Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with fantastigames redirect, don't know how to remove


  • This topic is locked This topic is locked
21 replies to this topic

#1 scotth87

scotth87

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 22 April 2013 - 12:44 PM

I have had this redirect for some time now.  I have tried to research how to remove it on my own and am not able to do so.  Every time I try to search in chrome it redirects to fantastigames.metacrawler.com.  Help would be greatly appreciated!

 

DDS log below:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 1.6.0_22
Run by Scott at 12:36:03 on 2013-04-22
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.4061.2115 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\Wondershare\Wondershare Application Center\WACService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://asus.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Wondershare Allmytube: {1373BA72-5012-496e-9F72-7A426DCF78BB} - C:\Program Files (x86)\Wondershare\Free YouTube Downloader\SVRIEPlugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [BrowserPlugInHelper] C:\Program Files (x86)\Wondershare\Free YouTube Downloader\BrowserPlugInHelper.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
dRunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{D42F84B6-3709-4A50-8502-6719D16AE6C8}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
uPolicies-Explorer: NoDriveAutoRun = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: cinemanow.com
Trusted Zone: cinemanow.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{75E04315-337A-447D-9523-1B8AC189CE49} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{75E04315-337A-447D-9523-1B8AC189CE49}\13137375 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{75E04315-337A-447D-9523-1B8AC189CE49}\2456C6B696E6F5E4F575962756C6563737F5537356668383 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{75E04315-337A-447D-9523-1B8AC189CE49}\34963736F67323130383 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{75E04315-337A-447D-9523-1B8AC189CE49}\351627167237D27657563747 : DHCPNameServer = 68.87.74.166 68.87.68.166
TCP: Interfaces\{75E04315-337A-447D-9523-1B8AC189CE49}\47F64716C6023747574637 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{75E04315-337A-447D-9523-1B8AC189CE49}\54E67456E696573713 : DHCPNameServer = 192.168.44.2
TCP: Interfaces\{75E04315-337A-447D-9523-1B8AC189CE49}\C4F6E646F6E647F677E6 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
AppInit_DLLs=   
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - 
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-22 65336]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-4-22 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-4-22 377920]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-10 39768]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2009-9-28 359552]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2011-4-5 65024]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-9-28 14904]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-4-22 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-4-22 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-4-22 45248]
R2 FastBootAgent;FastBootAgent;C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [2009-9-28 306232]
R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-8-2 91456]
R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2010-9-16 145448]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-4-17 968880]
R2 WACService;WACService;C:\Program Files (x86)\Wondershare\Wondershare Application Center\WACService.exe [2013-4-21 103272]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-7-8 140800]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-5-25 138752]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-4-27 57344]
R3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw1v64.sys [2009-7-20 7058432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-5-26 40448]
S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-4-22 178624]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-1-14 61280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2009-6-19 20992]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2010-11-3 97552]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\System32\drivers\motport.sys [2009-10-27 30208]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-25 1255736]
.
=============== Created Last 30 ================
.
2013-04-22 12:57:56 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B5606189-B971-480B-8CCF-5436FA51E5D9}\mpengine.dll
2013-04-22 06:04:50 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-04-22 06:04:48 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-04-22 06:04:47 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-04-22 06:04:45 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-04-22 06:04:41 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-04-22 06:03:44 41664 ----a-w- C:\Windows\avastSS.scr
2013-04-22 06:03:27 -------- d-----w- C:\Program Files\AVAST Software
2013-04-22 06:02:26 -------- d-----w- C:\ProgramData\AVAST Software
2013-04-22 05:24:24 -------- d-----w- C:\Users\Scott\AppData\Roaming\AVG
2013-04-22 05:23:34 -------- d-----w- C:\ProgramData\AVG
2013-04-22 05:23:19 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-04-21 17:04:03 938157 ----a-w- C:\Windows\SysWow64\WPShellExt64.dll
2013-04-21 17:03:08 -------- d-----w- C:\ProgramData\Wondershare Free YouTube Downloader
2013-04-21 17:03:06 -------- d-----w- C:\ProgramData\Wondershare Application Common Data
2013-04-21 17:02:05 -------- d-----w- C:\Users\Scott\AppData\Local\Wondershare
2013-04-21 17:01:59 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
2013-04-21 17:01:37 -------- d-----w- C:\Users\Scott\AppData\Roaming\Wondershare
2013-04-21 17:01:36 -------- d-----w- C:\Program Files (x86)\Wondershare
2013-04-17 18:40:34 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-04-17 18:40:34 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-04-17 18:40:34 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-04-17 18:40:34 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-04-17 17:11:36 -------- d-----w- C:\Windows\System32\SPReview
2013-04-17 17:09:42 -------- d-----w- C:\Windows\System32\EventProviders
2013-04-17 17:02:08 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-04-17 17:02:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-04-17 17:02:07 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-04-17 17:02:06 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-04-17 17:00:26 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-04-17 17:00:26 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-04-17 17:00:21 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-04-17 17:00:21 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-04-17 17:00:14 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-04-17 17:00:13 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-04-17 17:00:13 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-04-16 07:03:29 -------- d-----w- C:\05b9a516d247b255448ba9df1850
2013-04-16 01:43:17 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-16 01:43:17 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-16 01:43:10 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2013-04-16 01:43:08 2691072 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-04-16 01:43:05 158208 ----a-w- C:\Windows\System32\aaclient.dll
2013-04-16 01:43:05 131072 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-04-16 01:43:04 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-04-16 01:43:04 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-04-16 01:42:48 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-04-16 01:42:48 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-04-16 01:42:34 3150848 ----a-w- C:\Windows\System32\win32k.sys
2013-04-16 01:42:14 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-04-16 01:42:13 2001408 ----a-w- C:\Windows\System32\msxml6.dll
2013-04-16 01:42:12 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2013-04-16 01:42:11 1388544 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-04-16 01:42:11 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-04-16 01:39:39 95744 ----a-w- C:\Windows\System32\synceng.dll
2013-04-16 01:39:39 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2013-04-16 01:39:25 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-16 01:39:20 5497688 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-16 01:39:18 3958120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-16 01:39:18 3902312 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-16 01:39:17 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-16 01:39:17 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-16 01:39:17 112640 ----a-w- C:\Windows\System32\smss.exe
.
==================== Find3M  ====================
.
2013-04-22 04:48:21 138741 ----a-w- C:\ProgramData\bdinstall.bin
2013-04-17 22:34:31 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2013-04-17 20:05:47 152064 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-04-17 20:05:45 175104 ----a-w- C:\Windows\System32\msclmd.dll
2013-04-17 16:56:50 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-03-12 05:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 12:36:34.49 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 4,959 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:21 PM

Posted 22 April 2013 - 02:09 PM

Good evening. :)

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.


Logs answered since Christmas Day: 37

Threads completed: 9

Threads closed after some work but not completed: 10

Threads closed following a total lack of response from poster: 15

 

 


#3 scotth87

scotth87
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 22 April 2013 - 07:07 PM

I noticed that it set the file age to 30 days when I chose quick scan.  I have definitely had this for more than 30 days as I got it just before i left for a trip of multiple months.  Not sure if that matters or not but I thought I'd let you know.  Thank you for the very quick reply!

 

 

OTL logfile created on: 4/22/2013 7:45:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Scott\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.97 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 57.01% Memory free
7.93 Gb Paging File | 5.82 Gb Available in Paging File | 73.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.11 Gb Total Space | 355.31 Gb Free Space | 78.76% Space Free | Partition Type: NTFS
 
Computer Name: SCOTT-PC | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/04/22 19:44:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.scr
PRC - [2013/04/17 12:56:50 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013/04/17 12:56:50 | 000,968,880 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
PRC - [2013/03/25 18:26:56 | 000,079,384 | ---- | M] (Google) -- C:\Users\Scott\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/03/06 18:32:44 | 004,767,304 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/11/09 15:59:16 | 000,103,272 | ---- | M] (Wondershare) -- C:\Program Files (x86)\Wondershare\Wondershare Application Center\WACService.exe
PRC - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 14:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2009/07/24 13:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009/07/23 20:13:38 | 000,306,232 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
PRC - [2009/07/22 20:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009/07/07 14:20:56 | 008,493,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/06/24 15:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009/05/18 18:58:38 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/04/24 00:24:44 | 000,178,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2009/04/20 14:09:30 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2009/04/02 00:05:34 | 000,098,304 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
PRC - [2008/12/22 20:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/08/14 00:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/13 23:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/08/13 23:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/08/13 19:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008/07/18 22:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/03/31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/04/17 16:23:24 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\0aeaf4f1629dbe8eafc8f47b1795b18a\PresentationFramework.Aero.ni.dll
MOD - [2013/04/17 16:23:16 | 014,325,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\55583762d8101d7c6d18af85271a5080\PresentationFramework.ni.dll
MOD - [2013/04/17 16:22:58 | 012,218,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\3782dbbd2f08661c097c7d51aad1e6aa\PresentationCore.ni.dll
MOD - [2013/04/17 16:22:45 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\59d0b1f1a6b4d5f4ec85e431c5d9cdb8\WindowsBase.ni.dll
MOD - [2013/04/17 16:21:26 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cf69b4a086a0153aa7f58ffb9189316e\System.ni.dll
MOD - [2013/04/17 16:21:14 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll
MOD - [2013/04/17 12:56:50 | 001,151,152 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2013/04/17 12:56:50 | 000,156,848 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\SiteSafety.dll
MOD - [2013/04/09 04:57:07 | 000,390,096 | ---- | M] () -- C:\Users\Scott\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 04:57:05 | 004,050,896 | ---- | M] () -- C:\Users\Scott\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 04:56:15 | 000,598,480 | ---- | M] () -- C:\Users\Scott\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 04:56:14 | 000,124,368 | ---- | M] () -- C:\Users\Scott\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 04:56:13 | 001,606,096 | ---- | M] () -- C:\Users\Scott\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2011/11/23 22:18:22 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2009/07/24 13:32:50 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009/07/22 20:58:46 | 000,017,976 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2008/08/27 19:32:36 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008/06/09 12:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
MOD - [2007/06/15 13:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007/06/01 20:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/03/06 18:32:44 | 000,045,248 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009/09/15 16:21:58 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2007/08/08 03:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2013/04/17 12:56:50 | 000,968,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe -- (vToolbarUpdater14.2.0)
SRV - [2012/11/09 15:59:16 | 000,103,272 | ---- | M] (Wondershare) [Auto | Running] -- C:\Program Files (x86)\Wondershare\Wondershare Application Center\WACService.exe -- (WACService)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/10/20 18:59:58 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/23 20:13:38 | 000,306,232 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe -- (FastBootAgent)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/13 23:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2008/03/31 05:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2005/03/09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Stopped] -- C:\Windows\SysWOW64\libusbd-nt.exe -- (libusbd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013/04/17 12:56:50 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/03/06 18:33:21 | 001,025,808 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/03/06 18:33:21 | 000,377,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/03/06 18:33:21 | 000,178,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/03/06 18:33:21 | 000,070,992 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/03/06 18:33:21 | 000,068,920 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/03/06 18:33:21 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/03/06 18:33:20 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/03/06 18:33:20 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/10/21 15:11:04 | 000,097,552 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2010/09/28 16:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/08/19 19:24:34 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2010/07/21 16:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2009/10/27 12:10:18 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motport.sys -- (motport)
DRV:64bit: - [2009/10/27 12:10:18 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2009/09/28 17:56:05 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2009/08/06 00:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/20 05:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/20 03:33:41 | 007,058,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw1v64.sys -- (NETw1v64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/08 23:11:41 | 000,140,800 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/19 17:07:44 | 000,020,992 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2009/06/10 16:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 06:54:35 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/26 09:32:37 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009/05/25 16:13:09 | 000,138,752 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/05/20 04:11:05 | 001,799,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/12 21:07:19 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/04/27 04:25:57 | 000,057,344 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2009/01/29 17:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2008/07/11 07:05:00 | 000,145,448 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\sentinel64.sys -- (Sentinel64)
DRV:64bit: - [2008/05/23 20:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007/07/24 14:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2006/12/13 18:14:14 | 000,065,024 | ---- | M] (Aladdin Knowledge Systems Ltd.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2006/12/04 10:44:14 | 000,314,368 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (Hardlock)
DRV:64bit: - [2006/12/04 10:44:14 | 000,090,240 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\akshasp.sys -- (akshasp)
DRV:64bit: - [2006/12/04 10:44:14 | 000,018,688 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aksusb.sys -- (aksusb)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/03/09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\libusb0.sys -- (libusb0)
DRV - [1998/07/07 08:14:00 | 000,054,784 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSIPDDP.SYS -- (SSIPDDP)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantastigames.com/web?src=ieb&appid=103&systemid=453&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantastigames.com/web?src=ieb&appid=103&systemid=453&sr=0&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={F344BBAB-6BDC-4E57-9F2C-B4FA95DAFF6C}&mid=039262002d7c47d0a14d41affcb96bbe-e62265bf8a0e0fdfb708ee15484b889c5c8278c3&lang=en&ds=AVG&pr=sa&d=2012-09-10 12:44:00&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2453}: "URL" = http://search.fantastigames.com/web?src=ieb&appid=103&systemid=453&sr=0&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@mozilla.zeniko.ch/PDFlite_Browser_Plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Amnis Technology Ltd)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Scott\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Scott\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/10/16 22:23:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.2.0.1 [2013/04/17 12:59:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{829AD732-F3DB-4011-81C4-135F2FB05D8E}: C:\Program Files (x86)\Wondershare\Free YouTube Downloader\SVRFirefoxExt\ [2013/04/21 13:03:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/04/22 02:04:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/01/02 16:13:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/02/05 16:41:22 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{829AD732-F3DB-4011-81C4-135F2FB05D8E}: C:\Program Files (x86)\Wondershare\Free YouTube Downloader\SVRFirefoxExt\ [2013/04/21 13:03:20 | 000,000,000 | ---D | M]
 
[2013/04/22 00:52:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Extensions
[2012/09/18 14:42:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\3vft17uc.default\extensions
[2013/04/22 00:52:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\3vft17uc.default\extensions\{b4de90bb-150d-4b33-95fe-6baac97e1c21}
[2009/12/29 19:20:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\3vft17uc.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010/09/27 23:51:17 | 000,000,000 | ---D | M] (ChaCha Guide App Toolbar) -- C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\3vft17uc.default\extensions\[email protected]
[2013/04/22 00:52:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/10/17 17:52:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2013/04/17 12:59:56 | 000,003,714 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/09/18 14:41:39 | 000,002,522 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: suggest_url = 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Scott\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Scott\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Scott\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Scott\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Scott\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! WebRep = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0\
CHR - Extension: Wondershare Allmytube download = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifllmjhoijmmhobcnjdhelmboobmenij\3.0.0_0\
CHR - Extension: Wondershare Allmytube download = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifllmjhoijmmhobcnjdhelmboobmenij\3.0.0_0\.svn\text-base\.svn-base
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\
CHR - Extension: Gmail = C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Wondershare Allmytube) - {1373BA72-5012-496e-9F72-7A426DCF78BB} - C:\Program Files (x86)\Wondershare\Free YouTube Downloader\SVRIEPlugin.dll (Wondershare Software Co., Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BrowserPlugInHelper] C:\Program Files (x86)\Wondershare\Free YouTube Downloader\BrowserPlugInHelper.exe (Wondershare Software)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: cinemanow.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: cinemanow.com ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75E04315-337A-447D-9523-1B8AC189CE49}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/11/05 13:32:53 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{361b0812-ccbb-11df-85fb-90e6ba5d824d}\Shell - "" = AutoRun
O33 - MountPoints2\{361b0812-ccbb-11df-85fb-90e6ba5d824d}\Shell\AutoRun\command - "" = D:\LaunchU3.exe
O33 - MountPoints2\{82c541d6-b451-11df-a71c-90e6ba5d824d}\Shell - "" = AutoRun
O33 - MountPoints2\{82c541d6-b451-11df-a71c-90e6ba5d824d}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/22 19:43:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.scr
[2013/04/22 02:06:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/04/22 02:05:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/04/22 02:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/04/22 02:04:53 | 000,033,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/04/22 02:04:52 | 000,377,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/04/22 02:04:50 | 000,070,992 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/04/22 02:04:48 | 001,025,808 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/04/22 02:04:48 | 000,068,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/04/22 02:04:41 | 000,080,816 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/04/22 02:04:40 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/04/22 02:03:44 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/04/22 02:03:27 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/04/22 02:02:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/04/22 01:24:24 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\AVG
[2013/04/22 01:23:34 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2013/04/22 01:23:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013/04/21 13:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Wondershare Free YouTube Downloader
[2013/04/21 13:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Wondershare Application Common Data
[2013/04/21 13:02:05 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Local\Wondershare
[2013/04/21 13:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare
[2013/04/21 13:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
[2013/04/21 13:01:37 | 000,000,000 | ---D | C] -- C:\Users\Scott\AppData\Roaming\Wondershare
[2013/04/21 13:01:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wondershare
[2013/04/21 12:59:32 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Wondershare
[2013/04/17 13:11:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/04/17 13:09:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013/04/17 12:58:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/04/17 12:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/04/17 12:57:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/04/16 03:03:29 | 000,000,000 | ---D | C] -- C:\05b9a516d247b255448ba9df1850
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Scott\Desktop\*.tmp files -> C:\Users\Scott\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/22 19:44:55 | 000,726,444 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/22 19:44:55 | 000,624,412 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/22 19:44:55 | 000,106,756 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/22 19:44:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Scott\Desktop\OTL.scr
[2013/04/22 19:42:50 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1973004414-4106773874-1693113983-1000UA.job
[2013/04/22 19:42:50 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/22 19:42:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/22 12:06:27 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/22 12:06:27 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/22 11:59:47 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/22 11:59:09 | 000,002,099 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013/04/22 11:59:08 | 000,002,108 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013/04/22 11:58:00 | 3193,884,672 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/22 02:04:55 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/04/22 02:04:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/04/22 00:48:21 | 000,138,741 | ---- | M] () -- C:\ProgramData\bdinstall.bin
[2013/04/21 23:46:10 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1973004414-4106773874-1693113983-1000Core.job
[2013/04/21 13:04:06 | 000,001,165 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare Player.lnk
[2013/04/21 13:03:24 | 000,001,485 | ---- | M] () -- C:\Users\Public\Desktop\Wondershare Free YouTube Downloader.lnk
[2013/04/21 13:03:24 | 000,001,359 | ---- | M] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Wondershare Free YouTube Downloader.lnk
[2013/04/18 00:39:16 | 000,344,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/17 18:34:31 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013/04/17 12:56:50 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/04/15 21:12:08 | 000,002,372 | ---- | M] () -- C:\Users\Scott\Desktop\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Scott\Desktop\*.tmp files -> C:\Users\Scott\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/04/22 02:05:03 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/22 02:05:02 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/22 02:04:55 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/04/22 02:04:47 | 000,178,624 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/04/22 02:04:45 | 000,065,336 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/04/22 02:04:41 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/04/21 13:04:06 | 000,001,165 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare Player.lnk
[2013/04/21 13:04:03 | 000,938,157 | ---- | C] () -- C:\Windows\SysWow64\WPShellExt64.dll
[2013/04/21 13:03:24 | 000,001,485 | ---- | C] () -- C:\Users\Public\Desktop\Wondershare Free YouTube Downloader.lnk
[2013/04/21 13:03:24 | 000,001,359 | ---- | C] () -- C:\Users\Scott\Application Data\Microsoft\Internet Explorer\Quick Launch\Wondershare Free YouTube Downloader.lnk
[2013/04/17 14:40:39 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/04/17 13:00:12 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2010/11/01 14:06:09 | 000,000,000 | ---- | C] () -- C:\Users\Scott\AppData\Local\Temptable.xml
[2010/10/17 16:26:36 | 000,000,476 | ---- | C] () -- C:\Users\Scott\hw471-1.err
[2010/10/14 16:34:38 | 000,000,272 | ---- | C] () -- C:\Users\Scott\hw471prob1.err
[2010/10/14 16:29:09 | 000,000,068 | ---- | C] () -- C:\Users\Scott\file.err
[2010/10/12 01:39:42 | 000,004,603 | ---- | C] () -- C:\ProgramData\search_result.xml
[2010/10/12 00:20:10 | 000,138,741 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010/01/01 18:45:59 | 000,000,024 | ---- | C] () -- C:\ProgramData\CinemaNowSvc.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012/09/10 12:22:28 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\.minecraft
[2010/02/10 01:58:13 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Amazon
[2010/10/14 16:29:14 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Ansys
[2013/04/22 01:24:24 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\AVG
[2012/09/10 12:45:11 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\AVG2013
[2010/10/11 13:58:34 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\BD_TEMP
[2010/09/19 15:55:39 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\DassaultSystemes
[2011/04/05 22:48:22 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\DraftSight
[2010/09/16 14:17:23 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Gibbs
[2012/07/09 03:09:39 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\gramps
[2011/02/05 17:12:26 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\IM
[2010/09/20 12:52:01 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Mathsoft
[2010/11/03 01:10:21 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\MotioninJoy
[2012/09/18 14:48:42 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\PDFlite
[2012/04/24 23:20:22 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\PrimoPDF
[2010/10/12 00:43:31 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\QuickScan
[2011/10/23 20:31:20 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\SystemRequirementsLab
[2012/09/10 12:44:08 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\TuneUp Software
[2013/04/21 13:01:37 | 000,000,000 | ---D | M] -- C:\Users\Scott\AppData\Roaming\Wondershare
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013/04/22 00:48:43 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
[2013/04/22 00:46:27 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:90EE3BE1
 
< End of report >

OTL Extras logfile created on: 4/22/2013 7:45:55 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Scott\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.97 Gb Total Physical Memory | 2.26 Gb Available Physical Memory | 57.01% Memory free
7.93 Gb Paging File | 5.82 Gb Available in Paging File | 73.33% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.11 Gb Total Space | 355.31 Gb Free Space | 78.76% Space Free | Partition Type: NTFS
 
Computer Name: SCOTT-PC | User Name: Scott | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Users\Scott\AppData\Local\Google\Chrome\Application\5.0.375.127\0.33306388399984976.exe" = [String data over 1000 bytes]
"C:\Users\Scott\AppData\Local\Temp\0.5891700361962544.exe" = [String data over 1000 bytes]
"C:\Users\Scott\AppData\Local\Temp\0.9345318694228825.exe" = [String data over 1000 bytes]
"C:\Users\Scott\AppData\Local\Google\Chrome\Application\5.0.375.127\0.33306388399984976.exe" = [String data over 1000 bytes]
"C:\Users\Scott\AppData\Local\Temp\0.5891700361962544.exe" = [String data over 1000 bytes]
"C:\Users\Scott\AppData\Local\Temp\0.9345318694228825.exe" = [String data over 1000 bytes]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0DF15DAF-BB83-45C9-9E6D-697FC4087537}" = lport=138 | protocol=17 | dir=in | app=system | 
"{21361B97-0F71-4DD8-961A-3B9554FD9D76}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2E074D82-EFC1-4384-8A7A-F7F91A82353D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{2ED8BEC4-7BCB-4A92-8D31-B46A5686E201}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{313066A3-E3AC-4963-A96F-80D1702B2D50}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{323F3CB1-C505-46F9-B4BB-B9B7E9491851}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3914C9B1-2B60-4A7E-A602-898973241FC2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3F02E3A8-EFAF-4B3B-9783-05320B2AEFE4}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{4F283973-8143-4D24-BF8E-D196467A8A10}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5193B5F4-5D62-4C74-8013-0DE59A515E0B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5ECBB493-1B53-4158-9761-8B10C17D23A3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{6DF48B0B-EAC2-4306-B948-346D09C14F0D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7B28EB4A-3BDF-470C-A023-57DA6FD0C0FE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8D65E77A-D8D3-408E-A670-467840017018}" = rport=445 | protocol=6 | dir=out | app=system | 
"{9D45C6FE-3EE6-4EB2-8508-8C6B6C1547DA}" = lport=2765 | protocol=6 | dir=in | name=rlm gibbsnet isv daemon | 
"{9FBF7ACD-DBEA-416D-A8B6-0AEFC38A4451}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A65B398E-A36C-4D17-806C-350D52CA7285}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AA47D6CC-368B-4A62-B8A5-B74046B34AA1}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AD2CAFCF-AD8F-4664-9914-ED1D12554FCB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AE6CAA26-EAFF-4BB9-92C3-36F84884B725}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E2BBF3FB-474E-4007-8317-0000A26EE981}" = lport=2764 | protocol=6 | dir=in | name=rlm daemon | 
"{F11327AF-66DD-4F06-B109-96AB6F227972}" = lport=137 | protocol=17 | dir=in | app=system | 
"{F4A9280C-335E-4D94-841B-738A728C7441}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F66BC6A8-BE22-4B52-9D21-746A5D60D3AC}" = lport=445 | protocol=6 | dir=in | app=system | 
"{FCB7DEBF-9D63-40F8-8983-C18B10B5A089}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BE816D-CD63-4FC3-84A8-3459A78266D2}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{04FD4B25-EF0C-4B4F-AB30-47E648AF3670}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{06A8FEDA-204E-4126-AEF7-0F2A0E1AD932}" = protocol=6 | dir=out | app=system | 
"{0EDAAFFF-29A9-42B0-B43C-3BC0F4EC0A3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{136AA48E-6AE0-41E0-B88C-5694949BB4C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{19A15BE0-6A3B-4A9F-83AC-0DD12FA5331F}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{23A45B34-B760-4912-AF93-89729675F7D1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{29C75E79-5B61-4B25-B15A-1BA68170A09E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{2B678031-6CF5-4DCF-8AC7-FB491EE198D3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{3021B97C-21C1-40B4-A0DE-4E0EDED6D0C5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{3694E3DF-4C33-4260-8EDA-9399594E8FC4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{37CB8195-6795-4BA2-9E8E-E5BB53AEAD76}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{3C1D0F12-7A27-48D0-9277-2A403F7DBC77}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{3CBC37F6-4184-4E1F-BD53-EF33B1F52ABC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3D606BA0-83DA-404C-9AD8-A65F64926715}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{469D11BE-41B6-4C75-8D1A-4EAC1674B0FD}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe | 
"{4AC0A55C-C958-4535-8DE3-0F87BAF49430}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4BE3A5B6-256F-455D-B497-FBCC64B76D0C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4CA1BD0A-907F-4736-A258-2C3D225C05A8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{4F3CB02E-94D0-40AC-9692-C93EFD408146}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{53BFAD0D-BCDA-43C4-9E64-CBB088D948DC}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{572B21D8-C9CA-4D72-A26C-1EF80E1DE6BD}" = protocol=17 | dir=in | app=c:\users\scott\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{59CB4608-7369-4BED-A786-E5E866D9F6BC}" = protocol=17 | dir=in | app=c:\users\scott\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{5A3E7EDD-6E3B-48FE-B06C-D5D36E173B41}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5CCD6A1B-3AED-4981-A4B9-0F24D86C6450}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{5DCB8D0F-191F-4140-9A23-E5D248B3003B}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{604FC124-F9F9-4C26-9F6A-1076655F57BE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{631C3661-3714-442F-AFC2-CF61F28B8E23}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{649724F6-BF92-46EB-AB27-645EB7BF211D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{66F916F9-F5B8-425E-865F-622697865FE6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{68525698-61A3-4785-B392-64121F7FF34B}" = protocol=6 | dir=in | app=c:\program files (x86)\gibbs\gibbscam\9.3\rlm\rlm.exe | 
"{69F47693-F09C-4210-AE4D-07C7E1E8A06A}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6B5D524B-4F0D-42A2-B3DB-74901960D192}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6C6A05D2-7BEC-4871-BAEC-8FFA2F7DE1C3}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{7086D426-AF93-4883-A521-C3083F7A9AE8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{73E72596-EDB0-4454-95BC-F78DE8CF83E9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{75046F52-40D8-4803-82E1-9FC2AEAADBB5}" = protocol=17 | dir=in | app=c:\program files\gibbs\rlmserver\rlm.exe | 
"{78F81284-3CAE-470F-9E5A-8C790ABDD2F0}" = protocol=6 | dir=in | app=c:\program files (x86)\gibbs\gibbscam\9.3\rlm\gibbsnet.exe | 
"{7DA9B404-0495-433B-BE4A-747DFE816475}" = protocol=6 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe | 
"{886DA676-4FC2-4B92-A5E0-6138CBF0F37F}" = protocol=6 | dir=in | app=c:\users\scott\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{88EECBA9-4BBF-46BF-B15B-5053E173C5B8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{8B9B9707-33BF-4BF8-9939-7102B06AE0E1}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{917D4BD4-1722-449B-8F95-9E5E33B3FCA1}" = protocol=17 | dir=in | app=c:\program files\gibbs\rlmserver\gibbsnet.exe | 
"{94506ED0-CBE0-493F-9CDB-7EE2141CEE54}" = protocol=6 | dir=in | app=c:\program files\gibbs\rlmserver\gibbsnet.exe | 
"{964BC5F7-9357-41D3-BDDB-B1C449F82E52}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{9AF1F4FD-7427-4A23-A99F-EC2F84953DF5}" = protocol=6 | dir=in | app=c:\users\scott\appdata\local\google\google talk plugin\googletalkplugin.exe | 
"{9E52CEC9-6EEC-4B65-BCF5-74BC7C270E2A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A5E26247-7BCD-44CD-8BFF-0238339823D0}" = protocol=17 | dir=in | app=c:\program files (x86)\gibbs\gibbscam\9.3\rlm\gibbsnet.exe | 
"{A878C259-59F6-4930-BC17-07F90712C273}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{AFD41FD2-F70B-4549-A562-60A18112BD7F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B03ECBF4-F14B-43C2-9D97-23FC8CE85D52}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{B53DE538-E7DC-48A6-86E2-3BCAF822947C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B615B63E-1517-488B-BA90-5CC882CF3414}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C8B7B8AE-A6C7-4945-B4C7-57E330452E4D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CD5502BB-7F7F-45F4-A32D-B18957E20802}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{D384C8F4-9651-492D-B9C7-896D601C0EDA}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{D42F5794-1928-4168-98BE-A48A7E498A68}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{D96E3822-A065-4F60-ABD8-B38EADA6DCDA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E86985C6-7EBD-4398-8E3B-81443351967C}" = protocol=17 | dir=in | app=c:\program files (x86)\cinemanow\cinemanow media manager\cinemanowshell.exe | 
"{EBAAC786-1DCC-4D82-A7EF-451E7C5D0283}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{EBF5DB40-B45F-48A9-A36B-FA80412AE50E}" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{EE967BC1-D161-46F5-BA0E-0FDE24D14AE0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F626B51F-7750-43AE-90E7-09BE24AFD969}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{F7542114-A11F-41C6-9250-697AA1E16914}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F93B5F81-FE0D-4D40-9072-201FFA1E1D09}" = protocol=17 | dir=in | app=c:\program files (x86)\gibbs\gibbscam\9.3\rlm\rlm.exe | 
"{F9DF0495-B21F-4AE6-98B1-0FD8A33A43FA}" = protocol=6 | dir=in | app=c:\program files\gibbs\rlmserver\rlm.exe | 
"{FBD99868-25FB-4953-9E70-685A680E66C6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"TCP Query User{36BFF05B-CCE4-478D-B647-61ADE2B2AD06}C:\program files\ansys inc\v120\commonfiles\tcl\bin\winx64\wish.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\commonfiles\tcl\bin\winx64\wish.exe | 
"TCP Query User{3F0B4C62-87D7-4C2F-9B12-63020816A0EC}C:\program files\ansys inc\v120\commonfiles\tcl\bin\winx64\wish.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\commonfiles\tcl\bin\winx64\wish.exe | 
"TCP Query User{7C89314F-36CF-4EA2-A22E-9CF20684B614}C:\program files\ansys inc\v120\commonfiles\jre\winx64\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\ansys inc\v120\commonfiles\jre\winx64\bin\java.exe | 
"TCP Query User{F14AF5BC-7E4C-488B-8AB4-24177751AA27}C:\program files (x86)\wondershare\free youtube downloader\urlreqservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wondershare\free youtube downloader\urlreqservice.exe | 
"UDP Query User{374565EF-D66C-4B68-A4E5-2ACC588162AD}C:\program files\ansys inc\v120\commonfiles\tcl\bin\winx64\wish.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\commonfiles\tcl\bin\winx64\wish.exe | 
"UDP Query User{68304446-4299-4982-833E-F05BA4778AA7}C:\program files (x86)\wondershare\free youtube downloader\urlreqservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wondershare\free youtube downloader\urlreqservice.exe | 
"UDP Query User{683E04B5-2196-4464-AB9D-A0C11136DAFD}C:\program files\ansys inc\v120\commonfiles\tcl\bin\winx64\wish.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\commonfiles\tcl\bin\winx64\wish.exe | 
"UDP Query User{B923FEFA-D02E-41E1-BF86-DEA34EC88BBD}C:\program files\ansys inc\v120\commonfiles\jre\winx64\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\ansys inc\v120\commonfiles\jre\winx64\bin\java.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C682623-8F66-46A8-B9B3-93FE1E66A001}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP490_series" = Canon MP490 series MP Drivers
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1686C4D1-B1FD-42E8-B7A8-FB4C4DBA5BA8}" = ASUS Power4Gear Hybrid
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0001
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{542DDF04-9F91-4F36-B2F4-2638B788A4C8}" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"{563F041C-DFDB-437B-A1E8-E141E0906076}" = Microsoft IntelliPoint 8.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D2DEDB95-B070-4180-97F3-2A75E8FB03CC}" = Motorola Driver Installation 4.6.5
"{D42F84B6-3709-4A50-8502-6719D16AE6C8}" = SRS Premium Sound Control Panel
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7513E19-6224-485E-988D-9BF45BE64B53}" = Windows Live Family Safety
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Elantech" = ETDWare PS/2-x64 7.0.5.7_WHQL
"HDMI" = Intel® Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU" = Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0ABBF310-94E4-4AE8-A6BD-10345A3F6439}" = Google Drive
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{55D65D27-C0CD-4375-9021-F3D3D024ED90}_is1" = Minecraft PC Gamer Demo version 1.5
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{769CC8AC-50C3-4776-95F5-A1ABF15A38F4}_is1" = Wondershare Application Center 1.0.0.58
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112596253}" = Galapago
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{865CD808-6D31-4269-9D36-693CFE75D26A}" = Express Gate
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A4-0409-0000-0000000FF1CE}" = Microsoft Office 2003 Web Components
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5A63519-F5C2-4F4A-849A-F28A1AB3D522}" = Sentinel Protection Installer 7.5.0
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9CE0266-6801-3B33-94AD-00520085CF4B}" = Google Talk Plugin
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.4
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D481EA96-2313-4A7C-98EE-710D1AF884AC}" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EE7D7509-CC19-4DED-A439-F50B191C9E37}" = DraftSight
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"avast" = avast! Free Antivirus
"AVG Secure Search" = AVG Security Toolbar
"AviSynth" = AviSynth 2.5
"Cisco Connect" = Cisco Connect
"DivX Setup" = DivX Setup
"Free RAR Extract Frog" = Free RAR Extract Frog
"GrampsAIO64" = GrampsAIO64
"Hardlock Device Drivers" = Hardlock Device Drivers
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5A22D889-FBDD-4AE8-86EC-089D45FC133E}" = Alcor Micro USB Card Reader
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Microsoft Visual Studio 2005 Tools for Applications - ENU" = Microsoft Visual Studio 2005 Tools for Applications - ENU
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"PDFlite" = PDFlite 0.7
"PrimoPDF" = PrimoPDF -- by Nitro PDF Software
"Simple Sticky Notes_is1" = Simple Sticky Notes Version 1.1
"VIV Wizard v0.9.0.299_is1" = VIV Wizard v0.9.0.299
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wondershare Free YouTube Downloader_is1" = Wondershare Free YouTube Downloader(Build 3.1.0.4)
"Wondershare Player_is1" = Wondershare Player(Build 1.0.0)
"ZMBV" = Zip Motion Block Video codec (Remove Only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/29/2011 6:31:20 PM | Computer Name = Scott-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1201
 
Error - 9/29/2011 6:31:21 PM | Computer Name = Scott-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 9/29/2011 6:31:21 PM | Computer Name = Scott-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2325
 
Error - 9/29/2011 6:31:21 PM | Computer Name = Scott-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2325
 
Error - 9/29/2011 7:42:38 PM | Computer Name = Scott-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 9/29/2011 7:42:38 PM | Computer Name = Scott-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4278702
 
Error - 9/29/2011 7:42:38 PM | Computer Name = Scott-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4278702
 
Error - 9/29/2011 7:56:47 PM | Computer Name = Scott-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 9/29/2011 7:56:47 PM | Computer Name = Scott-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1513
 
Error - 9/29/2011 7:56:47 PM | Computer Name = Scott-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1513
 
[ System Events ]
Error - 4/22/2013 11:48:03 AM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 4/22/2013 11:50:09 AM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 4/22/2013 11:50:09 AM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 4/22/2013 11:50:09 AM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 4/22/2013 11:55:09 AM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 4/22/2013 11:55:09 AM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 4/22/2013 11:55:09 AM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:   %%1068
 
Error - 4/22/2013 11:58:35 AM | Computer Name = Scott-PC | Source = Application Popup | ID = 1060
Description = \??\C:\Windows\SysWow64\Drivers\SSIPDDP.SYS has been blocked from 
loading due to incompatibility with this system. Please contact your software vendor
 for a compatible version of the driver.
 
Error - 4/22/2013 11:58:35 AM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7000
Description = The SSIPDDP: Parallel port device driver service failed to start due
 to the following error:   %%1275
 
Error - 4/22/2013 11:58:39 AM | Computer Name = Scott-PC | Source = Service Control Manager | ID = 7000
Description = The LibUsb-Win32 - Daemon, Version 0.1.10.1 service failed to start
 due to the following error:   %%2
 
 
< End of report >


#4 Noviciate

Noviciate

  • Malware Response Team
  • 4,959 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:21 PM

Posted 23 April 2013 - 02:24 PM

Good evening. :)

Have you tried simply changing the Chrome Homepage and Default Search Engine yourself?

 

Set Homepage: http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=95314
Set Default Search Engine: http://support.google.com/chrome/bin/answer.py?hl=en-GB&answer=95426

 


Logs answered since Christmas Day: 37

Threads completed: 9

Threads closed after some work but not completed: 10

Threads closed following a total lack of response from poster: 15

 

 


#5 scotth87

scotth87
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 23 April 2013 - 02:37 PM

Well now I feel stupid!  I suppose I should have thought of that.  The default search engine change seems to have worked.  However, if I change the homepage to "New tab page" which I believe is the default, it goes to the new tab page if I click the home button, but does not work when I start chrome.  It still starts out as the fantastigames page.



#6 Noviciate

Noviciate

  • Malware Response Team
  • 4,959 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:21 PM

Posted 23 April 2013 - 03:15 PM

Change the Homepage to an actual page rather than use "New Tab Page".


Logs answered since Christmas Day: 37

Threads completed: 9

Threads closed after some work but not completed: 10

Threads closed following a total lack of response from poster: 15

 

 


#7 scotth87

scotth87
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 23 April 2013 - 11:03 PM

I tried that as well but it still redirects to http://search.fantastigames.com/453.



#8 Noviciate

Noviciate

  • Malware Response Team
  • 4,959 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:21 PM

Posted 24 April 2013 - 02:09 PM

Good evening. :)

Just to clarify, the Search page is OK but the Homepage still needs attention?


Logs answered since Christmas Day: 37

Threads completed: 9

Threads closed after some work but not completed: 10

Threads closed following a total lack of response from poster: 15

 

 


#9 scotth87

scotth87
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 24 April 2013 - 03:51 PM

Searching by using the address bar now works without redirecting but when I open chrome it opens to the fantastigames page instead of whatever I set the home page to.  The address bar redirect was the most annoying thing so I'm glad that is fixed.  Other than these annoying things, could this have negatively effected my computer in any other way?



#10 Noviciate

Noviciate

  • Malware Response Team
  • 4,959 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:21 PM

Posted 24 April 2013 - 04:44 PM


Other than these annoying things, could this have negatively effected my computer in any other way?

 

Don't know - we'll have a scan for anything nasty once the page issue is resolved.

 

In Chrome, click on the Menu icon (the one with "three lines" under the Red X button), select Settings and tell me what under the On Start-up section is selected.


Logs answered since Christmas Day: 37

Threads completed: 9

Threads closed after some work but not completed: 10

Threads closed following a total lack of response from poster: 15

 

 


#11 scotth87

scotth87
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 24 April 2013 - 05:12 PM

I changed that to be what I want and now it is no longer starting up with fantastigames as the home page. Thanks a lot!  I obviously didn't think it would be as simple as that and therefore didn't try messing around with the settings.  Now I know better.



#12 Noviciate

Noviciate

  • Malware Response Team
  • 4,959 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:21 PM

Posted 25 April 2013 - 01:35 PM

Good evening. :)

I obviously didn't think it would be as simple as that

Sometimes it is, but don't tell anyone as i'd hate for the general public to realise how little I actually know! :scratchhead:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Pay a visit to the ESET Online Scanner.
 

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:
    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

Will you also throw in a fresh DDS log and let me know how the PC is behaving.
 

 

 

 


Logs answered since Christmas Day: 37

Threads completed: 9

Threads closed after some work but not completed: 10

Threads closed following a total lack of response from poster: 15

 

 


#13 scotth87

scotth87
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 25 April 2013 - 09:56 PM

ESET Scan:

 

 

C:\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe Win32/Bundled.Toolbar.Ask.B application
C:\Users\Public\Documents\Server\hlp.dat Win32/Bamital.EK trojan
C:\Users\Scott\AppData\Local\Temp\APNSetup.exe Win32/Bundled.Toolbar.Ask.B application
C:\Users\Scott\AppData\Local\Temp\nsaF27F.tmp\AskInstaller.exe a variant of Win32/Bundled.Toolbar.Ask.C application
C:\Users\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\7c88068a-4fb80e2a Java/Agent.BV trojan
C:\Users\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\20bdd891-5cc65056 multiple threats
C:\Users\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\76c4cedd-5062a7cd probably a variant of Win32/Agent.DOTYJMH trojan
C:\Users\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\6eee3aa1-6255a617 a variant of Java/Agent.BR trojan
C:\Users\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\2b29fca3-32763c64 a variant of Java/Agent.BR trojan
C:\Users\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\6e9ba0e3-725a924a multiple threats
C:\Users\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\2b8379a9-7d8978a6 multiple threats
C:\Users\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\38e63bec-68004d0e Java/Agent.BV trojan
C:\Users\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\4c81ed73-642cfa44 probably a variant of Java/Agent.BR trojan
C:\Users\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\5ad4b738-7ba2d868 Java/Agent.BV trojan
C:\Users\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\10fa0cb9-79cd0817 probably a variant of Java/Agent.BR trojan
C:\Users\Scott\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\53d361fc-3430fe46 multiple threats
C:\Users\Scott\Documents\APNSetup.exe Win32/Bundled.Toolbar.Ask.B application
C:\Users\Scott\Documents\Downloads\InstallFreeRARExtractFrog.exe a variant of Win32/Bundled.Toolbar.Ask.A application
C:\Users\Scott\Downloads\GraboidVideoSetup-2.1-Complete.exe Win32/Graboid application
C:\Users\Scott\Downloads\mp3rocket.exe a variant of Win32/Bundled.Toolbar.Ask.C application
 

DDS:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16476  BrowserJavaVersion: 1.6.0_22
Run by Scott at 22:48:39 on 2013-04-25
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.1.1033.18.4061.1797 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\Wondershare\Wondershare Application Center\WACService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnect.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Wondershare\Wondershare Application Center\WondershareApplicationCenter.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
C:\PROGRA~2\COMMON~1\WONDER~1\WONDER~1\WSHelper.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Scott\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://asus.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Wondershare Allmytube: {1373BA72-5012-496e-9F72-7A426DCF78BB} - C:\Program Files (x86)\Wondershare\Free YouTube Downloader\SVRIEPlugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: MP3 Rocket Toolbar: {4D503352-5636-006A-76A7-7A786E7484D7} - 
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
BHO: MP3 Rocket Downloader: {c5e9c0b3-8b18-4b1b-ad67-c1a063ab2b34} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: MP3 Rocket Toolbar: {4D503352-5636-006A-76A7-7A786E7484D7} - 
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
mRun: [BrowserPlugInHelper] C:\Program Files (x86)\Wondershare\Free YouTube Downloader\BrowserPlugInHelper.exe
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [ApnTBMon] "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
dRunOnce: [{91120000-002F-0000-0000-0000000FF1CE}] C:\Windows\System32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
dRunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{D42F84B6-3709-4A50-8502-6719D16AE6C8}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
uPolicies-Explorer: NoDriveAutoRun = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: cinemanow.com
Trusted Zone: cinemanow.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{75E04315-337A-447D-9523-1B8AC189CE49} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{75E04315-337A-447D-9523-1B8AC189CE49}\13137375 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{75E04315-337A-447D-9523-1B8AC189CE49}\2456C6B696E6F5E4F575962756C6563737F5537356668383 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{75E04315-337A-447D-9523-1B8AC189CE49}\34963736F67323130383 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{75E04315-337A-447D-9523-1B8AC189CE49}\351627167237D27657563747 : DHCPNameServer = 68.87.74.166 68.87.68.166
TCP: Interfaces\{75E04315-337A-447D-9523-1B8AC189CE49}\47F64716C6023747574637 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{75E04315-337A-447D-9523-1B8AC189CE49}\54E67456E696573713 : DHCPNameServer = 192.168.44.2
TCP: Interfaces\{75E04315-337A-447D-9523-1B8AC189CE49}\C4F6E646F6E647F677E6 : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
AppInit_DLLs=   
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - 
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-4-22 65336]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-4-22 1025808]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-4-22 377920]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-10 39768]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2009-9-28 359552]
R2 aksdf;aksdf;C:\Windows\System32\drivers\aksdf.sys [2011-4-5 65024]
R2 APNMCP;Ask Update Service;C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-4-4 169096]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-9-28 14904]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-4-22 33400]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-4-22 80816]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-4-22 45248]
R2 FastBootAgent;FastBootAgent;C:\Windows\SysWOW64\Fast Boot\FastBootAgent.exe [2009-9-28 306232]
R2 MotoConnect Service;MotoConnect Service;C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe [2010-8-2 91456]
R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [2010-9-16 145448]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-4-17 968880]
R2 WACService;WACService;C:\Program Files (x86)\Wondershare\Wondershare Application Center\WACService.exe [2013-4-21 103272]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2009-7-8 140800]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\System32\drivers\IntcHdmi.sys [2009-5-25 138752]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-4-27 57344]
R3 NETw1v64;Intel® Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw1v64.sys [2009-7-20 7058432]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-5-26 40448]
S3 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-4-22 178624]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-1-14 61280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2009-8-5 704864]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\System32\drivers\motccgp.sys [2009-6-19 20992]
S3 motccgpfl;MotCcgpFlService;C:\Windows\System32\drivers\motccgpfl.sys [2009-1-29 9216]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2010-11-3 97552]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\System32\drivers\motport.sys [2009-10-27 30208]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-25 1255736]
.
=============== Created Last 30 ================
.
2013-04-26 00:14:08 -------- d-----w- C:\Program Files (x86)\ESET
2013-04-25 23:56:52 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F80700F9-8DBD-4679-92D7-ABE54FC17162}\offreg.dll
2013-04-24 14:37:54 1653096 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-23 19:44:21 -------- d-----w- C:\Users\Scott\.swt
2013-04-23 19:44:15 -------- d-----w- C:\Users\Scott\Incomplete
2013-04-23 19:44:13 -------- d-----w- C:\Program Files (x86)\Ask.com
2013-04-23 19:44:09 -------- d-----w- C:\ProgramData\AskPartnerNetwork
2013-04-23 19:44:09 -------- d-----w- C:\Program Files (x86)\AskPartnerNetwork
2013-04-23 19:44:01 -------- d-----w- C:\ProgramData\APN
2013-04-23 19:43:45 -------- d-----w- C:\Program Files (x86)\MP3 Rocket Downloader
2013-04-23 19:43:39 -------- d-----w- C:\Users\Scott\AppData\Roaming\MP3Rocket
2013-04-23 19:43:35 -------- d-----w- C:\Program Files (x86)\MP3 Rocket
2013-04-23 14:11:25 9317456 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F80700F9-8DBD-4679-92D7-ABE54FC17162}\mpengine.dll
2013-04-22 06:04:50 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-04-22 06:04:48 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-04-22 06:04:47 178624 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-04-22 06:04:45 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-04-22 06:04:41 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-04-22 06:03:44 41664 ----a-w- C:\Windows\avastSS.scr
2013-04-22 06:03:27 -------- d-----w- C:\Program Files\AVAST Software
2013-04-22 06:02:26 -------- d-----w- C:\ProgramData\AVAST Software
2013-04-22 05:24:24 -------- d-----w- C:\Users\Scott\AppData\Roaming\AVG
2013-04-22 05:23:34 -------- d-----w- C:\ProgramData\AVG
2013-04-22 05:23:19 -------- d-sh--w- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
2013-04-21 17:04:03 938157 ----a-w- C:\Windows\SysWow64\WPShellExt64.dll
2013-04-21 17:03:08 -------- d-----w- C:\ProgramData\Wondershare Free YouTube Downloader
2013-04-21 17:03:06 -------- d-----w- C:\ProgramData\Wondershare Application Common Data
2013-04-21 17:02:05 -------- d-----w- C:\Users\Scott\AppData\Local\Wondershare
2013-04-21 17:01:59 -------- d-----w- C:\Program Files (x86)\Common Files\Wondershare
2013-04-21 17:01:37 -------- d-----w- C:\Users\Scott\AppData\Roaming\Wondershare
2013-04-21 17:01:36 -------- d-----w- C:\Program Files (x86)\Wondershare
2013-04-17 18:40:34 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-04-17 18:40:34 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-04-17 18:40:34 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-04-17 18:40:34 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-04-17 17:11:36 -------- d-----w- C:\Windows\System32\SPReview
2013-04-17 17:09:42 -------- d-----w- C:\Windows\System32\EventProviders
2013-04-17 17:02:08 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-04-17 17:02:08 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-04-17 17:02:07 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-04-17 17:02:06 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-04-17 17:00:26 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-04-17 17:00:26 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-04-17 17:00:21 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-04-17 17:00:21 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-04-17 17:00:14 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-04-17 17:00:13 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-04-17 17:00:13 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-04-16 07:03:29 -------- d-----w- C:\05b9a516d247b255448ba9df1850
2013-04-16 01:43:17 751104 ----a-w- C:\Windows\System32\win32spl.dll
2013-04-16 01:43:17 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2013-04-16 01:43:10 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2013-04-16 01:43:08 2691072 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-04-16 01:43:05 158208 ----a-w- C:\Windows\System32\aaclient.dll
2013-04-16 01:43:05 131072 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-04-16 01:43:04 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-04-16 01:43:04 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-04-16 01:42:48 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-04-16 01:42:48 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-04-16 01:42:34 3150848 ----a-w- C:\Windows\System32\win32k.sys
2013-04-16 01:42:14 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-04-16 01:42:13 2001408 ----a-w- C:\Windows\System32\msxml6.dll
2013-04-16 01:42:12 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2013-04-16 01:42:11 1388544 ----a-w- C:\Windows\SysWow64\msxml6.dll
2013-04-16 01:42:11 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2013-04-16 01:39:39 95744 ----a-w- C:\Windows\System32\synceng.dll
2013-04-16 01:39:39 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2013-04-16 01:39:25 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-16 01:39:20 5497688 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-16 01:39:18 3958120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-16 01:39:18 3902312 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-16 01:39:17 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-16 01:39:17 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-16 01:39:17 112640 ----a-w- C:\Windows\System32\smss.exe
.
==================== Find3M  ====================
.
2013-04-23 18:26:03 45056 ----a-w- C:\Windows\System32\acovcnt.exe
2013-04-22 04:48:21 138741 ----a-w- C:\ProgramData\bdinstall.bin
2013-04-17 20:05:47 152064 ----a-w- C:\Windows\SysWow64\msclmd.dll
2013-04-17 20:05:45 175104 ----a-w- C:\Windows\System32\msclmd.dll
2013-04-17 16:56:50 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-03-12 05:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 22:49:56.72 ===============
 

 

Attached Files



#14 Noviciate

Noviciate

  • Malware Response Team
  • 4,959 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:21 PM

Posted 27 April 2013 - 04:12 PM

Good evening. :)

Download Malwarebytes' Anti-Malware from here and save it to your Desktop - unless you already have it, in which case skip to the "updating" bit below.
 

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • Ensure a checkmark is placed next to both Update Malwarebytes' Anti-Malware and  Launch Malwarebytes' Anti-Malware and then click Finish.
  • If an update is found, it will download and install the latest version - you'll need to clear it with your firewall.
  • Once the program has loaded, select Perform full scan and then Scan.
  • When the scan has finished, click OK and then Show Results to view the results - no surprise there!
  • If MBAM finds anything, check the box(es) and click Remove Selected.
  • Please note - Leave unchecked any boxes that have \System Volume Information\ in the filepath. These pose no immediate risk to your PC unless you use System Restore and will be dealt with later.
  • When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

Let me have the MBAM and a description of how your PC is behaving.

 

 

 


Logs answered since Christmas Day: 37

Threads completed: 9

Threads closed after some work but not completed: 10

Threads closed following a total lack of response from poster: 15

 

 


#15 scotth87

scotth87
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:04:21 PM

Posted 27 April 2013 - 08:40 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.04.27.04
 
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Scott :: SCOTT-PC [administrator]
 
4/27/2013 5:41:43 PM
mbam-log-2013-04-27 (17-41-43).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 506540
Time elapsed: 1 hour(s), 35 minute(s), 19 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 2
C:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
 
(end)
 

My computer isn't behaving particularly strangely other than performing slowly some of the time.  It is also about 4 years old so that might have something to do with it.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users