Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Possible Virus

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Possible Virus

Unread postby rollo » April 11th, 2013, 2:42 pm

I've been having trouble lately with my laptop... It seems to freeze up.... If i run malwarebytes it freezes up mid scan almost always around where it says microsoft framework 4.0... ive also tried to use malware bytes chameleon and that also freezes up right when it says its disabling programs that might be causing my laptop to freeze... Im running windows 7.. another symptom is my internet seeems to be slow whenever i run speedtest.net it get varying results..one minute the test says im getting the correct bandwith the next it says im getting next to nothing for the down/upload...i know its not the router because the other computer gets consistant results...here's my logs

DDS.txt first

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.17.2
Run by Brian at 11:20:52 on 2013-04-11
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8117.6074 [GMT -7:00]
.
AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe
C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtWlan.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Intel\TurboBoost\TurboBoost.exe
C:\Program Files (x86)\TightVNC\tvnserver.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Brian\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.ask.com/?l=dis&o=14597
uURLSearchHooks: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
mURLSearchHooks: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: vshare.tv Bar Toolbar: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - C:\Program Files (x86)\vshare.tv_Bar\prxtbvsha.dll
TB: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Brian\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uPolicies-Explorer: NoDriveAutoRun = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
LSP: %windir%\system32\vsocklib.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.co ... 4.21.0.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{2651E2BC-A17D-4DBA-974C-4E4BE440C8A3} : DHCPNameServer = 68.238.64.12 68.238.96.12 68.238.128.12
TCP: Interfaces\{2651E2BC-A17D-4DBA-974C-4E4BE440C8A3}\4456C6761646F6E4564777F627B6D27657563747 : DHCPNameServer = 68.238.64.12 68.238.128.12
TCP: Interfaces\{2651E2BC-A17D-4DBA-974C-4E4BE440C8A3}\86F6D656C6160747F607 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{2651E2BC-A17D-4DBA-974C-4E4BE440C8A3}\D41627B6564702241637B65647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7D1023C5-9348-4B5E-A57C-35E7B4BB26AA} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{7D1023C5-9348-4B5E-A57C-35E7B4BB26AA}\035324430333830313431333 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{7D1023C5-9348-4B5E-A57C-35E7B4BB26AA}\2456C6B696E6F5E4F575962756C6563737F5735423244353 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{7D1023C5-9348-4B5E-A57C-35E7B4BB26AA}\66D636D27657563747 : DHCPNameServer = 4.2.2.2 8.8.8.8 4.2.2.1
TCP: Interfaces\{7D1023C5-9348-4B5E-A57C-35E7B4BB26AA}\751676E65627 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{7D1023C5-9348-4B5E-A57C-35E7B4BB26AA}\D41627B6564702241637B65647 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{BCFFFB40-8DE9-4133-A279-FCD8F5254D28} : DHCPNameServer = 192.168.9.1
TCP: Interfaces\{DD7A3D2A-854E-47E7-A465-CED89E576E6C} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{FE75C2D3-D859-4773-8350-2A54D8C42E3D} : DHCPNameServer = 192.168.67.2
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [ETDWare] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Brian\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\Brian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Brian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Users\Brian\AppData\Roaming\Mozilla\plugins\npo1d.dll
FF - plugin: C:\Windows\System32\TVUAx\npTVUAx.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-02-12 17:33; support@jtvdev.com; C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\support@jtvdev.com.xpi
FF - ExtSQL: 2013-02-12 17:36; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-02-12 17:39; {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}; C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
FF - ExtSQL: 2013-02-12 17:39; firefox@ghostery.com; C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\firefox@ghostery.com
FF - ExtSQL: 2013-02-15 19:20; support@lastpass.com; C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\support@lastpass.com
FF - ExtSQL: 2013-02-27 12:05; freehdsport@freehdsport.tv; C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\freehdsport@freehdsport.tv.xpi
FF - ExtSQL: 2013-02-27 12:06; {5ebdca98-43b3-45bb-87e0-716029fb42ab}; C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}
FF - ExtSQL: 2013-02-27 12:06; ffxtlbr@funmoods.com; C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\ffxtlbr@funmoods.com
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=nv1&cd ... 384760&ir=
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Funmoods
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=nv1&cd ... 384760&ir=
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=nv1&cd ... 760&ir=&q=
FF - user.js: extensions.funmoods.id - BCAEC51369E42343
FF - user.js: extensions.funmoods.instlDay - 15763
FF - user.js: extensions.funmoods.vrsn - 1.8.11.0
FF - user.js: extensions.funmoods.vrsni - 1.8.11.0
FF - user.js: extensions.funmoods_i.vrsnTs - 1.8.11.012:5:53
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - nv1
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef -
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.appId - {EA28B360-05E0-4F93-8150-02891F1D8D3C}
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.irspeeddial.aflt - nv1
FF - user.js: extensions.irspeeddial.instlRef -
FF - user.js: extensions.irspeeddial.cr - 605384760
FF - user.js: extensions.irspeeddial.cd - 2XzuyEtN2Y1L1Qzu0B0C0A0E0CyDtCtAyCzy0EyEtBtAyEtAtN0D0Tzu0CyEtByEtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1G2XtC
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2012-3-14 62496]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2010-8-16 24680]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-9-9 52760]
R0 vsock;vSockets Driver;C:\Windows\System32\drivers\vsock.sys [2013-4-5 70296]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-5-18 254528]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-3-14 209768]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2012-3-14 38288]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2010-11-7 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-8-23 13672]
R2 Realtek87B;Realtek87B;C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [2013-3-29 40960]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-8-16 235624]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-16 13832]
R2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]
R2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2011-8-3 828944]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-11-7 2314240]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
R2 WysePocketCloud;Wyse PocketCloud;C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [2012-5-11 177056]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2010-7-20 129024]
R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2010-9-24 229376]
R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2010-9-24 69120]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-7 56344]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-3-4 75816]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\System32\drivers\ManyCam_x64.sys [2008-3-13 27136]
R3 S6000KNT;S6000KNT_WebCam Driver;C:\Windows\System32\drivers\S6000KNT.sys [2010-5-12 190464]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 VCam_WDM;e2eSoft VCam;C:\Windows\System32\drivers\VCam_WDM.sys [2011-3-1 106424]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-5-2 44032]
S3 AtiIrRcvr;ATI Remote Receiver Service;C:\Windows\System32\drivers\aticir.sys [2009-9-1 26496]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-11-7 35104]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-9-19 102368]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-11-16 61288]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-4-10 36680]
S3 OXSDIDRV_x64;Oxford Semi eSATA Filter (x64);C:\Windows\System32\drivers\OXSDIDRV_x64.sys [2009-9-28 51760]
S3 OXUDIDRV;OXUDIDRV;C:\Windows\System32\drivers\OXUDIDRV_x64.sys [2011-10-12 31280]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\System32\drivers\rtl8187.sys [2013-3-29 448512]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-9-19 203104]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-28 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-25 1255736]
.
=============== Created Last 30 ================
.
2013-04-10 23:27:10 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2013-04-10 22:26:15 -------- d-----w- C:\Users\Brian\AppData\Roaming\Malwarebytes
2013-04-10 22:25:56 -------- d-----w- C:\ProgramData\Malwarebytes
2013-04-10 22:25:54 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-10 22:25:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-04-10 05:56:58 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll
2013-04-10 05:56:58 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
2013-04-10 05:56:57 887808 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2013-04-10 05:56:57 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2013-04-10 04:49:26 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-04-10 04:49:24 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-04-10 04:49:23 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-04-10 04:49:23 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-04-10 04:49:22 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-04-10 04:49:22 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-04-10 04:49:13 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-04-10 04:49:10 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-04-10 04:49:09 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-04-10 04:49:00 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-04-10 04:48:56 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1CF7D713-9432-466E-B8FB-A88A9994089E}\mpengine.dll
2013-04-10 04:48:56 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-10 04:48:56 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-04-10 04:48:54 112640 ----a-w- C:\Windows\System32\smss.exe
2013-04-10 04:48:53 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-04-10 04:48:53 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-04-05 17:01:27 70296 ----a-w- C:\Windows\System32\drivers\vsock.sys
2013-04-05 17:01:27 67224 ----a-w- C:\Windows\System32\vsocklib.dll
2013-04-05 17:01:27 63128 ----a-w- C:\Windows\SysWow64\vsocklib.dll
2013-04-05 17:01:22 67664 ----a-w- C:\Windows\System32\drivers\vmx86.sys
2013-04-05 17:01:22 33360 ----a-w- C:\Windows\System32\drivers\VMkbd.sys
2013-04-05 17:00:52 436304 ----a-w- C:\Windows\SysWow64\vmnat.exe
2013-04-05 17:00:52 357456 ----a-w- C:\Windows\SysWow64\vmnetdhcp.exe
2013-04-05 17:00:51 30800 ----a-w- C:\Windows\System32\drivers\vmnetuserif.sys
2013-04-05 17:00:48 933968 ----a-w- C:\Windows\System32\vnetlib64.dll
2013-04-05 17:00:33 52376 ----a-w- C:\Windows\System32\drivers\hcmon.sys
2013-04-05 17:00:24 -------- d-----w- C:\Program Files\Common Files\VMware
2013-04-05 17:00:00 -------- d-----w- C:\Program Files (x86)\Common Files\VMware
2013-04-05 16:09:14 -------- d-----w- C:\Users\Brian\AppData\Local\VMware
2013-04-05 15:36:20 -------- d-----w- C:\Program Files (x86)\VMware
2013-03-30 01:18:11 -------- d-----w- C:\Program Files (x86)\PrivitizeVPN
2013-03-29 22:35:10 -------- d-----w- C:\Users\Brian\AppData\Local\Programs
2013-03-29 17:29:09 448512 ----a-r- C:\Windows\System32\drivers\rtl8187.sys
2013-03-29 17:28:59 614400 ------w- C:\Windows\SysWow64\Rtlihvs.dll
2013-03-29 17:28:59 380928 ----a-w- C:\Windows\RtlUI2.exe
2013-03-29 17:28:58 188416 ------w- C:\Windows\SysWow64\RTLExtUI.dll
2013-03-29 17:28:57 451072 ------w- C:\Windows\SysWow64\ISSRemoveSP.exe
2013-03-29 17:28:31 -------- d-----w- C:\Windows\System32\RtlGina
2013-03-16 17:36:37 19968 ----a-w- C:\Windows\System32\drivers\usb8023x.sys
2013-03-16 17:36:37 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys
2013-03-16 13:40:09 -------- d-----w- C:\Users\Brian\AppData\Local\IsolatedStorage
2013-03-16 13:39:36 -------- d-----w- C:\Users\Brian\AppData\Roaming\Intuit
2013-03-16 13:38:00 -------- d-----w- C:\Program Files (x86)\Common Files\Intuit
2013-03-16 13:37:24 -------- d-----w- C:\Program Files (x86)\TurboTax
2013-03-16 13:37:07 -------- d-----w- C:\ProgramData\Intuit
.
==================== Find3M ====================
.
2013-03-12 19:28:01 73432 ------w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-12 19:28:01 693976 ------w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-12 08:10:56 282744 ------w- C:\Windows\System32\MpSigStub.exe
2013-03-09 17:30:36 95648 ------w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-03-09 17:30:31 861088 ------w- C:\Windows\SysWow64\npdeployJava1.dll
2013-03-09 17:30:31 782240 ------w- C:\Windows\SysWow64\deployJava1.dll
2013-02-26 09:27:48 62104 ----a-w- C:\Windows\System32\vmnetbridge.dll
2013-02-26 09:27:48 48792 ----a-w- C:\Windows\System32\vnetinst.dll
2013-02-26 09:27:48 45720 ----a-w- C:\Windows\System32\drivers\vmnetbridge.sys
2013-02-26 09:27:48 24216 ----a-w- C:\Windows\System32\drivers\vmnet.sys
2013-02-26 09:27:48 20120 ----a-w- C:\Windows\System32\drivers\vmnetadapter.sys
2013-02-26 07:59:16 360528 ----a-w- C:\Windows\SysWow64\vmnc.dll
2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll
2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll
2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll
2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll
2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll
2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll
2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll
2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll
2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll
2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll
2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll
2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll
2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll
2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll
2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll
2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll
2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll
2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll
.
============= FINISH: 11:21:27.55 ===============





ATTACH.TXT LOG

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 2/24/2011 8:03:05 PM
System Uptime: 4/11/2013 11:09:12 AM (0 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | N53Jq
Processor: Intel(R) Core(TM) i7 CPU Q 740 @ 1.73GHz | Socket 989 | 1057/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 16.144 GiB free.
D: is FIXED (NTFS) - 328 GiB total, 40.028 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP521: 4/7/2013 3:00:10 AM - Windows Update
RP522: 4/9/2013 10:55:46 PM - Windows Update
.
==== Installed Programs ======================
.
AC3Filter 2.4a
Acrobat.com
Adobe AIR
Adobe Flash Media Live Encoder 3.2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.6)
Alcor Micro USB Card Reader
Anti reCAPTCHA v2.06
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASUS AI Recovery
ASUS Power4Gear Hybrid
ASUS Video Magic
ASUS WebStorage
ASUS_N3_Series
ATI Hybrid TV Tuner Driver v6.14.10.389 64bit Win7
ATK Package
Avidemux 2.5
Bigasoft MKV Converter 3.7.12.4636
Bitrate Starter
Bonjour
CCleaner
Combined Community Codec Pack 2011-11-11
Conduit Engine
CWA Reminder by We-Care.com v4.0.16.3
CyberLink PhotoNow
CyberLink Power2Go
CyberLink PowerDirector
CyberLink PowerDVD 9
DAEMON Tools Lite
DAEMON Tools Toolbar
DVD Flick 1.3.0.7
e2eSoft VCam v5.1
ERUNT 1.1j
ESET Online Scanner v3
ESET Smart Security
ETDWare PS/2-x64 7.0.5.13_WHQL
EVEREST Home Edition v2.20
Fast Boot
FlvRecorder
foobar2000 v1.1.10
FormatFactory 2.96
Fresco Logic USB3.0 Host Controller
GIMP 2.4.7
Google Chrome
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
HandBrake 0.9.5
iLivid
Intel(R) Management Engine Components
Intel(R) Turbo Boost Technology Monitor
Iomega Encryption
iTunes
Java 7 Update 10 (64-bit)
Java 7 Update 17
Java Auto Updater
JDownloader
Junk Mail filter update
Logitech Gaming Software 5.10
Malwarebytes Anti-Malware version 1.75.0.1300
ManyCam 2.4 (remove only)
Mega Manager
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 19.0.2 (x86 en-US)
Mozilla Maintenance Service
Mplayer 0.6.9
MSVCRT
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
MyPhoneExplorer
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Stereoscopic 3D Driver
NVIDIA Updatus
OnLive
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
PlayReady PC Runtime amd64
PocketCloud Windows Companion
PokerStars.net
Postal 2 Share The Pain
PrivitizeVPN
Privoxy (remove only)
qBittorrent 3.0.2
QuickTime
Realtek High Definition Audio Driver
REALTEK Wireless LAN Driver and Utility
RemoteComms External Disk Access
Revo Uninstaller 1.91
Samsung Mobile phone USB driver Drive Software
Samsung PC Studio 3 USB Driver Installer
SAMSUNG USB Driver for Mobile Phones
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Skype™ 6.0
Software Assist
SonicMaster
SonicStage 4.3
SopCast 3.3.2
SpeedFan (remove only)
StreamTorrent 1.0
SubRip 1.16 (remove only)
Subtitle Edit 3.2.8
Subtitle Workshop 2.51
SUPERAntiSpyware
System Requirements Lab CYRI
TightVNC 2.0.4
Tiny Media Player v1.0
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
Total Audio MP3 Converter v2.3 build 1037
Trillian
TurboTax 2012
TurboTax 2012 wcaiper
TurboTax 2012 WinPerFedFormset
TurboTax 2012 WinPerReleaseEngine
TurboTax 2012 WinPerTaxSupport
TurboTax 2012 wrapper
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
USB2.0 2.0M UVC WebCam
Veetle Broadcaster 0.9.18
Veetle TV
VipBoxSportsApp
VirtualDubMOD 1.5.10.3 US
VLC media player 1.1.9
VMware Player
vshare.tv Bar Toolbar
vShare.tv plugin 1.3
WIDCOMM Bluetooth Software
Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403)
Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0)
Windows Driver Package - Broadcom HIDClass (06/11/2009 6.2.0.9500)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
WinFlash
WinPcap 4.1.1
WinRAR archiver
Wireless Console 3
XSplit
.
==== Event Viewer Messages From Past Week ========
.
4/9/2013 3:01:36 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
4/9/2013 3:01:36 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
4/9/2013 3:01:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
4/7/2013 1:22:54 AM, Error: Service Control Manager [7024] - The Computer Browser service terminated with service-specific error This network connection does not exist..
4/5/2013 3:43:43 PM, Error: Service Control Manager [7023] -
4/5/2013 3:43:41 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: %%-2147416365
4/4/2013 4:04:29 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
4/4/2013 4:04:29 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Profile Service service, but this action failed with the following error: An instance of the service is already running.
4/4/2013 4:04:29 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
4/4/2013 4:03:29 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Shell Hardware Detection service, but this action failed with the following error: An instance of the service is already running.
4/4/2013 4:02:29 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/4/2013 4:02:29 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/4/2013 4:02:29 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/4/2013 4:02:29 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/4/2013 4:02:29 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/4/2013 4:02:29 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/4/2013 4:02:29 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/4/2013 4:02:29 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/4/2013 4:02:29 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/4/2013 4:02:29 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/4/2013 4:02:29 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/4/2013 4:02:29 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/4/2013 4:02:29 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/11/2013 11:10:40 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/11/2013 11:10:13 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
4/11/2013 11:10:13 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
4/11/2013 11:10:01 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: pvkvlw
4/11/2013 10:58:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
4/10/2013 5:18:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
4/10/2013 2:16:14 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
4/10/2013 2:15:03 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
4/10/2013 2:15:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/10/2013 2:15:02 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/10/2013 2:14:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/10/2013 2:14:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/10/2013 2:14:14 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache eamonm ehdrv pvkvlw SASDIFSV SASKUTIL spldr Wanarpv6
4/10/2013 2:14:09 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
4/10/2013 2:14:07 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
4/10/2013 2:10:23 PM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period.
4/10/2013 1:46:52 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/10/2013 1:45:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/10/2013 1:45:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/10/2013 1:45:25 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache eamonm ehdrv EpfwLWF NetBIOS NetBT nsiproxy Psched pvkvlw rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
4/10/2013 1:45:22 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/10/2013 1:45:22 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/10/2013 1:45:22 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/10/2013 1:45:22 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/10/2013 1:45:22 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/10/2013 1:45:22 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
4/10/2013 1:45:22 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/10/2013 1:45:22 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/10/2013 1:45:22 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/10/2013 1:45:22 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/10/2013 1:07:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Realtek87B service.
.
==== End Of File ===========================
rollo
Active Member
 
Posts: 14
Joined: April 11th, 2013, 2:20 pm
Advertisement
Register to Remove

Re: Possible Virus

Unread postby nunped » April 14th, 2013, 2:45 pm

Hello rollo, and welcome to the forum.

My name is nunped and I'll be helping you with any malware problems. I'm an Undergraduate trainee here, and as such my posts to you have to first be checked by a Teacher, because of this my replies to your posts may be slightly delayed. Please be patient and I'm sure we'll be able to resolve your problems.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Here are some guidelines for the cleaning process to run as easy as possible.

  1. Please read this topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
  2. The instructions being given are for YOUR computer and system only! Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  3. You must have Administrator rights permissions for this computer.
  4. DO NOT run any other fix or removal tools unless instructed to do so!
  5. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  6. Only post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  7. Only reply to this thread. Do not start another thread.
  8. The absence of symptoms does not imply the absence of malware. Please continue responding until I give you the "All Clean".
  9. No Reply Within 3 Days will result in your topic being closed!


Read through these instructions with your full attention.
Please ask first if you have any doubts.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Possible Virus

Unread postby nunped » April 15th, 2013, 3:29 pm

Hi rollo,

Warning!
You have P2P (Peer to Peer) File Sharing Programs installed on your computer.
qBittorrent 3.0.2
StreamTorrent 1.0


As long as you have the P2P programs installed, we won't offer you no further assistance. See Forum Policy

If you choose NOT to remove the programs, indicate that in your next reply and this topic will be closed.

Else proceed to the next steps:

Step 1 - Uninstall Programs
  • Click on Start
  • Copy and paste the value below, into the Start Search entry box:
    appwiz.cpl
      Depending on your current view setting ...
    • Double click on Programs and Features.
    • Under Programs, click on Uninstall a program.
  • Locate the following programs:
    Conduit Engine
    CWA Reminder by We-Care.com v4.0.16.3
    DAEMON Tools Toolbar
    iLivid
    Java 7 Update 10 (64-bit)
    qBittorrent 3.0.2
    StreamTorrent 1.0
    vshare.tv Bar Toolbar
    vShare.tv plugin 1.3

  • Select the program and click on Uninstall to uninstall it.
  • Repeat steps 3 - 4 for each program in the list.
  • Reboot your computer after this.

Step 2 - adwcleaner
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select "Run as administrator" to run it.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

Step 3 - OTL
Please download OTL by Old Timer. Save it to your Desktop.
If you can't download the exe file, try these links:
http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
  • Right-click OTL.exe (or OTL.com or OTL.scr) and select "Run as Administrator" to launch the program.
  • Click the Scan All Users checkbox.
    Leave the remaining selections to the default settings.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  • Please post the contents of both OTL.txt and Extras.txt files in your next reply.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Possible Virus

Unread postby rollo » April 16th, 2013, 1:34 pm

Hello nunped... here's my new logs

# AdwCleaner v2.200 - Logfile created 04/16/2013 at 09:45:02
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Brian - BRIAN-PC
# Boot Mode : Normal
# Running from : C:\Users\Brian\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
File Found : C:\Windows\SysWOW64\conduitEngine.tmp
Folder Found : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\WeCareReminder
Folder Found : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\92zw8cue.default\extensions\crossriderapp3026@crossrider.com
Folder Found : C:\Users\Brian\AppData\Local\APN
Folder Found : C:\Users\Brian\AppData\Local\Conduit
Folder Found : C:\Users\Brian\AppData\Local\Ilivid Player
Folder Found : C:\Users\Brian\AppData\LocalLow\Conduit
Folder Found : C:\Users\Brian\AppData\Roaming\Funmoods
Folder Found : C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\ffxtlbr@funmoods.com
Folder Found : C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\jetpack

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\StartSearch
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2818425
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Found : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Key Found : HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.ask.com/?l=dis&o=14597

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\prefs.js

Found : user_pref("extensions.enabledAddons", "support%40jtvdev.com:1.4,%7Bd40f5e7b-d2cf-4856-b441-cc613eeff[...]
Found : user_pref("extensions.funmoods.aflt", "nv1");
Found : user_pref("extensions.funmoods.appId", "{EA28B360-05E0-4F93-8150-02891F1D8D3C}");
Found : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Found : user_pref("extensions.funmoods.cntry", "US");
Found : user_pref("extensions.funmoods.cv", "cv5");
Found : user_pref("extensions.funmoods.dfltLng", "");
Found : user_pref("extensions.funmoods.dfltSrch", true);
Found : user_pref("extensions.funmoods.dfltlng", "en");
Found : user_pref("extensions.funmoods.dfltsrch", true);
Found : user_pref("extensions.funmoods.dnsErr", true);
Found : user_pref("extensions.funmoods.envrmnt", "production");
Found : user_pref("extensions.funmoods.excTlbr", false);
Found : user_pref("extensions.funmoods.hdrMd5", "5B0054BE238BB64C2C29AC4E2101F8E9");
Found : user_pref("extensions.funmoods.hmpg", true);
Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=nv1&cd=2XzuyEtN2Y1L1Qzu0B[...]
Found : user_pref("extensions.funmoods.hrdid", "BCAEC51369E42343");
Found : user_pref("extensions.funmoods.id", "BCAEC51369E42343");
Found : user_pref("extensions.funmoods.instlDay", "15763");
Found : user_pref("extensions.funmoods.instlRef", "");
Found : user_pref("extensions.funmoods.instlday", "15763");
Found : user_pref("extensions.funmoods.instlref", "");
Found : user_pref("extensions.funmoods.isdcmntcmplt", false);
Found : user_pref("extensions.funmoods.keywordurl", "");
Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Found : user_pref("extensions.funmoods.monitorreport", true);
Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=nv1&cd=2XzuyEtN2Y1L1Qzu[...]
Found : user_pref("extensions.funmoods.newtab", "false");
Found : user_pref("extensions.funmoods.newtaburl", "hxxp://searchfunmoods.com/?f=2&a=nv1&cd=2XzuyEtN2Y1L1Qzu[...]
Found : user_pref("extensions.funmoods.prdct", "funmoods");
Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods.prtnrid", "funmoods");
Found : user_pref("extensions.funmoods.savedVrsnTs", "1");
Found : user_pref("extensions.funmoods.sg", "none");
Found : user_pref("extensions.funmoods.smplgrp", "free");
Found : user_pref("extensions.funmoods.srch", "");
Found : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Found : user_pref("extensions.funmoods.srchprvdr", "Funmoods");
Found : user_pref("extensions.funmoods.tlbrId", "base");
Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=nv1&cd=2XzuyEtN2Y1L1Q[...]
Found : user_pref("extensions.funmoods.tlbrid", "base");
Found : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://searchfunmoods.com/?f=3&a=nv1&cd=2XzuyEtN2Y1L1Q[...]
Found : user_pref("extensions.funmoods.vrsn", "1.8.11.0");
Found : user_pref("extensions.funmoods.vrsni", "1.8.11.0");
Found : user_pref("extensions.funmoods.vrsnts", "");
Found : user_pref("extensions.funmoods_i.hmpg", true);
Found : user_pref("extensions.funmoods_i.newTab", false);
Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Found : user_pref("extensions.funmoods_i.vrsnTs", "1.8.11.012:5:53");
Found : user_pref("extensions.ghostery.blockingLog", "Blocked type: 3 content location: hxxp://www.google-an[...]

File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\92zw8cue.default\prefs.js

Found : user_pref("extensions.crossriderapp3026.3026.InstallationTime", 1345505725);
Found : user_pref("extensions.crossriderapp3026.3026.active", true);
Found : user_pref("extensions.crossriderapp3026.3026.addressbar", "");
Found : user_pref("extensions.crossriderapp3026.3026.backgroundjs", "\n\n// This app has been blocked\n");
Found : user_pref("extensions.crossriderapp3026.3026.backgroundver", 21);
Found : user_pref("extensions.crossriderapp3026.3026.can_run_bg_code", true);
Found : user_pref("extensions.crossriderapp3026.3026.certdomaininstaller", "");
Found : user_pref("extensions.crossriderapp3026.3026.changeprevious", false);
Found : user_pref("extensions.crossriderapp3026.3026.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]
Found : user_pref("extensions.crossriderapp3026.3026.cookie.InstallationTime.value", "1345505725");
Found : user_pref("extensions.crossriderapp3026.3026.description", "Software Assist is an add on designed to[...]
Found : user_pref("extensions.crossriderapp3026.3026.domain", "");
Found : user_pref("extensions.crossriderapp3026.3026.enablesearch", false);
Found : user_pref("extensions.crossriderapp3026.3026.fbremoteurl", "");
Found : user_pref("extensions.crossriderapp3026.3026.group", 0);
Found : user_pref("extensions.crossriderapp3026.3026.homepage", "");
Found : user_pref("extensions.crossriderapp3026.3026.iframe", false);
Found : user_pref("extensions.crossriderapp3026.3026.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]
Found : user_pref("extensions.crossriderapp3026.3026.internaldb.Resources_appVer.value", "173");
Found : user_pref("extensions.crossriderapp3026.3026.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]
Found : user_pref("extensions.crossriderapp3026.3026.internaldb.Resources_lastVersion.value", "0");
Found : user_pref("extensions.crossriderapp3026.3026.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp3026.3026.internaldb.Resources_meta.value", "%7B%7D");
Found : user_pref("extensions.crossriderapp3026.3026.internaldb.Resources_nextCheck.expiration", "Tue Jan 15[...]
Found : user_pref("extensions.crossriderapp3026.3026.internaldb.Resources_nextCheck.value", "true");
Found : user_pref("extensions.crossriderapp3026.3026.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]
Found : user_pref("extensions.crossriderapp3026.3026.internaldb.Resources_queue.value", "%7B%7D");
Found : user_pref("extensions.crossriderapp3026.3026.js", "\n\n// This app has been blocked\n\n\n\n");
Found : user_pref("extensions.crossriderapp3026.3026.manifesturl", "");
Found : user_pref("extensions.crossriderapp3026.3026.name", "Software Assist");
Found : user_pref("extensions.crossriderapp3026.3026.newtab", "");
Found : user_pref("extensions.crossriderapp3026.3026.opensearch", "");
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_13.name", "CrossriderAppUtils");
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_13.ver", 2);
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_14.name", "CrossriderUtils");
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_14.ver", 2);
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_15.code", "(function(f){var u={};var e=M[...]
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_15.name", "FacebookFFIE");
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_15.ver", 1);
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_16.name", "FFAppAPIWrapper");
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_16.ver", 4);
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_17.name", "jQuery");
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_17.ver", 3);
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_31.code", "if (!appAPI.monetize || appAP[...]
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_31.name", "dealply");
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_31.ver", 3);
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_47.name", "resources_background");
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_47.ver", 1);
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_60.code", "var MonitizationPluginsBase=f[...]
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_60.name", "base_monetization");
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_60.ver", 1);
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...]
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_64.name", "appApiMessage");
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_64.ver", 1);
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_65.code", "if (!appAPI.monetize || appAP[...]
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_65.name", "superfish_no_coupons");
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_65.ver", 1);
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...]
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_72.name", "appApiValidation");
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_72.ver", 1);
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_78.code", "if(typeof jQuery!==\"undefine[...]
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_78.name", "CrossriderInfo");
Found : user_pref("extensions.crossriderapp3026.3026.plugins.plugin_78.ver", 2);
Found : user_pref("extensions.crossriderapp3026.3026.plugins_lists.plugins_0", "17,14,16,64,47,72");
Found : user_pref("extensions.crossriderapp3026.3026.plugins_lists.plugins_1", "17,14,78,13,16,15,64,72,60,3[...]
Found : user_pref("extensions.crossriderapp3026.3026.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]
Found : user_pref("extensions.crossriderapp3026.3026.pluginsversion", 27);
Found : user_pref("extensions.crossriderapp3026.3026.publisher", "KlassKode");
Found : user_pref("extensions.crossriderapp3026.3026.searchstatus", 0);
Found : user_pref("extensions.crossriderapp3026.3026.setnewtab", false);
Found : user_pref("extensions.crossriderapp3026.3026.settingsurl", "");
Found : user_pref("extensions.crossriderapp3026.3026.thankyou", "");
Found : user_pref("extensions.crossriderapp3026.3026.updateinterval", 360);
Found : user_pref("extensions.crossriderapp3026.3026.ver", 173);
Found : user_pref("extensions.crossriderapp3026.adsOldValue", -1);
Found : user_pref("extensions.crossriderapp3026.apps", "3026");
Found : user_pref("extensions.crossriderapp3026.bic", "13946640b9e30b0e340c57d27625e08a");
Found : user_pref("extensions.crossriderapp3026.cid", 3026);
Found : user_pref("extensions.crossriderapp3026.firstrun", false);
Found : user_pref("extensions.crossriderapp3026.hadappinstalled", true);
Found : user_pref("extensions.crossriderapp3026.installationdate", 1345505725);
Found : user_pref("extensions.crossriderapp3026.lastcheck", 22637593);
Found : user_pref("extensions.crossriderapp3026.lastcheckitem", 22637593);
Found : user_pref("extensions.crossriderapp3026.modetype", "production");
Found : user_pref("extensions.enabledAddons", "crossriderapp3026%40crossrider.com:0.83.33,%7BCAFEEFAC-0016-0[...]

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [17406 octets] - [16/04/2013 09:45:02]

########## EOF - C:\AdwCleaner[R1].txt - [17467 octets] ##########
rollo
Active Member
 
Posts: 14
Joined: April 11th, 2013, 2:20 pm

Re: Possible Virus

Unread postby rollo » April 16th, 2013, 1:35 pm

..... And the OTL logs


OTL

OTL logfile created on: 4/16/2013 9:51:40 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brian\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 6.34 Gb Available Physical Memory | 80.03% Memory free
15.85 Gb Paging File | 14.11 Gb Available in Paging File | 89.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 17.30 Gb Free Space | 14.86% Space Free | Partition Type: NTFS
Drive D: | 327.83 Gb Total Space | 40.03 Gb Free Space | 12.21% Space Free | Partition Type: NTFS

Computer Name: BRIAN-PC | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/16 09:48:47 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Downloads\OTL.com
PRC - [2013/02/26 02:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2013/02/26 02:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2013/02/26 01:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
PRC - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/03 06:23:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) -- C:\Program Files (x86)\TightVNC\tvnserver.exe
PRC - [2010/11/20 05:17:56 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/11/07 03:47:34 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/09/23 17:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010/08/20 09:57:06 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2010/08/17 15:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010/08/16 23:34:22 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/08/16 23:30:54 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010/05/03 15:41:46 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010/01/08 14:15:24 | 001,118,208 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtWLan.exe
PRC - [2009/12/15 11:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/12/07 13:49:24 | 000,040,960 | ---- | M] (Realtek) -- C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe
PRC - [2009/09/30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/06/19 11:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009/06/15 18:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe


========== Modules (No Company Name) ==========

MOD - [2010/09/23 17:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2010/08/20 09:57:06 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010/08/20 09:57:00 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/11 08:24:59 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe -- (ekrn)
SRV:64bit: - [2010/06/22 12:20:42 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010/04/16 17:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/08/02 17:54:14 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/13 19:06:36 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/12 08:52:12 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/26 02:28:44 | 000,357,456 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2013/02/26 02:28:26 | 000,436,304 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2013/02/26 01:30:42 | 000,087,120 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2012/12/18 07:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/11/09 12:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/11 16:15:30 | 000,918,680 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2012/08/23 12:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/05/11 15:09:52 | 000,177,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe -- (WysePocketCloud)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/03 06:23:54 | 000,828,944 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files (x86)\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2010/08/16 23:34:22 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/08/16 23:30:54 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 11:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/12/07 13:49:24 | 000,040,960 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe -- (Realtek87B)
SRV - [2009/10/20 11:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/09/30 20:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/09/30 20:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/06/15 18:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/10 16:27:10 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2013/02/26 02:28:48 | 000,067,664 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2013/02/26 02:28:14 | 000,030,800 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2013/02/26 02:27:48 | 000,020,120 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2013/02/26 02:27:44 | 000,033,360 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd2)
DRV:64bit: - [2013/02/11 21:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/10/24 14:17:14 | 000,070,296 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsock.sys -- (vsock)
DRV:64bit: - [2012/10/24 14:17:10 | 000,085,104 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2012/10/11 16:15:32 | 000,052,376 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2012/10/11 16:15:06 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2012/09/19 11:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/09/19 11:02:06 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012/03/14 08:40:04 | 000,187,632 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\epfw.sys -- (epfw)
DRV:64bit: - [2012/03/14 08:40:04 | 000,062,496 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\epfwwfp.sys -- (epfwwfp)
DRV:64bit: - [2012/03/14 08:40:04 | 000,038,288 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV:64bit: - [2012/03/14 08:40:02 | 000,209,768 | ---- | M] (ESET) [File_System | System | Running] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2012/03/14 08:40:02 | 000,148,528 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/22 09:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 14:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/06/27 02:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/05/18 10:21:54 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/03 17:31:44 | 000,106,424 | ---- | M] (e2eSoft) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VCam_WDM.sys -- (VCam_WDM)
DRV:64bit: - [2010/11/20 06:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:49:52 | 000,146,432 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rmcast.sys -- (RMCAST)
DRV:64bit: - [2010/09/24 20:24:26 | 000,229,376 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
DRV:64bit: - [2010/09/24 20:24:26 | 000,069,120 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
DRV:64bit: - [2010/08/16 06:49:59 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2010/07/20 22:33:49 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/06/21 00:07:37 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/05/25 08:14:34 | 000,031,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OXUDIDRV_x64.sys -- (OXUDIDRV)
DRV:64bit: - [2010/05/12 23:00:21 | 000,190,464 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\S6000KNT.sys -- (S6000KNT)
DRV:64bit: - [2010/05/02 20:46:03 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010/04/28 09:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/27 17:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 17:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 15:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 15:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/04/27 10:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010/04/27 10:25:20 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd)
DRV:64bit: - [2010/04/27 10:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010/04/27 10:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010/04/16 17:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/04/14 02:01:44 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2010/03/04 02:53:01 | 000,075,816 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/03/03 04:51:39 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/06 20:20:22 | 000,448,512 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8187.sys -- (RTL8187)
DRV:64bit: - [2009/10/20 11:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/09/28 09:55:42 | 000,051,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OXSDIDRV_x64.sys -- (OXSDIDRV_x64)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/09/01 22:19:32 | 000,026,496 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aticir.sys -- (AtiIrRcvr)
DRV:64bit: - [2009/09/01 22:18:04 | 001,551,616 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atinavrr.sys -- (ATIAVPCI)
DRV:64bit: - [2009/07/20 02:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/30 21:46:51 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/06/30 21:46:47 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/06/30 21:46:39 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/10 13:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 10:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2009/04/07 00:33:07 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2008/05/23 18:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008/03/13 00:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)
DRV:64bit: - [2006/10/18 02:00:00 | 000,052,760 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2818425


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2070526624-2483950506-4163818189-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-2070526624-2483950506-4163818189-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKU\S-1-5-21-2070526624-2483950506-4163818189-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2070526624-2483950506-4163818189-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=14597
IE - HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\..\URLSearchHook: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - No CLSID value found
IE - HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?clien ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYUS&apn_uid=0c0c40cd-fe88-418f-85a2-1f02fc51a0d2&apn_sauid=4E06E899-D956-499C-8676-EDA383656097
IE - HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2818425
IE - HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: support%40jtvdev.com:1.4
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: support%40lastpass.com:2.0.0
FF - prefs.js..extensions.enabledAddons: %7B5ebdca98-43b3-45bb-87e0-716029fb42ab%7D:6.1
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40funmoods.com:1.5.0
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.18: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll (OnLive)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Brian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Brian\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Brian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Brian\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Brian\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET SMART SECURITY\MOZILLA THUNDERBIRD [2012/07/10 16:05:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 08:52:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/16 09:32:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2012/07/10 16:05:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 08:52:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/04/16 09:32:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Brian\AppData\Roaming\IDM\idmmzcc3

[2012/04/11 20:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions
[2013/03/20 21:27:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions
[2013/02/27 13:06:11 | 000,000,000 | ---D | M] ("Nuova scheda") -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}
[2013/02/27 13:06:12 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\ffxtlbr@funmoods.com
[2013/03/20 21:27:20 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\firefox@ghostery.com
[2013/02/15 20:20:35 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\support@lastpass.com
[2013/02/27 13:05:31 | 000,216,743 | ---- | M] () (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\freehdsport@freehdsport.tv.xpi
[2013/02/28 10:45:42 | 000,224,945 | ---- | M] () (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\gophoto@gophoto.it.xpi
[2013/02/12 18:33:27 | 000,006,373 | ---- | M] () (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\support@jtvdev.com.xpi
[2013/02/14 22:13:57 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/02/12 18:39:20 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013/04/12 08:51:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/12 08:51:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/04/12 08:51:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/04/12 08:52:15 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/04/12 08:52:07 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/04/08 14:51:59 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2013/04/12 08:52:07 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0\chvsharetvplg.dll
CHR - plugin: vShare.tv plug-in (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Brian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Brian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.350.10 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: OnLive Game Client Detector (Enabled) = C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - Extension: FreeHDSport.TV = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok\1.2_0\
CHR - Extension: YouTube = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Software Assist = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jenkhamomijcoocoblchfbobohfabaff\1.23.175_0\crossrider
CHR - Extension: Software Assist = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jenkhamomijcoocoblchfbobohfabaff\1.23.175_0\
CHR - Extension: GoPhoto.it = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk\1.5_0\
CHR - Extension: Gmail = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/09/06 15:08:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files (x86)\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-21-2070526624-2483950506-4163818189-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2070526624-2483950506-4163818189-1000..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
O4 - HKU\S-1-5-21-2070526624-2483950506-4163818189-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2070526624-2483950506-4163818189-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2070526624-2483950506-4163818189-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.co ... 4.21.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2651E2BC-A17D-4DBA-974C-4E4BE440C8A3}: DhcpNameServer = 68.238.64.12 68.238.96.12 68.238.128.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D1023C5-9348-4B5E-A57C-35E7B4BB26AA}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD7A3D2A-854E-47E7-A465-CED89E576E6C}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (C:\Windows\SYSTEM32\RtlGina\RtlGina.DLL) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/12 08:51:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/04/10 15:26:15 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Malwarebytes
[2013/04/10 15:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/10 15:25:54 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/10 15:25:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/04/09 22:57:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/09 22:57:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/09 22:57:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/09 22:57:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/09 22:57:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/09 22:57:08 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/09 22:57:08 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/09 22:57:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/09 22:57:06 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/09 22:57:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/09 22:57:05 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/09 22:57:04 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/09 22:57:01 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/09 22:57:00 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/09 22:57:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/09 21:49:26 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/04/09 21:49:24 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/04/09 21:49:23 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/04/09 21:49:23 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/04/09 21:49:22 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/04/09 21:49:22 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/04/09 21:49:00 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/09 21:48:56 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/09 21:48:56 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/09 21:48:54 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/09 21:48:53 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/09 21:48:53 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/04/05 10:01:27 | 000,070,296 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vsock.sys
[2013/04/05 10:01:27 | 000,067,224 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vsocklib.dll
[2013/04/05 10:01:27 | 000,063,128 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vsocklib.dll
[2013/04/05 10:01:22 | 000,067,664 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmx86.sys
[2013/04/05 10:01:22 | 000,033,360 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\VMkbd.sys
[2013/04/05 10:00:52 | 000,436,304 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnat.exe
[2013/04/05 10:00:52 | 000,357,456 | ---- | C] (VMware, Inc.) -- C:\Windows\SysWow64\vmnetdhcp.exe
[2013/04/05 10:00:51 | 000,030,800 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\vmnetuserif.sys
[2013/04/05 10:00:48 | 000,933,968 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\vnetlib64.dll
[2013/04/05 10:00:33 | 000,052,376 | ---- | C] (VMware, Inc.) -- C:\Windows\SysNative\drivers\hcmon.sys
[2013/04/05 10:00:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
[2013/04/05 10:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\VMware
[2013/04/05 10:00:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VMware
[2013/04/05 09:09:14 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\VMware
[2013/04/05 09:09:08 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\VMware
[2013/04/05 08:36:20 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2013/04/05 08:36:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VMware
[2013/04/05 08:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/03/29 18:18:11 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PrivitizeVPN
[2013/03/29 18:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PrivitizeVPN
[2013/03/29 15:35:10 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\Programs
[2013/03/29 10:30:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ALFA Wireless LAN Driver and Utility
[2013/03/29 10:29:09 | 000,448,512 | R--- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\SysNative\drivers\rtl8187.sys
[2013/03/29 10:28:59 | 000,614,400 | ---- | C] (Realtek Semiconductor Corp. ) -- C:\Windows\SysWow64\Rtlihvs.dll
[2013/03/29 10:28:59 | 000,380,928 | ---- | C] (Realtek) -- C:\Windows\RtlUI2.exe
[2013/03/29 10:28:58 | 000,188,416 | ---- | C] (Realtek Semiconductor Corp. ) -- C:\Windows\SysWow64\RTLExtUI.dll
[2013/03/29 10:28:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\RtlGina
[2013/03/22 00:36:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/16 09:42:56 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/16 09:42:56 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/16 09:35:56 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/16 09:35:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/16 09:35:02 | 2088,128,511 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/16 09:33:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/16 09:27:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/16 09:10:11 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2070526624-2483950506-4163818189-1002UA.job
[2013/04/13 19:06:36 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/04/13 19:06:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/04/12 17:14:48 | 000,784,428 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/12 17:14:48 | 000,663,696 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/12 17:14:48 | 000,122,860 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/12 10:27:22 | 000,002,050 | ---- | M] () -- C:\Users\Brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/04/12 08:10:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2070526624-2483950506-4163818189-1002Core.job
[2013/04/10 16:27:10 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/04/10 15:17:51 | 000,001,605 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013/04/10 14:43:15 | 000,000,968 | ---- | M] () -- C:\Users\Brian\Documents\cc_20130410_144310.reg
[2013/04/10 06:25:17 | 000,285,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/05 10:01:29 | 000,001,017 | ---- | M] () -- C:\Users\Brian\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk
[2013/04/05 10:00:25 | 000,797,718 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/05 08:04:19 | 000,000,170 | ---- | M] () -- C:\Users\Brian\Documents\cc_20130405_080414.reg
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/30 14:00:05 | 000,001,128 | ---- | M] () -- C:\Users\Brian\Documents\cc_20130330_135943.reg
[2013/03/30 05:39:55 | 000,002,590 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013/03/29 17:41:41 | 000,000,372 | ---- | M] () -- C:\Users\Brian\Documents\cc_20130329_174132.reg
[2013/03/29 15:37:06 | 000,000,856 | ---- | M] () -- C:\Users\Brian\Documents\cc_20130329_153658.reg
[2013/03/29 15:36:40 | 000,005,818 | ---- | M] () -- C:\Users\Brian\Documents\cc_20130329_153636.reg
[2013/03/29 10:30:05 | 000,002,266 | ---- | M] () -- C:\Users\Public\Desktop\ALFA Wireless LAN Driver and Utility.lnk
[2013/03/18 23:04:06 | 005,550,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/03/18 22:46:56 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/03/18 22:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/03/18 22:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/03/18 21:47:50 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/03/18 20:06:33 | 000,112,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/10 16:27:10 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013/04/10 14:43:12 | 000,000,968 | ---- | C] () -- C:\Users\Brian\Documents\cc_20130410_144310.reg
[2013/04/05 10:01:29 | 000,001,017 | ---- | C] () -- C:\Users\Brian\Application Data\Microsoft\Internet Explorer\Quick Launch\VMware Player.lnk
[2013/04/05 08:04:17 | 000,000,170 | ---- | C] () -- C:\Users\Brian\Documents\cc_20130405_080414.reg
[2013/03/30 13:59:52 | 000,001,128 | ---- | C] () -- C:\Users\Brian\Documents\cc_20130330_135943.reg
[2013/03/29 17:41:39 | 000,000,372 | ---- | C] () -- C:\Users\Brian\Documents\cc_20130329_174132.reg
[2013/03/29 15:37:00 | 000,000,856 | ---- | C] () -- C:\Users\Brian\Documents\cc_20130329_153658.reg
[2013/03/29 15:36:38 | 000,005,818 | ---- | C] () -- C:\Users\Brian\Documents\cc_20130329_153636.reg
[2013/03/29 10:30:05 | 000,002,266 | ---- | C] () -- C:\Users\Public\Desktop\ALFA Wireless LAN Driver and Utility.lnk
[2013/03/29 10:28:57 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2013/03/16 06:38:51 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/09/27 12:04:42 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012/09/06 14:59:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/09/06 14:59:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/09/06 14:59:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/09/06 14:59:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/09/06 14:59:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/29 22:19:32 | 000,030,208 | ---- | C] () -- C:\Users\Brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/16 18:05:41 | 000,797,718 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/14 19:16:57 | 000,065,536 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\kb9jrt0j.default.dat
[2011/09/09 22:52:56 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll

========== ZeroAccess Check ==========

[2012/09/06 12:59:30 | 000,000,000 | ---D | M] -- C:\Windows\Installer\{02c5a83a-54c6-c68b-f1c6-8d0fc2d760dc}\U
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 05:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:41099CE9

< End of report >


OTL EXTRAS

OTL Extras logfile created on: 4/16/2013 9:51:40 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Brian\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 6.34 Gb Available Physical Memory | 80.03% Memory free
15.85 Gb Paging File | 14.11 Gb Available in Paging File | 89.05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116.44 Gb Total Space | 17.30 Gb Free Space | 14.86% Space Free | Partition Type: NTFS
Drive D: | 327.83 Gb Total Space | 40.03 Gb Free Space | 12.21% Space Free | Partition Type: NTFS

Computer Name: BRIAN-PC | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{578831A8-CB47-471F-A552-907EC3E9E040}" = Iomega Encryption
"{5AC309D7-93D6-418F-8DCA-DD710724A5B4}" = Windows Live Family Safety
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7F2540AD-FD82-427A-8FDC-33EC53C8B17A}" = Fresco Logic USB3.0 Host Controller
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E452E727-86B8-4233-8CC3-41FD817AFAFF}" = VMware Player
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F7274D82-C857-4C20-AB1A-D701D64BFD90}" = ESET Smart Security
"0E74EB10C05C955C24243E6D3120CDC972FC5B1D" = Windows Driver Package - Broadcom HIDClass (06/11/2009 6.2.0.9500)
"2AA10AB519DC7432D599A0E860206A7DDCC27764" = Windows Driver Package - Broadcom Bluetooth (07/29/2009 6.1.7100.0)
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-x64 7.0.5.13_WHQL
"F9FD5BBF579A4BFD40D38BE291F731666B27DC28" = Windows Driver Package - Broadcom Bluetooth (07/17/2009 6.2.0.9403)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"WinRAR archiver" = WinRAR archiver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{04FCD5DE-1662-4F99-BDA9-C57212113EF2}" = RemoteComms External Disk Access
"{0659E943-DDF4-44FC-9FEE-A13B09F8BB08}" = Adobe Flash Media Live Encoder 3.2
"{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}" = SonicMaster
"{0DF70CB6-553A-4C57-8E6D-87635EECFB78}" = REALTEK Wireless LAN Driver and Utility
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18D13E8A-7BD3-486F-847D-57FBE828F537}_is1" = Total Audio MP3 Converter v2.3 build 1037
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{5F3BEA61-E868-4863-84DD-7B11F489D072}" = Anti reCAPTCHA v2.06
"{607169F0-07F6-4797-99D2-D5E7C4715E20}" = Mega Manager
"{617472E0-1E87-43AE-8CEF-83F4D018DEFC}" = ATI Hybrid TV Tuner Driver v6.14.10.389 64bit Win7
"{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70184743-6B98-4DEA-A847-9B8B3F6F56ED}" = XSplit
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BF67A61-BE7C-4806-B93C-97F299D6A6FE}" = ASUS AI Recovery
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89EC099E-958D-462E-972C-385591946978}" = TurboTax 2012 WinPerFedFormset
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A2C75893-2E01-5E4F-B170-CF9A42B7C485}" = Bitrate Starter
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8B1F076-965D-4663-A9D4-C2FB58A42AE4}" = TurboTax 2012 WinPerTaxSupport
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9CE0266-6801-3B33-94AD-00520085CF4B}" = Google Talk Plugin
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.6)
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B158F76F-76AB-4115-A4F0-4C6EF6956093}_is1" = VirtualDubMOD 1.5.10.3 US
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD8F867A-0ACB-427D-A4F2-9AEE29FBF98B}" = PocketCloud Windows Companion
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CC568376-DDDE-45F4-AC88-C39184455B8D}_is1" = Bigasoft MKV Converter 3.7.12.4636
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E83F5F27-43F3-4163-ABE5-F68C989286ED}" = TurboTax 2012 wrapper
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EFD2807A-C66B-4C13-8FB8-42FCA6DEF171}" = TurboTax 2012 wcaiper
"{F014B696-28C5-4554-802F-A15380418F53}" = TurboTax 2012 WinPerReleaseEngine
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{FC9B811E-39BC-4813-9E29-B83CCF700010}" = USB2.0 2.0M UVC WebCam
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"1ClickDownload" = VipBoxSportsApp
"AC3Filter_is1" = AC3Filter 2.4a
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS WebStorage" = ASUS WebStorage
"ASUS_N3_Series" = ASUS_N3_Series
"Avidemux 2.5 (64-bit)" = Avidemux 2.5
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.themakers.air.BitrateStarter.4EBFA691E72B0030FC867CF7057E09B65828D520.1" = Bitrate Starter
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2011-11-11
"DAEMON Tools Lite" = DAEMON Tools Lite
"DVD Flick_is1" = DVD Flick 1.3.0.7
"e2eSoft VCam_is1" = e2eSoft VCam v5.1
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Flv Recorder_is1" = FlvRecorder
"foobar2000" = foobar2000 v1.1.10
"FormatFactory" = FormatFactory 2.96
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.5
"InstallShield_{1F7424F8-F992-48BC-90EF-7C4DB0405E3F}" = Alcor Micro USB Card Reader
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{617472E0-1E87-43AE-8CEF-83F4D018DEFC}" = ATI Hybrid TV Tuner Driver v6.14.10.389 64bit Win7
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"ManyCam" = ManyCam 2.4 (remove only)
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MPE" = MyPhoneExplorer
"Mplayer" = Mplayer 0.6.9
"NVIDIA.Updatus" = NVIDIA Updatus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"OnLive" = OnLive
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"PokerStars.net" = PokerStars.net
"Postal 2 Share The Pain" = Postal 2 Share The Pain
"PrivitizeVPN" = PrivitizeVPN
"Privoxy" = Privoxy (remove only)
"Revo Uninstaller" = Revo Uninstaller 1.91
"Software Assist" = Software Assist
"SopCast" = SopCast 3.3.2
"SpeedFan" = SpeedFan (remove only)
"SubRip" = SubRip 1.16 (remove only)
"SubtitleEdit_is1" = Subtitle Edit 3.2.8
"SubtitleWorkshop" = Subtitle Workshop 2.51
"TightVNC" = TightVNC 2.0.4
"Tiny Media Player_is1" = Tiny Media Player v1.0
"Trillian" = Trillian
"TurboTax 2012" = TurboTax 2012
"uTorrent" = µTorrent
"Veetle Broadcaster" = Veetle Broadcaster 0.9.18
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 1.1.9
"VMware_Player" = VMware Player
"WinGimp-2.0_is1" = GIMP 2.4.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/10/2013 9:45:25 AM | Computer Name = Brian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3011

Error - 4/10/2013 9:45:25 AM | Computer Name = Brian-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3011

Error - 4/10/2013 5:46:13 PM | Computer Name = Brian-PC | Source = Application Hang | ID = 1002
Description = The program mbam.exe version 1.75.0.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 594 Start Time:
01ce3634953ebcef Termination Time: 5 Application Path: C:\Program Files (x86)\Malwarebytes'
Anti-Malware\mbam.exe Report Id: fc45945b-a227-11e2-a96f-005056c00008

Error - 4/10/2013 6:27:34 PM | Computer Name = Brian-PC | Source = Application Hang | ID = 1002
Description = The program mbam.exe version 1.75.0.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1174 Start Time:
01ce363a697d6d3f Termination Time: 10 Application Path: C:\Program Files (x86)\Malwarebytes'
Anti-Malware\mbam.exe Report Id: ca0915cf-a22d-11e2-b73e-005056c00008

Error - 4/10/2013 6:28:32 PM | Computer Name = Brian-PC | Source = Application Hang | ID = 1002
Description = The program mbam.exe version 1.75.0.1 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 1294 Start Time:
01ce363a98f2b633 Termination Time: 10 Application Path: C:\Program Files (x86)\Malwarebytes'
Anti-Malware\mbam.exe Report Id: ed42ef5a-a22d-11e2-b73e-005056c00008

Error - 4/10/2013 7:52:56 PM | Computer Name = Brian-PC | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 19.0.2.4814 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1514 Start
Time: 01ce3644dbc9956d Termination Time: 70 Application Path: C:\Program Files (x86)\Mozilla
Firefox\firefox.exe Report Id: 97c1e04b-a239-11e2-92e4-005056c00008

Error - 4/13/2013 5:28:41 AM | Computer Name = Brian-PC | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved

Error - 4/13/2013 5:33:00 AM | Computer Name = Brian-PC | Source = Application Hang | ID = 1002
Description = The program SUPERAntiSpyware.exe version 5.6.0.1014 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 17a0 Start
Time: 01ce38293df1c710 Termination Time: 0 Application Path: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

Report
Id: 123bca98-a41d-11e2-bc19-005056c00008

Error - 4/14/2013 9:27:04 PM | Computer Name = Brian-PC | Source = PocketCloudService | ID = 0
Description = Service cannot be started. The service process could not connect to
the service controller

Error - 4/14/2013 10:00:00 PM | Computer Name = Brian-PC | Source = Windows Backup | ID = 4103
Description =

Error - 4/15/2013 12:11:01 PM | Computer Name = Brian-PC | Source = Application Hang | ID = 1002
Description = The program vmplayer.exe version 9.0.2.35902 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 115c Start
Time: 01ce39f3c2012015 Termination Time: 3 Application Path: C:\Program Files (x86)\VMware\VMware
Player\vmplayer.exe Report Id: 0823fd98-a5e7-11e2-bf2d-005056c00008

[ Media Center Events ]
Error - 9/8/2011 10:25:13 PM | Computer Name = Brian-PC | Source = ehRecvr | ID = 3
Description = TV tuner encountered an error. (0xc0040524) ATSC/QAM Digital Tuner

Error - 9/26/2011 6:11:31 PM | Computer Name = Brian-PC | Source = MCUpdate | ID = 0
Description = 3:11:30 PM - Error connecting to the internet. 3:11:30 PM - Unable
to contact server..

Error - 10/2/2011 5:25:56 PM | Computer Name = Brian-PC | Source = MCUpdate | ID = 0
Description = 2:25:56 PM - Error connecting to the internet. 2:25:56 PM - Unable
to contact server..

Error - 10/2/2011 6:26:52 PM | Computer Name = Brian-PC | Source = MCUpdate | ID = 0
Description = 3:26:52 PM - Error connecting to the internet. 3:26:52 PM - Unable
to contact server..

Error - 10/2/2011 7:27:53 PM | Computer Name = Brian-PC | Source = MCUpdate | ID = 0
Description = 4:27:53 PM - Error connecting to the internet. 4:27:53 PM - Unable
to contact server..

Error - 10/19/2011 7:10:40 PM | Computer Name = Brian-PC | Source = MCUpdate | ID = 0
Description = 4:10:40 PM - Error connecting to the internet. 4:10:40 PM - Unable
to contact server..

Error - 5/12/2012 6:43:33 AM | Computer Name = Brian-PC | Source = MCUpdate | ID = 0
Description = 3:43:33 AM - Error connecting to the internet. 3:43:33 AM - Unable
to contact server..

Error - 5/12/2012 7:43:38 AM | Computer Name = Brian-PC | Source = MCUpdate | ID = 0
Description = 4:43:38 AM - Error connecting to the internet. 4:43:38 AM - Unable
to contact server..

Error - 5/12/2012 8:43:43 AM | Computer Name = Brian-PC | Source = MCUpdate | ID = 0
Description = 5:43:43 AM - Error connecting to the internet. 5:43:43 AM - Unable
to contact server..

Error - 5/17/2012 8:18:38 AM | Computer Name = Brian-PC | Source = MCUpdate | ID = 0
Description = 5:18:37 AM - Error connecting to the internet. 5:18:37 AM - Unable
to contact server..

[ System Events ]
Error - 4/16/2013 12:08:02 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 4/16/2013 12:08:02 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 4/16/2013 12:08:23 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 4/16/2013 12:08:23 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 4/16/2013 12:08:31 PM | Computer Name = Brian-PC | Source = DCOM | ID = 10016
Description =

Error - 4/16/2013 12:35:23 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 4/16/2013 12:35:42 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
pvkvlw

Error - 4/16/2013 12:36:01 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7023
Description = The Function Discovery Resource Publication service terminated with
the following error: %%-2147024891

Error - 4/16/2013 12:36:01 PM | Computer Name = Brian-PC | Source = Service Control Manager | ID = 7001
Description = The HomeGroup Provider service depends on the Function Discovery Resource
Publication service which failed to start because of the following error: %%-2147024891

Error - 4/16/2013 12:36:23 PM | Computer Name = Brian-PC | Source = DCOM | ID = 10016
Description =


< End of report >
rollo
Active Member
 
Posts: 14
Joined: April 11th, 2013, 2:20 pm

Re: Possible Virus

Unread postby nunped » April 17th, 2013, 3:40 pm

Hi rollo,

Have you uninstalled utorrent? It's still showing in your installed programs list.
If you didn't, please uninstall it and let me know so we can continue the cleaning process.
If you did, then we may need to remove the remains.
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Possible Virus

Unread postby rollo » April 17th, 2013, 3:51 pm

Hi nunped,

We should be good now just uninstalled utorrent.
rollo
Active Member
 
Posts: 14
Joined: April 11th, 2013, 2:20 pm

Re: Possible Virus

Unread postby nunped » April 17th, 2013, 6:05 pm

Ok :) Let's continue:

Step 1 - Fix with AdwCleaner
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Delete.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 2 - Fix with OTL
  • Right click OTL.exe and select "Run as Administrator" to launch the program.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:commands
[createrestorepoint]

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2818425
IE - HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\..\URLSearchHook: {7aeb3efd-e564-43f1-b658-5058a7c5743b} - No CLSID value found
IE - HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ie ... 06&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2818425
FF - prefs.js..extensions.enabledAddons: support%40jtvdev.com:1.4
FF - prefs.js..extensions.enabledAddons: %7B5ebdca98-43b3-45bb-87e0-716029fb42ab%7D:6.1
FF - prefs.js..extensions.enabledAddons: ffxtlbr%40funmoods.com:1.5.0
[2013/02/27 13:06:11 | 000,000,000 | ---D | M] ("Nuova scheda") -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}
[2013/02/27 13:06:12 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\ffxtlbr@funmoods.com
[2013/02/27 13:05:31 | 000,216,743 | ---- | M] () (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\freehdsport@freehdsport.tv.xpi
[2013/02/12 18:33:27 | 000,006,373 | ---- | M] () (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\support@jtvdev.com.xpi
[2013/04/12 08:51:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013/04/12 08:51:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
CHR - plugin: Java(TM) Platform SE 6 U35 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - Extension: FreeHDSport.TV = C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok\1.2_0\
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:41099CE9
IE - HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?l=dis&o=14597
IE - HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com

:commands
[emptytemp]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Step 3 - SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2

  • Right click SystemLook.exe and select "run as administrator" to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *conduit*
    *daemon*
    *wecare*
    *funmoods*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *conduit*
    *daemon*
    *wecare*
    *funmoods*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    conduit
    daemon
    wecare
    funmoods
    
  • Click the Look button to start the scan.
    The scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Possible Virus

Unread postby rollo » April 17th, 2013, 6:32 pm

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Microsoft\Internet Explorer\URLSearchHooks\\{7aeb3efd-e564-43f1-b658-5058a7c5743b} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\ not found.
HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.
Registry key HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: support%40jtvdev.com:1.4 removed from extensions.enabledAddons
Prefs.js: %7B5ebdca98-43b3-45bb-87e0-716029fb42ab%7D:6.1 removed from extensions.enabledAddons
Prefs.js: ffxtlbr%40funmoods.com:1.5.0 removed from extensions.enabledAddons
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\skin\images\defavs folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\skin\images folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\skin\icons folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\skin\css folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\skin folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\modules\data folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\modules folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\locale\tr folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\locale\pt_BR folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\locale\pl folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\locale\nl folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\locale\ja folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\locale\it folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\locale\hi folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\locale\fr folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\locale\es folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\locale\en-US folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\locale\de folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\locale\ar folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\locale folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\defaults\preferences folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\defaults folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\content\scripts\lib folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\content\scripts\js.showcase folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\content\scripts folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\content folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab}\components folder moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\{5ebdca98-43b3-45bb-87e0-716029fb42ab} folder moved successfully.
Folder C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\ffxtlbr@funmoods.com\ not found.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\freehdsport@freehdsport.tv.xpi moved successfully.
C:\Users\Brian\AppData\Roaming\Mozilla\Firefox\Profiles\kkb6fudd.default-1360718465847\extensions\support@jtvdev.com.xpi moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} folder moved successfully.
File C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll not found.
C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok\1.2_0\js folder moved successfully.
C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok\1.2_0\images folder moved successfully.
C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok\1.2_0\html folder moved successfully.
C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok\1.2_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
ADS C:\ProgramData\Temp:41099CE9 deleted successfully.
HKU\S-1-5-21-2070526624-2483950506-4163818189-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 324217 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->FireFox cache emptied: 54926510 bytes
->Google Chrome cache emptied: 9528721 bytes
->Flash cache emptied: 56972 bytes

User: All Users

User: Brian
->Temp folder emptied: 686020605 bytes
->Temporary Internet Files folder emptied: 34185060 bytes
->Java cache emptied: 3177173 bytes
->FireFox cache emptied: 122401209 bytes
->Google Chrome cache emptied: 63127905 bytes
->Flash cache emptied: 59020 bytes

User: Brian S
->Temp folder emptied: 377951 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Google Chrome cache emptied: 6503206 bytes
->Flash cache emptied: 56466 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1714115 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 267739354 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67496 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,193.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04172013_151510

Files\Folders moved on Reboot...
C:\Users\Brian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-3516.log moved successfully.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\atmosphere.glslesf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\atmosphere.glslesv scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\atmosphere.glsllib scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\glsles.h scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\precipitation_double_cone.glslesf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\precipitation_double_cone.glslesv scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\speedtree_configuration_glsles.h scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\speedtree_utils_glsles.h scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbillboard.arbfp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbillboard.arbvp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbillboard.asd scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbillboard.cfg scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbillboard.glslesf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbillboard.glslesv scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbillboard.ps_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbillboard.vs_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbranch.arbfp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbranch.arbvp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbranch.asd scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbranch.cfg scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbranch.glslesf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbranch.glslesv scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbranch.ps_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stbranch.vs_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stcommonobjects.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stfrond.arbfp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stfrond.arbvp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stfrond.asd scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stfrond.cfg scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stfrond.glslesf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stfrond.glslesv scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stfrond.ps_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stfrond.vs_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafcard.arbfp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafcard.arbvp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafcard.asd scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafcard.cfg scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafcard.glslesf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafcard.glslesv scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafcard.ps_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafcard.vs_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafmesh.arbfp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafmesh.arbvp1 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafmesh.asd scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafmesh.cfg scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafmesh.glslesf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafmesh.glslesv scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafmesh.ps_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\stleafmesh.vs_2_0 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\water.glsllib scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\watersurface.glslesf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\shaders\watersurface.glslesv scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\planet\earth.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\keyboard\generic.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\keyboard\sr22.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\hud\generic.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\hud\sr22.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\generic.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\genius_maxfighter_f16u.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\logitech_attack3.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\logitech_extreme_3d.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\logitech_force_3d.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\logitech_freedom.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\saitek_cyborg_evo.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\saitek_x52.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\speed_link_black_hawk.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\speed_link_black_widow.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\speed_link_cougar_flightstick.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\speed_link_dark_tornado.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\controller\xbox_360.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\aircraft\f16.acf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\aircraft\sr22.acf scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\flightsim\flightsim.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\application.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\balloons.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\builtin_webdata.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\cursor_crosshair_inverse.png scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\cursor_crosshair_thick.png scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\doppler.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\effects.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\filmstrip.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\leftpanel-common.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\leftpanel-layer.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\localshapes.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\navcontrols.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\notifications.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\progress.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\renderui.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\search.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\spin_icon.png scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\statusbar.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\terrainmgr.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\tmcontrols.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\toolbar.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\tourcontrols.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\unknown_plugin.png scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\userpalette.kml scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\res\webbrowser.rcc scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\ar.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\bg.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\ca.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\cs.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\da.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\de.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\el.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\en.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\es-419.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\es.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\fa.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\fi.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\fil.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\fr.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\he.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\hi.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\hr.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\hu.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\id.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\it.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\ja.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\ko.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\lt.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\lv.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\nl.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\no.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\pl.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\pt-PT.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\pt.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\ro.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\ru.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\sk.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\sl.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\sr.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\sv.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\th.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\tr.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\uk.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\vi.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\zh-Hans.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\zh-Hant-HK.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\lang\zh-Hant.qm scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\imageformats\qgif4.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\imageformats\qjpeg4.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\optimizations\IGOptExtension.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\D3DCompiler_43.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\d3dx9_43.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGAttrs.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGGfx.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGSg.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\libEGL.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\libGLESv2.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogl\IGAttrs.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogl\IGGfx.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogl\IGSg.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemyext.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\drivers.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\earthps.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\geplugin.exe scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\ge_expat.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\googleearth.exe.local scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\googleearth_free.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\google_earth.ico scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\gpl.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\icudt.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGAttrs.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGCore.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGExportCommon.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGGfx.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGMath.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGOpt.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGSg.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGUtils.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\ImporterGlobalSettings.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\ImporterUISettings.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\kh20 scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\msvcp100.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\msvcr100.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\npgeplugin.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\PCOptimizations.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\plugin_ax.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtCore4.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtGui4.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtNetwork4.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtWebKit4.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\program files\Google\Google Earth\plugin\uninstall.ico scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\0x0409.ini scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\Google Earth.msi scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\GoogleEarth.exe scheduled to be moved on reboot.
File move failed. C:\Windows\temp\._msigeplugin61\Setup.ini scheduled to be moved on reboot.
C:\Windows\temp\mavcperf-setup.log moved successfully.
C:\Windows\temp\UDD6A75.tmp moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
rollo
Active Member
 
Posts: 14
Joined: April 11th, 2013, 2:20 pm

Re: Possible Virus

Unread postby rollo » April 17th, 2013, 6:58 pm

i ran the systemlook scan ... nothing came up on the log it was completely empty
rollo
Active Member
 
Posts: 14
Joined: April 11th, 2013, 2:20 pm

Re: Possible Virus

Unread postby nunped » April 21st, 2013, 2:38 pm

Hi rollo,

Sorry for the delay...
Please try the following:

  • Reboot your computer.
  • Download a new copy of systemlook
  • Follow my previous instructions (for Step 3) carefully
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Possible Virus

Unread postby rollo » April 21st, 2013, 4:34 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 13:04 on 21/04/2013 by Brian
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

No Context: filefind

No Context: *Fun4IM*

No Context: *Bandoo*

No Context: *Searchqu*

No Context: *iLivid*

No Context: *whitesmoke*

No Context: *datamngr*

No Context: *trolltech*

No Context: *conduit*

No Context: *daemon*

No Context: *wecare*

No Context: *funmoods*

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*conduit*"
C:\Users\Brian\Desktop\Old Firefox Data\conduitCommon d------ [01:21 13/02/2013]

Searching for "*daemon*"
C:\Program Files (x86)\DAEMON Tools Lite d------ [17:21 18/05/2011]
C:\ProgramData\DAEMON Tools Lite d------ [17:20 18/05/2011]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite d------ [17:21 18/05/2011]
C:\Users\All Users\DAEMON Tools Lite d------ [17:20 18/05/2011]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite d------ [17:21 18/05/2011]
C:\Users\Brian\AppData\Roaming\DAEMON Tools Lite d------ [17:20 18/05/2011]

Searching for "*wecare*"
No folders found.

Searching for "*funmoods*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Software Assist\Code]
"BgJavaScript"="

//Crossrider

/*appAPI.message.addListener(function(msg){

switch(msg.action) {

case 'redirect':



break;

}

});*/

appAPI.onRequest(function(requestUrl, pageUrl, opaque) {

if (pageUrl.indexOf('adultfriendfinder.com') > -1 && appAPI.db.get('adultfriendfinder.com') === null) { appAPI.db.set('adultfriendfinder.com', true, appAPI.time.daysFromNow(7)); return { redirectTo: 'http://gotrck.com/?url=http%3A%2F%2Fwww.sq2trk2.com%2Fclick.track%3FCID%3D164114%26AFID%3D223699%26ADID%3D531331%26SID%3D' }; }
if (pageUrl.indexOf('amolatina.com') > -1 && appAPI.db.get('amolatina.com') === null) { appAPI.db.set('amolatina.com', true, appAPI.time.daysFromNow(7)); return { redirectTo: 'http://gotrck.com/?url=http%3A%2F%2Fwww.sq2trk2.com%2Fclick.track%3FCID%3D196356%26AFID%3D223699%26ADID%3D691095%26SID%3D' }; }
if (pageUrl.indexOf('onlinerewardsclub.com') > -1 && appAPI.db.get('onlinerewardsclub.com') === null)
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1 (1)_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1 (1)_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1 (1).exe]
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\AppDataLow\Software\Software Assist\Code]
"BgJavaScript"="

//Crossrider

/*appAPI.message.addListener(function(msg){

switch(msg.action) {

case 'redirect':



break;

}

});*/

appAPI.onRequest(function(requestUrl, pageUrl, opaque) {

if (pageUrl.indexOf('adultfriendfinder.com') > -1 && appAPI.db.get('adultfriendfinder.com') === null) { appAPI.db.set('adultfriendfinder.com', true, appAPI.time.daysFromNow(7)); return { redirectTo: 'http://gotrck.com/?url=http%3A%2F%2Fwww.sq2trk2.com%2Fclick.track%3FCID%3D164114%26AFID%3D223699%26ADID%3D531331%26SID%3D' }; }
if (pageUrl.indexOf('amolatina.com') > -1 && appAPI.db.get('amolatina.com') === null) { appAPI.db.set('amolatina.com', true, appAPI.time.daysFromNow(7)); return { redirectTo: 'http://gotrck.com/?url=http%3A%2F%2Fwww.sq2trk2.com%2Fclick.track%3FCID%3D196356%26AFID%3D223699%26ADID%3D691095%26SID%3D' }; }
if (pageUrl.indexOf('onlinerewardsclub.com') > -1 && appAPI.db
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\iLivid]

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FEF9B6D5-C8BB-4CD2-9A75-B74D0C3FE26E}]
"AppPath"="C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar"
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1000\Software\Datamngr]

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Trolltech]
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "conduit"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="conduit.com"
[HKEY_CURRENT_USER\Software\vShare.tv\plug-in]
"installid"="conduit"
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1000\Software\vShare.tv\plug-in]
"installid"="conduit"
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="conduit.com"
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\vShare.tv\plug-in]
"installid"="conduit"

Searching for "daemon"
[HKEY_CURRENT_USER\Software\DT Soft\DAEMON Tools Pro]
[HKEY_CURRENT_USER\Software\DT Soft\DAEMON Tools Toolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mds\UserChoice]
"Progid"="DAEMON.Tools.Lite"
[HKEY_LOCAL_MACHINE\SOFTWARE\DT Soft\DAEMON Tools Pro]
[HKEY_LOCAL_MACHINE\SOFTWARE\DT Soft\DAEMON Tools Pro]
"Path"="C:\Program Files (x86)\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DAEMON Tools Toolbar_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DAEMON Tools Toolbar_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"=""C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite]
"DisplayName"="DAEMON Tools Lite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite]
"UninstallString"="C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite]
"DisplayIcon"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite]
"URLInfoAbout"="http://www.daemon-tools.cc/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mdf]
@="DAEMON.Tools.Lite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mds]
@="DAEMON.Tools.Lite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mdx]
@="DAEMON.Tools.Lite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\APSDaemon.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{85187E17-383D-4EC5-B8D6-D9466EE3DD92}]
@="APSDaemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\APSDaemon.APSNotificationServer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\APSDaemon.APSNotificationServer.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\APSDaemon.NotificationCenter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\APSDaemon.NotificationCenter\CurVer]
@="APSDaemon.NotificationCenter.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\APSDaemon.NotificationCenter.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}\InprocServer32]
@="C:\Program Files (x86)\DAEMON Tools Lite\DTGadget32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}\InprocServer32]
@="C:\Program Files (x86)\DAEMON Tools Lite\DTGadget32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}]
@="IE Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6812639B-FD61-4329-9901-22CFDBD690FE}\LocalServer32]
@=""C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6812639B-FD61-4329-9901-22CFDBD690FE}\ProgID]
@="APSDaemon.APSNotificationServer.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6812639B-FD61-4329-9901-22CFDBD690FE}\VersionIndependentProgID]
@="APSDaemon.APSNotificationServer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}]
@="DEPRECATED: Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9E904CA-8865-42E7-B0F0-B7B8C4D54D70}\LocalServer32]
@=""C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9E904CA-8865-42E7-B0F0-B7B8C4D54D70}\ProgID]
@="APSDaemon.CourierUpTime.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9E904CA-8865-42E7-B0F0-B7B8C4D54D70}\VersionIndependentProgID]
@="APSDaemon.CourierUpTime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}]
@="IE Component Categories conditional cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fdd068c2-d51a-4175-8a20-5cbc704ea3bd}\LocalServer32]
@=""C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fdd068c2-d51a-4175-8a20-5cbc704ea3bd}\ProgID]
@="APSDaemon.NotificationCenter.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fdd068c2-d51a-4175-8a20-5cbc704ea3bd}\VersionIndependentProgID]
@="APSDaemon.NotificationCenter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DAEMON.Tools.Lite]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DAEMON.Tools.Lite\DefaultIcon]
@="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DAEMON.Tools.Lite\shell\open\command]
@=""C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -shellmount "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9D8925E0-D73D-44CC-B7D1-C7DE4345AED6}\1.0]
@="APSDaemon 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9D8925E0-D73D-44CC-B7D1-C7DE4345AED6}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}\1.0\0\win32]
@="C:\Program Files (x86)\DAEMON Tools Lite\DTGadget32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}\1.0\0\win64]
@="C:\Program Files (x86)\DAEMON Tools Lite\DTGadget64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}\1.0\HELPDIR]
@="C:\Program Files (x86)\DAEMON Tools Lite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}\InprocServer32]
@="C:\Program Files (x86)\DAEMON Tools Lite\DTGadget32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}\InprocServer32]
@="C:\Program Files (x86)\DAEMON Tools Lite\DTGadget32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}]
@="IE Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6812639B-FD61-4329-9901-22CFDBD690FE}\LocalServer32]
@=""C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6812639B-FD61-4329-9901-22CFDBD690FE}\ProgID]
@="APSDaemon.APSNotificationServer.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6812639B-FD61-4329-9901-22CFDBD690FE}\VersionIndependentProgID]
@="APSDaemon.APSNotificationServer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}]
@="DEPRECATED: Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D9E904CA-8865-42E7-B0F0-B7B8C4D54D70}\LocalServer32]
@=""C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D9E904CA-8865-42E7-B0F0-B7B8C4D54D70}\ProgID]
@="APSDaemon.CourierUpTime.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D9E904CA-8865-42E7-B0F0-B7B8C4D54D70}\VersionIndependentProgID]
@="APSDaemon.CourierUpTime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}]
@="IE Component Categories conditional cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{fdd068c2-d51a-4175-8a20-5cbc704ea3bd}\LocalServer32]
@=""C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{fdd068c2-d51a-4175-8a20-5cbc704ea3bd}\ProgID]
@="APSDaemon.NotificationCenter.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{fdd068c2-d51a-4175-8a20-5cbc704ea3bd}\VersionIndependentProgID]
@="APSDaemon.NotificationCenter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\APSDaemon.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{85187E17-383D-4EC5-B8D6-D9466EE3DD92}]
@="APSDaemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{9D8925E0-D73D-44CC-B7D1-C7DE4345AED6}\1.0]
@="APSDaemon 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{9D8925E0-D73D-44CC-B7D1-C7DE4345AED6}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}\1.0\0\win32]
@="C:\Program Files (x86)\DAEMON Tools Lite\DTGadget32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}\1.0\0\win64]
@="C:\Program Files (x86)\DAEMON Tools Lite\DTGadget64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}\1.0\HELPDIR]
@="C:\Program Files (x86)\DAEMON Tools Lite"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}\0065]
"DriverDesc"="DAEMON Tools Virtual Bus Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\SYSTEM\0001]
"DeviceDesc"="@oem39.inf,%dtsoftbus.devicedesc%;DAEMON Tools Virtual Bus Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dtsoftbus01]
"DisplayName"="DAEMON Tools Virtual Bus Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvUpdatusService]
"ImagePath"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvUpdatusService]
"DisplayName"="NVIDIA Update Service Daemon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}\0065]
"DriverDesc"="DAEMON Tools Virtual Bus Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\SYSTEM\0001]
"DeviceDesc"="@oem39.inf,%dtsoftbus.devicedesc%;DAEMON Tools Virtual Bus Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\dtsoftbus01]
"DisplayName"="DAEMON Tools Virtual Bus Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\nvUpdatusService]
"ImagePath"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\nvUpdatusService]
"DisplayName"="NVIDIA Update Service Daemon"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}\0065]
"DriverDesc"="DAEMON Tools Virtual Bus Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\SYSTEM\0001]
"DeviceDesc"="@oem39.inf,%dtsoftbus.devicedesc%;DAEMON Tools Virtual Bus Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dtsoftbus01]
"DisplayName"="DAEMON Tools Virtual Bus Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nvUpdatusService]
"ImagePath"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nvUpdatusService]
"DisplayName"="NVIDIA Update Service Daemon"
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe"="DAEMON Tools Lite"
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe"="DAEMON Tools Lite"
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\DT Soft\DAEMON Tools Pro]
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\DT Soft\DAEMON Tools Toolbar]
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mds\UserChoice]
"Progid"="DAEMON.Tools.Lite"

Searching for "wecare"
No data found.

Searching for "funmoods"
No data found.

-= EOF =-
rollo
Active Member
 
Posts: 14
Joined: April 11th, 2013, 2:20 pm

Re: Possible Virus

Unread postby nunped » April 21st, 2013, 5:51 pm

Hi rollo,

I need you to run another version of SystemLook:

Please download SystemLook from here and save it to your Desktop.
  • Right click SystemLook.exe and select "run as administrator" to run it.
  • Copy and paste the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *conduit*
    *daemon*
    *wecare*
    *funmoods*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *conduit*
    *daemon*
    *wecare*
    *funmoods*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    conduit
    daemon
    wecare
    funmoods
    
  • Click the Look button to start the scan.
    The scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal

Re: Possible Virus

Unread postby rollo » April 21st, 2013, 7:34 pm

SystemLook 04.09.10 by jpshortstuff
Log created at 14:58 on 21/04/2013 by Brian
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
C:\Users\Brian\AppData\Roaming\Trillian\users\rollotomassi\userassets\rollotomassi%3Atrillian%3Agoogle%3Aavatar%3Abandoogiemanz%40aol%2Ecom --a---- 5256 bytes [02:45 18/11/2011] [02:45 18/11/2011] E146DB1D0593FDEBF48AA57DAF603118

Searching for "*Searchqu*"
No files found.

Searching for "*iLivid*"
C:\Users\Brian\Desktop\shortcuts\iLivid.lnk --a---- 993 bytes [21:49 08/04/2012] [20:42 11/04/2012] D1592135AF5A9D47309CB860717D9DB6

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
No files found.

Searching for "*trolltech*"
No files found.

Searching for "*conduit*"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1206120 bytes [20:30 24/05/2012] [20:30 24/05/2012] 976934130CD5C5DBD2DC977B298DF525
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\PhoneConduit.plist --a---- 11408 bytes [21:57 09/10/2011] [21:57 09/10/2011] AB18CD2A656AE753C30E6276EC3DA0C2
C:\Users\Brian\Desktop\Old Firefox Data\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\ConduitAutoCompleteSearch.js --a---- 9181 bytes [01:21 13/02/2013] [23:08 10/02/2013] 6E6B7E00632DF1BA5A48D74E1B41ABE3
C:\Users\Brian\Desktop\Old Firefox Data\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\components\ConduitAutoCompleteSearch.xpt --a---- 166 bytes [01:21 13/02/2013] [23:08 10/02/2013] 806EA6CC4DCBF88A20AA3331BCDC9918
C:\Users\Brian\Desktop\Old Firefox Data\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}\searchplugin\conduit.xml --a---- 921 bytes [01:21 13/02/2013] [23:08 10/02/2013] 9626F58C139CE93311665388E7DBBE3A
C:\Users\Brian\Desktop\Old Firefox Data\searchplugins\conduit.xml --a---- 929 bytes [01:21 13/02/2013] [18:26 31/08/2011] B0D404C6C1B0B672C543EBA227D8E41C

Searching for "*daemon*"
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe --a---- 59280 bytes [05:56 12/10/2012] [05:56 12/10/2012] D2DAD71C96C113ED07F7BB79AD831C28
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll --a---- 677776 bytes [05:56 12/10/2012] [05:56 12/10/2012] 691771D7570A53130E7E885D8266E6C0
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe --a---- 1620584 bytes [10:37 07/11/2010] [06:30 17/08/2010] E0ECB3C5C905B4942D3740373605A31A
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk --a---- 1082 bytes [17:21 18/05/2011] [17:21 18/05/2011] B3687F12D546430F60BD6D0CC1A53A3C
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite\DAEMON Tools Lite.lnk --a---- 1082 bytes [17:21 18/05/2011] [17:21 18/05/2011] B3687F12D546430F60BD6D0CC1A53A3C
C:\Users\Brian\Desktop\Old Firefox Data\extensions\DTToolbar@toolbarnet.com\components\Resources\daemon_search.ico --a---- 1150 bytes [01:21 13/02/2013] [13:47 05/04/2011] 7BC743881D88D83CEED8A0D5DB897077
C:\Users\Brian\Desktop\Old Firefox Data\extensions\DTToolbar@toolbarnet.com\components\Resources\daemon_search_site.ico --a---- 1150 bytes [01:21 13/02/2013] [13:47 05/04/2011] D460C2A55EE91B025FC1DBF405F2D392
C:\Users\Brian\Desktop\Old Firefox Data\searchplugins\daemon-search.xml --a---- 2055 bytes [01:21 13/02/2013] [17:21 18/05/2011] 3025CDC48DC49AEC99B648975F398EF7
C:\Users\Brian\Desktop\shortcuts\DAEMON Tools Lite.lnk --a---- 1956 bytes [17:21 18/05/2011] [17:21 18/05/2011] 0CFEEC1FC4F4F3E9A7755AFC4263A6DC
C:\Windows\Prefetch\APSDAEMON.EXE-4484BAA6.pf --a---- 36340 bytes [17:08 17/04/2013] [15:29 20/04/2013] F0CC116D7B156FDA031420405A0A0BF8
C:\Windows\Prefetch\DAEMONU.EXE-B668DD96.pf --a---- 26418 bytes [19:02 25/02/2011] [20:24 21/04/2013] 49A78E1CE766E878D2C3E69A37E26BA3
C:\Windows\pss\FancyStart daemon.lnk.CommonStartup ------- 2617 bytes [00:43 10/04/2011] [10:46 07/11/2010] F494DF88BE33CFE68A1D13FBF5ECA9EA
C:\Windows\winsxs\amd64_microsoft-windows-i..xing-service-server_31bf3856ad364e35_6.1.7600.16385_none_0b84d1bc51e87c4f\CIDAEMON.EXE --a---- 16384 bytes [00:28 14/07/2009] [01:38 14/07/2009] 0F26611D410E3EA0350674B0EDCB5E73
C:\Windows\winsxs\amd64_microsoft-windows-i..xing-service-server_31bf3856ad364e35_6.1.7601.17514_none_0db5e5844ed6ffe9\CIDAEMON.EXE --a---- 16384 bytes [00:28 14/07/2009] [01:38 14/07/2009] 0F26611D410E3EA0350674B0EDCB5E73

Searching for "*wecare*"
No files found.

Searching for "*funmoods*"
C:\Windows\System32\Tasks\Funmoods --a---- 3286 bytes [20:05 27/02/2013] [20:05 27/02/2013] 0C14A42B285C723E82F0D0E4849F3816

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*conduit*"
C:\Users\Brian\Desktop\Old Firefox Data\conduitCommon d------ [01:21 13/02/2013]

Searching for "*daemon*"
C:\Program Files (x86)\DAEMON Tools Lite d------ [17:21 18/05/2011]
C:\ProgramData\DAEMON Tools Lite d------ [17:20 18/05/2011]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite d------ [17:21 18/05/2011]
C:\Users\All Users\DAEMON Tools Lite d------ [17:20 18/05/2011]
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite d------ [17:21 18/05/2011]
C:\Users\Brian\AppData\Roaming\DAEMON Tools Lite d------ [17:20 18/05/2011]

Searching for "*wecare*"
No folders found.

Searching for "*funmoods*"
No folders found.

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchqu"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"

Searching for "iLivid"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\Software Assist\Code]
"BgJavaScript"="

//Crossrider

/*appAPI.message.addListener(function(msg){

switch(msg.action) {

case 'redirect':



break;

}

});*/

appAPI.onRequest(function(requestUrl, pageUrl, opaque) {

if (pageUrl.indexOf('adultfriendfinder.com') > -1 && appAPI.db.get('adultfriendfinder.com') === null) { appAPI.db.set('adultfriendfinder.com', true, appAPI.time.daysFromNow(7)); return { redirectTo: 'http://gotrck.com/?url=http%3A%2F%2Fwww.sq2trk2.com%2Fclick.track%3FCID%3D164114%26AFID%3D223699%26ADID%3D531331%26SID%3D' }; }
if (pageUrl.indexOf('amolatina.com') > -1 && appAPI.db.get('amolatina.com') === null) { appAPI.db.set('amolatina.com', true, appAPI.time.daysFromNow(7)); return { redirectTo: 'http://gotrck.com/?url=http%3A%2F%2Fwww.sq2trk2.com%2Fclick.track%3FCID%3D196356%26AFID%3D223699%26ADID%3D691095%26SID%3D' }; }
if (pageUrl.indexOf('onlinerewardsclub.com') > -1 && appAPI.db.get('onlinerewardsclub.com') === null)
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\iLivid]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1 (1).exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1 (1)_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\iLividSetupV1 (1)_RASMANCS]
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\AppDataLow\Software\Software Assist\Code]
"BgJavaScript"="

//Crossrider

/*appAPI.message.addListener(function(msg){

switch(msg.action) {

case 'redirect':



break;

}

});*/

appAPI.onRequest(function(requestUrl, pageUrl, opaque) {

if (pageUrl.indexOf('adultfriendfinder.com') > -1 && appAPI.db.get('adultfriendfinder.com') === null) { appAPI.db.set('adultfriendfinder.com', true, appAPI.time.daysFromNow(7)); return { redirectTo: 'http://gotrck.com/?url=http%3A%2F%2Fwww.sq2trk2.com%2Fclick.track%3FCID%3D164114%26AFID%3D223699%26ADID%3D531331%26SID%3D' }; }
if (pageUrl.indexOf('amolatina.com') > -1 && appAPI.db.get('amolatina.com') === null) { appAPI.db.set('amolatina.com', true, appAPI.time.daysFromNow(7)); return { redirectTo: 'http://gotrck.com/?url=http%3A%2F%2Fwww.sq2trk2.com%2Fclick.track%3FCID%3D196356%26AFID%3D223699%26ADID%3D691095%26SID%3D' }; }
if (pageUrl.indexOf('onlinerewardsclub.com') > -1 && appAPI.db
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\iLivid]
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\C:\Program Files (x86)\iLivid]

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FEF9B6D5-C8BB-4CD2-9A75-B74D0C3FE26E}]
"AppPath"="C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar"
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1000\Software\Datamngr]

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Trolltech]
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.6\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "conduit"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="conduit.com"
[HKEY_CURRENT_USER\Software\vShare.tv\plug-in]
"installid"="conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"FAEB67A6F1D637247AB9AD48012A5EB6"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\FAEB67A6F1D637247AB9AD48012A5EB6]
"File"="iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB1E579405BE28F46B2E7AAE9534B564]
"FAEB67A6F1D637247AB9AD48012A5EB6"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\com.yahoo.go.sync.client.resources\PhoneConduit.plist"
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1000\Software\vShare.tv\plug-in]
"installid"="conduit"
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Microsoft\Internet Explorer\SearchScopes]
"DoNotAskAgain"="conduit.com"
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\vShare.tv\plug-in]
"installid"="conduit"

Searching for "daemon"
[HKEY_CURRENT_USER\Software\DT Soft\DAEMON Tools Pro]
[HKEY_CURRENT_USER\Software\DT Soft\DAEMON Tools Toolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mds\UserChoice]
"Progid"="DAEMON.Tools.Lite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mdf]
@="DAEMON.Tools.Lite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mds]
@="DAEMON.Tools.Lite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.mdx]
@="DAEMON.Tools.Lite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\APSDaemon.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{85187E17-383D-4EC5-B8D6-D9466EE3DD92}]
@="APSDaemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\APSDaemon.APSNotificationServer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\APSDaemon.APSNotificationServer.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\APSDaemon.NotificationCenter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\APSDaemon.NotificationCenter\CurVer]
@="APSDaemon.NotificationCenter.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\APSDaemon.NotificationCenter.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}\InprocServer32]
@="C:\Program Files (x86)\DAEMON Tools Lite\DTGadget64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}\InprocServer32]
@="C:\Program Files (x86)\DAEMON Tools Lite\DTGadget64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}]
@="IE Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}]
@="DEPRECATED: Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}]
@="IE Component Categories conditional cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DAEMON.Tools.Lite]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DAEMON.Tools.Lite\DefaultIcon]
@="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe,0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\DAEMON.Tools.Lite\shell\open\command]
@=""C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -shellmount "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9D8925E0-D73D-44CC-B7D1-C7DE4345AED6}\1.0]
@="APSDaemon 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9D8925E0-D73D-44CC-B7D1-C7DE4345AED6}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}\1.0\0\win32]
@="C:\Program Files (x86)\DAEMON Tools Lite\DTGadget32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}\1.0\0\win64]
@="C:\Program Files (x86)\DAEMON Tools Lite\DTGadget64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}\1.0\HELPDIR]
@="C:\Program Files (x86)\DAEMON Tools Lite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}\InprocServer32]
@="C:\Program Files (x86)\DAEMON Tools Lite\DTGadget32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}\InprocServer32]
@="C:\Program Files (x86)\DAEMON Tools Lite\DTGadget32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}]
@="IE Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6812639B-FD61-4329-9901-22CFDBD690FE}\LocalServer32]
@=""C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6812639B-FD61-4329-9901-22CFDBD690FE}\ProgID]
@="APSDaemon.APSNotificationServer.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{6812639B-FD61-4329-9901-22CFDBD690FE}\VersionIndependentProgID]
@="APSDaemon.APSNotificationServer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}]
@="DEPRECATED: Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D9E904CA-8865-42E7-B0F0-B7B8C4D54D70}\LocalServer32]
@=""C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D9E904CA-8865-42E7-B0F0-B7B8C4D54D70}\ProgID]
@="APSDaemon.CourierUpTime.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D9E904CA-8865-42E7-B0F0-B7B8C4D54D70}\VersionIndependentProgID]
@="APSDaemon.CourierUpTime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}]
@="IE Component Categories conditional cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{fdd068c2-d51a-4175-8a20-5cbc704ea3bd}\LocalServer32]
@=""C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{fdd068c2-d51a-4175-8a20-5cbc704ea3bd}\ProgID]
@="APSDaemon.NotificationCenter.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{fdd068c2-d51a-4175-8a20-5cbc704ea3bd}\VersionIndependentProgID]
@="APSDaemon.NotificationCenter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\APSDaemon.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{85187E17-383D-4EC5-B8D6-D9466EE3DD92}]
@="APSDaemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{9D8925E0-D73D-44CC-B7D1-C7DE4345AED6}\1.0]
@="APSDaemon 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{9D8925E0-D73D-44CC-B7D1-C7DE4345AED6}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}\1.0\0\win32]
@="C:\Program Files (x86)\DAEMON Tools Lite\DTGadget32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}\1.0\0\win64]
@="C:\Program Files (x86)\DAEMON Tools Lite\DTGadget64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}\1.0\HELPDIR]
@="C:\Program Files (x86)\DAEMON Tools Lite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
"path"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FancyStart daemon.lnk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
"backup"="C:\Windows\pss\FancyStart daemon.lnk.CommonStartup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
"item"="FancyStart daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"item"="DAEMON Tools Lite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DAEMON Tools Lite]
"command"=""C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F28390312066865458B41FD8A948BF10]
"82D6625F2B0E0314FB5CEE51A55D41CD"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F28390312066865458B41FD8A948BF10\82D6625F2B0E0314FB5CEE51A55D41CD]
"File"="APSDaemon_main.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F5566E1AEB04480428BEB5BECAFFD004]
"82D6625F2B0E0314FB5CEE51A55D41CD"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F5566E1AEB04480428BEB5BECAFFD004\82D6625F2B0E0314FB5CEE51A55D41CD]
"File"="APSDaemon.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DT Soft\DAEMON Tools Pro]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\DT Soft\DAEMON Tools Pro]
"Path"="C:\Program Files (x86)\DAEMON Tools Lite\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DAEMON Tools Toolbar_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DAEMON Tools Toolbar_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"=""C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite]
"DisplayName"="DAEMON Tools Lite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite]
"UninstallString"="C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite]
"DisplayIcon"="C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DAEMON Tools Lite]
"URLInfoAbout"="http://www.daemon-tools.cc/"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{273C813F-46B0-4D2D-B522-73CB5D1C372A}\InprocServer32]
@="C:\Program Files (x86)\DAEMON Tools Lite\DTGadget32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{46F8ADC5-0EA1-49d7-9657-56A50133CD42}\InprocServer32]
@="C:\Program Files (x86)\DAEMON Tools Lite\DTGadget32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{553858A7-4922-4e7e-B1C1-97140C1C16EF}]
@="IE Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6812639B-FD61-4329-9901-22CFDBD690FE}\LocalServer32]
@=""C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6812639B-FD61-4329-9901-22CFDBD690FE}\ProgID]
@="APSDaemon.APSNotificationServer.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{6812639B-FD61-4329-9901-22CFDBD690FE}\VersionIndependentProgID]
@="APSDaemon.APSNotificationServer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}]
@="DEPRECATED: Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D9E904CA-8865-42E7-B0F0-B7B8C4D54D70}\LocalServer32]
@=""C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D9E904CA-8865-42E7-B0F0-B7B8C4D54D70}\ProgID]
@="APSDaemon.CourierUpTime.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{D9E904CA-8865-42E7-B0F0-B7B8C4D54D70}\VersionIndependentProgID]
@="APSDaemon.CourierUpTime"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{DC651A43-0720-4a2b-9971-BD2EF1329A3D}]
@="IE Component Categories conditional cache daemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{fdd068c2-d51a-4175-8a20-5cbc704ea3bd}\LocalServer32]
@=""C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{fdd068c2-d51a-4175-8a20-5cbc704ea3bd}\ProgID]
@="APSDaemon.NotificationCenter.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{fdd068c2-d51a-4175-8a20-5cbc704ea3bd}\VersionIndependentProgID]
@="APSDaemon.NotificationCenter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\APSDaemon.EXE]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{85187E17-383D-4EC5-B8D6-D9466EE3DD92}]
@="APSDaemon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{9D8925E0-D73D-44CC-B7D1-C7DE4345AED6}\1.0]
@="APSDaemon 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{9D8925E0-D73D-44CC-B7D1-C7DE4345AED6}\1.0\0\win32]
@="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon_main.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}\1.0\0\win32]
@="C:\Program Files (x86)\DAEMON Tools Lite\DTGadget32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}\1.0\0\win64]
@="C:\Program Files (x86)\DAEMON Tools Lite\DTGadget64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{C6761050-EDA9-4F0B-B5B4-ECE680D3B17E}\1.0\HELPDIR]
@="C:\Program Files (x86)\DAEMON Tools Lite"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}\0065]
"DriverDesc"="DAEMON Tools Virtual Bus Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\SYSTEM\0001]
"DeviceDesc"="@oem39.inf,%dtsoftbus.devicedesc%;DAEMON Tools Virtual Bus Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\dtsoftbus01]
"DisplayName"="DAEMON Tools Virtual Bus Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvUpdatusService]
"ImagePath"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\nvUpdatusService]
"DisplayName"="NVIDIA Update Service Daemon"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}\0065]
"DriverDesc"="DAEMON Tools Virtual Bus Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\SYSTEM\0001]
"DeviceDesc"="@oem39.inf,%dtsoftbus.devicedesc%;DAEMON Tools Virtual Bus Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\dtsoftbus01]
"DisplayName"="DAEMON Tools Virtual Bus Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\nvUpdatusService]
"ImagePath"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\nvUpdatusService]
"DisplayName"="NVIDIA Update Service Daemon"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{4D36E97D-E325-11CE-BFC1-08002BE10318}\0065]
"DriverDesc"="DAEMON Tools Virtual Bus Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\SYSTEM\0001]
"DeviceDesc"="@oem39.inf,%dtsoftbus.devicedesc%;DAEMON Tools Virtual Bus Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\dtsoftbus01]
"DisplayName"="DAEMON Tools Virtual Bus Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nvUpdatusService]
"ImagePath"="C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\nvUpdatusService]
"DisplayName"="NVIDIA Update Service Daemon"
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe"="DAEMON Tools Lite"
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe"="DAEMON Tools Lite"
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\DT Soft\DAEMON Tools Pro]
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\DT Soft\DAEMON Tools Toolbar]
[HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mds\UserChoice]
"Progid"="DAEMON.Tools.Lite"

Searching for "wecare"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\WeCareReminder\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02DECAB759E2FA94AB13703EA9908B73]
"00000000000000000000000000000000"="C:\ProgramData\WeCareReminder\cleanwateraction.bmp"

Searching for "funmoods"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30D4DB14-C0FD-4609-AC52-6AEC5004124E}]
"Path"="\Funmoods"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods]

-= EOF =-
rollo
Active Member
 
Posts: 14
Joined: April 11th, 2013, 2:20 pm

Re: Possible Virus

Unread postby nunped » April 22nd, 2013, 1:22 pm

Hi rollo,

Step 1 - Run OTL Script

We need to run an OTL Fix

  • Right-click OTL.exe and select " Run as administrator " to run it.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :commands
    [createrestorepoint]
    
    :files
    C:\Users\Brian\AppData\Roaming\Trillian\users\rollotomassi\userassets\rollotomassi%3Atrillian%3Agoogle%3Aavatar%3Abandoogiemanz%40aol%2Ecom
    C:\Users\Brian\Desktop\shortcuts\iLivid.lnk
    C:\Users\Brian\Desktop\Old Firefox Data\conduitCommon
    C:\Users\Brian\Desktop\Old Firefox Data\extensions\{7aeb3efd-e564-43f1-b658-5058a7c5743b}
    C:\Users\Brian\Desktop\Old Firefox Data\searchplugins\conduit.xml
    C:\Users\Brian\Desktop\Old Firefox Data\extensions\DTToolbar@toolbarnet.com\components\Resources\daemon_search.ico
    C:\Users\Brian\Desktop\Old Firefox Data\extensions\DTToolbar@toolbarnet.com\components\Resources\daemon_search_site.ico
    C:\Users\Brian\Desktop\Old Firefox Data\searchplugins\daemon-search.xml
    C:\Windows\System32\Tasks\Funmoods
    
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
    [-HKEY_CURRENT_USER\Software\Trolltech]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1 (1)_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\iLividSetupV1 (1)_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Applications\iLividSetupV1 (1).exe]
    [-HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Trolltech]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FEF9B6D5-C8BB-4CD2-9A75-B74D0C3FE26E}]
    [-HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1000\Software\Datamngr]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
    "DoNotAskAgain"=-
    [-HKEY_CURRENT_USER\Software\vShare.tv]
    [-HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1000\Software\vShare.tv]
    [HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\Microsoft\Internet Explorer\SearchScopes]
    "DoNotAskAgain"=-
    [-HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\vShare.tv]
    [-HKEY_CURRENT_USER\Software\DT Soft\DAEMON Tools Toolbar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DAEMON Tools Toolbar_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Tracing\DAEMON Tools Toolbar_RASMANCS]
    [-HKEY_USERS\S-1-5-21-2070526624-2483950506-4163818189-1002\Software\DT Soft\DAEMON Tools Toolbar]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
    "C:\ProgramData\WeCareReminder\"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30D4DB14-C0FD-4609-AC52-6AEC5004124E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods]
    
    :commands
    [emptytemp]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Step 2
How is your computer behaving?
User avatar
nunped
MRU Honors Grad Emeritus
 
Posts: 1210
Joined: August 17th, 2011, 5:03 pm
Location: Portugal
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 325 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware