Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HotStartSearch Virus Help Me


  • This topic is locked This topic is locked
18 replies to this topic

#1 AsusOops

AsusOops

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 15 May 2013 - 03:24 PM

Hello, I am having issues with this google redirect virus called HotStartSearch. I have a Windows 7, 64 bit computer.

I have tried many things to remove it, but it seems like this one is one of the hardest viruses to remove. I am happy to see that some people who have this virus have already resolved the issue so I know it isn't impossible. 

 

This is my DDS log. I'm not the best at working with computers so bare with me. And I appreciate any help regarding this issue.

 

 

-----------
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 10.21.2
Run by Allen at 16:14:19 on 2013-05-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8173.3774 [GMT -4:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Windows\SysWOW64\AsHookDevice.exe
C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.1.7\ccSvcHst.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe
C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Allen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Allen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Allen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Allen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Allen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Allen\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com
mURLSearchHooks: {66bd2442-241b-44cd-8c7a-b51037053cdb} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Qwiklinx: {3E7C8B5A-96AB-438F-BF9B-782400655440} - 
BHO: {66bd2442-241b-44cd-8c7a-b51037053cdb} - <orphaned>
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ips\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Fast Free Converter 3.0: {A071936A-AB6B-4978-9342-E47C06FCDEC1} - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.1.7\CoIEPlg.dll
BHO: Free Download Manager: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.1.7\CoIEPlg.dll
uRun: [FDPRO-513] C:\Program Files (x86)\Fighters\FighterLauncher.exe FDPRO
uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Google Update] <no file>
mRun: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
mRun: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
mRun: [ASUS Easy Update] C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSPanel.exe /S
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
mRun: [SpeetItUpFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe -tray
mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
StartupFolder: C:\Users\Allen\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMEST~1.LNK - C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm
IE: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
Trusted Zone: aeriagames.com
Trusted Zone: aeriagames.com
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{74E06EE5-33A6-4B20-A4B6-6CFE733760C3} : DHCPNameServer = 209.18.47.61 209.18.47.62
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Privacy Safeguard BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
x64-Run: [Anti-phishing Domain Advisor] <no file>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AiChargerPlus;ASUS Charger Plus Driver;C:\Windows\System32\drivers\AiChargerPlus.sys [2011-11-8 14464]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1309010.00E\symds64.sys [2013-2-5 451192]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1309010.00E\symefa64.sys [2013-2-5 1129120]
R1 asdnet;asdnet;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2013-5-9 19280]
R1 asdrm;asdrm;C:\Windows\System32\drivers\asdrm.sys [2013-5-9 18768]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 39768]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [2013-5-7 1390680]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1309010.00E\ccsetx64.sys [2013-2-5 167072]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD01010.007\ccSetx64.sys [2012-10-16 168096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20130514.001\IDSviA64.sys [2013-5-15 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1309010.00E\ironx64.sys [2013-2-5 190072]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1309010.00E\symnets.sys [2013-2-5 405624]
R2 ADBlockerSrv;AD Blocker Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2013-5-9 279368]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [2011-11-8 922240]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\System32\drivers\asdrs.sys [2013-5-9 23376]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-20 735592]
R2 asdws;AnviSmartDefender Web Guard;C:\Windows\System32\drivers\asdws.sys [2013-5-9 17232]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [2011-11-8 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-11-8 586880]
R2 Device Handle Service;Device Handle Service;C:\Windows\SysWOW64\AsHookDevice.exe [2011-11-8 203392]
R2 FastFreeConverterUpdt;FastFreeConverterUpdt;C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe [2012-11-26 687104]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-5-10 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-5-10 701512]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccsvchst.exe [2013-2-5 138272]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.1.7\ccSvcHst.exe [2012-10-16 143928]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-3-6 39056]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\System32\drivers\RtNdPt60.sys [2011-11-8 32544]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-3-14 383264]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-8 2656280]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-9-14 129000]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-9-14 394216]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-10 138912]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-10 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-11-8 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-11-8 158976]
S3 mv91cons;mv91cons;C:\Windows\System32\drivers\mv91cons.sys [2011-11-8 23080]
S3 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2011-11-8 297000]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-11-8 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-11-8 181248]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-19 19456]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2011-11-8 48416]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-11-8 29472]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);C:\Windows\System32\drivers\RtTeam60.sys [2011-11-8 48416]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-19 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-19 30208]
S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);C:\Windows\System32\drivers\RtVlan60.sys [2011-11-8 29472]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-2-20 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-05-15 15:13:30 -------- d-----w- C:\Program Files (x86)\ESET
2013-05-15 15:06:07 190 ----a-w- C:\Windows\DeleteOnReboot.bat
2013-05-15 12:20:28 32000 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2013-05-15 02:47:41 -------- d-----w- C:\Windows\pss
2013-05-14 22:45:05 -------- d-----w- C:\Users\Allen\AppData\Roaming\systweak
2013-05-14 22:45:05 -------- d-----w- C:\Program Files (x86)\RegClean Pro
2013-05-14 22:45:00 -------- d-----w- C:\Program Files (x86)\Hot Start Search Removal Tool
2013-05-14 22:08:23 -------- d-----w- C:\Program Files\CCleaner
2013-05-14 21:37:44 -------- d-----w- C:\ProgramData\HitmanPro
2013-05-11 21:31:40 -------- d-----w- C:\Program Files (x86)\Game Genie
2013-05-11 00:19:59 -------- d-----w- C:\ProgramData\DriverGenius
2013-05-10 23:17:15 -------- d-----w- C:\Users\Allen\AppData\Roaming\Malwarebytes
2013-05-10 23:16:43 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-05-10 23:16:43 -------- d-----w- C:\ProgramData\Malwarebytes
2013-05-10 23:16:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-09 11:26:12 -------- d-----w- C:\Users\Allen\AppData\Roaming\Anvisoft
2013-05-09 11:25:59 23376 ----a-w- C:\Windows\System32\drivers\asdrs.sys
2013-05-09 11:25:59 18768 ----a-w- C:\Windows\System32\drivers\asdrm.sys
2013-05-09 11:25:59 17232 ----a-w- C:\Windows\System32\drivers\asdws.sys
2013-05-09 11:25:38 -------- d-----w- C:\ProgramData\Anvisoft
2013-05-09 11:25:36 -------- d-----w- C:\Program Files (x86)\Anvisoft
2013-05-03 01:36:30 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-24 12:18:22 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-21 22:35:56 -------- d-----w- C:\Users\Allen\AppData\Roaming\RealNetworks
2013-04-21 22:35:06 -------- d-----w- C:\Program Files (x86)\RealNetworks
2013-04-21 22:35:01 -------- d-----w- C:\ProgramData\RealNetworks
2013-04-21 22:34:48 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2013-04-21 22:34:22 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-04-21 19:53:53 -------- d-----w- C:\Program Files (x86)\PointMMO
2013-04-20 23:08:14 -------- d-----w- C:\Users\Allen\AppData\Roaming\Skyrim NPC Editor
2013-04-20 01:17:12 -------- d-----w- C:\Users\Allen\AppData\Roaming\Local
2013-04-19 01:47:37 -------- d-----w- C:\ProgramData\Steam
.
==================== Find3M  ====================
.
2013-05-15 15:36:25 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-15 15:36:25 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-04-21 22:34:22 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe
2013-03-15 04:16:18 3477280 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-03-15 04:16:17 6398240 ----a-w- C:\Windows\System32\nvcpl.dll
2013-03-15 04:16:10 877856 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-03-15 04:16:10 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-03-15 04:16:10 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-03-15 02:07:52 559904 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-03-13 16:24:01 3065455 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-03-09 15:23:55 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2013-03-09 15:23:55 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2013-03-01 03:36:04 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-19 00:20:21 39768 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
.
============= FINISH: 16:18:04.62 ===============
 
EDIT: Just a quick note. I did uninstall anvi smart defender/anvi soft & Malwarebytes' Anti-Malware since they are of no help. I did this after this dds log scan just a few minutes ago. I've been advised not to make anymore changes so I'll hold tight. Hopefully I didn't mess anything up uninstalling those two programs before reading that one last post in my other thread.

Attached Files


Edited by AsusOops, 15 May 2013 - 04:50 PM.


BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:11 PM

Posted 15 May 2013 - 04:48 PM

Good evening. :)

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Click the Quick Scan button and allow it to do it's thing.
  • Once complete, it should open two Notepad Windows - OTL.Txt and Extras.Txt
  • It should also save copies in the same location as OTL.
  • I want you to copy and paste the contents of OTL.txt that should appear into one reply and Extras.Txt into another.
  • The length of the two logs sometimes results in the end being chopped off if you post both in one reply.

 

Also, is the issue in all your browsers or just some?


So long, and thanks for all the fish.

 

 


#3 AsusOops

AsusOops
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 15 May 2013 - 05:02 PM

Hello and thank you. 
 
This particular virus is in my main browser which is Google Chrome. It was in IE, it seems as though it isn't anymore. I had another thread originally in the "Am I Infected" forum and it may have gotten rid of it in IE, but I know for a fact that it is still in Chrome. 
 
I made a quick edit a few minutes ago stating that I had removed two anti-virus softwares before I had went back to my old thread and noticed where Boopme said it was best not to remove anything. So I hope I did not cause any issues for myself. Anyhow I will download this program now.

EDIT: It seems that it won't let me download OTL. I'm using Chrome. I clicked on it and it opened another tab that was blank. So I tried to open it in another tab I could see what website it goes to but the page remained blank.

 

EDIT 2: Okay nevermind hotstartsearch is still on IE browser as well. I'm going to try to download that OTL program using IE and see if it works.


Edited by AsusOops, 15 May 2013 - 07:32 PM.


#4 AsusOops

AsusOops
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 15 May 2013 - 07:43 PM

Okay I went ahead and downloaded OTL using Internet Explorer.

 

This is OTL results:

 

 

OTL logfile created on: 5/15/2013 8:34:37 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Allen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.98 Gb Total Physical Memory | 3.16 Gb Available Physical Memory | 39.55% Memory free
15.96 Gb Paging File | 10.77 Gb Available in Paging File | 67.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.45 Gb Total Space | 584.88 Gb Free Space | 85.45% Space Free | Partition Type: NTFS
Drive J: | 1.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: ALLEN-PC | User Name: Allen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/05/15 20:33:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Allen\Desktop\OTL.scr
PRC - [2013/04/21 18:34:26 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013/03/29 15:53:56 | 001,631,144 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2013/03/29 15:53:56 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013/03/15 01:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/03/14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013/03/06 02:23:52 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/11/26 09:30:18 | 000,687,104 | ---- | M] () -- C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe
PRC - [2012/11/05 16:42:54 | 002,039,568 | ---- | M] (GameStop Corp.) -- C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe
PRC - [2012/08/18 21:03:19 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.1.7\ccSvcHst.exe
PRC - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccsvchst.exe
PRC - [2012/06/11 20:43:09 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/08/09 16:56:12 | 000,195,200 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
PRC - [2011/06/15 02:19:14 | 000,307,200 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
PRC - [2011/06/13 04:36:54 | 000,922,240 | ---- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
PRC - [2011/02/01 17:20:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 17:20:46 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/01/11 20:21:14 | 001,214,080 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
PRC - [2010/12/01 22:15:14 | 000,915,584 | ---- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
PRC - [2010/11/27 01:50:04 | 002,931,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
PRC - [2010/11/08 19:09:00 | 000,465,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
PRC - [2010/10/21 05:52:26 | 000,586,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
PRC - [2009/12/23 17:59:42 | 000,232,064 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe
PRC - [2009/12/23 17:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Windows\SysWOW64\AsHookDevice.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/04/09 04:57:07 | 000,390,096 | ---- | M] () -- C:\Users\Allen\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013/04/09 04:57:06 | 013,130,704 | ---- | M] () -- C:\Users\Allen\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
MOD - [2013/04/09 04:57:05 | 004,050,896 | ---- | M] () -- C:\Users\Allen\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013/04/09 04:56:15 | 000,598,480 | ---- | M] () -- C:\Users\Allen\AppData\Local\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013/04/09 04:56:14 | 000,124,368 | ---- | M] () -- C:\Users\Allen\AppData\Local\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013/04/09 04:56:13 | 001,606,096 | ---- | M] () -- C:\Users\Allen\AppData\Local\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013/03/29 15:53:56 | 001,114,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2013/03/26 20:16:40 | 020,341,672 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2013/03/25 18:23:34 | 000,651,776 | ---- | M] () -- C:\Program Files (x86)\Steam\SDL2.dll
MOD - [2012/12/11 13:51:10 | 001,100,800 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/12/11 13:51:10 | 000,192,000 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/12/11 13:51:10 | 000,124,416 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2011/12/28 13:49:14 | 000,086,528 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\fdmumsp.dll
MOD - [2011/12/28 13:48:54 | 000,230,400 | ---- | M] () -- C:\Program Files (x86)\Free Download Manager\iefdm2.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/15 11:36:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/29 15:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/15 01:53:06 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/03/14 22:07:46 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013/03/06 02:21:52 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/26 09:30:18 | 000,687,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Fast Free Converter\FastFreeConverterUpdt.exe -- (FastFreeConverterUpdt)
SRV - [2012/08/18 21:03:19 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.1.7\ccSvcHst.exe -- (NCO)
SRV - [2012/06/15 22:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ccSvcHst.exe -- (NAV)
SRV - [2012/06/11 20:43:09 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/06/13 04:36:54 | 000,922,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe -- (asComSvc)
SRV - [2011/02/01 17:20:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 17:20:46 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/01 22:15:14 | 000,915,584 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe -- (asHmComSvc)
SRV - [2010/10/21 05:52:26 | 000,586,880 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/23 17:59:22 | 000,203,392 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysWOW64\AsHookDevice.exe -- (Device Handle Service)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/02/18 20:20:21 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/12/19 01:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012/11/10 13:52:00 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/08/23 10:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 10:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 10:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/06 21:24:46 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSTx64\7DD01010.007\ccSetx64.sys -- (ccSet_NST)
DRV:64bit: - [2012/07/26 01:32:22 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/05 22:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 22:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/07 00:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\ccsetx64.sys -- (ccSet_NAV)
DRV:64bit: - [2012/05/21 21:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/17 22:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 21:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/08 20:51:01 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/11/08 20:51:01 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/08 02:14:20 | 000,027,608 | ---- | M] (XBCD Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xbcd.sys -- (XBCD)
DRV:64bit: - [2011/09/14 21:05:34 | 000,394,216 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/09/14 21:05:34 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011/07/25 22:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/06/15 04:30:46 | 000,093,240 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2011/06/10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/13 19:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/12/10 01:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 01:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/08 18:57:58 | 000,014,464 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiChargerPlus.sys -- (AiChargerPlus)
DRV:64bit: - [2010/11/05 11:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/08/27 13:53:32 | 000,023,080 | ---- | M] (Marvell Semiconductor Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91cons.sys -- (mv91cons)
DRV:64bit: - [2010/08/27 13:53:22 | 000,297,000 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010/02/26 04:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/01/14 08:27:46 | 000,032,544 | ---- | M] (Realtek                                            ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2010/01/14 08:27:30 | 000,048,416 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2010/01/14 08:27:30 | 000,048,416 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2010/01/14 08:27:18 | 000,029,472 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (VLAN)
DRV:64bit: - [2010/01/14 08:27:18 | 000,029,472 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan60.sys -- (RTVLANPT)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/05/15 08:32:27 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20130515.003\ex64.sys -- (NAVEX15)
DRV - [2013/05/15 08:32:27 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/05/15 08:32:27 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\VirusDefs\20130515.003\eng64.sys -- (NAVENG)
DRV - [2013/04/12 19:53:05 | 001,390,680 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\BASHDefs\20130502.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/03/07 17:25:38 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\Definitions\IPSDefs\20130515.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012/11/10 12:26:01 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/11/04 01:00:00 | 000,002,304 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\HtsysmNT.sys -- (Htsysm)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/01/04 17:34:48 | 000,011,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\AsInsHelp64.sys -- (ASInsHelp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP08&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope = {688C4A78-D40B-4C4A-A1BA-16D81BFC9E8F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{688C4A78-D40B-4C4A-A1BA-16D81BFC9E8F}: "URL" = http://searchou.com/?q={searchTerms}&id=70c751420000000000005404a6dbdeee&r=262
IE - HKCU\..\SearchScopes\{DEB0BCAB-66D4-453C-964C-61EE2BB61C5A}: "URL" = http://www.mysearchresults.com/search?&c=2645&t=03&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://searchou.com/?id=70c751420000000000005404a6dbdeee"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@rsj.de/prodown:  File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Allen\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Allen\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\thehappycloud.com/HappyCloudPlugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.1.1.7\coFFPlgn\ [2012/11/03 13:44:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.1.0.28\IPSFFPlgn\ [2013/05/15 08:25:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/04/21 18:35:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/04/21 18:35:06 | 000,000,000 | ---D | M]
 
[2012/04/22 21:31:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allen\AppData\Roaming\Mozilla\Extensions
[2013/05/15 11:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\2giejjhm.default\extensions
[2012/02/18 21:20:59 | 000,000,000 | ---D | M] (Spam Free Search Bar) -- C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\2giejjhm.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}
[2012/04/22 21:27:39 | 000,000,000 | ---D | M] (TheBflix) -- C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\2giejjhm.default\extensions\4f85d7b5ec11e@4f85d7b5ec120.info
[2012/04/22 21:27:39 | 000,000,000 | ---D | M] (Bcool) -- C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\2giejjhm.default\extensions\4f85d7d26e7c3@4f85d7d26e7c4.info
[2012/02/18 21:38:54 | 000,000,000 | ---D | M] (Bflix) -- C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\2giejjhm.default\extensions\info@thebflix.com
[2012/04/22 21:27:59 | 000,001,301 | ---- | M] () -- C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\2giejjhm.default\searchplugins\my-homepage.xml
[2013/04/13 23:37:38 | 000,001,378 | ---- | M] () -- C:\Users\Allen\AppData\Roaming\Mozilla\Firefox\Profiles\2giejjhm.default\searchplugins\privitize.xml
[2012/05/19 12:40:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/04/20 17:44:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/02/18 21:23:08 | 000,000,000 | ---D | M] (Free Download Manager plugin) -- C:\PROGRAM FILES (X86)\FREE DOWNLOAD MANAGER\FIREFOX\EXTENSION
File not found (No name found) -- C:\PROGRAM FILES (X86)\SEARCHQU TOOLBAR\DATAMNGR\FIREFOXEXTENSION
File not found (No name found) -- C:\USERS\ALLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2GIEJJHM.DEFAULT\EXTENSIONS\{09EC805C-CB2E-4D53-B0D3-A75A428B81C7}
File not found (No name found) -- C:\USERS\ALLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2GIEJJHM.DEFAULT\EXTENSIONS\{66BD2442-241B-44CD-8C7A-B51037053CDB}
File not found (No name found) -- C:\USERS\ALLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2GIEJJHM.DEFAULT\EXTENSIONS\{687578B9-7132-4A7A-80E4-30EE31099E03}
File not found (No name found) -- C:\USERS\ALLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2GIEJJHM.DEFAULT\EXTENSIONS\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
File not found (No name found) -- C:\USERS\ALLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2GIEJJHM.DEFAULT\EXTENSIONS\{A018B213-6B46-4791-9298-519020DB5737}
File not found (No name found) -- C:\USERS\ALLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2GIEJJHM.DEFAULT\EXTENSIONS\{EEE6C361-6118-11DC-9C72-001320C79847}
File not found (No name found) -- C:\USERS\ALLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2GIEJJHM.DEFAULT\EXTENSIONS\CROSSRIDERAPP2258@CROSSRIDER.COM
File not found (No name found) -- C:\USERS\ALLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2GIEJJHM.DEFAULT\EXTENSIONS\FFXTLBR@FUNMOODS.COM
File not found (No name found) -- C:\USERS\ALLEN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2GIEJJHM.DEFAULT\EXTENSIONS\PLUGIN@YONTOO.COM
[2012/02/18 21:20:59 | 000,002,131 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\blekkotb.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Allen\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Allen\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Allen\AppData\Local\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Allen\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Google Search = C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Privacy Safeguard BHO) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll File not found
O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Qwiklinx) - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Allen\AppData\Roaming\Qwiklinx\Qwiklinx.dll File not found
O2 - BHO: (no name) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - No CLSID value found.
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Fast Free Converter 3.0) - {A071936A-AB6B-4978-9342-E47C06FCDEC1} - C:\Program Files (x86)\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll (Fast Free Converter)
O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.1.7\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.1.1.7\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Anti-phishing Domain Advisor]  File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ASUS AiChargerPlus Execute] C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS Easy Update] C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.104.216\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [RunAIShell] C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SpeetItUpFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe" File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface]  File not found
O4 - HKCU..\Run: [cdloader]  File not found
O4 - HKCU..\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
O4 - HKCU..\Run: [FDPRO-513] C:\Program Files (x86)\Fighters\FighterLauncher.exe FDPRO File not found
O4 - HKCU..\Run: [Google Update]  File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk = C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe (GameStop Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8:64bit: - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O8 - Extra context menu item: Download all with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Download selected with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Download video with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Download with Free Download Manager - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{74E06EE5-33A6-4B20-A4B6-6CFE733760C3}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/14 03:48:47 | 000,028,064 | R--- | M] (magicJack L.P.) - J:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2010/09/14 03:48:47 | 000,016,158 | R--- | M] () - J:\autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2010/09/14 03:48:47 | 000,000,308 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2010/09/14 03:48:47 | 000,684,200 | R--- | M] (magicJack L.P.) - J:\autorunu.exe -- [ CDFS ]
O33 - MountPoints2\{e79c2465-b30a-11e1-9509-5404a6dbdeee}\Shell - "" = AutoRun
O33 - MountPoints2\{e79c2465-b30a-11e1-9509-5404a6dbdeee}\Shell\AutoRun\command - "" = K:\setup.exe
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\INSTALL.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/15 20:33:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Allen\Desktop\OTL.scr
[2013/05/15 16:10:50 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Allen\Desktop\dds.com
[2013/05/15 11:13:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/05/15 11:12:22 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Allen\Desktop\esetsmartinstaller_enu.exe
[2013/05/15 10:54:57 | 000,760,723 | ---- | C] (Farbar) -- C:\Users\Allen\Desktop\MiniToolBox.exe
[2013/05/14 22:47:41 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/05/14 18:45:05 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\systweak
[2013/05/14 18:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hot Start Search Removal Tool
[2013/05/14 18:08:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/05/14 18:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/05/14 17:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013/05/11 17:37:00 | 000,000,000 | ---D | C] -- C:\Users\Allen\Documents\Game Genie
[2013/05/11 17:31:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Game Genie
[2013/05/10 20:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
[2013/05/10 19:17:15 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\Malwarebytes
[2013/05/10 19:16:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/09 07:26:12 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\Anvisoft
[2013/05/09 07:25:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\anvisoft
[2013/05/09 07:25:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2013/05/09 07:25:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2013/05/02 21:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/04/21 18:35:56 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\RealNetworks
[2013/04/21 18:35:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013/04/21 18:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/04/21 18:34:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013/04/21 18:34:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/04/21 18:34:28 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/04/21 18:34:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2013/04/21 18:33:57 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\Real
[2013/04/21 18:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2013/04/21 15:53:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PointMMO
[2013/04/20 19:08:14 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\Skyrim NPC Editor
[2013/04/19 21:17:12 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\Local
[2013/04/18 21:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2013/04/18 19:27:17 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\WinRAR
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Allen\*.tmp files -> C:\Users\Allen\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/15 20:36:01 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/15 20:33:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Allen\Desktop\OTL.scr
[2013/05/15 19:46:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-301818706-937632442-2701706731-1000UA.job
[2013/05/15 16:10:51 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Allen\Desktop\dds.com
[2013/05/15 14:27:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/15 11:16:43 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/15 11:16:43 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/15 11:12:27 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Allen\Desktop\esetsmartinstaller_enu.exe
[2013/05/15 11:11:31 | 000,001,408 | ---- | M] () -- C:\Users\Allen\Desktop\Search.lnk
[2013/05/15 11:09:27 | 000,001,204 | ---- | M] () -- C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk
[2013/05/15 11:08:01 | 2132,713,471 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/15 11:06:14 | 000,000,190 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/05/15 11:04:53 | 000,628,743 | ---- | M] () -- C:\Users\Allen\Desktop\AdwCleaner.exe
[2013/05/15 10:55:00 | 000,760,723 | ---- | M] (Farbar) -- C:\Users\Allen\Desktop\MiniToolBox.exe
[2013/05/15 08:37:49 | 000,822,924 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/15 08:37:49 | 000,681,056 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/15 08:37:49 | 000,129,478 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/15 08:20:28 | 000,032,000 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/05/11 07:03:15 | 000,000,995 | ---- | M] () -- C:\Users\Allen\Desktop\magicJack.lnk
[2013/05/10 22:55:16 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-301818706-937632442-2701706731-1000Core.job
[2013/05/08 09:43:00 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\DLL-files.com Fixer_UPDATES.job
[2013/04/23 07:28:24 | 000,003,080 | ---- | M] () -- C:\{6AD2237C-3181-4B8C-9613-D73090A956D2}
[2013/04/21 18:35:12 | 000,001,268 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/04/21 18:34:28 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/04/20 16:45:14 | 000,802,770 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/19 07:19:51 | 000,002,440 | ---- | M] () -- C:\{ECE65566-1DEF-466B-B4ED-92772FFB3B11}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Allen\*.tmp files -> C:\Users\Allen\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/15 11:06:07 | 000,000,190 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/05/15 11:04:52 | 000,628,743 | ---- | C] () -- C:\Users\Allen\Desktop\AdwCleaner.exe
[2013/05/15 08:20:28 | 000,032,000 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/04/23 07:28:23 | 000,003,080 | ---- | C] () -- C:\{6AD2237C-3181-4B8C-9613-D73090A956D2}
[2013/04/21 18:35:11 | 000,001,268 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013/04/19 07:19:51 | 000,002,440 | ---- | C] () -- C:\{ECE65566-1DEF-466B-B4ED-92772FFB3B11}
[2013/04/13 13:38:45 | 000,000,093 | ---- | C] () -- C:\Users\Allen\AppData\Local\fusioncache.dat
[2012/11/03 10:21:46 | 000,802,770 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/22 19:22:53 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/08/01 17:51:37 | 000,002,304 | ---- | C] () -- C:\Windows\SysWow64\HtsysmNT.sys
[2012/06/11 20:43:11 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/06/11 20:43:09 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/05/19 08:39:41 | 000,005,632 | ---- | C] () -- C:\Users\Allen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/30 18:39:38 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/11/08 21:15:48 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2011/11/08 21:14:50 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011/11/08 21:14:44 | 000,221,184 | ---- | C] () -- C:\Windows\SysWow64\drivers\ServiceHelp.dll
[2011/11/08 21:14:44 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011/11/08 21:14:44 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011/11/08 21:01:57 | 000,035,773 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011/11/08 21:01:51 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011/11/08 21:01:50 | 000,023,975 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011/11/08 21:01:50 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 23:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013/05/15 17:38:33 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Anvisoft
[2012/02/18 21:19:01 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\ASUS WebStorage
[2012/04/19 21:30:22 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\BitZipper
[2012/05/25 22:06:19 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\BucksBee Loyalty Plugin - 100884.rs for Chrome
[2012/04/18 19:25:26 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\DAEMON Tools Pro
[2012/04/14 09:43:21 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\dll-files.com
[2012/05/25 22:21:00 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Fighters
[2013/05/14 18:14:53 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Free Download Manager
[2012/06/26 18:57:46 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\GetRightToGo
[2012/04/18 18:42:59 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\InfraRecorder
[2013/04/19 21:17:12 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Local
[2013/05/15 08:26:00 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\mjusbsp
[2012/09/25 21:18:58 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Notepad++
[2012/06/11 20:43:08 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\PunkBuster
[2013/04/20 19:08:14 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Skyrim NPC Editor
[2012/09/22 18:06:50 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Stardock
[2013/05/14 18:45:05 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\systweak
[2013/05/15 08:26:01 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\uTorrent
[2012/02/19 10:46:24 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\WeatherBug
[2012/04/19 20:55:58 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\WinZip
 
========== Purity Check ==========
 
 

< End of report >

 



#5 AsusOops

AsusOops
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 15 May 2013 - 07:46 PM

OTL Extra's Results:

 

OTL Extras logfile created on: 5/15/2013 8:34:37 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Allen\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
7.98 Gb Total Physical Memory | 3.16 Gb Available Physical Memory | 39.55% Memory free
15.96 Gb Paging File | 10.77 Gb Available in Paging File | 67.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.45 Gb Total Space | 584.88 Gb Free Space | 85.45% Space Free | Partition Type: NTFS
Drive J: | 1.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: ALLEN-PC | User Name: Allen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\File Type Helper\FileTypeHelper.exe "%1" (Microsoft)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\File Type Helper\FileTypeHelper.exe "%1" (Microsoft)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{005BFA45-D3ED-4B43-A2AF-65EA96B32EEC}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{029468CA-018F-4C96-AC48-AC19A210DCCB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0395426B-5D2B-42DE-AB12-DB506EF06234}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{07440619-0514-4BC5-AEAC-6AFE33B73C7F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{0B0BA394-8C83-453A-803F-139854FE2241}" = lport=445 | protocol=6 | dir=in | app=system |
"{0C5E10AA-FD81-4F56-B137-EC6B4FE5A185}" = rport=137 | protocol=17 | dir=out | app=system |
"{12D538C9-95B7-4622-9A61-08EB3A87924A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{177CE55D-9055-44C7-89FA-EBDA1F5D66C5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{19A7BD63-9CA1-41AD-817E-532097614585}" = lport=137 | protocol=17 | dir=in | app=system |
"{26C37F94-D967-4BC8-B8E4-130FD30E1632}" = lport=10244 | protocol=6 | dir=in | app=system |
"{2B95BD6C-5BDB-4A2B-B8FA-51651DF8735E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{375FD8A7-D353-4BF5-B08C-FAA2DB7EEFA6}" = rport=10243 | protocol=6 | dir=out | app=system |
"{44401ED3-0F91-4FCB-84EE-7A7E60ABA964}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{4D3C06DF-BD9E-4DAE-A000-B3F2A0E2F334}" = lport=554 | protocol=6 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{4D8C45B7-7000-40AA-AFF3-00B67EB363DD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5AB12C85-CD13-4EB2-AD3F-0B0709081B07}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5D5B4B97-7081-4E50-B167-1266D5B33F72}" = lport=139 | protocol=6 | dir=in | app=system |
"{5F666344-4B7D-4381-8BC7-67DA049388A0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{633EA760-195D-4C55-808A-0A530CD1AA1B}" = rport=445 | protocol=6 | dir=out | app=system |
"{6DF422C2-7443-4E92-BDEE-75E57AAE4415}" = lport=3390 | protocol=6 | dir=in | app=system |
"{779A0B8A-8A94-4C1D-A591-49693D37011F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{78AED53F-9B8E-4FF5-BBB3-F31DC77F1425}" = lport=10244 | protocol=6 | dir=in | app=system |
"{7C1BFAEE-FA66-4B46-8399-07531B7AEE21}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9A25EE8D-E8D6-46B4-9D8F-7DE8DE1FA142}" = lport=138 | protocol=17 | dir=in | app=system |
"{A2A9C9F4-795A-4933-BD97-71E28AA18D37}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A2E71040-03F3-4642-A81C-54A571D397D0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AACE1E57-943E-44A2-A47B-9D2E4AEEFAEE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ADCFDAFE-73AB-463C-9056-CB747313749F}" = rport=139 | protocol=6 | dir=out | app=system |
"{B04E285C-11BD-4095-99E3-B47A87F7BB9E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B0FC1F62-B718-41A2-AB05-F44F9EDB9A73}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{BE500266-4E5B-4B8E-81B6-B3A10F2453DF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C065946B-8133-4479-AB6C-90CE367CFCCF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{C5053D99-3B6A-4CD8-9344-357C14E12EC3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C6DE5726-A02D-449F-AE8F-27235836DAF1}" = lport=7777 | protocol=17 | dir=in | app=%systemroot%\ehome\ehshell.exe |
"{C7381ECF-84D2-4AB6-93DB-99FB23CD3AFD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D11F6D5C-48F7-4F2F-89D9-32995B07881E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D37CA682-7B1A-45FB-BD4C-D78DCFC15027}" = lport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DC40DE09-281A-4907-B403-E4F3018E0890}" = lport=3390 | protocol=6 | dir=in | app=system |
"{E103E413-BEE0-4E54-A271-0F33734C4410}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E2FE9F50-06FB-4A9B-8887-497E327D519C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E50978A7-F45F-4320-A11D-2982D2CCCBD0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E7C8FB91-DA63-42CF-AD3F-E8CE737459CD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EB7E8545-0235-4BE5-B1FA-193341D0F3E8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{EC58A42F-B3ED-45D3-868B-D7B9DB2F4DF2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EED2E7BB-59B3-44D2-A333-F863C6F9F85D}" = rport=138 | protocol=17 | dir=out | app=system |
"{EF2C665B-0931-4B26-B05B-82019ACAE674}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F76F31C0-90BC-4196-A7D5-49E2DFF42F80}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FAAD2B73-5F9F-4846-AF96-C06212417496}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{015E1648-8FE2-47FC-98D8-C1A9950B941D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{02E79AD7-AE48-4A0C-89E6-4BD2C773A719}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{04042119-EF2B-4A94-8A1F-ECDF9F63E1CE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{044C0E32-D9E7-4D61-AB09-AE217575033F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{047D9289-6ED8-48C9-AD78-3F8FB2C7B096}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{0780755E-1445-4A9D-8EC8-A00CAE363AD6}" = protocol=17 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{0BA76719-044C-49DD-BD01-B1F7B5C2AF71}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{0CC3010D-49E2-4815-B34E-DAF57D0E3B7A}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{0D3DECC2-5617-4523-B8FD-7F8586767A1D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{14CF45E4-954A-4103-8514-2E2248AE5C88}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{21293F90-3962-4540-B874-15C9A8D58D05}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{28CFB84F-FF3E-4947-8B81-D9DE8B330716}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2A2D1371-CBEA-401E-8597-816450A5CCEA}" = protocol=17 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe |
"{2D464EB7-E1E8-474C-A8F7-296E350977A9}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2EB825A0-6E83-4F52-86AA-E4A4D1E02E1D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{2EFF2D69-93E2-4F47-8BDB-B0A11D141197}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{33DDE821-4064-4BC1-A08F-2397519A3536}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{34640278-0338-4853-B398-D9A4286AF02F}" = protocol=17 | dir=in | app=c:\users\allen\appdata\local\temp\7zsaea6.tmp\symnrt.exe |
"{38290C57-5C1F-43E0-BA25-C7F660783565}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{41BF0D61-EBE8-494C-B132-A0AD9A81203F}" = protocol=6 | dir=out | app=system |
"{426066E8-778D-41DF-B308-33BB4385C6A4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{45B6B0BA-538A-4026-99DF-40B97070C69A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{48056CC1-F889-4A30-A0BE-501626A6F086}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{496C48EF-0B4E-4189-BE26-28B213BF077D}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{4D6B9B07-C122-437A-A7DE-0515D73D0CF4}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{5232B8BE-64BB-4399-A818-2EA1F59933B7}" = protocol=6 | dir=in | app=c:\users\allen\appdata\local\temp\7zsaea6.tmp\symnrt.exe |
"{52A311C3-10B0-4C33-99C8-93E40914F9D7}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{64925812-AFF5-4B50-91EA-92DF5C8411BD}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe |
"{65F36F13-32BD-4269-AA11-EE860DB8A1BA}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{6CAF1E13-749C-4289-AF39-F03699883907}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7434DDCA-E3EB-437B-891A-2D5958704109}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7725208B-038F-4580-BF05-C47ADB46BC4F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82C1C439-B083-4343-9233-2AB6D20385CC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8B2B4606-A269-4852-8933-2B5E4056EE85}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8CFECE55-47EB-47BA-ACC0-B52696965E3F}" = protocol=6 | dir=in | app=c:\games\steam folder\steam.exe |
"{96F0B4E0-5FCA-4A14-963F-5BBDDC4AB7D4}" = protocol=6 | dir=in | app=c:\program files (x86)\squareenix\final fantasy xiv\ffxivboot.exe |
"{995E5763-CE23-433E-B06B-0A7735FAAF49}" = protocol=17 | dir=in | app=c:\games\steam folder\steam.exe |
"{A090D61A-5CEA-4C90-9E12-872D8AA88413}" = protocol=17 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{A17FC86C-BCC4-4986-A94D-F377B695D61C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A48A32D2-C61B-4B9D-8D24-959E61B410E3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A6A8F6B2-E12D-426D-AD15-0382A7A52FFB}" = protocol=17 | dir=in | app=c:\programdata\turbine\ddo unlimited\turbinelauncher.exe |
"{A728ACB0-BA44-4124-A340-F8408628E757}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A72E7153-2AFD-4BFC-B5D4-0D4DA837A8E0}" = protocol=6 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
"{A76ACDD7-827E-40E3-9A4D-1DE88879B508}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A8E3210B-EA45-454B-9168-2F7A61D9E20E}" = protocol=6 | dir=in | app=c:\nexon\dragonnest\dragonnest.exe |
"{A8E353AE-639D-40B4-B98C-5BE2976C01A5}" = protocol=17 | dir=in | app=c:\programdata\turbine\ddo unlimited\dndclient.exe |
"{AA4A1745-ED41-4462-8C52-2A37A3407ABD}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcrmgr.exe |
"{ACEF1028-36E3-4176-BC0B-CB978342C777}" = protocol=6 | dir=out | svc=mcx2svc | app=%systemroot%\system32\svchost.exe |
"{B1D1283B-A6F6-4C2D-8949-8BE6F07E13EE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{B5D36A46-9D80-4743-A4A2-DF571F506A4E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{BF7F00C5-9D13-4486-9EE7-6E2D19BA6E6E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BF97A848-1F92-48F4-BE4C-B9E68380412A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C23A8202-5D58-49B8-A89A-00D051579F1C}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{CA6C71A8-EE4F-4E54-8237-A2D8E35D10EB}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{CE508EF2-7482-4E67-A6F0-BDBFB5D69A04}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CF3BBA9D-AF42-4A60-9CCB-FE6FF4B289A3}" = protocol=17 | dir=in | app=c:\aeriagames\edeneternal\_launcher.exe |
"{CF77A11F-EC21-4C68-852D-571009CE0565}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe |
"{DC24475B-275F-4980-B79B-88836E4CD057}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E8441D19-867E-40FA-855B-651A7538C3AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EA14743F-F734-40A6-8FFB-7D944CE04F67}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{EB5322F5-A1C1-4E38-AB0F-E3C7C2887FDC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EEBF2F61-AFE4-46DE-87A9-4E21344D55E2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{F18E740C-AA96-48FF-9A16-5F06D2571C41}" = protocol=6 | dir=out | app=%systemroot%\ehome\mcx2prov.exe |
"{F308DB7B-B4F6-48D5-88B1-B3FF7190D69E}" = protocol=6 | dir=in | app=c:\programdata\turbine\ddo unlimited\turbinelauncher.exe |
"{F344DBFC-7DC6-473D-B359-91FF6F3DDA2E}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F4053834-FB05-47CF-83AA-BD1F2856AA57}" = protocol=6 | dir=in | app=c:\programdata\turbine\ddo unlimited\dndclient.exe |
"{F664AAC1-765E-46A9-B1FE-8EF511963FBD}" = protocol=6 | dir=out | app=%systemroot%\ehome\ehshell.exe |
"{F8DBD563-DBE9-4396-950E-58D4C2F790E6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FBDDA874-11CE-4BF5-809F-1300A1D9DD6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{19CADB52-EE25-4B97-9B38-8A9492E31275}C:\users\allen\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\allen\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{368ABA26-C6F1-4C59-88E7-E42B238EAA3D}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{47AFCBE4-D719-40C3-B150-DED9F583F6DD}C:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe" = protocol=6 | dir=in | app=c:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe |
"TCP Query User{580A6BE9-4271-4C0B-8B80-25FA34A1297A}C:\program files (x86)\bitlord\bitlord.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bitlord\bitlord.exe |
"TCP Query User{62FD5EC3-3090-4589-82D3-67804A02578D}C:\users\allen\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\allen\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{7B74A211-2F47-4406-8BAE-F239F7523FF7}C:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe |
"TCP Query User{8162C8CC-D964-4ECC-BE7E-4DEE30903FEE}C:\program files (x86)\steam\steamapps\common\skyrim\skyrim\creationkit.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrim\creationkit.exe |
"TCP Query User{8F0220E6-E808-4C11-86B0-4C07C8F5ECE6}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe |
"TCP Query User{A382357D-7BF9-4782-8B86-30DEF6AFCF5D}C:\users\allen\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\allen\appdata\local\akamai\netsession_win.exe |
"TCP Query User{C4F7E690-76EC-4365-B518-96ACA02A1DC9}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{C7FA8ABD-F761-400B-B6A0-F6FB728C7A62}C:\program files (x86)\1clickdownload\1clickdownload.exe" = protocol=6 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownload.exe |
"TCP Query User{DA55B388-B50E-4F1F-9700-EA9C6068EEAC}C:\users\allen\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\allen\appdata\local\akamai\netsession_win.exe |
"UDP Query User{19D4EFE0-3E5D-421E-9A22-3BFC2A6FA911}C:\users\allen\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\allen\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{4B9F7A0C-4476-4FE6-B1C9-05C8E2FE91BD}C:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe" = protocol=17 | dir=in | app=c:\program files (x86)\playonline\squareenix\playonlineviewer\pol.exe |
"UDP Query User{4E4FE806-D5E8-41E4-8C86-82E9600326FA}C:\users\allen\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\allen\appdata\local\akamai\netsession_win.exe |
"UDP Query User{5447BD56-8E41-414E-B7F3-F7F38054B5E5}C:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe |
"UDP Query User{67763179-9BE7-4F9D-94B4-D34351006F1E}C:\users\allen\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\allen\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{7747FD5A-F7F9-4E22-BA4B-CFEC5300264D}C:\users\allen\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\allen\appdata\local\akamai\netsession_win.exe |
"UDP Query User{A0DA7E0D-B2DA-468E-9B15-CF6F82612DAB}C:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\creationkit.exe |
"UDP Query User{B950E57D-5DC6-4D99-B215-5FD6400DD1FF}C:\program files (x86)\bitlord\bitlord.exe" = protocol=17 | dir=in | app=c:\program files (x86)\bitlord\bitlord.exe |
"UDP Query User{C201896B-E7F9-4314-9B45-C0FD2507F47E}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{DACAAE5D-5076-488B-9881-80B9BD2B9A7C}C:\program files (x86)\steam\steamapps\common\skyrim\skyrim\creationkit.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrim\creationkit.exe |
"UDP Query User{E75F18C5-5052-4674-A2AF-CE0642CD9F7A}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{F8A77869-E4D0-4A02-A7F0-B4E9D9D8F0D0}C:\program files (x86)\1clickdownload\1clickdownload.exe" = protocol=17 | dir=in | app=c:\program files (x86)\1clickdownload\1clickdownload.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04054166-0801-48A9-89E0-BC4B53FE7A81}_is1" = XBCD Uninstaller
"{11BA2B00-1495-47B8-BFA8-D08C605AB2CC}" = Windows Live Family Safety
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6DDCFF78-6F91-438C-9567-C5CAA9D7F56C}" = Windows Live Family Safety
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{9301985B-D116-4A93-A93D-94580084FF86}" = 64 Bit HP CIO Components Installer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 314.22
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.12.12
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1" = Privacy SafeGuard version 1.0
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D5}" = WinZip 16.5
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E01819BD-709F-43A1-9600-6F5E4C584C37}" = Windows Live Family Safety
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F11009B0-F4DB-463B-B717-5266E47498AA}" = Windows Live Family Safety
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"C6DCA6D8EFAB374E8F91A705567555FF4DAF025D" = Windows Driver Package - XBCD Project HID  (16/05/2008 1.1.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{124C9BD0-8C52-40AB-8238-0605703B1C28}" = ASUS Backup Wizard
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{30B1FC04-B0D2-4A36-8997-10CC93E04E26}" = Linkury Smartbar
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF95DE2-B54D-4C3F-9494-FD3B558E2C2D}" = AI Manager
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1" = Amnesia - The Dark Descent
"{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Realtek Ethernet Diagnostic Utility
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A9FEC4E-8696-43B4-8C19-5BE4D9038B55}" = ASUS Easy Update
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}" = RealDownloader
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = GameStop App
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16247B8-CD07-40C4-8C96-FC2568G29E8F}}_is1" = Plugin 7
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"BucksBee Loyalty Plugin - 100884.rs for Chrome" = BucksBee Loyalty Plugin - 100884.rs for Chrome
"BurnToDisk_is1" = BurnToDisk version 1.0
"Dll-Files.com Fixer_is1" = Dll-Files.com Fixer
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"ESET Online Scanner" = ESET Online Scanner v3
"Fast Free Converter" = Fast Free Converter
"Free Download Manager_is1" = Free Download Manager 3.8
"GameStop App" = GameStop App
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mplayer" = Mplayer 0.6.9
"NAV" = Norton AntiVirus
"NBRTWizard" = Norton Bootable Recovery Tool Wizard
"Notepad++" = Notepad++
"NST" = Norton Identity Safe
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Open Codecs" = Xiph.Org Open Codecs 0.85.17777
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 16.0" = RealPlayer
"uTorrent" = µTorrent
"vfd-adk" = VideoFileDownload
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{d8b8eede-78d8-4354-a0db-9c6480876229}" = Linkury Smartbar Engine
"Akamai" = Akamai NetSession Interface
"e55b814e55744b76" = Best Buy pc app
"Google Chrome" = Google Chrome
"HappyCloud" = Happy Cloud Client
"magicJack" = magicJack
"Windower" = Windower
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 4/23/2013 7:19:06 AM | Computer Name = Allen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 4/24/2013 8:13:39 AM | Computer Name = Allen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 4/25/2013 8:28:31 AM | Computer Name = Allen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 4/26/2013 10:57:25 AM | Computer Name = Allen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 4/26/2013 12:37:43 PM | Computer Name = Allen-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{EA1FAE0F-2354-4E32-B423-ABAE8E358F91}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 4/27/2013 8:24:08 AM | Computer Name = Allen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 4/28/2013 7:51:43 AM | Computer Name = Allen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 4/29/2013 7:00:05 AM | Computer Name = Allen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 4/30/2013 7:19:40 AM | Computer Name = Allen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 5/1/2013 7:10:15 AM | Computer Name = Allen-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 5/2/2013 7:13:25 AM | Computer Name = Allen-PC | Source = WinMgmt | ID = 10
Description =
 
[ Media Center Events ]
Error - 5/22/2012 10:24:13 PM | Computer Name = Allen-PC | Source = MCUpdate | ID = 0
Description = 10:24:13 PM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  ) 
 
Error - 5/23/2012 10:20:33 AM | Computer Name = Allen-PC | Source = MCUpdate | ID = 0
Description = 10:20:28 AM - Failed to retrieve SportsSchedule.enc (Error: HTTP status
 404: The requested URL does not exist on the server.  ) 
 
Error - 5/26/2012 10:21:12 PM | Computer Name = Allen-PC | Source = MCUpdate | ID = 0
Description = 10:21:12 PM - Error connecting to the internet.  10:21:12 PM -     Unable
 to contact server.. 
 
Error - 5/26/2012 10:21:47 PM | Computer Name = Allen-PC | Source = MCUpdate | ID = 0
Description = 10:21:41 PM - Error connecting to the internet.  10:21:41 PM -     Unable
 to contact server.. 
 
Error - 5/26/2012 11:22:28 PM | Computer Name = Allen-PC | Source = MCUpdate | ID = 0
Description = 11:22:28 PM - Error connecting to the internet.  11:22:28 PM -     Unable
 to contact server.. 
 
Error - 5/26/2012 11:22:59 PM | Computer Name = Allen-PC | Source = MCUpdate | ID = 0
Description = 11:22:58 PM - Error connecting to the internet.  11:22:58 PM -     Unable
 to contact server.. 
 
Error - 6/1/2012 10:14:15 PM | Computer Name = Allen-PC | Source = MCUpdate | ID = 0
Description = 10:14:15 PM - Error connecting to the internet.  10:14:15 PM -     Unable
 to contact server.. 
 
Error - 6/1/2012 10:14:52 PM | Computer Name = Allen-PC | Source = MCUpdate | ID = 0
Description = 10:14:45 PM - Error connecting to the internet.  10:14:45 PM -     Unable
 to contact server.. 
 
Error - 6/1/2012 11:15:22 PM | Computer Name = Allen-PC | Source = MCUpdate | ID = 0
Description = 11:15:22 PM - Error connecting to the internet.  11:15:22 PM -     Unable
 to contact server.. 
 
Error - 6/1/2012 11:15:53 PM | Computer Name = Allen-PC | Source = MCUpdate | ID = 0
Description = 11:15:51 PM - Error connecting to the internet.  11:15:51 PM -     Unable
 to contact server.. 
 
[ System Events ]
Error - 5/15/2013 8:28:53 AM | Computer Name = Allen-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   SRTSP
 
Error - 5/15/2013 8:36:02 AM | Computer Name = Allen-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x8024200d: Security Update for Microsoft .NET Framework 3.5.1 on Windows
 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2804579).
 
Error - 5/15/2013 8:42:22 AM | Computer Name = Allen-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2829361).
 
Error - 5/15/2013 8:42:27 AM | Computer Name = Allen-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2813956).
 
Error - 5/15/2013 8:42:44 AM | Computer Name = Allen-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2798162).
 
Error - 5/15/2013 8:42:44 AM | Computer Name = Allen-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x8024200d: Update for Windows 7 for x64-based Systems (KB2820331).
 
Error - 5/15/2013 8:44:56 AM | Computer Name = Allen-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
 with error 0x8024200d: Security Update for Windows 7 for x64-based Systems (KB2830290).
 
Error - 5/15/2013 10:48:13 AM | Computer Name = Allen-PC | Source = Service Control Manager | ID = 7000
Description = The Htsysm service failed to start due to the following error:   %%2
 
Error - 5/15/2013 10:48:20 AM | Computer Name = Allen-PC | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater14.2.0 service failed to start due to the following
 error:   %%2
 
Error - 5/15/2013 11:08:34 AM | Computer Name = Allen-PC | Source = Service Control Manager | ID = 7000
Description = The Htsysm service failed to start due to the following error:   %%2
 
 
< End of report >
 

 



#6 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:11 PM

Posted 16 May 2013 - 01:18 PM

Good evening. :)

Pay a visit to the ESET Online Scanner.

  • Click the ESET Online Scanner button and a new window will open - you may need to maximise it.
  • Click the Run ESET Online Scanner button in the new window.
  • If you are using any other browser than IE, you will be prompted to download and run esetsmartinstaller_enu.exe and the scan will run from within the window that the executable opens.
  • Regardless of which browser you are using, you will be shown some terms and conditions and you will need to accept these to continue.
  • If you are running IE for this scan you will then be prompted to allow an ActiveX component to be downloaded, unless you already have it installed, and the scan will run inside IE.
  • When you see the Computer Scan Settings window, you will need to make the following changes:

    • UNCHECK Remove found threats - this is important.
    • Check Scan archives
    • Click on Advanced settings
    • Check Scan for potentially unsafe applications
  • Once ready, click Start to begin - not a surprise really!
  • The anti-virus definitions will now be downloaded, so don't forget to allow them through your firewall if prompted.
  • The above will take a little time, so now is a good time to fire up the kettle and open the biccies.
  • Once the scan has completed you will be shown the results - assuming that the scanner has found anything.
  • Click List of found threats and then Export to text file... and save the log somewhere convenient.
  • You can then close out the scanner - don't bother uninstalling it as you may need to use it again.
  • Please post the contents of this file in your next reply, or let me know that nothing was identified.

 


So long, and thanks for all the fish.

 

 


#7 AsusOops

AsusOops
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 16 May 2013 - 04:29 PM

 

Hello, I have used ESET scanner in the past. I had a bit of help in this thread before I was redirected to this forum.

 

 

http://www.bleepingcomputer.com/forums/t/494660/hotstartsearch-google-redirect-hijacker-virus-help/#entry3051006

 

There were 3 threats found on my first scan. Boopme didn't specify not to remove the objects so they were quarantined and removed. This was the first scan results:

 

C:\Users\All Users\Bcool\uninstall.exe Win32/Adware.MultiPlug.A application

C:\ProgramData\Bcool\uninstall.exe Win32/Adware.MultiPlug.A application cleaned by deleting - quarantined
C:\Windows\Installer\2f231ab.msi a variant of Win32/Toolbar.Linkury.A application deleted - quarantined

 

 

As for my newest scan done today there were no threats reported.

 

EDIT 5/17/13 @ 2:25pm est

 

I'd also like to mention that it isn't just a google redirect issue I got another tab for hotstartsearch on yahoo as well. Don't know if that makes any difference, but figured I'd throw that out there.


Edited by AsusOops, 17 May 2013 - 01:25 PM.


#8 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:11 PM

Posted 17 May 2013 - 01:56 PM

Good evening. :)

Can you tell me if you installed anything just prior to seeing this infection - it's sometimes part of an installation package with free software.


So long, and thanks for all the fish.

 

 


#9 AsusOops

AsusOops
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 17 May 2013 - 02:00 PM

The thing is I believe I've had the virus for maybe a month or so. I didn't understand that it was some kind of virus at the time so I just kinda "brushed it under the rug" so to speak. From what I've read about it people say it is very dangerous and I feel so helpless too it.

 

I do know that one day I might've accidentally hit a popup that said to install a new version of flash player. I remember trying to stop a bunch of random junk from installing.

 

I've also used uTorrent before which I feel like that had something to do with it so I'm most likely going to never use it again.

Aside from that I remember trying to find a way to watch a show called "Grimm" online, it could've been that too.

 

EDIT 1: I have become aware of a google extension called: Fast Free Converter, I was under the impression that it was a good extension. I believe it has been up for awhile now. I remember going in my extensions and cleaning some out so I have only it and Adblock Plus enabled. Let me know if you have heard anything bad about this extension. I don't think I really seem to need it so I could delete it.


Edited by AsusOops, 17 May 2013 - 02:35 PM.


#10 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:11 PM

Posted 17 May 2013 - 04:00 PM

If you had read the installation window closely you would have read the following - "To help keep our software free, you will be served advertising through in-text and pop-up ads in your browser, these ads are targeted and relevant". Close your browsers and then open the Control Panel then Programs and Features and uninstall Fast Free Converter.

Let me know if you still have the issue as sometimes you need to do a little manual tidying up.


So long, and thanks for all the fish.

 

 


#11 AsusOops

AsusOops
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 17 May 2013 - 04:32 PM

I'll go and uninstall any fast free converter I can find. Thank you.

 



#12 AsusOops

AsusOops
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 17 May 2013 - 04:57 PM

Alright, I did what you asked and went to the control panel to remove any strange programs. Fast Free Converter was on there as well as some other suspicious looking thing.

I checked Google extensions to make sure it wasn't there.

 

Sure enough after all was said and done it is not redirecting to hotstartsearch anymore.

 

I tried Chrome google and yahoo searches, and IE searches. No redirecting.

 

Just on the safe side let me know if I should run anymore malware remover before I need to remove them.



#13 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:11 PM

Posted 18 May 2013 - 02:56 PM

Good evening. :)

Run OTL.exe.
 

  • Copy and paste the following into the Custom Scans/Fixes box at the bottom:

    :OTL
    IE - HKLM\..\URLSearchHook: {66bd2442-241b-44cd-8c7a-b51037053cdb} - No CLSID value found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@rsj.de/prodown:  File not found
    O2:64bit: - BHO: (Privacy Safeguard BHO) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll File not found
    O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found.
    O2 - BHO: (Qwiklinx) - {3E7C8B5A-96AB-438F-BF9B-782400655440} - C:\Users\Allen\AppData\Roaming\Qwiklinx\Qwiklinx.dll File not found
    O2 - BHO: (no name) - {66bd2442-241b-44cd-8c7a-b51037053cdb} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{687578b9-7132-4a7a-80e4-30ee31099e03} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Anti-phishing Domain Advisor]  File not found
    O4 - HKCU..\Run: [Akamai NetSession Interface]  File not found
    O4 - HKCU..\Run: [cdloader]  File not found
    O4 - HKCU..\Run: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe" File not found
    O4 - HKCU..\Run: [FDPRO-513] C:\Program Files (x86)\Fighters\FighterLauncher.exe FDPRO File not found
    O4 - HKCU..\Run: [Google Update]  File not found
    O8:64bit: - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
    O8 - Extra context menu item: Search the Web - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]
  • Click the Run Fix button at the top.
  • Let the program run until it has completed and then reboot the PC when it is done.

Please let me have a copy of the log that appears once OTL has completed it's run.


Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. The name of the log will in the following format: xxxxxxxx_xxxxxx. x representing the month, date, year and time the log was created. Eg: 03062009_170403

 

 

 


So long, and thanks for all the fish.

 

 


#14 AsusOops

AsusOops
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:11 AM

Posted 18 May 2013 - 04:44 PM

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{66bd2442-241b-44cd-8c7a-b51037053cdb} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66bd2442-241b-44cd-8c7a-b51037053cdb}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@rsj.de/prodown\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1036AD63-AEAC-460B-9060-C96005D4DC86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1036AD63-AEAC-460B-9060-C96005D4DC86}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3E7C8B5A-96AB-438F-BF9B-782400655440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E7C8B5A-96AB-438F-BF9B-782400655440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{66bd2442-241b-44cd-8c7a-b51037053cdb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{66bd2442-241b-44cd-8c7a-b51037053cdb}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{687578b9-7132-4a7a-80e4-30ee31099e03} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Anti-phishing Domain Advisor deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cdloader deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DW7 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\FDPRO-513 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Search the Web\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Search the Web\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Allen


#15 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:11 PM

Posted 19 May 2013 - 02:29 PM

Good evening. :)

Tell me, is the PC still behaving itself?


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users