Search similar:
|
uniqs 7634 |
|
|
|
drslash (banned)Goya Asma join:2002-02-18 Marion, IA |
drslash (banned)
Member
2013-Feb-3 4:15 pm
Need help removing WinZip registry optimizer virusThe target computer is running Windows 7, Kaspersky 2013 Anti Virus and has the WinZip registry optimizer virus on it that I can't remove. Attached are the required log files and I ran all of the required programs.. I know how to edit the registry and navigate folders for deleting files. I will be happy to provide any additional information. Thanks for your time. | actions · 2013-Feb-3 4:15 pm · (locked) | lilhurricaneCrunchin' For Cures Numquam oblita join:2003-01-11 Purple Zone |
Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org
Database version: v2013.02.03.07
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Rob :: ROB-PC [administrator]
2/3/2013 12:03:15 PM mbam-log-2013-02-03 (12-03-15).txt
Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 213870 Time elapsed: 1 minute(s), 38 second(s)
Memory Processes Detected: 0 (No malicious items detected)
Memory Modules Detected: 0 (No malicious items detected)
Registry Keys Detected: 115 HKLM\SYSTEM\CurrentControlSet\Services\TelevisionFanaticService (PUP.MyWebSearch) -> No action taken. HKCR\CLSID\{02515cef-2063-4d64-b87a-d504c99d40dd} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{AED3B1E0-FABB-4C27-A2DA-EC8352EE7E30} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{9989BC14-9B5B-4B3B-8040-478FD1685E34} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{04d2b915-19ff-41e9-994d-95dc898bea43} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{0597d3be-9a4d-4426-a8a7-572ad299852e} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{4E7F49ED-8C94-4AAA-A407-3010D099B11A} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.SettingsPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.SettingsPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{04D2B915-19FF-41E9-994D-95DC898BEA43} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{0696f815-a3a9-490a-bb14-9ec3350b1276} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{5d79f641-c168-40df-a32f-bacea7509e75} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5D79F641-C168-40DF-A32F-BACEA7509E75} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0696F815-A3A9-490A-BB14-9EC3350B1276} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{07494721-dfcf-41c1-8a03-b3fffb0f8409} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{952C6F00-CBA7-47BE-BAF3-CFC5808E6C7B} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{1E34EA93-600B-4CBC-9858-59BE04C1A581} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{0e8a6cb6-3b14-491d-8bba-86a95a62ff72} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.PseudoTransparentPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.PseudoTransparentPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{0E8A6CB6-3B14-491D-8BBA-86A95A62FF72} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{A3866408-A46D-4421-816F-F34D7247A046} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{0510789C-5E5D-4FA3-A3EF-2D56FDE5090A} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.HTMLMenu.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.HTMLMenu (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D7E63AF-274B-426B-B51D-ADF161DF7F24} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{387dface-9e46-415f-8c86-18083b7d6ead} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{73CADBBD-4DC5-419D-84F1-E7BF4C3B20C4} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{32CC4D2E-999C-4853-9D3E-5DE4C02D57C6} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.DataControl.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.DataControl (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{387DFACE-9E46-415F-8C86-18083B7D6EAD} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{38deffd9-9379-4ac4-baa9-1a883dba9cd2} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.MultipleButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.MultipleButton (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{52d3c28f-c9ac-40b5-848f-1fb63d2badef} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.ScriptButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.ScriptButton (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{67d33c35-62e9-4f77-a284-9e9d256f7846} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.DynamicBarButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.DynamicBarButton (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{6ffb45e3-cffc-4b3a-95eb-334cb53c85b0} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{A378FD9D-B406-44BB-96D2-8CDAA668713F} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{93A55DA3-83ED-4090-91B6-904C44647639} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.FeedManager.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.FeedManager (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{7895609d-c8b4-4cf5-a2c7-28223d0c3d92} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{34979CB5-728D-4727-81BF-01850A3BB89B} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{934063FB-A81D-4849-B02C-478446DF3219} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7895609D-C8B4-4CF5-A2C7-28223D0C3D92} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{7952f465-ac46-4a82-b383-870f3784d1cd} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.UrlAlertButton.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.UrlAlertButton (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{7ad9c324-3672-4d33-8477-d9c8e627f4bf} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{03F59B4B-09D9-40F0-A01A-6E895023F2F0} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{42CB7963-EFE0-4737-A927-CE076FAA3BA0} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.Radio.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.Radio (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{8be781d8-5e70-423d-82de-9e4756fce53c} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{026FD9BA-112B-4D9F-86EA-589E28016E8C} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{0328B630-EA94-4FA3-9F27-8250B6324DDB} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.XMLSessionPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.XMLSessionPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8BE781D8-5E70-423D-82DE-9E4756FCE53C} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{91a8da6b-8013-44aa-b63f-00195312999a} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.RadioSettings.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.RadioSettings (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{c98d5b61-b0ea-4d48-9839-1079d352d880} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C98D5B61-B0EA-4D48-9839-1079D352D880} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{cd3cae95-556f-46ae-b636-45dc6b297eb1} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.ToolbarPlugin.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.ToolbarPlugin (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{d09094b3-b426-4f16-a6d9-e211fe222127} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D09094B3-B426-4F16-A6D9-E211FE222127} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{f02c0832-c85c-4b93-8c6f-9df20121a10d} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{6784D08D-CDC3-419D-9B97-744A351ED908} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{844C2331-94DF-431E-9A67-426ED861D27F} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.HTMLPanel.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TelevisionFanatic.HTMLPanel (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F02C0832-C85C-4B93-8C6F-9DF20121A10D} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F02C0832-C85C-4B93-8C6F-9DF20121A10D} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\CLSID\{fba7cbb1-fc93-4149-8862-d94451a7d167} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\TypeLib\{608F7340-E221-4AFB-A848-C4DAD297CD58} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\Interface\{966430CC-2097-45CA-8626-2C3F454C3297} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4e7f49ed-8c94-4aaa-a407-3010d099b11a} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKCR\MyWebSearch.ThirdPartyInstaller (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCR\MyWebSearch.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKCU\Software\AppDataLow\Software\MyWebSearch (PUP.MyWebsearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TelevisionFanaticbar Uninstall (PUP.MyWebSearch) -> Quarantined and deleted successfully. HKLM\SOFTWARE\MozillaPlugins\@TelevisionFanatic.com/Plugin (PUP.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Detected: 2 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (PUP.MyWebSearch) -> Data: -> Quarantined and deleted successfully. HKLM\SOFTWARE\Mozilla\Firefox\Extensions|64ffxtbr@TelevisionFanatic.com (PUP.MyWebSearch) -> Data: C:\Program Files (x86)\TelevisionFanatic\bar\1.bin -> Quarantined and deleted successfully.
Registry Data Items Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.
Folders Detected: 2 C:\Program Files (x86)\TelevisionFanatic\bar\1.bin (PUP.MyWebSearch) -> No action taken. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\chrome (PUP.MyWebSearch) -> Quarantined and deleted successfully.
Files Detected: 31 C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64httpct.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64SrcAs.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64skin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64htmlmu.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64datact.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64mlbtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64script.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64dyn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64feedmg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64tpinst.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64uabtn.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64radio.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64msg.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64html.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64dlghk.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64barsvc.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64auxstb.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brmon.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64brstub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64highin.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64impipe.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64medint.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64Plugin.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64regfft.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64regiet.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\64skplay.exe (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\LOGO.BMP (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll (PUP.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\chrome\64ffxtbr.jar (PUP.MyWebSearch) -> Quarantined and deleted successfully.
(end) | actions · 2013-Feb-3 5:45 pm · (locked) | lilhurricane |
OTL logfile created on: 2/3/2013 12:30:44 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rob\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.86 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 42.92% Memory free 5.71 Gb Paging File | 3.76 Gb Available in Paging File | 65.83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119.70 Gb Total Space | 33.12 Gb Free Space | 27.67% Space Free | Partition Type: NTFS Drive D: | 324.58 Gb Total Space | 324.48 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Computer Name: ROB-PC | User Name: Rob | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013/02/03 12:30:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rob\Downloads\OTL (1).exe PRC - [2013/02/02 15:44:21 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe PRC - [2013/02/02 14:28:16 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe PRC - [2013/01/14 17:31:30 | 007,437,824 | ---- | M] (Google Inc.) -- C:\Users\Rob\AppData\Local\Programs\Google\MusicManager\MusicManager.exe PRC - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/10/17 17:40:41 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe PRC - [2012/01/04 08:40:48 | 000,519,888 | ---- | M] (iWin Inc.) -- C:\Program Files (x86)\Pogo Games\PGMTrusted.exe PRC - [2012/01/03 16:31:34 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011/11/30 03:26:26 | 000,393,640 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe PRC - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010/07/02 15:36:26 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2010/06/24 19:50:50 | 006,806,144 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010/05/03 16:45:50 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010/05/03 16:41:46 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2009/12/15 12:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009/09/30 21:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/09/30 21:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/06/19 12:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009/06/19 12:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe PRC - [2008/12/22 19:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2013/01/14 17:19:36 | 000,344,064 | ---- | M] () -- C:\Users\Rob\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll MOD - [2013/01/14 17:19:22 | 000,231,936 | ---- | M] () -- C:\Users\Rob\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll MOD - [2013/01/14 17:18:54 | 000,253,440 | ---- | M] () -- C:\Users\Rob\AppData\Local\Programs\Google\MusicManager\libid3tag.dll MOD - [2013/01/14 17:18:44 | 000,117,248 | ---- | M] () -- C:\Users\Rob\AppData\Local\Programs\Google\MusicManager\libaacdec.dll MOD - [2013/01/10 14:01:44 | 000,026,624 | ---- | M] () -- C:\Users\Rob\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll MOD - [2013/01/10 14:01:26 | 010,683,392 | ---- | M] () -- C:\Users\Rob\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll MOD - [2013/01/10 14:01:24 | 001,681,408 | ---- | M] () -- C:\Users\Rob\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll MOD - [2013/01/10 14:01:22 | 007,741,952 | ---- | M] () -- C:\Users\Rob\AppData\Local\Programs\Google\MusicManager\QtGui4.dll MOD - [2013/01/10 14:01:20 | 002,248,192 | ---- | M] () -- C:\Users\Rob\AppData\Local\Programs\Google\MusicManager\QtCore4.dll MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll MOD - [2011/11/30 03:26:26 | 000,393,640 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/05/04 10:04:16 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\mefeediatest\w3itemplateX.dll MOD - [2010/11/11 03:24:31 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll MOD - [2010/07/13 07:07:23 | 007,826,432 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll MOD - [2010/07/05 03:19:39 | 000,116,736 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll MOD - [2010/07/02 15:36:26 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2010/06/23 19:16:19 | 002,150,400 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll MOD - [2010/06/01 23:05:40 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\imageformats\qjpeg4.dll MOD - [2010/06/01 22:38:06 | 009,837,568 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtWebKit4.dll MOD - [2010/06/01 20:56:04 | 000,232,960 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll MOD - [2010/06/01 20:54:24 | 002,530,816 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll MOD - [2010/06/01 20:29:22 | 000,934,912 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtNetwork4.dll MOD - [2010/06/01 20:28:00 | 000,335,360 | ---- | M] () -- C:\Program Files (x86)\VTech\DownloadManager\System\QtXml4.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2009/12/07 18:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013/02/02 15:44:26 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/02/02 14:28:16 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP) SRV - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/01/04 08:40:48 | 000,519,888 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files (x86)\Pogo Games\PGMTrusted.exe -- (PGMTrusted) SRV - [2010/09/14 04:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2010/09/14 04:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/12/15 12:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009/09/30 21:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009/09/30 21:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009/06/15 19:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService) SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/03/31 04:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV:64bit: - [2013/02/02 14:52:35 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi) DRV:64bit: - [2013/02/02 14:52:34 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2012/10/25 17:23:06 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2012/10/25 17:23:06 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt) DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012/08/13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps) DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1) DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/12/30 00:02:46 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm) DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 04:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/09/23 02:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010/09/14 04:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2010/09/14 04:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2010/09/14 04:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2010/09/14 04:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2010/08/25 18:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/06/10 00:57:53 | 000,130,048 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010/03/02 02:45:23 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/02/26 02:32:11 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010/02/24 21:26:57 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME) DRV:64bit: - [2010/02/02 16:38:29 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010/01/18 03:45:49 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2009/09/17 14:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/08/19 20:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) DRV:64bit: - [2009/08/18 02:23:31 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR) DRV:64bit: - [2009/08/06 15:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009/07/20 03:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/18 14:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby) DRV:64bit: - [2009/06/10 14:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/13 11:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor) DRV:64bit: - [2009/05/09 00:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr) DRV:64bit: - [2008/05/23 19:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009/07/02 19:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/ IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=2637027f-662d-4146-8094-7169698ad269&searchtype=ds&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm00389us&ptb=FC370484-5F71-433D-A023-3DA05248DBD5&psa=&ind=2011052718&ptnrS=XPxdm00389us&si=&st=sb&n=77de3aae&searchfor={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=2637027f-662d-4146-8094-7169698ad269&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=2637027f-662d-4146-8094-7169698ad269&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=2637027f-662d-4146-8094-7169698ad269&searchtype=hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=2637027f-662d-4146-8094-7169698ad269&searchtype=ds&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=2637027f-662d-4146-8094-7169698ad269&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {83FCC510-6AA1-442C-AF0E-8402293740C7} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=2637027f-662d-4146-8094-7169698ad269&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes\{45D00630-B1DC-4F0B-8BCE-9958D080B354}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=POGO&o=APN10145&src=kw&q={searchTerms}&locale=&apn_ptnrs=^A6C&apn_dtid=^YYYYYY^YY^US&apn_uid=3f0dca36-d37e-4647-9ac5-7fa3c9494b58&apn_sauid=48959BF8-2645-43EE-B492-4B6DC1284273 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNRN_en IE - HKCU\..\SearchScopes\{83FCC510-6AA1-442C-AF0E-8402293740C7}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms} IE - HKCU\..\SearchScopes\{a5b9c0f5-5616-47cd-a95f-e43b488faccf}: "URL" = http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=XPxdm00389us&ptb=FC370484-5F71-433D-A023-3DA05248DBD5&psa=&ind=2011052718&ptnrS=XPxdm00389us&si=&st=sb&n=77de3aae&searchfor={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\nuance.com/DragonRIAPlugin: C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Rob\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Rob\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Rob\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012/01/04 11:13:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012/01/04 11:13:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/10/17 17:41:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013/02/02 14:52:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013/02/02 14:52:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013/02/02 14:52:42 | 000,000,000 | ---D | M]
[color=#E56717]========== Chrome ==========[/color]
CHR - default_search_provider: Web (Enabled) CHR - default_search_provider: search_url = http://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=US&userid=2637027f-662d-4146-8094-7169698ad269&searchtype=ds&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.374_0\plugin/npVKPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll CHR - plugin: Kaspersky Anti-Virus (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.397_0\plugin/npUrlAdvisor.dll CHR - plugin: registryAccess (Enabled) = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaoalnmcmconfcgedolcmhpeeiepmp\7.14.1.0_0\background/registryAccess.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Dragon NaturallySpeaking Rich Internet Application Support (Enabled) = C:\Program Files (x86)\Nuance\NaturallySpeaking12\Program\npDgnRia.dll CHR - plugin: TelevisionFanatic Plugin Stub (Enabled) = C:\Program Files (x86)\TelevisionFanatic\bar\1.bin\NP64Stub.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: BrowserPlus (from Yahoo!) v2.9.8 (Enabled) = C:\Users\Rob\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll CHR - plugin: RealPlayer Download Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll CHR - Extension: Pogo Toolbar = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaoalnmcmconfcgedolcmhpeeiepmp\7.14.1.33510_0\ CHR - Extension: Privacy SafeGuard = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\geggofhlfbcmanadhknllmlajiafopoh\1.1_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
O1 HOSTS File: ([2011/11/08 14:08:05 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Privacy Safeguard BHO) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard-x64.dll (PrivacySafeguard) O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {1036AD63-AEAC-460B-9060-C96005D4DC86} - No CLSID value found. O2 - BHO: (mefeediaTest) - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files (x86)\mefeediatest\w3itemplateX.dll () O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Program Files (x86)\Pogo Games\iWinGamesHookIE.dll (iWin Inc.) O2 - BHO: (Privacy Safeguard BHO) - {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - C:\Program Files\PrivacySafeGuard\PrivacySafeGuard.dll (PrivacySafeguard) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (Ask Toolbar for Pogo) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC) O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar for Pogo) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4 - HKLM..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe () O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler File not found O4 - HKCU..\Run: [MusicManager] C:\Users\Rob\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control) O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab (asusTek_sysctrl Class) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab (WorldWinner ActiveX Launcher Control) O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class) O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab (Java Plug-in 1.5.0) O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24962BFF-27F5-44E0-9A45-FC6EDB1C3F2A}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF2717B5-5F25-45ED-96A5-CF25B87F6F54}: DhcpNameServer = 192.168.0.1 205.171.2.25 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKCU\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2013/02/03 12:02:26 | 000,000,000 | ---D | C] -- C:\Users\Rob\AppData\Roaming\Malwarebytes [2013/02/03 12:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013/02/03 12:02:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/02/03 12:02:11 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013/02/03 12:02:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013/02/02 15:56:47 | 000,477,616 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2013/02/02 15:53:36 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2013/02/02 15:44:24 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/02/02 15:44:16 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013/02/02 14:21:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013 [2013/02/02 14:21:25 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll [2013/02/02 14:20:49 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP [2013/02/02 14:20:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2013/02/02 14:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab [2013/02/02 14:20:33 | 000,613,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2013/02/02 14:20:33 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys [2013/02/02 13:34:12 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013/02/02 13:34:12 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013/02/02 13:34:00 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013/02/02 13:33:57 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013/02/02 13:33:53 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013/02/02 13:33:53 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013/02/02 13:33:53 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013/02/02 13:33:53 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013/02/02 13:33:53 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013/02/02 13:33:53 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013/02/02 13:33:53 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013/02/02 13:33:53 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013/02/02 13:33:53 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013/02/02 13:33:53 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013/02/02 13:33:53 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013/02/02 13:33:53 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013/02/02 13:33:53 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013/02/02 13:33:53 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013/02/02 13:33:53 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013/02/02 13:33:53 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013/02/02 13:33:53 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013/02/02 13:33:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013/02/02 13:33:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013/02/02 13:33:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013/02/02 13:33:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013/02/02 13:33:53 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013/02/02 13:33:53 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013/02/02 13:33:52 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013/02/02 13:33:52 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013/02/02 13:33:52 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013/02/02 13:33:52 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013/02/02 13:33:52 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013/02/02 13:33:52 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013/02/02 13:33:52 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013/02/02 13:33:52 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013/02/02 13:33:52 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013/02/02 13:33:24 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013/02/02 13:33:23 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013/02/02 13:33:22 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013/02/02 13:33:22 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013/02/02 13:33:22 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013/02/02 13:33:22 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/02/02 13:33:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/02/02 13:33:22 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013/02/02 13:33:22 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/02/02 13:33:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013/02/02 13:33:22 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/02/02 13:33:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013/02/02 13:33:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013/02/02 13:33:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013/02/02 13:33:22 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013/02/02 13:33:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/02/02 13:33:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013/02/02 13:33:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013/02/02 13:33:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013/02/02 13:33:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013/02/02 13:33:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013/02/02 13:33:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013/02/02 13:33:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013/02/02 13:33:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013/02/02 13:33:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013/02/02 13:33:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013/02/02 13:33:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013/02/02 13:33:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013/02/02 13:33:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013/02/02 13:33:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013/02/02 13:33:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/02/02 13:33:06 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2008/08/11 23:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll | actions · 2013-Feb-3 5:46 pm · (locked) | lilhurricane |
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2013/02/03 12:34:06 | 000,010,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/02/03 12:34:06 | 000,010,240 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/02/03 12:33:54 | 000,780,172 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/02/03 12:33:54 | 000,660,990 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/02/03 12:33:54 | 000,121,628 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/02/03 12:27:07 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/02/03 12:26:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/02/03 12:26:28 | 2299,822,080 | -HS- | M] () -- C:\hiberfil.sys [2013/02/03 12:02:12 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/02/02 19:53:47 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/02/02 19:53:47 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/02/02 19:23:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1697743913-2738926197-3759066339-1001UA.job [2013/02/02 17:23:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1697743913-2738926197-3759066339-1001Core.job [2013/02/02 16:30:22 | 000,268,888 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/02/02 16:26:25 | 000,774,388 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013/02/02 15:56:38 | 000,477,616 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\npdeployJava1.dll [2013/02/02 15:56:38 | 000,473,520 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2013/02/02 15:56:38 | 000,158,128 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2013/02/02 15:56:38 | 000,149,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2013/02/02 15:56:38 | 000,149,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2013/02/02 15:49:14 | 000,001,320 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2013/02/02 15:44:24 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/02/02 15:44:24 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/02/02 15:02:17 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\Registry Optimizer_DEFAULT.job [2013/02/02 14:52:35 | 000,054,104 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kltdi.sys [2013/02/02 14:52:34 | 000,613,720 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys [2013/02/02 14:24:02 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2013/02/02 14:21:26 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk [2013/02/02 14:04:57 | 000,002,360 | ---- | M] () -- C:\Users\Rob\Desktop\Google Chrome.lnk [2013/02/02 12:45:44 | 000,012,330 | -HS- | M] () -- C:\Users\Rob\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl [2013/02/02 12:45:44 | 000,012,330 | -HS- | M] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl [2013/01/07 21:01:48 | 000,000,412 | ---- | M] () -- C:\Users\Rob\Desktop\out.bin
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013/02/03 12:02:12 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2013/02/02 15:44:28 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/02/02 14:21:49 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk [2013/01/07 21:02:08 | 000,012,330 | -HS- | C] () -- C:\Users\Rob\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl [2013/01/07 21:02:08 | 000,012,330 | -HS- | C] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl [2013/01/07 21:01:48 | 000,000,412 | ---- | C] () -- C:\Users\Rob\Desktop\out.bin [2012/12/14 21:16:42 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012/12/03 13:02:17 | 000,003,584 | ---- | C] () -- C:\Users\Rob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/11/06 08:52:59 | 000,001,915 | ---- | C] () -- C:\Users\Rob\AppData\Roaming\SAS7_000.DAT [2012/10/07 17:26:59 | 000,000,258 | RHS- | C] () -- C:\Users\Rob\ntuser.pol [2011/12/27 12:16:55 | 000,000,581 | ---- | C] () -- C:\Users\Rob\AppData\Local\cookies.ini [2011/12/08 06:50:00 | 000,017,408 | ---- | C] () -- C:\Users\Rob\AppData\Local\WebpageIcons.db [2011/05/06 00:37:45 | 000,774,388 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009/04/08 12:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll [2008/05/22 10:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-1697743913-2738926197-3759066339-1001\$624adf7c2c41c0b6ed0901a0c8bea2c5\n.
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
[color=#E56717]========== LOP Check ==========[/color]
[2012/10/07 18:05:41 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Azureus [2011/11/15 14:26:04 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\com.w3i.intune [2011/11/15 14:24:19 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Fighters [2012/10/07 17:27:43 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Nico Mak Computing [2011/08/15 15:20:27 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Nikon [2012/11/05 17:33:18 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\Nuance [2012/10/16 12:20:22 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\OpenCandy [2013/02/02 13:59:04 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\SoftGrid Client [2012/11/02 17:45:12 | 000,000,000 | ---D | M] -- C:\Users\Rob\AppData\Roaming\TuneUpMedia
[color=#E56717]========== Purity Check ==========[/color]
[color=#E56717]========== Alternate Data Streams ==========[/color]
@Alternate Data Stream - 178 bytes -> C:\ProgramData\TEMP:7FFED16F @Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:1C678466 | actions · 2013-Feb-3 5:47 pm · (locked) | lilhurricane |
OTL Extras logfile created on: 2/3/2013 12:30:44 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rob\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.86 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 42.92% Memory free 5.71 Gb Paging File | 3.76 Gb Available in Paging File | 65.83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 119.70 Gb Total Space | 33.12 Gb Free Space | 27.67% Space Free | Partition Type: NTFS Drive D: | 324.58 Gb Total Space | 324.48 Gb Free Space | 99.97% Space Free | Partition Type: NTFS
Computer Name: ROB-PC | User Name: Rob | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\]
[color=#E56717]========== Shell Spawning ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "AutoUpdateDisableNotify" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{19A33B1C-D00C-414C-A84E-81AF1B3BF740}" = rport=138 | protocol=17 | dir=out | app=system | "{2E264009-DDBF-437B-9E00-9A767B74A060}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4233835D-059C-4007-85D1-4A45C94D92DC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{55A8AADF-008C-40F2-881B-7DA4F2846F8A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{5FB8F861-5507-47DF-B70F-065218FD5341}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{5FEB176A-FAAF-4431-B63E-10D39337A9DC}" = lport=138 | protocol=17 | dir=in | app=system | "{6263CFDB-4AE3-4096-8997-4917C2432655}" = lport=51001 | protocol=6 | dir=in | name=dragon smart phone server | "{8C1F1D4F-B5BF-4CDA-8726-955C48E1A915}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{BFEBEF69-4DBA-44C7-9BBD-A5C15B0EDBE9}" = lport=139 | protocol=6 | dir=in | app=system | "{D5CB2CB3-20C6-4C34-8F32-A0154D6822FB}" = lport=445 | protocol=6 | dir=in | app=system | "{DD03CB32-C369-4B81-A874-548341B177B4}" = rport=445 | protocol=6 | dir=out | app=system | "{DFAB6E03-631D-4E68-A59A-C568A9AF01B5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{E298ED23-874A-4EED-A4D0-7B579F2E8ED5}" = rport=137 | protocol=17 | dir=out | app=system | "{E4E90D80-73CC-471A-9256-2527CE49D57F}" = rport=139 | protocol=6 | dir=out | app=system | "{E619E718-4F1C-49D1-A45E-3B0DAB7B0278}" = lport=137 | protocol=17 | dir=in | app=system |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{07B86CA9-2250-45ED-8CB5-B5C04D3E86CB}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{17800AC6-465F-41C4-BB9C-119C516E2AC8}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | "{179D8D90-8FF5-4559-B255-FC62E8EFF7ED}" = protocol=17 | dir=in | app=c:\program files (x86)\pogo games\pogodgc.exe | "{2E7C98D0-782E-4ADF-8985-9B015CA8FE69}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{345E081A-C03D-4017-9C13-B69E04637172}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{50257130-BB52-4699-A2A5-BA3616EC9658}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{62E8326F-8A17-4F6A-A05E-911ECB9F020E}" = protocol=6 | dir=in | app=c:\program files (x86)\pogo games\pogodgc.exe | "{8F2732FA-58E6-4B52-B2EA-B5AD901C77BA}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | "{B0F00321-014B-4E0A-A688-14ACC8A339FB}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1050 j410 series\bin\usbsetup.exe | "{B37820D4-EF94-41B6-9E06-F8F36405FF9F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{C0C423F8-2928-4D40-BA0E-FCA2D8E2DD6D}" = protocol=6 | dir=in | app=c:\program files (x86)\pogo games\webupdater.exe | "{D775607B-4AA6-401C-A052-79106B114240}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{DCBCA48E-1A25-4085-9259-76C5F503C077}" = protocol=17 | dir=in | app=c:\program files (x86)\pogo games\webupdater.exe | "{E5BA819F-BF46-4146-B3C6-32FB1618BB5C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "TCP Query User{5C0BA06E-AF0D-4762-A95E-D9672712C11B}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | "TCP Query User{5E497EB0-67CB-41C0-AC6D-61F24776E07D}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{0B0B7751-C7C5-4558-B97C-E31D106CFAEF}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{53A679AE-C46C-4829-84FD-D16808096E4E}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series" = Canon MX410 series MP Drivers "{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot "{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes "{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety "{1AB4DB8C-4123-45DC-B896-C67990F76DA4}" = HP Deskjet 1050 J410 series Product Improvement Study "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant "{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}" = MobileMe Control Panel "{4268BF51-DFDF-4178-8B8D-5D5752FCAA58}" = HP Deskjet 1050 J410 series Basic Device Software "{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety "{4BC310C4-B898-46E2-B5FB-B85A30AA7142}" = iCloud "{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour "{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources "{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01 "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010 "{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{B820C985-D9F1-45B5-A7F5-0C5863CBEA04}_is1" = Privacy SafeGuard version 1.1 "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app "CNXT_AUDIO_HDA" = Conexant HD Audio "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3 "{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83216039FF}" = Java(TM) 6 Update 39 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections "{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart "{3248F0A8-6813-11D6-A77B-00B0D0150000}" = J2SE Runtime Environment 5.0 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{40C4903E-EDFB-4CAE-A611-41FEBA585921}" = VTech Download Agent Library "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform "{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion "{508BFA95-545E-42A2-8C9D-E531C53C9B79}" = inTuneMP3 "{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013 "{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck "{5C90D8CF-F12A-41C6-9007-3B651A1F0D78}" = HP Deskjet 1050 J410 series Help "{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer "{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform "{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support "{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack "{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect "{6B9C32DB-DBCD-45A8-B901-3A92A99A2474}" = InstallVC90Support "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E1CB0F1-67BF-4052-AA23-FA22E94804C1}" = InstallIQ Updater "{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash "{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center "{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer "{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.5) "{ADAB2A0A-396F-4462-A3D6-C8C65BE3B301}" = VirtualDJ Broadcaster "{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update "{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2 "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources "{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2 "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger "{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager "{FA4C2D53-205F-4245-9717-F3761154824D}" = Safari "{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "8461-7759-5462-8226" = Vuze "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Canon MX410 series User Registration" = Canon MX410 series User Registration "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "HP Photo Creations" = HP Photo Creations "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100 "mefeediatest" = MeFeedia "MP Navigator EX 4.1" = Canon MP Navigator EX 4.1 "Office14.Click2Run" = Microsoft Office Click-to-Run 2010 "Plants Vs Zombies: Game of the Year Edition" = Plants Vs Zombies: Game of the Year Edition (remove only) "PogoDGC" = Pogo Games (remove only) "RealPlayer 15.0" = RealPlayer "Speed Dial Utility" = Canon Speed Dial Utility "Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions "VTechDownloadManager" = Learning Lodge Navigator "WinLiveSuite" = Windows Live Essentials "WinZip Registry Optimizer_is1" = WinZip Registry Optimizer "Yahoo! Software Update" = Yahoo! Software Update
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar for Pogo Updater "48e4cff94f039634" = Best Buy pc app "Google Chrome" = Google Chrome "MusicManager" = Music Manager "Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ] Error - 12/24/2012 1:02:51 PM | Computer Name = Rob-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 8424
Error - 12/24/2012 1:02:51 PM | Computer Name = Rob-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 8424
Error - 12/24/2012 1:02:52 PM | Computer Name = Rob-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second
Error - 12/24/2012 1:02:52 PM | Computer Name = Rob-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 9516
Error - 12/24/2012 1:02:52 PM | Computer Name = Rob-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 9516
Error - 12/30/2012 10:12:09 PM | Computer Name = Rob-PC | Source = Application Error | ID = 1000 Description = Faulting application name: iexplore.exe, version: 9.0.8112.16457, time stamp: 0x50a2f9e3 Faulting module name: YontooIEClient.dll, version: 1.10.1.0, time stamp: 0x4e4e9316 Exception code: 0xc0000005 Fault offset: 0x000580f6 Faulting process id: 0xfa0 Faulting application start time: 0x01cde6f99e4792e1 Faulting application path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path: C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll Report Id: 7afd0636-52ef-11e2-a96e-bcaec5a1b6e2
Error - 1/7/2013 11:02:00 PM | Computer Name = Rob-PC | Source = Application Error | ID = 1000 Description = Faulting application name: Update.exe_Microsoft® Windows® Operating System, version: 6.1.7601.17514, time stamp: 0x4ce78ecc Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x00405430 Faulting process id: 0x1f34 Faulting application start time: 0x01cded4c8665798e Faulting application path: C:\windows\syswow64\sysprep\Update.exe Faulting module path: unknown Report Id: c4a04c6d-593f-11e2-971f-bcaec5a1b6e2
Error - 1/7/2013 11:02:03 PM | Computer Name = Rob-PC | Source = Application Error | ID = 1000 Description = Faulting application name: Update.exe_Microsoft® Windows® Operating System, version: 6.1.7601.17514, time stamp: 0x4ce78ecc Faulting module name: CRYPTSP.dll, version: 0.0.0.0, time stamp: 0x50eb1124 Exception code: 0xc0000005 Fault offset: 0x00001819 Faulting process id: 0x1f34 Faulting application start time: 0x01cded4c8665798e Faulting application path: C:\windows\syswow64\sysprep\Update.exe Faulting module path: C:\windows\syswow64\sysprep\CRYPTSP.dll Report Id: c6ca607a-593f-11e2-971f-bcaec5a1b6e2
Error - 2/2/2013 2:45:48 PM | Computer Name = Rob-PC | Source = CVHSVC | ID = 100 Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
Error - 2/2/2013 3:24:44 PM | Computer Name = Rob-PC | Source = Application Error | ID = 1000 Description = Faulting application name: chrome.exe, version: 23.0.1271.97, time stamp: 0x50be88d8 Faulting module name: ole32.dll, version: 6.1.7601.17514, time stamp: 0x4ce7b96f Exception code: 0xc0000005 Fault offset: 0x0003bc21 Faulting process id: 0xd94 Faulting application start time: 0x01ce017aeee7820d Faulting application path: C:\Users\Rob\AppData\Local\Google\Chrome\Application\chrome.exe Faulting module path: C:\Windows\syswow64\ole32.dll Report Id: 325bcd8b-6d6e-11e2-971f-bcaec5a1b6e2
[ Media Center Events ] Error - 2/26/2012 8:28:48 PM | Computer Name = Rob-PC | Source = MCUpdate | ID = 0 Description = 6:28:48 PM - Error connecting to the internet. 6:28:48 PM - Unable to contact server..
Error - 2/26/2012 8:29:22 PM | Computer Name = Rob-PC | Source = MCUpdate | ID = 0 Description = 6:29:17 PM - Error connecting to the internet. 6:29:17 PM - Unable to contact server..
Error - 2/28/2012 9:31:46 AM | Computer Name = Rob-PC | Source = MCUpdate | ID = 0 Description = 7:31:42 AM - Error connecting to the internet. 7:31:42 AM - Unable to contact server..
Error - 2/28/2012 5:52:04 PM | Computer Name = Rob-PC | Source = MCUpdate | ID = 0 Description = 3:52:00 PM - Error connecting to the internet. 3:52:00 PM - Unable to contact server..
Error - 3/9/2012 11:46:55 PM | Computer Name = Rob-PC | Source = MCUpdate | ID = 0 Description = 9:46:43 PM - Failed to retrieve SportsV2 (Error: The remote name could not be resolved: 'data.tvdownload.microsoft.com')
Error - 3/16/2012 12:24:00 AM | Computer Name = Rob-PC | Source = MCUpdate | ID = 0 Description = 11:24:00 PM - Failed to retrieve Directory (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.)
Error - 3/18/2012 10:31:57 AM | Computer Name = Rob-PC | Source = MCUpdate | ID = 0 Description = 9:31:56 AM - Error connecting to the internet. 9:31:56 AM - Unable to contact server..
Error - 4/3/2012 8:25:27 PM | Computer Name = Rob-PC | Source = MCUpdate | ID = 0 Description = 7:25:26 PM - Error connecting to the internet. 7:25:26 PM - Unable to contact server..
Error - 4/3/2012 8:26:01 PM | Computer Name = Rob-PC | Source = MCUpdate | ID = 0 Description = 7:25:56 PM - Error connecting to the internet. 7:25:56 PM - Unable to contact server..
Error - 4/3/2012 11:15:12 PM | Computer Name = Rob-PC | Source = MCUpdate | ID = 0 Description = 10:15:12 PM - Failed to retrieve Directory (Error: The remote name could not be resolved: 'data.tvdownload.microsoft.com')
[ System Events ] Error - 9/27/2012 8:15:18 PM | Computer Name = Rob-PC | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block.
Error - 9/27/2012 8:15:24 PM | Computer Name = Rob-PC | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block.
Error - 9/27/2012 8:15:30 PM | Computer Name = Rob-PC | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block.
Error - 9/27/2012 8:15:36 PM | Computer Name = Rob-PC | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block.
Error - 9/27/2012 8:15:42 PM | Computer Name = Rob-PC | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block.
Error - 9/27/2012 8:15:48 PM | Computer Name = Rob-PC | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block.
Error - 9/27/2012 8:15:54 PM | Computer Name = Rob-PC | Source = cdrom | ID = 262155 Description = The driver detected a controller error on \Device\CdRom0.
Error - 9/27/2012 8:16:00 PM | Computer Name = Rob-PC | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block.
Error - 9/27/2012 8:16:06 PM | Computer Name = Rob-PC | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block.
Error - 9/27/2012 8:16:12 PM | Computer Name = Rob-PC | Source = cdrom | ID = 262151 Description = The device, \Device\CdRom0, has a bad block. | actions · 2013-Feb-3 5:47 pm · (locked) | lilhurricane |
Results of screen317's Security Check version 0.99.57 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 [u]``````````````Antivirus/Firewall Check:``````````````[/u] Windows Firewall Enabled! Kaspersky Anti-Virus Antivirus up to date! (On Access scanning disabled!) [u]`````````Anti-malware/Other Utilities Check:`````````[/u] Malwarebytes Anti-Malware version 1.70.0.1100 Java(TM) 6 Update 39 [color=red]Java version out of Date![/color] Adobe Flash Player 10 [color=red]Flash Player out of Date![/color] Adobe Reader 10.1.5 [color=red]Adobe Reader out of Date![/color] Google Chrome 23.0.1271.97 Google Chrome 24.0.1312.57 [u]````````Process Check: objlist.exe by Laurent````````[/u] Kaspersky Lab Kaspersky Anti-Virus 2013 avp.exe [u]`````````````````System Health check`````````````````[/u] Total Fragmentation on Drive C: 55% [color=red]Defragment your hard drive soon! (Do NOT defrag if SSD!)[/color] [u]````````````````````End of Log``````````````````````[/u]
ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK | actions · 2013-Feb-3 5:48 pm · (locked) | lilhurricane |
to drslash
Hiya Dr ...we seem to be missing some of the ESET log.. Can you re-check? (Not re-run) You will find for 64bit Windows: C:\Program Files\ESET\ESET Online Scanner\log.txt | actions · 2013-Feb-3 5:50 pm · (locked) | drslash (banned)Goya Asma join:2002-02-18 Marion, IA |
drslash (banned)
Member
2013-Feb-3 7:26 pm
I will check but that is all I found the first time. | actions · 2013-Feb-3 7:26 pm · (locked) | | drslash |
to lilhurricane
I looked again and that was all I found. I probably messed up. The online scan ran a long time and cleaned up 4 threats. | actions · 2013-Feb-4 12:44 am · (locked) |
1 recommendation |
to drslash
The OTL Extra's log shows there in an Uninstaller Entry for Winzip Registry Optimizer. Have you tried using that to uninstall it? Also, see here: » guides.yoosecurity.com/h ··· l-guide/Post back here and let me know the results. | actions · 2013-Feb-4 3:53 pm · (locked) | drslash (banned)Goya Asma join:2002-02-18 Marion, IA |
drslash (banned)
Member
2013-Feb-5 12:38 am
I tried the uninstall program that is in the WinZip folder, I tried the uninstall in the control panel, and I tried to follow a number of different uninstall procedures like the one you linked to with no success. The point of the virus maker is that they do not want it uninstalled and the virus maker uses many variations on how it is installed and uses varied file names and registry entries to make it difficult to uninstall. Thanks for your suggestion. | actions · 2013-Feb-5 12:38 am · (locked) |
1 recommendation |
to drslash
Download ComboFix from one of these locations: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.infospyware.net/antimalware/combofix/
* IMPORTANT !!! Save ComboFix.exe to your Desktop[*]Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools [*]Double click on ComboFix.exe & follow the prompts. [*]As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. [*]Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1.Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser. 3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper. 4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Give it at least 20-30 minutes to finish if needed.
| actions · 2013-Feb-5 11:30 am · (locked) | drslash (banned)Goya Asma join:2002-02-18 Marion, IA |
drslash (banned)
Member
2013-Feb-5 4:02 pm
A question before I do this, will ComboFix attempt repairs or will it just produce the ComboFix.txt file to be used for analysis and manual repairs? | actions · 2013-Feb-5 4:02 pm · (locked) | |
to drslash
Combofix will remove/repair as needed. If this is an issue, we can use a diffrerent approach.
You could try doing a full san with Kaspersky and what it finds and removes and post that here, before trying Combofix. | actions · 2013-Feb-5 4:46 pm · (locked) | drslash (banned)Goya Asma join:2002-02-18 Marion, IA |
drslash (banned)
Member
2013-Feb-6 10:59 am
A full scan with Kaspersky come backs clean, nothing found. | actions · 2013-Feb-6 10:59 am · (locked) |
1 recommendation |
to drslash
OK, no need to run COmbofix at this time.
Instead, run OTL again, and post the new log in this thread. I want to check current status.
NoteL: There will not be a new Extras log. | actions · 2013-Feb-7 11:08 am · (locked) |
|