\Amako\AppData\Roaming\SYSTEMAX Software Development
[2013/02/27 10:43:02 | 000,000,000 | ---D | M] -- C:\Users\Amako\AppData\Roaming\TuneUp Software
[2011/09/24 11:48:22 | 000,000,000 | ---D | M] -- C:\Users\Amako\AppData\Roaming\WinBatch

========== Purity Check ==========



< End of report >

Edited by Amako, 27 February 2013 - 08:01 PM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP