Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

ib.adnxs.com pop up

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

ib.adnxs.com pop up

Unread postby hismajewsty » January 28th, 2013, 9:45 pm

I am posting a separate thread because it appears that this malware is specific to individual computers, so I wanted to see if someone could help me with my problem. I'm getting pop-ups randomly from nym1.ib.adnxs.com. I have run AVG, SpyHunter, CCleaner. No luck. I did a complete re-install of Windows 7 and started the machine from scratch. No luck. I'm using an Acer Aspire 6930.

Here are the DDS logs I received when I ran it... Thank you in advance to anyone that can help!!!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by Chris at 20:43:28 on 2013-01-28
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.3997.1023 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Chris\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
uRun: [Google Update] "C:\Users\Chris\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MusicManager] "C:\Users\Chris\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [eAudio] "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
mRun: [ADBlocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe -tray
mRun: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{838CABFE-2C4D-4B04-AB1C-D0550BAA1084} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2012-9-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2012-9-14 40800]
R0 pctDS;PC Tools Data Store;C:\Windows\System32\drivers\pctDS64.sys [2013-1-27 453896]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\System32\drivers\pctEFA64.sys [2013-1-27 1096176]
R1 asdnet;asdnet;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\amd64\asdnet.sys [2013-1-28 19280]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-10-2 185696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-9-21 200032]
R2 ADBlockerSrv;AD Blocker Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [2013-1-28 279368]
R2 asdrs;AntiMalware Host-based Intrusion Prevention System;C:\Windows\System32\drivers\asdrs.sys [2013-1-28 23376]
R2 asdsrv;Anvi Smart Defender Realtime Guard Service;C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe [2012-12-20 735592]
R2 asdws;AnviSmartDefender Web Guard;C:\Windows\System32\drivers\asdws.sys [2013-1-28 17232]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2013-1-28 24576]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
R3 winbondcir;Winbond IR Transceiver;C:\Windows\System32\drivers\winbondcir.sys [2007-3-28 46592]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-28 1255736]
.
=============== Created Last 30 ================
.
2013-01-29 01:15:22 -------- d-----w- C:\Program Files (x86)\Launch Manager
2013-01-29 01:11:30 -------- d-----w- C:\Users\Chris\AppData\Roaming\Anvisoft
2013-01-29 01:11:11 23376 ----a-w- C:\Windows\System32\drivers\asdrs.sys
2013-01-29 01:11:11 18768 ----a-w- C:\Windows\System32\drivers\asdrm.sys
2013-01-29 01:11:11 17232 ----a-w- C:\Windows\System32\drivers\asdws.sys
2013-01-29 01:10:52 -------- d-----w- C:\ProgramData\Anvisoft
2013-01-29 01:10:40 -------- d-----w- C:\Program Files (x86)\Anvisoft
2013-01-29 01:08:10 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2013-01-29 01:08:10 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2013-01-29 01:08:10 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2013-01-29 01:08:08 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2013-01-29 01:08:01 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2013-01-29 01:06:56 -------- d-----w- C:\Windows\BUVC_AP
2013-01-29 01:05:43 238080 ----a-w- C:\Windows\System32\ITEIO_64.dll
2013-01-29 01:05:43 16080 ----a-w- C:\Windows\System32\drivers\TVicPort64.sys
2013-01-29 01:05:43 13144 ----a-w- C:\Windows\System32\drivers\ITEIO.sys
2013-01-29 01:05:40 -------- d-----w- C:\Users\Chris\AppData\Local\Apple Computer
2013-01-29 01:05:02 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2013-01-29 01:03:45 -------- d-----w- C:\Program Files\iPod
2013-01-29 01:03:44 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-29 01:03:44 -------- d-----w- C:\Program Files\iTunes
2013-01-29 01:03:44 -------- d-----w- C:\Program Files (x86)\iTunes
2013-01-29 01:02:54 67584 ----a-w- C:\Windows\System32\MCEPlugin.dll
2013-01-29 01:02:54 258560 ----a-w- C:\Windows\System32\SysHook.dll
2013-01-29 01:02:34 67584 ----a-w- C:\Windows\SysWow64\MCEPlugin.dll
2013-01-29 01:02:34 -------- d-----w- C:\Users\Chris\AppData\Local\Apple
2013-01-29 01:02:33 258560 ----a-w- C:\Windows\SysWow64\SysHook.dll
2013-01-29 00:59:48 -------- d-----w- C:\Program Files\Bonjour
2013-01-29 00:59:48 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-01-29 00:59:33 585216 ----a-w- C:\Windows\System32\INT15_64.dll
2013-01-29 00:59:33 17952 ----a-w- C:\Windows\System32\drivers\int15_64.sys
2013-01-29 00:57:35 17952 ----a-w- C:\Windows\SysWow64\drivers\int15_64.sys
2013-01-29 00:57:35 15392 ----a-w- C:\Windows\SysWow64\drivers\int15.sys
2013-01-29 00:57:35 -------- d-----w- C:\Program Files\Acer
2013-01-29 00:46:20 -------- d-----w- C:\Users\Chris\AppData\Local\Programs
2013-01-29 00:42:02 -------- d-----w- C:\Windows\PCHEALTH
2013-01-29 00:38:25 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2013-01-29 00:37:27 -------- d-----w- C:\Users\Chris\AppData\Local\Microsoft Help
2013-01-28 21:25:39 -------- d-----w- C:\Windows\SysWow64\Wat
2013-01-28 21:25:39 -------- d-----w- C:\Windows\System32\Wat
2013-01-28 12:14:40 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2013-01-28 12:14:40 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2013-01-28 12:14:40 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2013-01-28 12:14:40 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-01-28 11:55:51 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2013-01-28 11:55:50 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2013-01-28 11:55:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2013-01-28 11:55:50 367616 ----a-w- C:\Windows\System32\atmfd.dll
2013-01-28 11:55:50 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2013-01-28 11:55:50 100864 ----a-w- C:\Windows\System32\fontsub.dll
2013-01-28 11:54:49 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-01-28 11:54:49 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-01-28 11:54:48 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-01-28 11:54:48 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-01-28 11:54:47 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-01-28 11:54:47 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-01-28 11:54:47 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-01-28 11:52:21 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2013-01-28 11:52:21 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2013-01-28 11:52:21 5120 ----a-w- C:\Windows\System32\wmi.dll
2013-01-28 11:52:21 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2013-01-28 11:52:21 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2013-01-28 08:22:50 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2013-01-28 08:21:34 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-01-28 08:20:53 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2013-01-28 08:19:48 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-28 08:18:59 715776 ----a-w- C:\Windows\System32\kerberos.dll
2013-01-28 08:17:59 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2013-01-28 02:54:22 -------- d-----w- C:\Windows\Panther
2013-01-28 02:51:06 -------- d-----w- C:\Windows\System32\appmgmt
2013-01-28 02:42:05 -------- d-----w- C:\Windows.old.001
2013-01-28 01:34:31 -------- d-----w- C:\Program Files\Enigma Software Group
2013-01-28 01:33:47 -------- d-----w- C:\Windows\83B952C7F8F34CA3B4C533C85B24E478.TMP
2013-01-28 01:33:46 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-01-28 01:31:07 -------- d-----w- C:\Program Files (x86)\PC Tools
2013-01-28 01:23:56 1096176 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2013-01-28 01:23:55 453896 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2013-01-28 01:23:49 253256 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2013-01-28 01:23:49 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2013-01-28 01:23:18 -------- d-----w- C:\ProgramData\PC Tools
2013-01-28 01:23:17 -------- d-----w- C:\Users\Chris\AppData\Roaming\TestApp
2013-01-28 01:20:50 -------- d-----w- C:\ProgramData\AVG January 2013 Campaign
2013-01-28 01:12:40 -------- d-----w- C:\Users\Chris\AppData\Roaming\AVG2013
2013-01-28 01:11:17 -------- d-----w- C:\Users\Chris\AppData\Roaming\TuneUp Software
2013-01-28 01:10:52 -------- d-----w- C:\ProgramData\AVG2013
2013-01-28 01:10:07 -------- d-----w- C:\Program Files (x86)\AVG
2013-01-28 00:59:28 -------- d--h--w- C:\ProgramData\Common Files
2013-01-28 00:59:28 -------- d-----w- C:\Users\Chris\AppData\Local\MFAData
2013-01-28 00:59:28 -------- d-----w- C:\Users\Chris\AppData\Local\Avg2013
2013-01-28 00:59:28 -------- d-----w- C:\ProgramData\MFAData
2013-01-28 00:33:43 -------- d-s---w- C:\Users\Chris\Google Drive
2013-01-28 00:32:12 -------- d-----r- C:\Users\Chris\Dropbox
2013-01-28 00:26:20 -------- d-----w- C:\Users\Chris\Trail Guide to the Body DVD
2013-01-28 00:24:43 -------- d-----w- C:\Users\Chris\Programs
2013-01-28 00:24:41 -------- d-----w- C:\Users\Chris\Professional
2013-01-28 00:23:20 -------- d-----w- C:\Users\Chris\Microsoft Word
2013-01-28 00:23:16 -------- d-sh--w- C:\Windows\Installer
2013-01-28 00:22:46 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2013-01-28 00:22:46 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2013-01-28 00:22:45 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2013-01-28 00:18:16 -------- d-----w- C:\Users\Chris\AppData\Local\Google
2013-01-28 00:17:52 -------- d-----w- C:\Users\Chris\AppData\Local\Apps
2013-01-28 00:17:51 -------- d-----w- C:\Users\Chris\AppData\Local\Deployment
2013-01-28 00:16:19 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-01-28 00:16:06 99840 ----a-w- C:\Windows\System32\wudriver.dll
.
==================== Find3M ====================
.
2012-12-26 14:18:40 268435456 --sha-w- C:\swapfile.sys
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-23 03:26:31 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe
2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll
2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-11-16 04:33:24 111968 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2012-11-09 05:45:32 750592 ----a-w- C:\Windows\System32\win32spl.dll
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:43:04 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-02 05:59:11 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
.
============= FINISH: 20:43:51.14 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 1/27/2013 7:14:56 PM
System Uptime: 1/28/2013 7:13:51 PM (1 hours ago)
.
Motherboard: Acer | | Makalu
Processor: Intel(R) Core(TM)2 Duo CPU T6400 @ 2.00GHz | U2E1 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 110 GiB total, 48.906 GiB free.
D: is FIXED (NTFS) - 106 GiB total, 73.332 GiB free.
E: is CDROM ()
F: is Removable
G: is FIXED (NTFS) - 596 GiB total, 319.979 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP14: 1/28/2013 4:51:51 PM - Windows Update
RP15: 1/28/2013 7:35:23 PM - Installed Microsoft Office Enterprise 2007
RP16: 1/28/2013 7:56:41 PM - Installed Acer Empowering Technology
RP17: 1/28/2013 8:01:25 PM - Installed Acer ePower Management
RP18: 1/28/2013 8:02:40 PM - Installed iTunes
RP19: 1/28/2013 8:06:37 PM - Installed Acer Crystal Eye Webcam
.
==== Installed Programs ======================
.
Acer Crystal Eye Webcam
Acer eAudio Management
Acer Empowering Technology
Acer ePower Management
Acer eSettings Management
AD Blocker
Adobe Reader XI (11.0.01)
Anvi Smart Defender 1.8
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AVG 2013
Bonjour
Google Chrome
Google Update Helper
iTunes
Launch Manager
Microsoft .NET Framework 4 Client Profile
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Music Manager
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual Studio 2010 x64 Redistributables
.
==== Event Viewer Messages From Past Week ========
.
1/28/2013 7:15:11 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
1/28/2013 7:13:08 PM, Error: Service Control Manager [7043] - The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
1/28/2013 4:33:13 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).
1/28/2013 4:33:13 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Security Update for Internet Explorer 8 for Windows 7 for x64-based Systems (KB2799329).
1/28/2013 4:31:37 PM, Error: Service Control Manager [7023] -
1/27/2013 8:04:44 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user Chris-PC\Chris SID (S-1-5-21-3311741951-3938612639-208550191-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/27/2013 10:45:37 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
.
==== End Of File ===========================
hismajewsty
Active Member
 
Posts: 6
Joined: January 28th, 2013, 9:27 pm
Advertisement
Register to Remove

Re: ib.adnxs.com pop up

Unread postby MWR 3 day Mod » February 1st, 2013, 6:22 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: ib.adnxs.com pop up

Unread postby melboy » February 1st, 2013, 6:03 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


==============================================


Q1: I notice you have Microsoft Office Enterprise 2007 installed. Please tell me how this software was obtained.

Q2: Does this only happen whilst surfing the web, if so, Is the problem unique to Chrome, or does it happen with other browsers?


MGADiag

Download the diagnostic tool MGADiag and save it to your desktop.

  • Right click MGADiag.exe & choose Run as Administrator.
  • Allow if prompted by the UAC
  • Click Continue
  • The tool will run. When finished, click Copy.
  • Paste the report in your next reply.



OTL

Download OTL by Old Timer and save it to your Desktop.

  • Right click OTL.exe & choose Run as Administrator.
  • Allow if prompted by the UAC
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: ib.adnxs.com pop up

Unread postby hismajewsty » February 1st, 2013, 11:06 pm

Thank you in advance for your assistance.

Answer to question 1: I obtained it through my brother's company. He gave me a unique activation key that only I use and it is activated through Microsoft. I've had it for several years and it was never a problem in the past. My current problem occurred well after I installed this.

Answer to question 2: This problem only occurs while Google Chrome is open. Never any time else. I haven't tried any other browsers. I use Chrome for a lot of my daily work.

MGADiag:

Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->

Validation Code: 0
Cached Online Validation Code: 0x0
Windows Product Key: *****-*****-M6VG6-HD26M-8QVQP
Windows Product Key Hash: NKdGbkCGWMBTUYb1MDCZd8vIzlU=
Windows Product ID: 00371-178-2272787-85411
Windows Product ID Type: 5
Windows License Type: Retail
Windows OS version: 6.1.7601.2.00010100.1.0.048
ID: {F798ED19-73F7-49EA-9582-F17EB30E671E}(1)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: N/A, hr = 0x80070002
Signed By: N/A, hr = 0x80070002
Product Name: Windows 7 Professional
Architecture: 0x00000009
Build lab: 7601.win7sp1_gdr.120830-0333
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002
OGAExec.exe Signed By: N/A, hr = 0x80070002
OGAAddin.dll Signed By: N/A, hr = 0x80070002

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Enterprise 2007 - 100 Genuine
OGA Version: N/A, 0x80070002
Signed By: N/A, hr = 0x80070002
Office Diagnostics: 025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{F798ED19-73F7-49EA-9582-F17EB30E671E}</UGUID><Version>1.9.0027.0</Version><OS>6.1.7601.2.00010100.1.0.048</OS><Architecture>x64</Architecture><PKey>*****-*****-*****-*****-8QVQP</PKey><PID>00371-178-2272787-85411</PID><PIDType>5</PIDType><SID>S-1-5-21-3311741951-3938612639-208550191</SID><SYSTEM><Manufacturer>Acer</Manufacturer><Model>Aspire 6930 </Model></SYSTEM><BIOS><Manufacturer>Acer </Manufacturer><Version>v0.3236</Version><SMBIOSVersion major="2" minor="5"/><Date>20090310000000.000000+000</Date></BIOS><HWID>0F533707018400F8</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Eastern Standard Time(GMT-05:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>ACRSYS</OEMID><OEMTableID>ACRPRDCT</OEMTableID></OEM><GANotification/></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0030-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Enterprise 2007</Name><Ver>12</Ver><Val>45182F187094586</Val><Hash>EgCl0str6/BY+x4GP0Rn3+QDmHY=</Hash><Pid>89388-707-2600463-65024</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/><App Id="A1" Version="12" Result="100"/><App Id="BA" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.1.7601.17514

Name: Windows(R) 7, Professional edition
Description: Windows Operating System - Windows(R) 7, RETAIL channel
Activation ID: e838d943-63ed-4a0b-9fb1-47152908acc9
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 00371-00170-178-227278-00-1033-7601.0000-0272013
Installation ID: 014010425422094082962932170184951043037251877264858491
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88338
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88339
Use License URL: http://go.microsoft.com/fwlink/?LinkID=88341
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=88340
Partial Product Key: 8QVQP
License Status: Licensed
Remaining Windows rearm count: 3
Trusted time: 2/1/2013 9:49:02 PM

Windows Activation Technologies-->
HrOffline: 0x00000000
HrOnline: 0x00000000
HealthStatus: 0x0000000000000000
Event Time Stamp: 1:28:2013 18:31
ActiveX: Registered, Version: 7.1.7600.16395
Admin Service: Registered, Version: 7.1.7600.16395
HealthStatus Bitmask Output:


HWID Data-->
HWID Hash Current: MAAAAAEAAgABAAIAAAABAAAAAgABAAEA6GF8y7j9en/2p3JPusbK3KDymExud0bK

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x0
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC PTLTD APIC
FACP INTEL CRESTLNE
HPET INTEL CRESTLNE
BOOT PTLTD $SBFTBL$
MCFG INTEL CRESTLNE
SLIC ACRSYS ACRPRDCT
ASF! OEMID OEMTBL
SSDT SataRe SataAhci
SSDT SataRe SataAhci
SSDT SataRe SataAhci
SSDT SataRe SataAhci


OTL:

OTL logfile created on: 2/1/2013 9:52:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 58.59% Memory free
7.80 Gb Paging File | 5.77 Gb Available in Paging File | 73.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 109.94 Gb Total Space | 47.82 Gb Free Space | 43.49% Space Free | Partition Type: NTFS
Drive D: | 106.40 Gb Total Space | 73.33 Gb Free Space | 68.92% Space Free | Partition Type: NTFS
Drive G: | 596.17 Gb Total Space | 253.19 Gb Free Space | 42.47% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/01 21:44:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2013/02/01 21:44:34 | 002,031,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Chris\Desktop\MGADiag.exe
PRC - [2013/01/18 03:07:04 | 001,248,208 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/01/14 18:31:30 | 007,437,824 | ---- | M] (Google Inc.) -- C:\Users\Chris\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
PRC - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2010/11/20 22:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2009/08/24 15:50:46 | 001,190,920 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/18 03:07:02 | 012,459,472 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
MOD - [2013/01/18 03:07:02 | 000,460,240 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppgooglenaclpluginchrome.dll
MOD - [2013/01/18 03:07:01 | 004,012,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
MOD - [2013/01/18 03:06:15 | 000,597,968 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libglesv2.dll
MOD - [2013/01/18 03:06:15 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\libegl.dll
MOD - [2013/01/18 03:06:13 | 001,552,848 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ffmpegsumo.dll
MOD - [2013/01/14 18:19:36 | 000,344,064 | ---- | M] () -- C:\Users\Chris\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
MOD - [2013/01/14 18:19:22 | 000,231,936 | ---- | M] () -- C:\Users\Chris\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
MOD - [2013/01/14 18:18:54 | 000,253,440 | ---- | M] () -- C:\Users\Chris\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
MOD - [2013/01/14 18:18:44 | 000,117,248 | ---- | M] () -- C:\Users\Chris\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
MOD - [2013/01/10 15:01:44 | 000,026,624 | ---- | M] () -- C:\Users\Chris\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
MOD - [2013/01/10 15:01:26 | 010,683,392 | ---- | M] () -- C:\Users\Chris\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
MOD - [2013/01/10 15:01:24 | 001,681,408 | ---- | M] () -- C:\Users\Chris\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
MOD - [2013/01/10 15:01:22 | 007,741,952 | ---- | M] () -- C:\Users\Chris\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
MOD - [2013/01/10 15:01:20 | 002,248,192 | ---- | M] () -- C:\Users\Chris\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008/08/19 14:27:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2012/11/15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/28 11:43:18 | 001,096,176 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pctEFA64.sys -- (pctEFA)
DRV:64bit: - [2012/02/28 11:43:12 | 000,453,896 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pctDS64.sys -- (pctDS)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/11/20 22:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/09/15 19:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009/08/23 05:08:10 | 000,056,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 04:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2007/03/28 07:50:18 | 000,046,592 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\winbondcir.sys -- (winbondcir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008/08/19 14:23:00 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 91 84 54 CE EC FC CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Chris\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - Extension: Google Docs = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Google Reader Notifier (by Google) = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apflmjolhbonpkbkooiamcnenbmbjcbf\1.4_0\
CHR - Extension: YouTube = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Insta Twitter = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgpagighfohbdknoakiemidmfdgccilp\1_0\
CHR - Extension: MightyText - Send/Receive SMS Text Messages = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\9.0_0\
CHR - Extension: Google Calendar = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn\4.5.3_0\
CHR - Extension: Sports Scoreboard = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoippgliebkkmjhjlgealjghjcknfdae\2.1_0\
CHR - Extension: Google Calendar (by Google) = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich\1.3.1_0\
CHR - Extension: Google Maps = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Morpheon Dark = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafbdhjdkjnoafhfelkjpchpaepjknad\2.0_0\
CHR - Extension: Search Box = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mknehpjhljpfaghmicofickbkdagooni\1.0_0\
CHR - Extension: Google Reader = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
CHR - Extension: Gmail = C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKCU..\Run: [MusicManager] C:\Users\Chris\AppData\Local\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{838CABFE-2C4D-4B04-AB1C-D0550BAA1084}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/01/27 20:35:00 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/12/29 12:46:36 | 000,000,170 | ---- | M] () - G:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/01 21:52:25 | 000,000,000 | ---D | C] -- C:\MGADiagToolOutput
[2013/02/01 21:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2013/02/01 21:44:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2013/01/31 15:26:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2013/01/31 15:25:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/01/30 20:42:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\vlc
[2013/01/29 20:51:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
[2013/01/29 20:51:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Lang
[2013/01/29 20:43:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/01/29 20:43:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/01/28 21:25:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Adobe
[2013/01/28 21:25:24 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Adobe
[2013/01/28 20:15:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Launch Manager
[2013/01/28 20:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Launch Manager
[2013/01/28 20:11:30 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Anvisoft
[2013/01/28 20:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\anvisoft
[2013/01/28 20:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2013/01/28 20:10:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2013/01/28 20:08:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/01/28 20:06:56 | 000,000,000 | ---D | C] -- C:\Windows\BUVC_AP
[2013/01/28 20:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye webcam
[2013/01/28 20:06:33 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\InstallShield
[2013/01/28 20:05:43 | 000,238,080 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\ITEIO_64.dll
[2013/01/28 20:05:43 | 000,013,144 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\drivers\ITEIO.sys
[2013/01/28 20:05:40 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Apple Computer
[2013/01/28 20:05:40 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apple Computer
[2013/01/28 20:05:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/01/28 20:05:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013/01/28 20:03:45 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/01/28 20:03:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/01/28 20:03:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/01/28 20:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/01/28 20:03:44 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/01/28 20:02:54 | 000,258,560 | ---- | C] (Acer Inc.) -- C:\Windows\SysNative\SysHook.dll
[2013/01/28 20:02:54 | 000,067,584 | ---- | C] (Acer Inc.) -- C:\Windows\SysNative\MCEPlugin.dll
[2013/01/28 20:02:34 | 000,067,584 | ---- | C] (Acer Inc.) -- C:\Windows\SysWow64\MCEPlugin.dll
[2013/01/28 20:02:34 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apple
[2013/01/28 20:02:33 | 000,258,560 | ---- | C] (Acer Inc.) -- C:\Windows\SysWow64\SysHook.dll
[2013/01/28 20:02:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/01/28 20:00:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013/01/28 19:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/01/28 19:59:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2013/01/28 19:59:33 | 000,017,952 | ---- | C] (Acer, Inc.) -- C:\Windows\SysNative\drivers\int15_64.sys
[2013/01/28 19:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013/01/28 19:57:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2013/01/28 19:57:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
[2013/01/28 19:57:35 | 000,017,952 | ---- | C] (Acer, Inc.) -- C:\Windows\SysWow64\drivers\int15_64.sys
[2013/01/28 19:57:35 | 000,015,392 | ---- | C] (Acer, Inc.) -- C:\Windows\SysWow64\drivers\int15.sys
[2013/01/28 19:57:35 | 000,000,000 | ---D | C] -- C:\Program Files\Acer
[2013/01/28 19:57:33 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/01/28 19:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/01/28 19:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/01/28 19:48:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013/01/28 19:46:28 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
[2013/01/28 19:46:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Programs
[2013/01/28 19:45:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2013/01/28 19:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2013/01/28 19:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2013/01/28 19:42:02 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2013/01/28 19:39:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/01/28 19:38:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013/01/28 19:38:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2013/01/28 19:37:27 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Microsoft Help
[2013/01/28 19:37:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013/01/28 19:37:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013/01/28 19:32:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Wedding
[2013/01/28 19:32:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\TSE
[2013/01/28 19:32:33 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Fantasy Football 2012
[2013/01/28 19:32:33 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Brockport
[2013/01/28 19:32:28 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\Acer
[2013/01/28 19:32:11 | 000,000,000 | ---D | C] -- C:\Users\Chris\Desktop\PTA Program
[2013/01/28 16:41:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/01/28 16:25:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/01/28 16:25:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/01/27 21:58:28 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/01/27 21:56:15 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/01/27 21:54:22 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/01/27 21:51:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/01/27 21:42:05 | 000,000,000 | ---D | C] -- C:\Windows.old.001
[2013/01/27 20:34:31 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013/01/27 20:33:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013/01/27 20:31:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2013/01/27 20:23:56 | 001,096,176 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2013/01/27 20:23:55 | 000,453,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2013/01/27 20:23:49 | 000,253,256 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2013/01/27 20:23:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2013/01/27 20:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013/01/27 20:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2013/01/27 20:23:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\TestApp
[2013/01/27 20:20:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG January 2013 Campaign
[2013/01/27 20:12:40 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\AVG2013
[2013/01/27 20:11:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\TuneUp Software
[2013/01/27 20:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/01/27 20:10:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/01/27 19:59:28 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/01/27 19:59:28 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\MFAData
[2013/01/27 19:59:28 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/01/27 19:59:28 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Avg2013
[2013/01/27 19:39:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\StarCraft II
[2013/01/27 19:39:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\PcSetup
[2013/01/27 19:39:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Downloads
[2013/01/27 19:39:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Diablo III
[2013/01/27 19:39:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\CyberLink
[2013/01/27 19:38:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\ConvertXtoDVD
[2013/01/27 19:38:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\Amazon MP3 Uploader
[2013/01/27 19:38:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\AIMLogger
[2013/01/27 19:38:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\Documents\AceBackup 3
[2013/01/27 19:33:43 | 000,000,000 | --SD | C] -- C:\Users\Chris\Google Drive
[2013/01/27 19:32:12 | 000,000,000 | R--D | C] -- C:\Users\Chris\Dropbox
[2013/01/27 19:26:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\Trail Guide to the Body DVD
[2013/01/27 19:24:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\Programs
[2013/01/27 19:24:41 | 000,000,000 | ---D | C] -- C:\Users\Chris\Professional
[2013/01/27 19:23:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\Microsoft Word
[2013/01/27 19:23:16 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/01/27 19:21:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/01/27 19:18:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/01/27 19:18:16 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Google
[2013/01/27 19:17:52 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apps
[2013/01/27 19:17:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Deployment
[2013/01/27 19:16:12 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/01/27 19:16:12 | 000,000,000 | R--D | C] -- C:\Users\Chris\Searches
[2013/01/27 19:16:12 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/01/27 19:16:12 | 000,000,000 | -H-D | C] -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/01/27 19:15:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Identities
[2013/01/27 19:15:35 | 000,000,000 | R--D | C] -- C:\Users\Chris\Contacts
[2013/01/27 19:15:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\VirtualStore
[2013/01/27 19:15:06 | 000,000,000 | --SD | C] -- C:\Users\Chris\AppData\Roaming\Microsoft
[2013/01/27 19:15:06 | 000,000,000 | R--D | C] -- C:\Users\Chris\Videos
[2013/01/27 19:15:06 | 000,000,000 | R--D | C] -- C:\Users\Chris\Saved Games
[2013/01/27 19:15:06 | 000,000,000 | R--D | C] -- C:\Users\Chris\Pictures
[2013/01/27 19:15:06 | 000,000,000 | R--D | C] -- C:\Users\Chris\Music
[2013/01/27 19:15:06 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/01/27 19:15:06 | 000,000,000 | R--D | C] -- C:\Users\Chris\Links
[2013/01/27 19:15:06 | 000,000,000 | R--D | C] -- C:\Users\Chris\Favorites
[2013/01/27 19:15:06 | 000,000,000 | R--D | C] -- C:\Users\Chris\Downloads
[2013/01/27 19:15:06 | 000,000,000 | R--D | C] -- C:\Users\Chris\Documents
[2013/01/27 19:15:06 | 000,000,000 | R--D | C] -- C:\Users\Chris\Desktop
[2013/01/27 19:15:06 | 000,000,000 | R--D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/01/27 19:15:06 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\Temporary Internet Files
[2013/01/27 19:15:06 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Templates
[2013/01/27 19:15:06 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Start Menu
[2013/01/27 19:15:06 | 000,000,000 | -HSD | C] -- C:\Users\Chris\SendTo
[2013/01/27 19:15:06 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Recent
[2013/01/27 19:15:06 | 000,000,000 | -HSD | C] -- C:\Users\Chris\PrintHood
[2013/01/27 19:15:06 | 000,000,000 | -HSD | C] -- C:\Users\Chris\NetHood
[2013/01/27 19:15:06 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\My Videos
[2013/01/27 19:15:06 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\My Pictures
[2013/01/27 19:15:06 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Documents\My Music
[2013/01/27 19:15:06 | 000,000,000 | -HSD | C] -- C:\Users\Chris\My Documents
[2013/01/27 19:15:06 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Local Settings
[2013/01/27 19:15:06 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\History
[2013/01/27 19:15:06 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Cookies
[2013/01/27 19:15:06 | 000,000,000 | -HSD | C] -- C:\Users\Chris\Application Data
[2013/01/27 19:15:06 | 000,000,000 | -HSD | C] -- C:\Users\Chris\AppData\Local\Application Data
[2013/01/27 19:15:06 | 000,000,000 | -H-D | C] -- C:\Users\Chris\AppData
[2013/01/27 19:15:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Temp
[2013/01/27 19:15:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Microsoft
[2013/01/27 19:15:06 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Media Center Programs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/01 21:54:02 | 000,031,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/01 21:54:02 | 000,031,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/01 21:50:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3311741951-3938612639-208550191-1000UA.job
[2013/02/01 21:44:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2013/02/01 21:41:37 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/01 21:41:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/01 21:41:09 | 3143,262,208 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/01 17:23:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/31 22:21:36 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/31 22:21:36 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/31 22:21:36 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/31 22:19:57 | 001,602,057 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2013/01/31 19:50:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3311741951-3938612639-208550191-1000Core.job
[2013/01/31 15:25:21 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/01/29 20:55:36 | 000,015,926 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2013/01/29 20:43:58 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/01/28 21:13:43 | 000,420,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/28 20:15:26 | 000,000,089 | ---- | M] () -- C:\Windows\LManager.UNI
[2013/01/28 20:10:33 | 000,000,000 | ---- | M] () -- C:\Windows\Setup.INI
[2013/01/28 20:05:14 | 000,001,787 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/28 19:57:39 | 000,001,751 | ---- | M] () -- C:\Users\Public\Desktop\Empowering Technology.lnk
[2013/01/28 16:32:17 | 000,001,441 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/01/28 16:29:24 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/28 07:02:40 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/01/28 07:02:33 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/01/27 22:00:00 | 000,122,093 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/01/27 22:00:00 | 000,122,093 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/01/27 21:57:33 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/01/27 21:54:09 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2013/01/27 20:35:00 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/01/27 19:57:23 | 000,002,283 | ---- | M] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/27 19:21:31 | 000,002,259 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/29 20:55:36 | 000,015,926 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013/01/29 20:43:58 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/01/28 20:15:26 | 000,000,089 | ---- | C] () -- C:\Windows\LManager.UNI
[2013/01/28 20:10:33 | 000,000,000 | ---- | C] () -- C:\Windows\Setup.INI
[2013/01/28 20:05:14 | 000,001,787 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/01/28 20:02:20 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013/01/28 19:59:33 | 000,585,216 | ---- | C] () -- C:\Windows\SysNative\INT15_64.dll
[2013/01/28 19:57:39 | 000,001,751 | ---- | C] () -- C:\Users\Public\Desktop\Empowering Technology.lnk
[2013/01/28 19:53:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/01/28 19:45:36 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3311741951-3938612639-208550191-1000UA.job
[2013/01/28 19:45:27 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3311741951-3938612639-208550191-1000Core.job
[2013/01/28 07:14:43 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/01/28 07:02:40 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/01/28 07:02:33 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/01/28 06:54:47 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/01/27 21:59:37 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/01/27 21:59:37 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/01/27 21:57:33 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/01/27 20:35:00 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/01/27 20:23:56 | 001,602,057 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2013/01/27 20:20:52 | 000,000,298 | ---- | C] () -- C:\Windows\tasks\ROC_REG_JAN_DELETE.job
[2013/01/27 20:11:18 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/01/27 19:38:16 | 021,073,936 | ---- | C] () -- C:\Users\Chris\Documents\vlc-1.1.11-win32.exe
[2013/01/27 19:21:31 | 000,002,283 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/27 19:21:31 | 000,002,259 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/01/27 19:18:24 | 000,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/27 19:18:23 | 000,000,892 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/27 19:16:58 | 000,001,441 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/01/27 19:16:30 | 000,001,447 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/01/27 19:16:30 | 000,001,413 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/01/27 19:15:06 | 000,000,290 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/01/27 19:15:06 | 000,000,272 | ---- | C] () -- C:\Users\Chris\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2011/02/11 19:15:08 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2011/02/11 19:15:08 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2011/02/11 19:15:08 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/30 15:06:36 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Anvisoft
[2013/01/27 20:12:40 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\AVG2013
[2013/01/27 20:23:17 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TestApp
[2013/01/27 20:11:17 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

OTL Extras logfile created on: 2/1/2013 9:52:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Chris\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 58.59% Memory free
7.80 Gb Paging File | 5.77 Gb Available in Paging File | 73.90% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 109.94 Gb Total Space | 47.82 Gb Free Space | 43.49% Space Free | Partition Type: NTFS
Drive D: | 106.40 Gb Total Space | 73.33 Gb Free Space | 68.92% Space Free | Partition Type: NTFS
Drive G: | 596.17 Gb Total Space | 253.19 Gb Free Space | 42.47% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{BE4387E3-53EA-42A2-88E8-F01C62256AFD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{15498317-95F0-4CCD-A1BB-90CBA94598E2}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{24544134-8B6A-470E-97EC-9B790789CBC8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{3AFB43D7-7CC1-45B6-8A10-D940E896A707}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4FB26F98-B988-4383-AF8E-E5AA3425CF7C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{664F36D6-D371-489B-AF1D-A99C322B69BE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{6E239790-7C75-4B9A-894E-21AC9BEE18C4}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{7FACDC0C-A489-4775-84D7-32B67BC23E09}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{87395D69-7E8A-47BA-A36C-A0E27DA467EC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{A451FF11-DBD4-469E-A742-9EDC7F80FB1F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{B4327E3E-0304-4BBE-83FC-B5B1FD096026}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B49EEF26-7C18-424E-AC9F-B9A397C2C74A}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{B7A39344-747C-4414-9C04-69F9B06720A8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{CBB28158-45AB-46B2-ADB2-567C2DFE7155}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{DDA5C873-7459-4E90-83E2-C269D0890707}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EB3D2BDA-0699-41B0-9355-76509DD64B62}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{ECD9015F-9B51-4953-9E89-810CC57652D0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{EE4A2166-5063-4B5F-9021-1BD3B74C75AA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FD5D1E02-B066-4980-B71E-5D2FA253D8F9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{058EB68D-8F07-4E07-BD3B-B97D18E092F0}" = AVG 2013
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{502275B0-3DA3-44D8-8702-066525CAAE98}" = AVG 2013
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.01)
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"LManager" = Launch Manager
"VLC media player" = VLC media player 2.0.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"MusicManager" = Music Manager

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/28/2013 8:15:50 PM | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/28/2013 9:43:20 PM | Computer Name = Chris-PC | Source = Application Hang | ID = 1002
Description = The program dds.com version 2012.11.20.1 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1640 Start
Time: 01cdfdc17f68fb04 Termination Time: 12 Application Path: C:\Users\Chris\Downloads\Google
Chrome Downloads\dds.com Report Id:

Error - 1/28/2013 10:14:35 PM | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/29/2013 6:58:57 PM | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/29/2013 9:55:29 PM | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/30/2013 4:05:48 PM | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/31/2013 4:18:27 PM | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =

Error - 1/31/2013 5:53:11 PM | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/1/2013 4:33:50 PM | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =

Error - 2/1/2013 10:41:43 PM | Computer Name = Chris-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 1/31/2013 4:17:37 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 1/31/2013 5:51:13 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 1/31/2013 5:52:38 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 1/31/2013 5:52:46 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 1/31/2013 11:21:32 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 2/1/2013 4:32:46 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 2/1/2013 4:32:56 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 2/1/2013 6:28:25 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 2/1/2013 10:41:21 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5

Error - 2/1/2013 10:41:32 PM | Computer Name = Chris-PC | Source = Service Control Manager | ID = 7006
Description = The ScRegSetValueExW call failed for FailureActions with the following
error: %%5


< End of report >
hismajewsty
Active Member
 
Posts: 6
Joined: January 28th, 2013, 9:27 pm

Re: ib.adnxs.com pop up

Unread postby melboy » February 2nd, 2013, 6:33 am

Hi

Your use of the Enterprise Office software is in violation of the license terms, therefore I must ask you remove it before we can continue.

Please post back to confirm it's removal.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: ib.adnxs.com pop up

Unread postby hismajewsty » February 2nd, 2013, 9:34 am

I just uninstalled Enterprise. What next?
hismajewsty
Active Member
 
Posts: 6
Joined: January 28th, 2013, 9:27 pm

Re: ib.adnxs.com pop up

Unread postby melboy » February 3rd, 2013, 11:28 am

Hi

Google Chrome

  • Open Google Chrome
  • Click the Menu icon Image
  • Click settings
  • Click extensions
  • Uncheck Enabled for the following extension:

    • Insta Twitter

  • Close & Restart Google Chrome.


Let me know if the popups stop.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: ib.adnxs.com pop up

Unread postby melboy » February 5th, 2013, 1:49 pm

Hi hismajewsty

It has been two days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • In accordance with Malware Removal policy, topics can be closed after 3 days without a response. If you do not reply within the next 24 hours, this topic will be closed.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: ib.adnxs.com pop up

Unread postby hismajewsty » February 5th, 2013, 5:47 pm

melboy,

It appears everything is working properly at the moment. No pop ups since. I wanted to give it a day or two of use before posting because I was not at my computer much over the weekend. Thank you for your help. I will assume the problem is fixed and if it comes back create a new thread.
hismajewsty
Active Member
 
Posts: 6
Joined: January 28th, 2013, 9:27 pm

Re: ib.adnxs.com pop up

Unread postby melboy » February 7th, 2013, 3:09 pm

Your log now appears to be clean. Congratulations!
This is my general post for when your logs show no more signs of malware ;) - Please let me know if you still are having problems with your computer and what these problems are.


OTL by OldTimer

  • Double-click OTL.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself


============================================


General Security and Computer Health
Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

Create a new, clean System Restore point

  1. Click on Start > Control Panel.
  2. Double click on System.
  3. On the left, click on the System Protection link.
  4. At the bottom right hand corner, click on the Create... button.
  5. Give this System Restore point a descriptive name and click on Create.
  6. You should receive a prompt that a System Restore point is created successfully. Click OK to confirm.
  7. Click OK again to close the System Protection window. Then close Control Panel.

Warning: Do not clear infected System Restore points before creating a new System Restore point first!

Please read the above to create a new System Restore point first, then clear out the infected System Restore points.


Clear infected System Restore points

  1. Click on Start > All Programs > Accessories > System Tools.
  2. Right click on Disk Cleanup and select Run As Administrator to run it. UAC will prompt. Allow it.
  3. Select your C drive and click OK.
  4. Select the More Options tab.
  5. Under System Restore and Shadow Copies, click on the Clean up... button.
  6. You will receive a prompt. Click on Delete to delete the old System Restore points.
  7. When done, click OK. You will receive another prompt. Click Delete Files to confirm.
  8. When done, Disk Cleanup will automatically close.

=================================

Enable UAC

The User Account Control (UAC) helps protect your PC against malicious software. http://windows.microsoft.com/en-US/wind ... nt-control

  1. Click on Start > Control Panel.
  2. In the search box, type uac, and then click Change User Account Control settings.
  3. Move the slider to choose when you want to be notified (I recommend at least the Default level).
  4. Click OK.

  • Make sure that you keep your antivirus updated
    New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
    Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
  • Security Updates for Windows, Internet Explorer & Microsoft Office
    Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Manually check for Windows updates via Start > All Programs > Windows Update > In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your PC, or visit the Microsoft Update site on a regular basis.
    Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
  • Update Non-Microsoft Programs
    Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.


    Recommended Programs

    I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

    • WinPatrol
      As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit HERE.
    • Malwarebytes' Anti-Malware
      Malwarebytes' Anti-Malware is a free anti-malware application that can thoroughly remove even the most advanced malware. You can download Malwarebytes' Anti-Malware from HERE. The Full version can be used as an addition to an anti-virus & includes a number of features, including a built in protection monitor that blocks malicious processes before they even start. It's IP Protection provides an additional layer of security for your computer, by preventing access to known malicious IP addresses and IP ranges. You can now trial the full versions features within the program. Click the Protection Tab to see.
    • Hosts File
      For added protection you may also like to add a host file. A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.


Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

Also please read this great article by Tony Klein So How Did I Get Infected In First Place

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Happy surfing and stay clean!
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: ib.adnxs.com pop up

Unread postby hismajewsty » February 7th, 2013, 5:16 pm

I just followed all of your instructions from your last post.

Thank you for your help.
hismajewsty
Active Member
 
Posts: 6
Joined: January 28th, 2013, 9:27 pm

Re: ib.adnxs.com pop up

Unread postby melboy » February 7th, 2013, 5:17 pm

You're welcome. :)
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: ib.adnxs.com pop up

Unread postby deltalima » February 7th, 2013, 5:19 pm

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware