1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Partner37.MyDomainAdvisor.com

Discussion in 'Virus & Other Malware Removal' started by zirkel, Sep 14, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. zirkel

    zirkel Thread Starter

    Joined:
    Jul 17, 2009
    Messages:
    34
    hi, i keep on getting redirected to Partner37.MyDomainAdvisor.com, i dont know how to get rid of it. please help me in getting rid of this? im not techie at all so i completely have no idea how to solve this. ive tried googling it but the solutions they suggest dont solve the problem..
     
  2. mrp

    mrp Malware Specialist

    Joined:
    Dec 31, 1969
    Messages:
    60
    Hello and welcome to Tech Support Guy.

    My name is Michael and I will be helping you with your computer problems.

    Be aware that I am currently in training, which means that my replies must first be approved by one of my teachers. This may cause a slight delay in my responses, but keep in mind that this process is only to ensure you are receiving advice of the utmost accuracy.

    Please keep the following points in mind:
    • Malware research is often a time consuming process and sometimes multiple tools/methods will have to be employed before an infection is completely dealt with. Please be patient during the process of removal.
    • Read my instructions carefully before carrying them out. Also, consider printing out any instructions in case you lose your Internet connection.
    • If you have any questions, please ask before carrying out a fix. Clearing up any confusion beforehand will save time in the long run. That said, I will try to post instructions as clearly and concisely as possible.
    • Please reply to this thread. Do not start a new topic, and do not request help on other forums during the course of the cleaning process.
    IMPORTANT NOTE: Please do not delete anything unless instructed to.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

    I will be back as soon as possible with a response.
     
  3. mrp

    mrp Malware Specialist

    Joined:
    Dec 31, 1969
    Messages:
    60
    1. OTL

      Download OTL to your desktop.
      • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
      • Select All Users
      • Under the Custom Scan box paste this in
        netsvcs
        %SYSTEMDRIVE%\*.exe
        /md5start
        explorer.exe
        winlogon.exe
        Userinit.exe
        svchost.exe
        /md5stop
        %systemroot%\*. /rp /s
        DRIVES
        CREATERESTOREPOINT
      • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
        • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
        • Post both logs
    2. aswMBR

      Please download aswMBR and save it to your desktop.
      • Double click aswMBR.exe to start the tool.
      • When prompted to download virus definitions, please do so.
      • Click Scan. Note: Do NOT attempt any Fix yet.
      • When the scan completes, click Save log, save it to your desktop and post it in your next reply.
      • There should also be another file that is created on your desktop named MBR.dat. Please right-click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
     
  4. zirkel

    zirkel Thread Starter

    Joined:
    Jul 17, 2009
    Messages:
    34
    1. OTL.Txt


    OTL logfile created on: 9/15/2012 10:13:36 AM - Run 1
    OTL by OldTimer - Version 3.2.61.4 Folder = C:\Users\Krizel\Downloads
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.86 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 32.65% Memory free
    3.73 Gb Paging File | 1.26 Gb Available in Paging File | 33.80% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 48.73 Gb Total Space | 8.65 Gb Free Space | 17.75% Space Free | Partition Type: NTFS
    Drive D: | 249.26 Gb Total Space | 195.70 Gb Free Space | 78.51% Space Free | Partition Type: NTFS

    Computer Name: KRIZEL-PC | User Name: Krizel | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/15 10:12:12 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Krizel\Downloads\OTL.exe
    PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
    PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
    PRC - [2012/07/26 03:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
    PRC - [2012/07/09 21:40:20 | 000,935,008 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    PRC - [2012/07/09 21:40:18 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    PRC - [2012/06/25 14:07:36 | 000,710,912 | ---- | M] (Anvisoft) -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe
    PRC - [2012/06/25 14:07:36 | 000,224,000 | ---- | M] (Anvisoft) -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
    PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
    PRC - [2012/06/06 21:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
    PRC - [2012/05/13 15:51:45 | 000,893,296 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
    PRC - [2012/04/21 15:11:09 | 000,077,064 | ---- | M] () -- C:\Program Files\WordWeb\wweb32.exe
    PRC - [2012/03/27 05:45:22 | 000,329,544 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
    PRC - [2012/03/27 05:45:18 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
    PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2010/07/01 12:10:26 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/07/01 12:10:22 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2009/12/16 21:16:20 | 000,040,960 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
    PRC - [2009/12/16 21:16:08 | 004,406,784 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
    PRC - [2009/11/17 18:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
    PRC - [2009/07/29 12:19:00 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/07/01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    PRC - [2009/06/30 14:54:02 | 002,350,592 | ---- | M] (Lux Aeterna) -- C:\Program Files\Speaking Clock Deluxe\SpClDlx.exe
    PRC - [2008/11/26 03:58:39 | 000,081,920 | R--- | M] () -- C:\Windows\System32\SupportAppXL\cdrom_mon.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/08/30 10:58:45 | 000,442,392 | ---- | M] () -- C:\Users\Krizel\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll
    MOD - [2012/08/30 10:58:44 | 012,237,336 | ---- | M] () -- C:\Users\Krizel\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
    MOD - [2012/08/30 10:58:42 | 003,997,720 | ---- | M] () -- C:\Users\Krizel\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
    MOD - [2012/08/30 10:57:27 | 000,526,872 | ---- | M] () -- C:\Users\Krizel\AppData\Local\Google\Chrome\Application\21.0.1180.89\libglesv2.dll
    MOD - [2012/08/30 10:57:26 | 000,104,984 | ---- | M] () -- C:\Users\Krizel\AppData\Local\Google\Chrome\Application\21.0.1180.89\libegl.dll
    MOD - [2012/08/30 10:57:15 | 000,144,424 | ---- | M] () -- C:\Users\Krizel\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
    MOD - [2012/08/30 10:57:13 | 000,266,792 | ---- | M] () -- C:\Users\Krizel\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
    MOD - [2012/08/30 10:57:12 | 002,480,680 | ---- | M] () -- C:\Users\Krizel\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
    MOD - [2012/07/15 12:27:53 | 002,216,480 | ---- | M] () -- C:\Windows\wweb32.dll
    MOD - [2012/07/15 12:25:03 | 000,581,480 | ---- | M] () -- C:\Program Files\WordWeb\wwextdb.dll
    MOD - [2012/07/15 12:25:02 | 000,022,800 | ---- | M] () -- C:\Program Files\WordWeb\WUCNT.dll
    MOD - [2012/07/09 21:40:20 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
    MOD - [2012/07/09 21:40:18 | 001,107,552 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
    MOD - [2012/06/25 14:07:36 | 000,784,640 | ---- | M] () -- C:\Program Files\Anvisoft\Anvi Smart Defender\sqlite3.dll
    MOD - [2012/04/21 15:11:09 | 000,077,064 | ---- | M] () -- C:\Program Files\WordWeb\wweb32.exe
    MOD - [2011/05/10 15:32:54 | 001,048,576 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Excel\10.0.4504.0__31bf3856ad364e35\Microsoft.Office.Interop.Excel.dll
    MOD - [2011/05/10 15:32:54 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Word\10.0.4504.0__31bf3856ad364e35\Microsoft.Office.Interop.Word.dll
    MOD - [2011/05/10 15:32:54 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\10.0.4504.0__31bf3856ad364e35\Microsoft.Office.Interop.PowerPoint.dll
    MOD - [2011/05/10 15:32:54 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC\Office\7.0.3300.0__b03f5f7f11d50a3a\Office.dll
    MOD - [2011/05/09 06:18:30 | 000,004,608 | ---- | M] () -- C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\Extensibility.dll
    MOD - [2011/05/09 06:18:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
    MOD - [2011/05/09 06:18:16 | 000,781,104 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
    MOD - [2009/07/14 12:46:13 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\965b1fa2decab0efc0c837ab7252bba1\Microsoft.VisualBasic.ni.dll
    MOD - [2009/07/14 12:45:52 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c0f61f9b73571f26b6e0e0757bc5f460\CustomMarshalers.ni.dll
    MOD - [2009/07/14 12:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
    MOD - [2009/07/14 12:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
    MOD - [2009/07/14 12:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
    MOD - [2009/07/14 12:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
    MOD - [2009/07/14 12:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
    MOD - [2009/06/27 10:44:20 | 000,287,744 | ---- | M] () -- C:\Program Files\Speaking Clock Deluxe\voice\American English (female).dll
    MOD - [2009/06/11 05:22:50 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    MOD - [2006/10/26 13:56:46 | 000,757,008 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
    MOD - [2003/02/17 20:11:44 | 000,312,832 | ---- | M] () -- C:\Program Files\Speaking Clock Deluxe\timer.dll
    MOD - [2002/06/02 17:05:40 | 000,038,912 | ---- | M] () -- C:\Program Files\Speaking Clock Deluxe\spcl01.dll


    ========== Services (SafeList) ==========

    SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/07/09 21:40:20 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
    SRV - [2012/06/25 14:07:36 | 000,224,000 | ---- | M] (Anvisoft) [Auto | Running] -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)
    SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/03/27 06:45:44 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
    SRV - [2012/03/27 06:38:46 | 000,542,040 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
    SRV - [2012/03/27 05:45:22 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
    SRV - [2012/03/27 05:45:18 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
    SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/07/01 12:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/07/01 12:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2009/12/16 21:16:20 | 000,040,960 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
    SRV - [2009/11/17 18:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
    SRV - [2009/07/29 12:19:00 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/07/01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV - [2008/11/26 03:58:39 | 000,081,920 | R--- | M] () [Auto | Running] -- C:\Windows\System32\SupportAppXL\cdrom_mon.exe -- (Autorun CDROM Monitor)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
    DRV - [2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2012/07/26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2012/06/18 14:42:12 | 000,022,784 | ---- | M] (Anvisoft) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\asdrs.sys -- (asdrs)
    DRV - [2012/06/18 14:42:10 | 000,016,128 | ---- | M] (Anvisoft) [File_System | System | Running] -- C:\Windows\System32\drivers\asdrm.sys -- (asdrm)
    DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
    DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
    DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
    DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
    DRV - [2010/04/14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
    DRV - [2010/01/07 09:05:26 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/12/22 09:19:00 | 000,065,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
    DRV - [2009/12/16 21:16:18 | 000,017,144 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcmvwl32.sys -- (BcmVWL)
    DRV - [2009/12/16 21:16:04 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV - [2009/10/26 12:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
    DRV - [2009/10/13 20:07:32 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
    DRV - [2009/10/13 20:07:20 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
    DRV - [2009/10/13 20:07:06 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
    DRV - [2009/09/17 12:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
    DRV - [2009/07/14 09:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2009/07/14 09:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2009/07/14 09:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/14 07:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/14 07:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2009/07/14 07:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2009/06/22 20:01:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
    DRV - [2009/06/22 19:38:24 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2009/06/22 19:26:06 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
    DRV - [2009/02/10 17:23:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
    DRV - [2008/01/14 18:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={382185FA-7357-4710-B706-67671E52B76D}&mid=e162401aafc647d186e211827e20259e-16610a57e5d2aaa3a10950c2555f58af6efc6bd0&lang=en&ds=yu012&pr=sa&d=2012-06-19 20:48:52&v=11.1.0.7&sap=hp
    IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=112471&tt=060612_6_&babsrc=SP_ss&mntrId=faf0554a0000000000001c659de3260b
    IE - HKCU\..\SearchScopes\{19F92919-E744-4D93-95B6-DEB502D597B4}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102869&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=5J&apn_dtid=YYYYYYYYPH&apn_uid=793a2198-ee4e-469d-96e9-8da9a7e681d9&apn_sauid=B221C9B2-1EF6-4C3F-A051-D806E0793723
    IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=FE7A365CA0A4C4466381F64FDE6C70C6&q={searchTerms}
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com.sa/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enSA431
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={382185FA-7357-4710-B706-67671E52B76D}&mid=e162401aafc647d186e211827e20259e-16610a57e5d2aaa3a10950c2555f58af6efc6bd0&lang=en&ds=yu012&pr=sa&d=2012-06-19 20:48:52&v=11.1.0.7&sap=dsp&q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.182.2:8080

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..browser.search.selectedEngine: "Ask.com"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..extensions.enabledAddons: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
    FF - prefs.js..extensions.enabledAddons: [email protected]:1.2.0
    FF - prefs.js..extensions.enabledAddons: {8769adce-dba5-48e9-afb5-67b12cdf2e61}:1.5.18.12
    FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
    FF - prefs.js..extensions.enabledAddons: [email protected]:3.15.4.23821
    FF - prefs.js..extensions.enabledAddons: avg@toolbar:11.1.0.12
    FF - prefs.js..extensions.enabledAddons: [email protected]:5.0.4406
    FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
    FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B05577e2c-c778-4d4c-abc4-ed35ef3dd22b%7D&mid=e162401aafc647d186e211827e20259e-16610a57e5d2aaa3a10950c2555f58af6efc6bd0&ds=yu012&v=11.1.0.12&lang=en&pr=sa&d=2012-06-19%2020%3A48%3A52&sap=ku&q="
    FF - prefs.js..network.proxy.http: "192.168.0.2"
    FF - prefs.js..network.proxy.http_port: 8080
    FF - prefs.js..network.proxy.type: 1


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Krizel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Krizel\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Krizel\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/11 13:47:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/09 21:40:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/18 23:50:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/29 11:13:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/26 03:01:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/17 19:47:21 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\WordWeb\WCaptureMoz [2012/07/23 23:04:25 | 000,000,000 | ---D | M]

    [2011/05/12 21:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krizel\AppData\Roaming\Mozilla\Extensions
    [2012/06/21 10:23:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions
    [2012/06/18 07:47:14 | 000,000,000 | ---D | M] (blekko search bar) -- C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}
    [2012/06/21 10:23:52 | 000,000,000 | ---D | M] (wxDfast) -- C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\[email protected]
    [2012/06/19 00:05:03 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\[email protected]
    [2012/06/29 03:40:16 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\[email protected]
    [2012/06/25 12:29:17 | 000,002,577 | ---- | M] () -- C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\searchplugins\askcom.xml
    [2012/07/16 03:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/07/16 03:10:21 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files\Mozilla Firefox\extensions\[email protected]
    [2012/09/11 13:47:06 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
    [2012/07/23 23:04:25 | 000,000,000 | ---D | M] (WordWeb one-click lookup) -- C:\PROGRAM FILES\WORDWEB\WCAPTUREMOZ
    [2012/07/09 21:40:30 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12
    [2011/10/31 11:54:37 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/06/18 23:50:06 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
    [2011/03/23 02:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
    [2012/07/09 21:40:18 | 000,003,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2012/06/19 00:04:22 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2011/10/31 11:54:34 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/06/18 07:47:13 | 000,002,134 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\search.xml

    ========== Chrome ==========

    CHR - homepage: http://isearch.avg.com/?cid={382185FA-7357-4710-B706-67671E52B76D}&mid=e162401aafc647d186e211827e20259e-16610a57e5d2aaa3a10950c2555f58af6efc6bd0&lang=en&ds=yu012&pr=sa&d=2012-06-19 20:48:52&v=11.1.0.7&sap=hp
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://isearch.avg.com/?cid={382185FA-7357-4710-B706-67671E52B76D}&mid=e162401aafc647d186e211827e20259e-16610a57e5d2aaa3a10950c2555f58af6efc6bd0&lang=en&ds=yu012&pr=sa&d=2012-06-19 20:48:52&v=11.1.0.7&sap=hp
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Krizel\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Krizel\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Krizel\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Krizel\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Krizel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
    CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
    CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Krizel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Krizel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: AVG Do Not Track = C:\Users\Krizel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

    O1 HOSTS File: ([2009/06/11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll ()
    O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O3 - HKLM\..\Toolbar: (blekko search bar) - {8769adce-dba5-48e9-afb5-67b12cdf2e61} - C:\Program Files\blekkotb_031\blekkotb_019X.dll ()
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
    O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
    O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
    O4 - HKCU..\Run: [Facebook Update] C:\Users\Krizel\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKCU..\Run: [Speaking Clock Deluxe] C:\Program Files\Speaking Clock Deluxe\SpClDlx.exe (Lux Aeterna)
    O4 - HKCU..\Run: [supertintin_skype] C:\Program Files\Supertintin for Skype\supertintin_skype.exe (Imtiger Software Inc.)
    O4 - HKCU..\Run: [WordWeb] C:\Program Files\WordWeb\wweb32.exe ()
    O4 - Startup: C:\Users\Krizel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Krizel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Google Search
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://www.google.com/search?q=%w
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O13 - gopher Prefix: missing
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F6446A4-2B7C-406C-803F-FE0774F042E1}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DE9BD7C-D47E-4AFE-9D06-9B13BCF94B75}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{938456CC-F38D-49BA-A654-90DF2C2D63A0}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files\Stardock\ObjectDockFree\ODMenu.dll (Stardock)
    O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{1bab27f9-60eb-11e1-bc94-c0cb38c4cc6d}\Shell - "" = AutoRun
    O33 - MountPoints2\{1bab27f9-60eb-11e1-bc94-c0cb38c4cc6d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{283f45b7-b9b1-11e0-bef4-c0cb38c4cc6d}\Shell - "" = AutoRun
    O33 - MountPoints2\{283f45b7-b9b1-11e0-bef4-c0cb38c4cc6d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{45a8ad07-6ffe-11e1-8ce0-c0cb38c4cc6d}\Shell - "" = AutoRun
    O33 - MountPoints2\{45a8ad07-6ffe-11e1-8ce0-c0cb38c4cc6d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{a8d8f7b6-dc3e-11e1-bb7a-c0cb38c4cc6d}\Shell - "" = AutoRun
    O33 - MountPoints2\{a8d8f7b6-dc3e-11e1-bb7a-c0cb38c4cc6d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{adf1f39e-90da-11e0-985b-c0cb38c4cc6d}\Shell - "" = AutoRun
    O33 - MountPoints2\{adf1f39e-90da-11e0-985b-c0cb38c4cc6d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\{adf1f3ab-90da-11e0-985b-c0cb38c4cc6d}\Shell - "" = AutoRun
    O33 - MountPoints2\{adf1f3ab-90da-11e0-985b-c0cb38c4cc6d}\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O33 - MountPoints2\E\Shell - "" = AutoRun
    O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/11 13:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012/08/24 15:43:18 | 000,301,920 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys

    ========== Files - Modified Within 30 Days ==========

    [2012/09/15 10:14:02 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/15 09:27:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2852481675-2124114764-3581983340-1000UA.job
    [2012/09/15 07:24:03 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2852481675-2124114764-3581983340-1000UA.job
    [2012/09/15 05:14:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/15 01:24:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2852481675-2124114764-3581983340-1000Core.job
    [2012/09/14 23:42:58 | 094,810,240 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
    [2012/09/14 23:38:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/14 11:27:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2852481675-2124114764-3581983340-1000Core.job
    [2012/09/13 14:39:21 | 000,618,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/09/13 14:39:21 | 000,104,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/09/11 18:57:48 | 000,261,391 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
    [2012/09/11 13:47:06 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
    [2012/09/07 08:33:00 | 000,010,208 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/07 08:33:00 | 000,010,208 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/07 08:27:34 | 1500,921,856 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys

    ========== Files Created - No Company Name ==========

    [2012/03/24 01:01:00 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2011/11/08 13:14:45 | 000,158,720 | ---- | C] () -- C:\Windows\System32\WS_VideoConverterContextMenu.dll
    [2011/08/10 22:43:38 | 000,000,790 | ---- | C] () -- C:\Users\Krizel\Succession.Kno
    [2011/06/06 23:03:20 | 000,000,000 | ---- | C] () -- C:\Users\Krizel\AppData\Roaming\downloads.m3u
    [2011/06/04 12:16:54 | 000,000,132 | ---- | C] () -- C:\Users\Krizel\AppData\Roaming\default.rss
    [2011/06/04 10:39:05 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2011/05/27 13:34:39 | 000,020,992 | ---- | C] () -- C:\Users\Krizel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/18 09:33:42 | 002,216,480 | ---- | C] () -- C:\Windows\wweb32.dll
    [2011/05/17 17:33:50 | 000,000,000 | ---- | C] () -- C:\Users\Krizel\AppData\Local\{5CCAA59C-0686-4C2F-8821-0A7C89D32546}
    [2011/05/12 21:51:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/05/09 17:19:58 | 000,000,041 | ---- | C] () -- C:\Windows\Progs_.ini
    [2011/05/09 05:02:21 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
    [2011/02/11 19:10:52 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
    [2011/02/11 19:10:52 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
    [2011/02/11 19:10:50 | 000,874,048 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
    [2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
    [2011/02/11 18:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

    ========== LOP Check ==========

    [2012/07/18 06:55:56 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\Anvisoft
    [2012/04/27 23:34:22 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\Audacity
    [2012/01/20 00:36:29 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\AVG2012
    [2012/06/19 00:03:42 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\Babylon
    [2012/06/19 00:05:22 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\BabylonToolbar
    [2012/07/28 22:51:16 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\calibre
    [2011/05/09 05:27:38 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\CometPlayer
    [2012/09/07 08:29:16 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\Dropbox
    [2012/07/16 03:25:41 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\GetRightToGo
    [2011/05/18 10:15:13 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\ManyCam
    [2012/06/18 07:48:03 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\Pamela
    [2011/11/08 13:41:15 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\Pavtube
    [2011/05/09 04:58:32 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\PCDr
    [2011/05/27 13:34:01 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\Research In Motion
    [2011/05/18 09:55:24 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\Stardock
    [2012/09/01 20:06:26 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\tigerplayer
    [2012/09/15 10:22:46 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\uTorrent
    [2011/05/18 10:51:55 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\WebcamMax
    [2011/11/08 13:14:41 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\Wondershare
    [2011/05/18 09:34:08 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\WordWeb
    [2012/09/15 01:24:00 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2852481675-2124114764-3581983340-1000Core.job
    [2012/09/15 07:24:03 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2852481675-2124114764-3581983340-1000UA.job
    [2012/07/28 13:35:48 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >

    < MD5 for: EXPLORER.EXE >
    [2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\explorer.exe
    [2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

    < MD5 for: SVCHOST.EXE >
    [2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
    [2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
    [2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2009/07/14 09:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
    [2009/07/14 09:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

    < %systemroot%\*. /rp /s >

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: WDC WD3200BEKT-75PVMT0
    Partitions: 3
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 0.00GB
    Starting Offset: 1048576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 49.00GB
    Starting Offset: 105906176
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #2
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 249.00GB
    Starting Offset: 52429848576
    Hidden sectors: 0


    < End of report >

    2. Extras.Txt


    OTL Extras logfile created on: 9/15/2012 10:13:36 AM - Run 1
    OTL by OldTimer - Version 3.2.61.4 Folder = C:\Users\Krizel\Downloads
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.86 Gb Total Physical Memory | 0.61 Gb Available Physical Memory | 32.65% Memory free
    3.73 Gb Paging File | 1.26 Gb Available in Paging File | 33.80% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 48.73 Gb Total Space | 8.65 Gb Free Space | 17.75% Space Free | Partition Type: NTFS
    Drive D: | 249.26 Gb Total Space | 195.70 Gb Free Space | 78.51% Space Free | Partition Type: NTFS

    Computer Name: KRIZEL-PC | User Name: Krizel | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03538EC6-3E1A-4D87-9641-85D1D63D85C1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{0BAF3B78-4996-49F7-9027-B636AA5075A0}" = lport=138 | protocol=17 | dir=in | app=system |
    "{15AA7D27-B359-4483-B061-0684196F27EE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
    "{1CE29FD8-0E36-47FD-80DB-53D811D1FA75}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{2417567A-86F6-409D-8ECB-A485A971712B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{2A809589-EAA8-47C1-861E-ED607A02844D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{36F4809B-999B-4A9A-9351-CFA314099633}" = lport=137 | protocol=17 | dir=in | app=system |
    "{383FCA20-23A8-4348-8A4A-7E575CDCDD77}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{3BECD79F-D0B1-4A95-9BB5-A3CF59D8AF91}" = rport=445 | protocol=6 | dir=out | app=system |
    "{40614EC4-96CF-430B-9B84-CD4CCE864DAC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{43AD12BB-B4D0-4367-8255-39CC3E10363B}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
    "{48F6F433-C563-43C1-A612-A0F658E79E47}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{4FEB948C-43F5-444C-B55F-88D59FF5A88B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
    "{54043130-6E3B-4027-A7C7-3EE35538F642}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
    "{561FB0C4-0A23-425F-879D-73A38BD750BC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{6AA315B4-4A28-4BB2-945B-3AEA86E7192F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6D3B6FEF-8695-486C-B043-4A8E948F8B6A}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{7117ED7A-7E72-4DDD-8D21-B00588D1CFD1}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{7D48B1C8-E36D-454A-9A33-786EF66CFA60}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
    "{7FEB7221-4DCF-4279-9E45-FFA47D57EA84}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{7FFE5F38-4EBE-43E9-998B-B301449FB48C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{801A56DB-8AEE-43FF-BD99-3A825D2E10F3}" = lport=139 | protocol=6 | dir=in | app=system |
    "{87214DAF-B048-4AC7-870B-3748BD230461}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{8820680F-FF75-4150-A9FA-3DC2421CEE27}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{8FB68674-C7F2-4D3C-B194-30D221B8AC5E}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
    "{8FFD7F3F-44DD-4718-815E-CD8DBC24E74A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{91BB7FF6-C3E0-41CF-B7B7-85F9578CA93D}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{A39A0307-C434-4FDC-BB4B-3B26F205DC24}" = rport=137 | protocol=17 | dir=out | app=system |
    "{AFB7B02B-9B1B-4D38-82C2-19B8D1FED7F2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{B6ADDAA1-0E69-41B4-AC21-8163C0B96BD7}" = rport=138 | protocol=17 | dir=out | app=system |
    "{E72C0356-1FF2-40CE-9AA0-42A27A49410D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F7F2EC42-46FF-42E0-B3E8-5AF933137E3C}" = lport=445 | protocol=6 | dir=in | app=system |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{03564267-D7AF-44F6-B6C3-33BE58128D3B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{070C85BE-1E9E-4E51-B1E6-4D97B65644E2}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{071FB5B3-A5B0-46EC-9067-2A5E502DF2BC}" = protocol=17 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
    "{0909F61B-BB9D-4C8B-A0F7-544D5D9EFE7A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{161B4792-62B3-4053-93AC-3634C4904A34}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{1D55ADD4-3980-461A-9840-0B1C01BFF056}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1E1DFF9E-7C9E-45A6-9C40-0FF5237A050E}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{22089EE0-78E1-4D2C-91D0-24F35F629096}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{271C1F29-F050-4132-9650-78A39C0DF45A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{28CE2873-F705-4523-ABBD-BF9B01834B30}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{28D85E87-B5BD-4BBA-A615-1DD1F1014993}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
    "{2B416689-F490-4E33-9D88-C45EE99B8461}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{3A3F7B0F-4DF3-44C2-A521-CFFDDB825813}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "{3BC20B22-AEDC-496B-A039-D16499F2A769}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{3FA9CA24-89E5-42EF-992B-7540CD93DA49}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
    "{48A8CEE9-22BE-450B-80A2-CCBE6B87094B}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{50B57761-8FE5-49AD-9C0F-CCF74367E01A}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
    "{55626B86-6878-4B23-B8F8-F694D12B761D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
    "{558675B2-EBFF-4523-A16C-6FB54FC618F3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{5D62514C-09F5-4001-889D-898457090E8C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "{5E7CAC03-4012-4B0F-A6C1-BFC66C0D4790}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{5E7FA755-AC0C-429D-89C9-D9FA3EAEEEBA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{67CAF364-34B1-42C2-96CA-4316A6064F00}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{76D16D1A-BE00-468F-9AC6-54EEE6CF4B0A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{791F5D53-B06D-47C2-BB63-D11DEC8BC40F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{79C92494-22D1-459F-ABFA-6CCB51869E61}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{86E9F723-7BB0-4FB7-AA46-4CCE23148E5C}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
    "{8DD6297B-FD14-466D-B4BD-F05EF89348FD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{945390CE-B6BB-46B8-BE79-8D4E62A7CAEE}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
    "{96EEC026-3F52-4BA6-BFDE-1CDD516BAD85}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{9E937BE3-E5FC-45E7-9CAB-9E5B1C2492DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9ECF43F1-374A-467B-8B77-E5C7D13AA24D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
    "{9F0BD25F-E7EF-4987-BC12-FF416E9E93F7}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
    "{A7D3C49E-ABE8-4CD3-9EDC-194FB1CD80DF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AC662E8E-45B1-4AEA-92F4-314861AA1797}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
    "{B332AF76-5EDA-442A-8D13-45495FA45B9C}" = protocol=17 | dir=in | app=c:\users\krizel\appdata\roaming\dropbox\bin\dropbox.exe |
    "{B52B83BC-AA25-48B6-B5DD-FD846455C7C1}" = protocol=6 | dir=out | app=system |
    "{BBA2AA91-E089-4F78-BEC8-5503B66E3BA1}" = protocol=6 | dir=in | app=c:\users\krizel\appdata\roaming\dropbox\bin\dropbox.exe |
    "{C277F08B-0DFF-45B7-9167-E33BDC2CB96C}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
    "{C2CE7FDE-ED09-4F39-BC2F-AC143ED7D31A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
    "{C3EB661A-EAB9-4DF8-9BA4-37D3771C66E8}" = protocol=6 | dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
    "{C5CEB78B-0210-44CA-B820-718241B5F19E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
    "{CB9AF5C2-FAF6-4698-8634-F1DBCB79A467}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
    "{CBAF87C1-526C-4EE6-A869-1C1E639F98BC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{D92B48E3-DBE1-4525-9F3F-AEA18CA0CAD4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{DC1468DD-D404-48FF-9A14-E7702E9BC18C}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{E36BEB8B-8848-409F-9DC0-19813C324723}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{ED799C07-0DCE-40D8-B585-9867AF95C9FC}" = dir=in | app=c:\users\krizel\appdata\local\facebook\video\skype\facebookvideocalling.exe |
    "{EDFE7F43-A2E4-443B-BEC2-B2FDDDD4E25D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
    "{F20E4D28-1843-4AB6-AC51-3FD865BFBF13}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
    "{F22E7708-1689-4269-A70D-65BDC0922EEA}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
    "{FE4F8D84-8AD6-41BE-A4B8-D475FC905A24}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
    "TCP Query User{618A6174-A9F3-4BFA-BBB4-4D8C5707F476}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
    "TCP Query User{7BAA456D-DA42-483F-96B3-A911668138C2}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
    "TCP Query User{99EB57B2-B270-4C4E-8481-5405CBB9B725}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
    "UDP Query User{030C9CC6-CF19-4FE1-96C6-E40960F855D8}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
    "UDP Query User{8823CF6E-5D52-4596-9393-98F0140D76C5}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
    "UDP Query User{E1E8A08E-9AB0-42EC-AB20-3EF95093892D}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{02627ee5-eaca-4742-a9cc-e687631773e4}" = Nero ShowTime
    "{07043840-959A-4B0D-8825-2C533F0DDB19}" = Microsoft Math
    "{09041881-2C94-4A67-8E55-8483C019C7D2}" = Microsoft Student with Encarta Premium 2009
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{15482D1C-117B-4201-8D39-985A91ED8433}" = PhotoJoy
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1c00c7c5-e615-4139-b817-7f4003de68c0}" = Nero PhotoSnap Help
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
    "{2C13F8C1-570B-42A9-87B4-8C7903ECD602}" = ObjectDock Free
    "{2C72182A-4304-6227-E10F-00F9D395CB4E}" = ATI Catalyst Install Manager
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{359cfc0a-beb1-440d-95ba-cf63a86da34f}" = Nero Recode
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{43e39830-1826-415d-8bae-86845787b54b}" = Nero Vision
    "{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
    "{4F4C5E11-0612-48D2-8055-987992AAC432}" = wxDfast
    "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
    "{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
    "{5d9be3c1-8ba4-4e7e-82fd-9f74fa6815d1}" = Nero Vision Help
    "{60AFCC59-CB27-4390-8C8B-88FCA19F6C7A}}_is1" = Aneesoft AVCHD Converter
    "{60c731fb-c951-41ce-ad41-8e54c8594609}" = Nero Disc Copy Gadget Help
    "{62ac81f6-bdd3-4110-9d36-3e9eaab40999}" = Nero CoverDesigner
    "{63E949F6-03BC-5C40-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT.Policy (x86) WinSXS MSM
    "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68B7C6D9-1DF2-54C1-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC.Policy (x86) WinSXS MSM
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
    "{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}" = Learning Essentials for Microsoft Office
    "{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{7829db6f-a066-4e40-8912-cb07887c20bb}" = Nero BurnRights
    "{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
    "{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
    "{83AA2913-C123-4146-85BD-AD8F93971D39}" = BabylonObjectInstaller
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{65482307-FE7D-4E7F-9DEF-3F0E841BC77A}" =
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = SMART BRO
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{98CB24AD-52FB-DB5F-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 CRT (x86) WinSXS MSM
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BAE13A2-E7AF-D6C3-FF1F-C8B3B9A1E18E}" = Visual C++ 8.0 MFC (x86) WinSXS MSM
    "{9e82b934-9a25-445b-b8df-8012808074ac}" = Nero PhotoSnap
    "{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
    "{ad6bc5cc-2ef0-49c4-b33d-cdc8b2c4dc80}" = Nero Recode Help
    "{b1adf008-e898-4fe2-8a1f-690d9a06acaf}" = DolbyFiles
    "{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
    "{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
    "{b86754dd-2ddb-4ac0-9015-cb487277254e}" = InCD Help
    "{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
    "{C4972073-2BFE-475D-8441-564EA97DA161}" = QuickSet32
    "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
    "{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{ce96f5a5-584d-4f8f-aa3e-9baed413db72}" = Nero CoverDesigner Help
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
    "{d9dcf92e-72eb-412d-ac71-3b01276e5f8b}" = Nero ShowTime
    "{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
    "{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
    "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype&#8482; 5.10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{f1861f30-3419-44db-b2a1-c274825698b3}" = Nero Disc Copy Gadget
    "{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
    "{F504C16D-3639-4A43-9DF9-D9D6E6DE6535}" = Windows 7 Manager
    "{f5fb3d6e-153d-4d94-ac66-25903d5a628e}" = Nero 9 Essentials
    "{F602A766-B00C-4C5A-8FD1-288E126929D7}_is1" = Pavtube MTS Converter version 3.5.1.1475
    "{f6bdd7c5-89ed-4569-9318-469aa9732572}" = Nero BurnRights Help
    "{F833B666-1D46-4C21-8A2F-DF2080995741}" = calibre
    "{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
    "{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}" = Microsoft Student 2007 for Learning Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Anti-phishing Domain Advisor" = Anti-phishing Domain Advisor
    "Anvi Smart Defender" = Anvi Smart Defender 1.02
    "Audacity_is1" = Audacity 2.0
    "AVG" = AVG 2012
    "AVG Secure Search" = AVG Security Toolbar
    "BabylonToolbar" = Babylon toolbar on IE
    "BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
    "blekkotb_031" = blekko search bar
    "Chikka Messenger V4" = Chikka Messenger V4
    "DW WLAN Card Utility" = DW WLAN Card Utility
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "Globe Broadband" = Globe Broadband
    "HotspotShield" = Hotspot Shield 2.52
    "Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
    "MpcStar" = MpcStar 4.9
    "ObjectDock Free" = ObjectDock Free
    "PhotoJoy" = PhotoJoy
    "RealPlayer 15.0" = RealPlayer
    "Replay Video Capture6.0.4" = Replay Video Capture 6
    "RocketDock_is1" = RocketDock 1.3.5
    "Speaking Clock Deluxe_is1" = Speaking Clock Deluxe 3.62
    "Sun Broadband Wireless" = Sun Broadband Wireless
    "Supertintin Skype Video Call Recorder_is1" = Supertintin 1.2.0.13
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "Ultimate Reference Suite" = Ultimate Reference Suite
    "UltraISO_is1" = UltraISO Premium V9.35
    "uTorrent" = ĀµTorrent
    "VLC media player" = VLC media player 1.1.10
    "WebcamMax" = WebcamMax
    "Winamp" = Winamp
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "Wondershare Video Converter Platinum_is1" = Wondershare Video Converter Platinum(Build 5.1.4.1)
    "WordWeb" = WordWeb
    "wxDownload Fast_is1" = wxDownload Fast 0.6.0
    "Yahoo! Messenger" = Yahoo! Messenger

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
    "Dropbox" = Dropbox
    "Google Chrome" = Google Chrome
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 9/14/2012 2:57:27 AM | Computer Name = Krizel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 9/14/2012 2:57:27 AM | Computer Name = Krizel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 9/14/2012 2:57:27 AM | Computer Name = Krizel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 9/14/2012 2:57:27 AM | Computer Name = Krizel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 9/14/2012 2:57:27 AM | Computer Name = Krizel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 9/14/2012 2:57:27 AM | Computer Name = Krizel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 9/14/2012 2:57:27 AM | Computer Name = Krizel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 9/14/2012 5:08:51 AM | Computer Name = Krizel-PC | Source = Google Update | ID = 20
    Description =

    Error - 9/14/2012 3:37:03 PM | Computer Name = Krizel-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Research
    In Motion\BlackBerry Desktop\MailServerMAPIProxy64.exe". Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    Error - 9/14/2012 3:37:11 PM | Computer Name = Krizel-PC | Source = SideBySide | ID = 16842785
    Description = Activation context generation failed for "C:\Program Files\Common
    Files\Research In Motion\AppLoader\MailServerMAPIProxy64.exe". Dependent Assembly
    Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"
    could not be found. Please use sxstrace.exe for detailed diagnosis.

    [ OSession Events ]
    Error - 2/14/2012 11:13:51 PM | Computer Name = Krizel-PC | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 495188
    seconds with 6000 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 9/13/2012 5:18:23 PM | Computer Name = Krizel-PC | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.

    Error - 9/13/2012 6:56:20 PM | Computer Name = Krizel-PC | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.

    Error - 9/13/2012 9:58:00 PM | Computer Name = Krizel-PC | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.

    Error - 9/14/2012 12:33:03 AM | Computer Name = Krizel-PC | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.

    Error - 9/14/2012 1:04:47 AM | Computer Name = Krizel-PC | Source = bowser | ID = 8003
    Description =

    Error - 9/14/2012 1:16:48 AM | Computer Name = Krizel-PC | Source = bowser | ID = 8003
    Description =

    Error - 9/14/2012 1:23:32 AM | Computer Name = Krizel-PC | Source = bowser | ID = 8003
    Description =

    Error - 9/14/2012 5:05:41 AM | Computer Name = Krizel-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the Netman service.

    Error - 9/14/2012 5:05:39 AM | Computer Name = Krizel-PC | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.

    Error - 9/14/2012 11:38:44 AM | Computer Name = Krizel-PC | Source = BTHUSB | ID = 327697
    Description = The local Bluetooth adapter has failed in an undetermined manner and
    will not be used. The driver has been unloaded.


    < End of report >

    3. aswMBR


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-09-15 10:39:57
    -----------------------------
    10:39:57.607 OS Version: Windows 6.1.7600
    10:39:57.608 Number of processors: 4 586 0x2505
    10:39:57.611 ComputerName: KRIZEL-PC UserName: Krizel
    10:40:00.635 Initialize success
    11:11:53.554 AVAST engine defs: 12091400
    11:13:26.670 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    11:13:26.675 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
    11:13:26.708 Disk 0 MBR read successfully
    11:13:26.713 Disk 0 MBR scan
    11:13:26.772 Disk 0 Windows 7 default MBR code
    11:13:26.779 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    11:13:26.810 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 49900 MB offset 206848
    11:13:26.834 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 255243 MB offset 102402048
    11:13:26.849 Disk 0 scanning sectors +625139712
    11:13:26.971 Disk 0 scanning C:\Windows\system32\drivers
    11:13:38.000 Service scanning
    11:14:04.806 Modules scanning
    11:14:13.924 Disk 0 trace - called modules:
    11:14:14.306 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
    11:14:14.318 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x875dc5e8]
    11:14:14.331 3 CLASSPNP.SYS[88f9d59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85b0b028]
    11:14:16.318 AVAST engine scan C:\Windows
    11:14:18.843 AVAST engine scan C:\Windows\system32
    11:17:14.774 AVAST engine scan C:\Windows\system32\drivers
    11:17:34.602 AVAST engine scan C:\Users\Krizel
    11:20:34.298 Disk 0 MBR has been saved successfully to "D:\Documents\Krizel\Acad stuff\MBR.dat"
    11:20:34.346 The log file has been saved successfully to "D:\Documents\Krizel\Acad stuff\aswMBR.txt"
     
  5. zirkel

    zirkel Thread Starter

    Joined:
    Jul 17, 2009
    Messages:
    34
  6. mrp

    mrp Malware Specialist

    Joined:
    Dec 31, 1969
    Messages:
    60
    1. ComboFix

      Refer to the ComboFix User's Guide

      • Download ComboFix from HERE.

        * IMPORTANT !!! Place ComboFix.exe on your Desktop
      • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
        You can get help on disabling your protection programs here
      • Double click on ComboFix.exe & follow the prompts.
      • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
      • When finished, it shall produce a log for you. Post that log in your next reply

        Note:
        Do not mouse click ComboFix's window whilst it's running. That may cause it to stall.


        ---------------------------------------------------------------------------------------------
      • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

        ---------------------------------------------------------------------------------------------

      NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
     
  7. zirkel

    zirkel Thread Starter

    Joined:
    Jul 17, 2009
    Messages:
    34
    ComboFix 12-09-15.02 - Krizel 09/16/2012 4:42.1.4 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1909.980 [GMT 8:00]
    Running from: c:\users\Krizel\Downloads\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\blekkotb_031\blEKkotb_019x.dll
    c:\program files\Mozilla Firefox\searchplugins\search.xml
    c:\programdata\wxDfast
    c:\programdata\wxDfast\background.html
    c:\programdata\wxDfast\content.js
    c:\programdata\wxDfast\hcldmlokpnionfjimpobjlafbpcllkpk.crx
    c:\programdata\wxDfast\settings.ini
    c:\programdata\wxDfast\uninstall.exe
    c:\windows\system32\drivers\npf.sys
    D:\install.exe
    .
    Infected copy of c:\windows\system32\userinit.exe was found and disinfected
    Restored copy from - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-08-15 to 2012-09-15 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-24 07:43 . 2012-08-24 07:43 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-25 19:21 . 2012-07-25 19:21 237408 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2012-07-15 04:27 . 2011-05-18 01:33 2216480 ------w- c:\windows\wweb32.dll
    2012-06-18 15:49 . 2009-01-08 07:43 348160 ----a-w- c:\windows\system32\msvcr71.dll
    2012-06-18 15:49 . 2009-10-14 07:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
    2012-06-18 06:42 . 2012-07-17 22:55 22784 ----a-w- c:\windows\system32\drivers\asdrs.sys
    2012-06-18 06:42 . 2012-07-17 22:55 16128 ----a-w- c:\windows\system32\drivers\asdrm.sys
    2012-06-18 05:09 . 2011-03-28 10:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-10-31 03:54 . 2011-05-08 21:24 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
    .
    [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-07-09 13:40 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2012-06-06 13:33 1519304 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-06 1519304]
    .
    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-01-18 18:49 94208 ----a-w- c:\users\Krizel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-01-18 18:49 94208 ----a-w- c:\users\Krizel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-01-18 18:49 94208 ----a-w- c:\users\Krizel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-01-18 18:49 94208 ----a-w- c:\users\Krizel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Speaking Clock Deluxe"="c:\program files\Speaking Clock Deluxe\SpClDlx.exe" [2009-06-30 2350592]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-05-08 39408]
    "Facebook Update"="c:\users\Krizel\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
    "supertintin_skype"="c:\program files\Supertintin for Skype\supertintin_skype.exe" [2012-06-30 1404416]
    "WordWeb"="c:\program files\WordWeb\wweb32.exe" [2012-04-21 77064]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 137752]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 171032]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 172568]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-13 8555040]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-09 1107552]
    "Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2012-05-03 217256]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-06-18 296056]
    "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-06 1564872]
    "Anvi Smart Defender"="c:\program files\Anvisoft\Anvi Smart Defender\ASDTray.exe" [2012-06-25 710912]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-30 2596984]
    .
    c:\users\Krizel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Krizel\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-25 27112840]
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
    "{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockFree\ODMenu.dll" [2010-10-04 511344]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux3"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ \0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
    backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Krizel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
    path=c:\users\Krizel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    backup=c:\windows\pss\Dropbox.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Krizel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\users\Krizel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Krizel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
    path=c:\users\Krizel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
    backup=c:\windows\pss\Stardock ObjectDock.lnk.Startup
    backupExtension=.Startup
    .
    [HKLM\~\startupfolder\C:^Users^Krizel^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WordWeb.lnk]
    path=c:\users\Krizel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WordWeb.lnk
    backup=c:\windows\pss\WordWeb.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
    2012-06-06 13:33 1564872 ----a-w- c:\program files\Ask.com\Updater\Updater.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG_TRAY]
    2012-07-30 19:37 2596984 ----a-w- c:\program files\AVG\AVG2012\avgtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
    2009-12-16 13:16 5013504 ----a-w- c:\program files\Dell\DW WLAN Card\WLTRAY.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
    2012-07-12 17:19 138096 ----atw- c:\users\Krizel\AppData\Local\Facebook\Update\FacebookUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2011-07-31 16:24 136176 ----atw- c:\users\Krizel\AppData\Local\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAStorIcon]
    2010-03-03 12:16 284696 ----a-w- c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2010-06-01 02:17 5252408 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2012-03-08 10:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhotoJoy]
    2011-05-03 09:40 976256 ----a-w- c:\program files\PhotoJoy\Bin\PhotoJoy.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickSet]
    2010-04-06 07:09 2952048 ----a-w- c:\program files\Dell\QuickSet\quickset.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMBBLaunchAgent.exe]
    2011-02-18 03:47 79192 ----a-w- c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
    2009-07-14 01:14 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
    2012-07-13 05:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Speaking Clock Deluxe]
    2009-06-30 06:54 2350592 ----a-w- c:\program files\Speaking Clock Deluxe\SpClDlx.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2011-05-08 21:26 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2009-11-12 12:22 1594664 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2012-06-18 15:49 296056 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vProt]
    2012-07-09 13:40 1107552 ----a-w- c:\program files\AVG Secure Search\vprot.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxAutoRun]
    2011-04-28 01:15 6052592 ----a-w- c:\program files\WebcamMax\WebcamMax.exe
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
    R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
    R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [x]
    R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [x]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
    R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
    S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]
    S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
    S1 asdrm;asdrm;c:\windows\system32\DRIVERS\asdrm.sys [x]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]
    S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [x]
    S2 asdrs;AntiMalware Host-based Intrusion Prevention System;c:\windows\system32\DRIVERS\asdrs.sys [x]
    S2 asdsrv;Anvi Smart Defender Realtime Guard Service;c:\program files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [x]
    S2 Autorun CDROM Monitor;Autorun CDROM Monitor;c:\windows\system32\SupportAppXL\cdrom_mon.exe [x]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [x]
    S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]
    S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [x]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]
    S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]
    S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl32.sys [x]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
    S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-09-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2852481675-2124114764-3581983340-1000Core.job
    - c:\users\Krizel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-22 17:19]
    .
    2012-09-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2852481675-2124114764-3581983340-1000UA.job
    - c:\users\Krizel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-22 17:19]
    .
    2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-08 21:27]
    .
    2012-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-08 21:27]
    .
    2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2852481675-2124114764-3581983340-1000Core.job
    - c:\users\Krizel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-31 16:24]
    .
    2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2852481675-2124114764-3581983340-1000UA.job
    - c:\users\Krizel\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-31 16:24]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://isearch.avg.com/?cid={382185FA-7357-4710-B706-67671E52B76D}&mid=e162401aafc647d186e211827e20259e-16610a57e5d2aaa3a10950c2555f58af6efc6bd0&lang=en&ds=yu012&pr=sa&d=2012-06-19 20:48&v=11.1.0.7&sap=hp
    uInternet Settings,ProxyServer = 192.168.182.2:8080
    uInternet Settings,ProxyOverride = <local>
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 124.106.5.2 124.106.4.2
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B05577e2c-c778-4d4c-abc4-ed35ef3dd22b%7D&mid=e162401aafc647d186e211827e20259e-16610a57e5d2aaa3a10950c2555f58af6efc6bd0&ds=yu012&v=11.1.0.12&lang=en&pr=sa&d=2012-06-19%2020%3A48%3A52&sap=ku&q=
    FF - prefs.js: network.proxy.http - 192.168.0.2
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.type - 1
    FF - user.js: extensions.BabylonToolbar_i.id - faf0554a0000000000001c659de3260b
    FF - user.js: extensions.BabylonToolbar_i.hardId - faf0554a0000000000001c659de3260b
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15509
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.170:05
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
    FF - user.js: extensions.BabylonToolbar_i.newTab - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112471&tt=060612_6_
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    MSConfigStartUp-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
    AddRemove-{4F4C5E11-0612-48D2-8055-987992AAC432} - c:\programdata\wxDfast\uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(5108)
    c:\program files\Supertintin for Skype\mcr_skype_hook2.dll
    c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.dll
    c:\users\Krizel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    c:\program files\Stardock\ObjectDockFree\ODMenu.dll
    c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\progra~1\AVG\AVG2012\avgrsx.exe
    c:\program files\AVG\AVG2012\avgcsrvx.exe
    c:\program files\Dell\DW WLAN Card\WLTRYSVC.EXE
    c:\windows\system32\WLANExt.exe
    c:\windows\system32\conhost.exe
    c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
    c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
    c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\AVG\AVG2012\avgnsx.exe
    c:\program files\AVG\AVG2012\avgemcx.exe
    c:\windows\system32\conhost.exe
    c:\program files\Dell\DW WLAN Card\bcmwltry.exe
    c:\program files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Completion time: 2012-09-16 05:02:48 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-09-15 21:02
    .
    Pre-Run: 13,164,462,080 bytes free
    Post-Run: 15,012,585,472 bytes free
    .
    - - End Of File - - 55BC70A57F9D750ED7D6BDE5A3A81DDF
     
  8. mrp

    mrp Malware Specialist

    Joined:
    Dec 31, 1969
    Messages:
    60
    1. Malwarebytes' Anti-Malware

      Download Malwarebytes' Anti-Malware to your desktop.
      • Double-click mbam-setup.exe and follow the prompts to install the program.
      • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
      • If an update is found, it will download and install the latest version.
      • Once the program has loaded, select Perform quick scan, then click Scan.
      • When the scan is complete, click OK, then Show Results to view the results.
      • Be sure that everything is checked, and click Remove Selected.
      • When completed, a log will open in Notepad. This log is saved by MBAM and can be viewed by clicking the Logs tab.
      • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
      • Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

    2. ESET Online Scanner

      Please disable any real-time security programs such as your anti-virus before proceeding with this scan.
      • Open Internet Explorer.
      • Download ESET Online Scanner.
      • Put a checkmark in the checkbox next to YES, I accept the Terms of Use.
      • Click Start.
      • When prompted by your web browser, click Install.
      • Uncheck Remove found threats.
      • Check Scan archives.
      • Click Start and let the scanner finish downloading virus signatures. The scan will begin afterward.
      • When the scan completes, click List of found threats.
      • Click Export to text file... and save the file to your desktop. Paste the contents of this in your next reply.
      • Click Back.
      • Click Finish.

    3. AdwCleaner

      Download AdwCleaner from here and save it to your desktop.
      • Run AdwCleaner and select Delete
      • Once done it will ask to reboot, allow the reboot
      • On reboot a log will be produced, please attach the content of the log to your next reply
     
  9. zirkel

    zirkel Thread Starter

    Joined:
    Jul 17, 2009
    Messages:
    34
    1. malware

    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Database version: v2012.09.16.01

    Windows 7 x86 NTFS
    Internet Explorer 8.0.7600.16385
    Krizel :: KRIZEL-PC [administrator]

    9/16/2012 11:47:25 AM
    mbam-log-2012-09-16 (11-47-25).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 173328
    Time elapsed: 6 minute(s), 11 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    2. ESET

    C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll a variant of Win32/Toolbar.Babylon application
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon application
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe probably a variant of Win32/Toolbar.Babylon application
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon application
    C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon application
    C:\Qoobox\Quarantine\C\ProgramData\wxDfast\uninstall.exe.vir Win32/Adware.MultiPlug.A application
    Operating memory Win32/Toolbar.Babylon application

    3. adwcleaner

    # AdwCleaner v2.001 - Logfile created 09/16/2012 at 18:00:29
    # Updated 09/09/2012 by Xplode
    # Operating system : Windows 7 Ultimate (32 bits)
    # User : Krizel - KRIZEL-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Krizel\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.7600.16385

    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

    -\\ Mozilla Firefox v7.0.1 (en-US)

    Profile name : default
    File : C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v21.0.1180.89

    File : C:\Users\Krizel\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.8] : homepage = "hxxp://isearch.avg.com/?cid={382185FA-7357-4710-B706-67671E52B76D}&mid=e162401aafc647d186e211827e20259e-16610a57e5d2aaa3a10950c2555f58af6efc6bd0&lang=en&ds=yu012&pr=sa&d=2012-06-19 20:48:52&v=11.1.0.7&sap=hp",
    Deleted [l.1307] : homepage = "hxxp://isearch.avg.com/?cid={382185FA-7357-4710-B706-67671E52B76D}&mid=e162401aafc647d186e211827e20259e-16610a57e5d2aaa3a10950c2555f58af6efc6bd0&lang=en&ds=yu012&pr=sa&d=2012-06-19 20:48:52&v=11.1.0.7&sap=hp",

    *************************

    AdwCleaner[S2].txt - [14568 octets] - [16/09/2012 16:50:23]
    AdwCleaner[S3].txt - [9274 octets] - [16/09/2012 17:44:20]
    AdwCleaner[S4].txt - [1463 octets] - [16/09/2012 18:00:29]

    ########## EOF - C:\AdwCleaner[S4].txt - [1523 octets] ##########
     
  10. mrp

    mrp Malware Specialist

    Joined:
    Dec 31, 1969
    Messages:
    60
    Hi zirkel,

    Please open up your start menu and start typing programs and features to bring up the applet so you can launch it. Look for any instances of Babylon and uninstall them. I saw BabylonObjectInstaller and Babylon toolbar on IE in your OTL log, for example.

    Are you still being redirected? Also, did you manually set the following proxy in Firefox?

     
  11. zirkel

    zirkel Thread Starter

    Joined:
    Jul 17, 2009
    Messages:
    34
    hi, i did what you asked me to do but there arent instances of Babylon when i checked programs and features..

    also, yes, i had to set that proxy in firefox for school. :)
     
  12. mrp

    mrp Malware Specialist

    Joined:
    Dec 31, 1969
    Messages:
    60
    Please run OTL again using the instructions from earlier. It should only produce one log this time; post it in your next reply.

    Are you still being redirected?
     
  13. zirkel

    zirkel Thread Starter

    Joined:
    Jul 17, 2009
    Messages:
    34
    OTL logfile created on: 9/17/2012 2:59:27 PM - Run 2
    OTL by OldTimer - Version 3.2.61.4 Folder = C:\Users\Krizel\Downloads
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1.86 Gb Total Physical Memory | 0.45 Gb Available Physical Memory | 24.37% Memory free
    3.73 Gb Paging File | 0.98 Gb Available in Paging File | 26.26% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 48.73 Gb Total Space | 13.82 Gb Free Space | 28.37% Space Free | Partition Type: NTFS
    Drive D: | 249.26 Gb Total Space | 201.60 Gb Free Space | 80.88% Space Free | Partition Type: NTFS

    Computer Name: KRIZEL-PC | User Name: Krizel | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/09/15 11:28:48 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Krizel\Downloads\OTL (1).exe
    PRC - [2012/09/15 10:12:12 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Krizel\Downloads\OTL.exe
    PRC - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe
    PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgtray.exe
    PRC - [2012/07/26 03:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
    PRC - [2012/06/30 17:57:10 | 001,404,416 | ---- | M] (Imtiger Software Inc.) -- C:\Program Files\Supertintin for Skype\supertintin_skype.exe
    PRC - [2012/06/25 14:07:36 | 000,710,912 | ---- | M] (Anvisoft) -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe
    PRC - [2012/06/25 14:07:36 | 000,224,000 | ---- | M] (Anvisoft) -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe
    PRC - [2012/06/18 23:49:55 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
    PRC - [2012/06/13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgnsx.exe
    PRC - [2012/05/25 02:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Krizel\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/04/21 15:11:09 | 000,077,064 | ---- | M] () -- C:\Program Files\WordWeb\wweb32.exe
    PRC - [2012/03/27 05:45:22 | 000,329,544 | ---- | M] () -- C:\Program Files\Hotspot Shield\bin\hsswd.exe
    PRC - [2012/03/27 05:45:18 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
    PRC - [2012/03/19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgemcx.exe
    PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    PRC - [2012/02/14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2010/07/01 12:10:26 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/07/01 12:10:22 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    PRC - [2009/12/16 21:16:20 | 000,040,960 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
    PRC - [2009/12/16 21:16:08 | 004,406,784 | ---- | M] (Dell Inc.) -- C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
    PRC - [2009/11/17 18:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
    PRC - [2009/07/29 12:19:00 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
    PRC - [2009/07/14 09:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/07/14 09:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
    PRC - [2009/07/01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    PRC - [2009/06/30 14:54:02 | 002,350,592 | ---- | M] (Lux Aeterna) -- C:\Program Files\Speaking Clock Deluxe\SpClDlx.exe
    PRC - [2008/11/26 03:58:39 | 000,081,920 | R--- | M] () -- C:\Windows\System32\SupportAppXL\cdrom_mon.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/08/30 10:58:45 | 000,442,392 | ---- | M] () -- C:\Users\Krizel\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppgooglenaclpluginchrome.dll
    MOD - [2012/08/30 10:58:44 | 012,237,336 | ---- | M] () -- C:\Users\Krizel\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
    MOD - [2012/08/30 10:58:42 | 003,997,720 | ---- | M] () -- C:\Users\Krizel\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
    MOD - [2012/08/30 10:57:27 | 000,526,872 | ---- | M] () -- C:\Users\Krizel\AppData\Local\Google\Chrome\Application\21.0.1180.89\libglesv2.dll
    MOD - [2012/08/30 10:57:26 | 000,104,984 | ---- | M] () -- C:\Users\Krizel\AppData\Local\Google\Chrome\Application\21.0.1180.89\libegl.dll
    MOD - [2012/08/30 10:57:15 | 000,144,424 | ---- | M] () -- C:\Users\Krizel\AppData\Local\Google\Chrome\Application\21.0.1180.89\avutil-51.dll
    MOD - [2012/08/30 10:57:13 | 000,266,792 | ---- | M] () -- C:\Users\Krizel\AppData\Local\Google\Chrome\Application\21.0.1180.89\avformat-54.dll
    MOD - [2012/08/30 10:57:12 | 002,480,680 | ---- | M] () -- C:\Users\Krizel\AppData\Local\Google\Chrome\Application\21.0.1180.89\avcodec-54.dll
    MOD - [2012/07/15 12:27:53 | 002,216,480 | ---- | M] () -- C:\Windows\wweb32.dll
    MOD - [2012/07/15 12:25:02 | 000,022,800 | ---- | M] () -- C:\Program Files\WordWeb\WUCNT.dll
    MOD - [2012/06/25 14:07:36 | 000,784,640 | ---- | M] () -- C:\Program Files\Anvisoft\Anvi Smart Defender\sqlite3.dll
    MOD - [2012/04/21 15:11:09 | 000,077,064 | ---- | M] () -- C:\Program Files\WordWeb\wweb32.exe
    MOD - [2011/05/10 15:32:54 | 001,048,576 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Excel\10.0.4504.0__31bf3856ad364e35\Microsoft.Office.Interop.Excel.dll
    MOD - [2011/05/10 15:32:54 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Word\10.0.4504.0__31bf3856ad364e35\Microsoft.Office.Interop.Word.dll
    MOD - [2011/05/10 15:32:54 | 000,217,088 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.PowerPoint\10.0.4504.0__31bf3856ad364e35\Microsoft.Office.Interop.PowerPoint.dll
    MOD - [2011/05/10 15:32:54 | 000,196,608 | ---- | M] () -- C:\Windows\assembly\GAC\Office\7.0.3300.0__b03f5f7f11d50a3a\Office.dll
    MOD - [2011/05/09 06:18:30 | 000,004,608 | ---- | M] () -- C:\Windows\assembly\GAC\Extensibility\7.0.3300.0__b03f5f7f11d50a3a\Extensibility.dll
    MOD - [2011/05/09 06:18:29 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll
    MOD - [2011/05/09 06:18:16 | 000,781,104 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.Office.Interop.Word\12.0.0.0__71e9bce111e9429c\Microsoft.Office.Interop.Word.dll
    MOD - [2009/07/14 12:46:13 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\965b1fa2decab0efc0c837ab7252bba1\Microsoft.VisualBasic.ni.dll
    MOD - [2009/07/14 12:45:52 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\c0f61f9b73571f26b6e0e0757bc5f460\CustomMarshalers.ni.dll
    MOD - [2009/07/14 12:43:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
    MOD - [2009/07/14 12:42:57 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
    MOD - [2009/07/14 12:42:40 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
    MOD - [2009/07/14 12:42:36 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
    MOD - [2009/07/14 12:42:30 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
    MOD - [2009/06/27 10:44:20 | 000,287,744 | ---- | M] () -- C:\Program Files\Speaking Clock Deluxe\voice\American English (female).dll
    MOD - [2009/06/11 05:22:50 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
    MOD - [2006/10/26 13:56:46 | 000,757,008 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
    MOD - [2003/02/17 20:11:44 | 000,312,832 | ---- | M] () -- C:\Program Files\Speaking Clock Deluxe\timer.dll
    MOD - [2002/06/02 17:05:40 | 000,038,912 | ---- | M] () -- C:\Program Files\Speaking Clock Deluxe\spcl01.dll


    ========== Services (SafeList) ==========

    SRV - [2012/08/13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/06/25 14:07:36 | 000,224,000 | ---- | M] (Anvisoft) [Auto | Running] -- C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)
    SRV - [2012/06/07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/03/27 06:45:44 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Hotspot Shield\bin\HSSTrayService.exe -- (HssTrayService)
    SRV - [2012/03/27 06:38:46 | 000,542,040 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe -- (hshld)
    SRV - [2012/03/27 05:45:22 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files\Hotspot Shield\bin\hsswd.exe -- (HssWd)
    SRV - [2012/03/27 05:45:18 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
    SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2010/07/01 12:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/07/01 12:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/03/03 20:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
    SRV - [2009/12/16 21:16:20 | 000,040,960 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
    SRV - [2009/11/17 18:15:08 | 000,087,968 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe -- (AERTFilters)
    SRV - [2009/07/29 12:19:00 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
    SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/07/01 18:03:12 | 000,582,944 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
    SRV - [2008/11/26 03:58:39 | 000,081,920 | R--- | M] () [Auto | Running] -- C:\Windows\System32\SupportAppXL\cdrom_mon.exe -- (Autorun CDROM Monitor)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\RtsUCcid.sys -- (USBCCID)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Rts516xIR.sys -- (RtsUIR)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbfake.sys -- (hwusbfake)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Krizel\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
    DRV - [2012/07/26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
    DRV - [2012/06/18 14:42:12 | 000,022,784 | ---- | M] (Anvisoft) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\asdrs.sys -- (asdrs)
    DRV - [2012/06/18 14:42:10 | 000,016,128 | ---- | M] (Anvisoft) [File_System | System | Running] -- C:\Windows\System32\drivers\asdrm.sys -- (asdrm)
    DRV - [2012/04/19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
    DRV - [2012/01/31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
    DRV - [2011/12/23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2011/12/23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
    DRV - [2011/12/23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
    DRV - [2011/12/23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
    DRV - [2010/04/14 01:01:48 | 000,045,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btusbflt.sys -- (btusbflt)
    DRV - [2010/01/07 09:05:26 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV - [2009/12/22 09:19:00 | 000,065,576 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
    DRV - [2009/12/16 21:16:18 | 000,017,144 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcmvwl32.sys -- (BcmVWL)
    DRV - [2009/12/16 21:16:04 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
    DRV - [2009/10/26 12:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
    DRV - [2009/10/13 20:07:32 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
    DRV - [2009/10/13 20:07:20 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
    DRV - [2009/10/13 20:07:06 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
    DRV - [2009/09/17 12:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
    DRV - [2009/07/14 09:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2009/07/14 09:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2009/07/14 09:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
    DRV - [2009/07/14 07:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/14 07:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2009/07/14 07:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2009/06/22 20:01:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
    DRV - [2009/06/22 19:38:24 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2009/06/22 19:26:06 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbdev.sys -- (hwusbdev)
    DRV - [2009/02/10 17:23:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
    DRV - [2008/01/14 18:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{19F92919-E744-4D93-95B6-DEB502D597B4}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102869&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=5J&apn_dtid=YYYYYYYYPH&apn_uid=793a2198-ee4e-469d-96e9-8da9a7e681d9&apn_sauid=B221C9B2-1EF6-4C3F-A051-D806E0793723
    IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com.sa/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enSA431
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 192.168.182.2:8080

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
    FF - prefs.js..network.proxy.http: "192.168.0.2"
    FF - prefs.js..network.proxy.http_port: 8080
    FF - prefs.js..network.proxy.type: 1
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.0.198: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.0.198: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Krizel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Krizel\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Krizel\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/09/11 13:47:06 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/18 23:50:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/08/29 11:13:22 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/26 03:01:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/17 19:47:21 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\WordWeb\WCaptureMoz [2012/07/23 23:04:25 | 000,000,000 | ---D | M]

    [2011/05/12 21:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krizel\AppData\Roaming\Mozilla\Extensions
    [2012/09/16 16:50:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions
    [2012/06/18 07:47:14 | 000,000,000 | ---D | M] (blekko search bar) -- C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}
    [2012/06/21 10:23:52 | 000,000,000 | ---D | M] (wxDfast) -- C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\[email protected]
    [2012/09/16 16:50:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/09/11 13:47:06 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4
    File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\[email protected]
    [2012/07/23 23:04:25 | 000,000,000 | ---D | M] (WordWeb one-click lookup) -- C:\PROGRAM FILES\WORDWEB\WCAPTUREMOZ
    File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\11.1.0.12
    File not found (No name found) -- C:\USERS\KRIZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AG1IZKB5.DEFAULT\EXTENSIONS\[email protected]
    File not found (No name found) -- C:\USERS\KRIZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AG1IZKB5.DEFAULT\EXTENSIONS\[email protected]
    [2011/10/31 11:54:37 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/06/18 23:50:06 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
    [2011/03/23 02:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
    [2011/10/31 11:54:34 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Krizel\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Krizel\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Krizel\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Krizel\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Krizel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
    CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Krizel\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Krizel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
    CHR - Extension: AVG Safe Search = C:\Users\Krizel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
    CHR - Extension: AVG Do Not Track = C:\Users\Krizel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\

    O1 HOSTS File: ([2012/09/16 04:56:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
    O4 - HKCU..\Run: [Facebook Update] C:\Users\Krizel\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    O4 - HKCU..\Run: [Speaking Clock Deluxe] C:\Program Files\Speaking Clock Deluxe\SpClDlx.exe (Lux Aeterna)
    O4 - HKCU..\Run: [supertintin_skype] C:\Program Files\Supertintin for Skype\supertintin_skype.exe (Imtiger Software Inc.)
    O4 - HKCU..\Run: [WordWeb] C:\Program Files\WordWeb\wweb32.exe ()
    O4 - Startup: C:\Users\Krizel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Krizel\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutoTrayNotify = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Google Search
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://www.google.com/search?q=%w
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F6446A4-2B7C-406C-803F-FE0774F042E1}: DhcpNameServer = 124.106.5.2 124.106.4.2
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4DE9BD7C-D47E-4AFE-9D06-9B13BCF94B75}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{938456CC-F38D-49BA-A654-90DF2C2D63A0}: DhcpNameServer = 192.168.1.1 192.168.1.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O22 - SharedTaskScheduler: {1984D045-52CF-49cd-DB77-08F378FEA4DB} - ObjectDockShellExt - C:\Program Files\Stardock\ObjectDockFree\ODMenu.dll (Stardock)
    O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/09/16 12:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
    [2012/09/16 11:43:45 | 000,000,000 | ---D | C] -- C:\Users\Krizel\AppData\Roaming\Malwarebytes
    [2012/09/16 11:43:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/09/16 11:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/09/16 11:43:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/09/16 11:43:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/09/16 05:02:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/09/16 04:56:59 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2012/09/16 04:40:06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/09/16 04:40:06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/09/16 04:40:06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/09/16 04:39:33 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/09/16 04:39:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/09/11 13:47:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012/08/24 15:43:18 | 000,301,920 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys

    ========== Files - Modified Within 30 Days ==========

    [2012/09/17 14:52:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/09/17 14:36:34 | 000,618,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/09/17 14:36:34 | 000,104,546 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/09/17 14:34:49 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2852481675-2124114764-3581983340-1000UA.job
    [2012/09/17 14:34:48 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2852481675-2124114764-3581983340-1000Core.job
    [2012/09/17 14:34:46 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/09/17 14:34:35 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2852481675-2124114764-3581983340-1000UA.job
    [2012/09/17 09:59:41 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2852481675-2124114764-3581983340-1000Core.job
    [2012/09/17 09:53:48 | 095,008,581 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
    [2012/09/16 18:07:12 | 000,010,208 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/09/16 18:07:12 | 000,010,208 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/09/16 18:02:23 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/09/16 18:02:03 | 1500,921,856 | -HS- | M] () -- C:\hiberfil.sys
    [2012/09/16 11:59:19 | 000,027,520 | ---- | M] () -- C:\Users\Krizel\AppData\Local\dt.dat
    [2012/09/16 11:43:35 | 000,001,083 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/16 04:56:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/09/15 11:24:37 | 000,000,000 | ---- | M] () -- C:\Windows\System32\cd.dat
    [2012/09/11 18:57:48 | 000,261,391 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
    [2012/09/11 13:47:06 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
    [2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/08/24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys

    ========== Files Created - No Company Name ==========

    [2012/09/16 11:59:19 | 000,027,520 | ---- | C] () -- C:\Users\Krizel\AppData\Local\dt.dat
    [2012/09/16 11:43:35 | 000,001,083 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/09/16 04:40:06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/09/16 04:40:06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/09/16 04:40:06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/09/16 04:40:06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/09/16 04:40:06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/09/15 11:24:37 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
    [2012/03/24 01:01:00 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
    [2011/11/08 13:14:45 | 000,158,720 | ---- | C] () -- C:\Windows\System32\WS_VideoConverterContextMenu.dll
    [2011/08/10 22:43:38 | 000,000,790 | ---- | C] () -- C:\Users\Krizel\Succession.Kno
    [2011/06/06 23:03:20 | 000,000,000 | ---- | C] () -- C:\Users\Krizel\AppData\Roaming\downloads.m3u
    [2011/06/04 12:16:54 | 000,000,132 | ---- | C] () -- C:\Users\Krizel\AppData\Roaming\default.rss
    [2011/06/04 10:39:05 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2011/05/27 13:34:39 | 000,020,992 | ---- | C] () -- C:\Users\Krizel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/18 09:33:42 | 002,216,480 | ---- | C] () -- C:\Windows\wweb32.dll
    [2011/05/17 17:33:50 | 000,000,000 | ---- | C] () -- C:\Users\Krizel\AppData\Local\{5CCAA59C-0686-4C2F-8821-0A7C89D32546}
    [2011/05/12 21:51:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
    [2011/05/09 17:19:58 | 000,000,041 | ---- | C] () -- C:\Windows\Progs_.ini
    [2011/05/09 05:02:21 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
    [2011/02/11 19:10:52 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
    [2011/02/11 19:10:52 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
    [2011/02/11 19:10:50 | 000,874,048 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
    [2011/02/11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
    [2011/02/11 18:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config

    ========== LOP Check ==========

    [2012/07/18 06:55:56 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\Anvisoft
    [2012/04/27 23:34:22 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\Audacity
    [2012/01/20 00:36:29 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\AVG2012
    [2012/07/28 22:51:16 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\calibre
    [2011/05/09 05:27:38 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\CometPlayer
    [2012/09/16 18:03:04 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\Dropbox
    [2012/07/16 03:25:41 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\GetRightToGo
    [2011/05/18 10:15:13 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\ManyCam
    [2012/06/18 07:48:03 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\Pamela
    [2011/11/08 13:41:15 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\Pavtube
    [2011/05/09 04:58:32 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\PCDr
    [2011/05/27 13:34:01 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\Research In Motion
    [2011/05/18 09:55:24 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\Stardock
    [2012/09/01 20:06:26 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\tigerplayer
    [2012/09/16 04:53:59 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\uTorrent
    [2011/05/18 10:51:55 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\WebcamMax
    [2011/11/08 13:14:41 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\Wondershare
    [2011/05/18 09:34:08 | 000,000,000 | ---D | M] -- C:\Users\Krizel\AppData\Roaming\WordWeb
    [2012/09/17 09:59:41 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2852481675-2124114764-3581983340-1000Core.job
    [2012/09/17 14:34:49 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2852481675-2124114764-3581983340-1000UA.job
    [2012/07/28 13:35:48 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.exe >

    < MD5 for: EXPLORER.EXE >
    [2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\erdnt\cache\explorer.exe
    [2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\explorer.exe
    [2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

    < MD5 for: SVCHOST.EXE >
    [2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
    [2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\erdnt\cache\svchost.exe
    [2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
    [2009/07/14 09:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe

    < MD5 for: USERINIT.EXE >
    [2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\erdnt\cache\userinit.exe
    [2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
    [2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

    < MD5 for: WINLOGON.EXE >
    [2012/09/07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2009/07/14 09:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\erdnt\cache\winlogon.exe
    [2009/07/14 09:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\System32\winlogon.exe
    [2009/07/14 09:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

    < %systemroot%\*. /rp /s >

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: WDC WD3200BEKT-75PVMT0
    Partitions: 3
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 0.00GB
    Starting Offset: 1048576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 49.00GB
    Starting Offset: 105906176
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #2
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 249.00GB
    Starting Offset: 52429848576
    Hidden sectors: 0


    < End of report >
     
  14. mrp

    mrp Malware Specialist

    Joined:
    Dec 31, 1969
    Messages:
    60
    1. OTL

      Run OTL.exe.

      • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL.

        Code:
        :OTL
        IE - HKCU\..\SearchScopes\{19F92919-E744-4D93-95B6-DEB502D597B4}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MYC-ST&o=102869&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=5J&apn_dtid=YYYY YYYYPH&apn_uid=793a2198-ee4e-469d-96e9-8da9a7e681d9&apn_sauid=B221C9B2-1EF6-4C3F-A051-D806E0793723
        [2012/06/18 07:47:14 | 000,000,000 | ---D | M] (blekko search bar) -- C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}
        [2012/06/21 10:23:52 | 000,000,000 | ---D | M] (wxDfast) -- C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\e xtensions\[email protected]
        File not found (No name found) -- C:\USERS\KRIZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AG1IZKB5.DEFAULT\EXTENSIONS\[email protected]
        File not found (No name found) -- C:\USERS\KRIZEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\AG1IZKB5.DEFAULT\EXTENSIONS\[email protected]
        O3 - HKLM\..\Toolbar: (no name) -- No CLSID value found.
        [2011/05/17 17:33:50 | 000,000,000 | ---- | C] () -- C:\Users\Krizel\AppData\Local\{5CCAA59C-0686-4C2F-8821-0A7C89D32546}
        
        :Commands
        [createrestorepoint]
        [purity]
        [resethosts]
        [emptytemp]
      • Click the Run Fix button.
      • OTL will now process the instructions.
      • When finished a box will open asking you to open the fix log, click OK.
      • The fix log will open.
      • Copy/Paste the log in your next reply please.

      Note: If necessary, OTL may reboot your computer, or request that you do so. If it does, please go ahead and reboot your machine. After rebooting, open up Windows Explorer (Windows Key +E) and navigate to C:\_OTL\MovedFiles. Within, you should find a .log file with the format mmddyyyy_hhmmss, which represents the date and time the fix was run. Please copy and paste the contents of that file, making sure Word Wrap is off beforehand, if necessary.
    Are you still being redirected to that MyDomainAdvisor website?
     
  15. zirkel

    zirkel Thread Starter

    Joined:
    Jul 17, 2009
    Messages:
    34
    All processes killed
    ========== OTL ==========
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{19F92919-E744-4D93-95B6-DEB502D597B4}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19F92919-E744-4D93-95B6-DEB502D597B4}\ not found.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\components folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\skin\searchbar folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\skin\options folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\skin\lib\weatherbutton\panels folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\skin\lib\weatherbutton\icons folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\skin\lib\weatherbutton folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\skin\lib\uwa folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\skin\lib\radio\images folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\skin\lib\radio\css folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\skin\lib\radio folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\skin\lib\panels\js folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\skin\lib\panels\images folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\skin\lib\panels\default\scripts folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\skin\lib\panels\default\images folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\skin\lib\panels\default\css folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\skin\lib\panels\default folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\skin\lib\panels\css folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\skin\lib\panels folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\skin\lib\debugbar folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\skin\lib folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\skin folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\locale\lib folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\locale folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\data\weather folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\data\search folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\data\rss folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\data\dynamicElements folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\data folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\content\widgets\net.vmn.www.TwitterShortcut folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\content\widgets\net.vmn.www.FacebookShortcut folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\scripts folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\images folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\content\widgets\net.vmn.www.BlekkoMap\skin\css folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\content\widgets\net.vmn.www.BlekkoMap\skin folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\content\widgets\net.vmn.www.BlekkoMap\images folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\content\widgets\net.vmn.www.BlekkoMap\css folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\content\widgets\net.vmn.www.BlekkoMap folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\content\widgets folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\content\newtab\images folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\content\newtab folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\content\modules folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\content\lib folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome\content folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61}\chrome folder moved successfully.
    C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\extensions\{8769adce-dba5-48e9-afb5-67b12cdf2e61} folder moved successfully.
    Folder C:\Users\Krizel\AppData\Roaming\Mozilla\Firefox\Profiles\ag1izkb5.default\e xtensions\[email protected]\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
    C:\Users\Krizel\AppData\Local\{5CCAA59C-0686-4C2F-8821-0A7C89D32546} moved successfully.
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point
    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYTEMP]

    User: Krizel
    ->Temp folder emptied: 4638562 bytes
    ->Temporary Internet Files folder emptied: 30572134 bytes
    ->FireFox cache emptied: 48603794 bytes
    ->Google Chrome cache emptied: 242007831 bytes
    ->Flash cache emptied: 143397 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 81824 bytes
    RecycleBin emptied: 780800 bytes

    Total Files Cleaned = 312.00 mb


    OTL by OldTimer - Version 3.2.61.4 log created on 09182012_112052

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...

    so far, im no longer redirected to the mydomainadvisor website
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1068958