Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect and Slow computer

Started by Hellyer , Sep 27 2011 08:53 PM

  • This topic is locked This topic is locked

#1
Hellyer
Posted 27 September 2011 - 08:53 PM

Hellyer

    New Member

  • Member
  • Pip
  • 3 posts
Anytime I use Google to search it redirects me to a completely different search site. Other sites such as Yahoo and Bing still work to search. I have also noticed my computer running much slower the last few days. Ran Stopzilla scan and removed the problems it found. It seemed to fix the problem for a day then was back. Any help with this would be greatly appreciated. Thank you in advance.

OTL logfile created on: 9/27/2011 8:44:00 PM - Run 1
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Hellyer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 44.11% Memory free
8.00 Gb Paging File | 6.01 Gb Available in Paging File | 75.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 52.75 Gb Free Space | 35.39% Space Free | Partition Type: NTFS
Drive D: | 137.32 Gb Total Space | 15.94 Gb Free Space | 11.61% Space Free | Partition Type: NTFS

Computer Name: HELLYER-LAPTOP | User Name: Hellyer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/27 20:43:14 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Hellyer\Desktop\OTL.exe
PRC - [2011/09/23 18:11:02 | 000,181,712 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
PRC - [2011/09/23 18:10:56 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/01 10:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 10:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 10:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2011/05/06 11:07:21 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe
PRC - [2011/05/04 15:04:32 | 000,325,344 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
PRC - [2011/01/27 15:13:50 | 000,226,624 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/01/27 15:13:40 | 000,673,088 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/11/20 06:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2009/06/03 01:01:08 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2009/03/04 11:26:24 | 008,392,704 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/03/04 10:55:52 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2008/12/22 18:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/12/09 16:00:58 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/08/19 11:34:04 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/08/13 22:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/13 21:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/08/13 21:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/08/13 17:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008/07/18 20:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/04/01 00:09:30 | 000,266,240 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2008/03/31 03:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/11/30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 01:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/22 03:40:08 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\47a4b624c147aae197214d4ee5f0661b\Microsoft.VisualBasic.ni.dll
MOD - [2011/08/22 03:39:49 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll
MOD - [2011/08/22 03:28:00 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\86a2ec5efbcfcd1105475364d7975b15\System.ServiceProcess.ni.dll
MOD - [2011/08/22 03:27:49 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\33b601c8e2cf4993e68d763389246197\System.Web.ni.dll
MOD - [2011/08/22 03:27:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
MOD - [2011/08/22 03:27:40 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\b7d1c271ec6b4df64c95563fc81ffc2f\System.Data.ni.dll
MOD - [2011/08/22 03:27:12 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/08/22 03:27:04 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/08/22 03:26:44 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/08/22 03:26:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/08/22 03:26:27 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/07/01 03:33:31 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b614f2d2f13857c09c98b02944fc1c41\Accessibility.ni.dll
MOD - [2011/07/01 03:32:57 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/06/01 10:46:02 | 000,030,984 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/06/01 10:42:24 | 000,108,296 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/06/01 10:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2011/06/01 10:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2011/05/04 15:04:54 | 002,896,608 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
MOD - [2011/05/04 15:04:50 | 000,027,360 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
MOD - [2011/05/04 15:04:32 | 000,325,344 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
MOD - [2011/01/27 15:13:40 | 000,673,088 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2010/11/04 19:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/03/22 16:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.dll
MOD - [2009/06/03 01:01:08 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
MOD - [2008/07/18 20:52:08 | 000,649,704 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008/06/09 10:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2007/11/30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
MOD - [2007/08/14 14:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 14:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 14:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2007/06/15 11:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
MOD - [2007/06/01 18:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/20 11:42:01 | 000,431,216 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Update Service\livesrv.exe -- (LIVESRV)
SRV:64bit: - [2009/09/28 14:47:26 | 002,273,816 | ---- | M] (PCSecurityShield) [Auto | Running] -- C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\vsserv.exe -- (VSSERV)
SRV:64bit: - [2009/09/25 17:24:56 | 000,412,672 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Threat Scanner\scan.dll -- (scan)
SRV:64bit: - [2009/09/14 00:03:04 | 000,278,224 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/03/31 03:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV:64bit: - [2007/08/08 01:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011/09/23 18:10:56 | 000,067,024 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/06/08 06:33:28 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/01 10:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/05/04 15:04:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2011/01/27 15:13:50 | 000,226,624 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/13 21:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/16 05:54:06 | 000,069,888 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S3XXx64.sys -- (S3XXx64)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/03 14:03:26 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/29 17:14:00 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/01 13:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010/01/25 18:57:54 | 000,010,240 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2009/09/17 16:12:16 | 000,162,312 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdfm.sys -- (BDFM)
DRV:64bit: - [2009/09/01 15:24:42 | 000,088,584 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2009/07/24 12:26:02 | 000,340,488 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/19 20:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 14:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/08 10:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
DRV:64bit: - [2009/02/11 03:26:17 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/01/29 16:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009/01/29 16:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/10/08 21:39:01 | 001,821,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2008/08/06 18:26:07 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/06/24 14:50:00 | 000,065,024 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/06/03 16:41:49 | 000,017,464 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2007/12/18 18:57:12 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2007/12/06 04:12:55 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/02 14:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2007/08/10 21:19:44 | 000,034,872 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2007/07/27 20:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 21:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/24 12:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2006/10/28 08:01:07 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV - [2011/06/02 12:58:28 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\SySWOW64\DRIVERS\szkg64.sys -- (szkg5)
DRV - [2011/06/02 12:58:28 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SySWOW64\drivers\is3srv64.sys -- (is3srv)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\InprocServer32 File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wowhead.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.wowhead.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C 25 68 0E 56 F2 86 49 94 E6 00 27 6A DB F1 1A [binary data]
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No CLSID value found
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\InprocServer32 File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2010/01/26 16:37:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hellyer\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Hellyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\

O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Reg Error: Value error.) - {0E68259C-F256-4986-94E6-00276ADBF11a} - C:\Users\Hellyer\AppData\Local\TCPIPWin32.dll (Apple Inc.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3:64bit: - HKLM\..\Toolbar: (The Shield Deluxe 2010 Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\IEToolbar.dll (BitDefender S.R.L.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (The Shield Deluxe 2010 Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\Antispam32\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdagent.exe (PCSecurityShield)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\Antispam32\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKCU..\Run: [Absolute_Software Update] C:\Users\Hellyer\AppData\Local\Absolute_Software\Absolute_SoftwareUpdate\Absolute_Softwareupdt32.exe (Apple Inc.)
O4 - HKCU..\Run: [Conduit Update] C:\Users\Hellyer\AppData\Local\Conduit\ConduitUpdate\Conduitupdt32.exe (Apple Inc.)
O4 - HKCU..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKCU..\Run: [JavaProfileProfile] C:\ProgramData\JavaProfileProfile.dll (Apple Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Hellyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe File not found
O1364bit: - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: army.mil ([www.us] https in Trusted sites)
O15 - HKCU\..Trusted Domains: wowarmory.com ([www] https in Trusted sites)
O16 - DPF: {13EB7AC8-4811-461C-8581-89650F3D716B} http://www.worldwinn.../walloffame.cab (WallOfFame Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://gsn.worldwinn...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinn...0/tpir/tpir.cab (TPIR Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} http://www.worldwinn...t/moneylist.cab (MoneyList Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} https://www.telepc.n...ank/arview2.cab (ActiveReports Viewer2)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinn...ly/monopoly.cab (Monopoly Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinn...h/dinerdash.cab (DinerDash Control)
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinn...i/mysterypi.cab (MysteryPI Control)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinn...paint/paint.cab (Paint Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3582DEDA-2CFD-4060-A6C8-6A7030E9ECCA}: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83ED007C-73E6-4B01-BB64-67DA2C73A314}: NameServer = 216.228.34.51,137.118.1.28
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6E30DD2-F552-4975-9DA4-DF1019B4A507}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2fba11fe-cab7-11e0-8c1b-0026182af85e}\Shell - "" = AutoRun
O33 - MountPoints2\{2fba11fe-cab7-11e0-8c1b-0026182af85e}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{f28e94be-ff40-11df-b72e-0026182af85e}\Shell - "" = AutoRun
O33 - MountPoints2\{f28e94be-ff40-11df-b72e-0026182af85e}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/09/27 20:43:13 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Hellyer\Desktop\OTL.exe
[2011/09/27 20:17:40 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{76A2F659-3664-4A14-89A7-6ABD56BA475B}
[2011/09/27 20:17:22 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{5F473F2E-C9C5-4901-BD65-627D6CA73BDD}
[2011/09/27 14:52:00 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{E667F4C2-2329-47F3-B7B7-500300438F4C}
[2011/09/26 10:13:27 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{FA7F3D8B-F953-402C-921C-8735F1D4F7B6}
[2011/09/26 10:13:11 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{E98BB8C5-4335-471E-BC6B-0688CA3456ED}
[2011/09/26 10:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2011/09/26 10:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!
[2011/09/26 10:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/09/26 10:01:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
[2011/09/25 20:01:34 | 000,262,656 | ---- | C] (Apple Inc.) -- C:\Users\Hellyer\AppData\Local\TCPIPWin32.dll
[2011/09/25 20:01:17 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\ProgramData\JavaProfileProfile.dll
[2011/09/25 18:30:14 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{A4D0FCEE-20AD-45D0-B6C9-2E04A667B2D5}
[2011/09/25 18:30:02 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{522317B5-FEC1-4082-A08B-F51E4E8B98A9}
[2011/09/25 15:14:36 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/09/25 15:04:01 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{B8BE4856-72DB-419A-8FC3-6F44D9CAA9D8}
[2011/09/25 15:03:49 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{D76E6A06-8148-4010-87BF-D7DE72D6B137}
[2011/09/23 18:10:48 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3HTUI5.dll
[2011/09/23 18:10:46 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZComp5.dll
[2011/09/23 18:10:46 | 000,480,720 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZBase5.dll
[2011/09/23 18:10:46 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3XDat5.dll
[2011/09/23 18:10:46 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZIO5.dll
[2011/09/23 18:10:44 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3DBA5.dll
[2011/09/23 18:10:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Svc5.dll
[2011/09/23 18:10:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Inet5.dll
[2011/09/23 18:10:44 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Hks5.dll
[2011/09/23 18:10:42 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Base5.dll
[2011/09/23 18:10:42 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3UI5.dll
[2011/09/23 18:10:42 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Win325.dll
[2011/09/23 14:44:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SupportSoft
[2011/09/23 14:15:08 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{C3B28DD3-A659-43C4-A986-A11F6EBEA8F0}
[2011/09/23 14:14:49 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{F90D7D11-88DD-4BE4-ADE2-E02ED94902D0}
[2011/09/22 09:44:02 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Roaming\vlc
[2011/09/22 09:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Verizon
[2011/09/22 09:43:55 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon V CAST Media Manager
[2011/09/22 09:43:55 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\V CAST Media Manager
[2011/09/22 09:43:21 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysWow64\pthreadGC2.dll
[2011/09/22 09:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon V CAST Media Manager
[2011/09/22 09:32:45 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\Documents\Resume stuff
[2011/09/20 19:46:38 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{E266202E-E8EC-4696-957D-BC3813BF90CF}
[2011/09/20 19:46:25 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{9FF479A4-0F0D-4B4B-8F4C-336BDFF992C5}
[2011/09/19 16:00:17 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{F2A36F4B-33DA-4509-A93F-88A0F3D333F7}
[2011/09/19 16:00:02 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{8592BADF-32D8-4DB2-A237-E2EA8CD9D123}
[2011/09/18 11:11:22 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{EDE8BF92-632A-4D01-AB93-F42AD050DC8C}
[2011/09/18 11:11:05 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{890C13AD-86A4-4B8D-91F1-E8799AD005FE}
[2011/09/17 07:36:05 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{9A903D91-F38E-4D21-907D-689A73727D2D}
[2011/09/17 07:35:44 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{1625B139-6758-4E4C-90DA-73F8E2E09C2A}
[2011/09/17 07:31:46 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{D9B26BB4-0B51-4C75-9AE1-2714B9C337B7}
[2011/09/17 07:31:33 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{09A9CD5E-695C-4391-960D-0E1F1976CEE1}
[2011/09/12 10:35:56 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{AD29224B-1685-4B61-B848-F3447B94430D}
[2011/09/12 10:35:43 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{DDB191E0-2C80-4C6E-8362-48C71BE76068}
[2011/09/11 13:11:12 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{B5A0E4F9-A14C-4FD7-B7C4-70015373AAF9}
[2011/09/05 20:13:59 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{39A42FD3-D1BC-42CC-9F54-2846FC23CBD2}
[2011/09/05 20:13:44 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{593C143D-019C-4523-8121-A514F79590B8}
[2011/09/05 10:18:37 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\Desktop\Wii Stuff
[2011/09/04 15:52:15 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{79F1C5D1-2A80-4C13-8292-62709C535AB0}
[2011/09/04 15:52:03 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{A616A4D2-47FA-4F6C-B6E8-F57FAE949AED}
[2011/09/02 11:20:51 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{B579B734-FD84-4EC6-869A-D47B72251324}
[2011/09/02 01:21:28 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{6D06B3BE-535D-4C23-8886-4CEB2A6F76F7}
[2011/09/01 17:16:40 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{A637D7A3-EF71-4E80-A862-E0CE154CCAFE}
[2011/09/01 17:16:25 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{16AE9D9F-D103-4CB5-9FE2-31778F329228}
[2011/09/01 15:57:51 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{1A6E293A-4771-4A65-9CFB-B12B62C6BA13}
[2011/09/01 15:57:38 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{13C59381-B249-41AE-BB6D-7BD725381882}
[2011/08/30 11:10:37 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{A09B7C2E-FB6D-4589-AC1C-123E129B3B5A}
[2011/08/30 11:10:20 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{34188A8C-8BD3-400A-9840-B7BA55D9110D}
[2011/08/30 09:50:26 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{37C4CD91-511A-418C-8764-27C3F7B0B855}
[2011/08/30 09:50:13 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{6F17539A-B5D1-4FDC-99E5-5F862DAAC444}
[2011/08/29 10:04:25 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{D247702B-BE2C-4C1D-A24C-F2FC95364C80}
[2011/08/29 10:04:07 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{35B0333F-0DF2-441C-B89C-3B5BC8B61902}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Hellyer\Desktop\*.tmp files -> C:\Users\Hellyer\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/27 20:50:41 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/27 20:50:41 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/27 20:43:14 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Hellyer\Desktop\OTL.exe
[2011/09/27 20:18:45 | 000,001,416 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/09/27 20:16:16 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011/09/27 20:16:14 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/27 20:15:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/27 20:14:55 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/27 20:09:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/27 14:49:53 | 000,000,132 | ---- | M] () -- C:\Windows\SysNative\rezumatenoi.dat
[2011/09/26 19:11:32 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/26 19:11:32 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/26 19:11:32 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/26 10:09:34 | 000,000,384 | ---- | M] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg
[2011/09/23 18:10:48 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3HTUI5.dll
[2011/09/23 18:10:46 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZComp5.dll
[2011/09/23 18:10:46 | 000,480,720 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZBase5.dll
[2011/09/23 18:10:46 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3XDat5.dll
[2011/09/23 18:10:46 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZIO5.dll
[2011/09/23 18:10:44 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3DBA5.dll
[2011/09/23 18:10:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Svc5.dll
[2011/09/23 18:10:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Inet5.dll
[2011/09/23 18:10:44 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Hks5.dll
[2011/09/23 18:10:42 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Base5.dll
[2011/09/23 18:10:42 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3UI5.dll
[2011/09/23 18:10:42 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Win325.dll
[2011/09/23 14:20:19 | 000,007,615 | ---- | M] () -- C:\Users\Hellyer\AppData\Local\resmon.resmoncfg
[2011/09/22 09:43:55 | 000,001,856 | ---- | M] () -- C:\Users\Hellyer\Desktop\Verizon V CAST Media Manager.lnk
[2011/09/18 22:23:29 | 000,001,552 | ---- | M] () -- C:\Users\Hellyer\Desktop\Wow.exe - Shortcut.lnk
[2011/09/17 14:56:49 | 000,001,246 | ---- | M] () -- C:\Users\Hellyer\Desktop\World of Warcraft.lnk
[2011/09/07 11:01:25 | 000,000,572 | ---- | M] () -- C:\Users\Hellyer\AppData\Roaming\wklnhst.dat
[2011/09/05 10:19:56 | 000,009,652 | ---- | M] () -- C:\SeagateAdapter
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Hellyer\Desktop\*.tmp files -> C:\Users\Hellyer\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/27 20:17:46 | 000,001,416 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/09/26 10:09:33 | 000,000,384 | ---- | C] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg
[2011/09/22 09:43:55 | 000,001,856 | ---- | C] () -- C:\Users\Hellyer\Desktop\Verizon V CAST Media Manager.lnk
[2011/09/18 22:23:29 | 000,001,552 | ---- | C] () -- C:\Users\Hellyer\Desktop\Wow.exe - Shortcut.lnk
[2011/08/05 01:54:41 | 000,003,584 | ---- | C] () -- C:\Users\Hellyer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/07 14:28:49 | 000,002,384 | ---- | C] () -- C:\Windows\SysWow64\BattleP.ini
[2011/01/07 14:28:49 | 000,001,248 | ---- | C] () -- C:\Windows\SysWow64\BattlePOff.ini
[2011/01/07 10:11:34 | 000,000,600 | ---- | C] () -- C:\Users\Hellyer\AppData\Local\PUTTY.RND
[2010/01/26 15:21:44 | 000,007,615 | ---- | C] () -- C:\Users\Hellyer\AppData\Local\resmon.resmoncfg
[2009/10/20 10:53:18 | 000,000,572 | ---- | C] () -- C:\Users\Hellyer\AppData\Roaming\wklnhst.dat
[2009/08/18 13:45:45 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/08/12 12:29:33 | 000,870,128 | ---- | C] () -- C:\Users\Hellyer\AppData\Roaming\mcs.rma
[2009/08/12 12:29:33 | 000,000,004 | ---- | C] () -- C:\Users\Hellyer\AppData\Roaming\D511CB
[2009/08/09 18:28:46 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/03 01:01:08 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2009/06/03 01:00:48 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/11/07 19:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/10/08 21:38:27 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2007/08/05 21:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe

========== LOP Check ==========

[2009/12/28 19:48:03 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\Absolute
[2010/04/10 16:56:17 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\Ascaron Entertainment
[2009/12/28 19:48:03 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\EA
[2011/08/27 08:42:41 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\ImgBurn
[2011/08/26 14:32:57 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\Leadertech
[2011/08/28 16:25:26 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\Memeo
[2011/08/21 19:20:25 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\PFStaticIP
[2010/03/24 12:58:36 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\Pogo Games
[2011/08/26 14:30:35 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\Seagate
[2009/12/28 19:48:12 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\Template
[2010/08/05 12:17:17 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\The Shield Deluxe
[2011/09/27 20:17:17 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\uTorrent
[2011/06/01 13:14:38 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\Windows Live Writer
[2011/08/23 14:21:32 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 185 bytes -> C:\ProgramData\Temp:588B60C7
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:9B7E8561
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BE64143E

< End of report >
  • 0

Advertisements

#2
BlackOxide
Posted 28 September 2011 - 01:07 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Hi, Hellyer! Welcome to GeeksToGo! My name is BlackOxide and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any queries or you are unsure about anything, just say and I'll help you out :)

It may well be worth you printing/saving the instructions throughout the fix, so you have them to hand just incase you are unable to access this site.

Please note the following:
  • Remember to post your logs, not attach them. So, any logs from any programs we run, should be just 'copied & pasted' into your reply, unless I specifically need you to attach them.
  • Please only run the tools that I request. I know malware can be frustrating but running other tools in the meantime and between posts, only makes it harder for me to analyse and fix your PC in the long run.
  • I will always try and respond to replies as soon as possible, but please be patient as some logs require more time than others to fully analyse.
  • If you are not sure of anything along the way, just ask.

OK, lets start :yes:



Could you go through the following steps please, then get back to me with the logs that they create.



1)
OTL Quick Scan
  • Double click on the OTL icon to run it.
  • When the window appears, underneath Output at the top, make sure Standard Output is selected.
  • Tick the Scan All Users box at the top
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window.
  • Please post the contents of this log




2)
Download aswMBR.exe (1.8mb) to your desktop.

Double click aswMBR.exe to run it.

Click the "Scan" button to start the scan.

Posted Image


On completion of the scan click save log, save it to your desktop and post it in your next reply.

Posted Image




In your next reply
Please post the contents of...
OTL log
aswMBR log
  • 0

#3
Hellyer
Posted 28 September 2011 - 01:45 PM

Hellyer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Step 1)

OTL logfile created on: 9/28/2011 1:30:14 PM - Run 2
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Hellyer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.06 Gb Available Physical Memory | 51.58% Memory free
8.00 Gb Paging File | 5.95 Gb Available in Paging File | 74.44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 51.73 Gb Free Space | 34.70% Space Free | Partition Type: NTFS
Drive D: | 137.32 Gb Total Space | 15.94 Gb Free Space | 11.61% Space Free | Partition Type: NTFS

Computer Name: HELLYER-LAPTOP | User Name: Hellyer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/27 20:43:14 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Hellyer\Desktop\OTL.exe
PRC - [2011/09/23 18:11:02 | 000,181,712 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
PRC - [2011/09/23 18:10:56 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/01 10:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 10:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 10:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2011/05/06 11:07:21 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe
PRC - [2011/05/04 15:04:32 | 000,325,344 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
PRC - [2011/01/27 15:13:50 | 000,226,624 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/01/27 15:13:40 | 000,673,088 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/11/20 06:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2009/06/03 01:01:08 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2009/03/04 11:26:24 | 008,392,704 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/03/04 10:55:52 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2008/12/22 18:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/12/09 16:00:58 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/08/19 11:34:04 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/08/13 22:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/13 21:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/08/13 21:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/08/13 17:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008/07/18 20:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/04/01 00:09:30 | 000,266,240 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2008/03/31 03:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/11/30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 01:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/22 03:40:08 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\47a4b624c147aae197214d4ee5f0661b\Microsoft.VisualBasic.ni.dll
MOD - [2011/08/22 03:39:49 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll
MOD - [2011/08/22 03:28:00 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\86a2ec5efbcfcd1105475364d7975b15\System.ServiceProcess.ni.dll
MOD - [2011/08/22 03:27:49 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\33b601c8e2cf4993e68d763389246197\System.Web.ni.dll
MOD - [2011/08/22 03:27:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
MOD - [2011/08/22 03:27:40 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\b7d1c271ec6b4df64c95563fc81ffc2f\System.Data.ni.dll
MOD - [2011/08/22 03:27:12 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/08/22 03:27:04 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/08/22 03:26:44 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/08/22 03:26:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/08/22 03:26:27 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/07/01 03:33:31 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b614f2d2f13857c09c98b02944fc1c41\Accessibility.ni.dll
MOD - [2011/07/01 03:32:57 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/06/01 10:46:02 | 000,030,984 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/06/01 10:42:24 | 000,108,296 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/06/01 10:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2011/06/01 10:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2011/05/04 15:04:54 | 002,896,608 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
MOD - [2011/05/04 15:04:50 | 000,027,360 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
MOD - [2011/05/04 15:04:32 | 000,325,344 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
MOD - [2011/01/27 15:13:40 | 000,673,088 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2010/11/04 19:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/03/22 16:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.dll
MOD - [2009/06/03 01:01:08 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
MOD - [2008/07/18 20:52:08 | 000,649,704 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008/06/09 10:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2007/11/30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
MOD - [2007/08/14 14:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 14:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 14:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2007/06/15 11:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll
MOD - [2007/06/01 18:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/20 11:42:01 | 000,431,216 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Update Service\livesrv.exe -- (LIVESRV)
SRV:64bit: - [2009/09/28 14:47:26 | 002,273,816 | ---- | M] (PCSecurityShield) [Auto | Running] -- C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\vsserv.exe -- (VSSERV)
SRV:64bit: - [2009/09/25 17:24:56 | 000,412,672 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Threat Scanner\scan.dll -- (scan)
SRV:64bit: - [2009/09/14 00:03:04 | 000,278,224 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/03/31 03:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV:64bit: - [2007/08/08 01:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011/09/23 18:10:56 | 000,067,024 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/06/08 06:33:28 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/01 10:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/05/04 15:04:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2011/01/27 15:13:50 | 000,226,624 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/13 21:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/16 05:54:06 | 000,069,888 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S3XXx64.sys -- (S3XXx64)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/03 14:03:26 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/29 17:14:00 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/01 13:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010/01/25 18:57:54 | 000,010,240 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2009/09/17 16:12:16 | 000,162,312 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdfm.sys -- (BDFM)
DRV:64bit: - [2009/09/01 15:24:42 | 000,088,584 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2009/07/24 12:26:02 | 000,340,488 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/19 20:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 14:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/08 10:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
DRV:64bit: - [2009/02/11 03:26:17 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/01/29 16:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009/01/29 16:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/10/08 21:39:01 | 001,821,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2008/08/06 18:26:07 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/06/24 14:50:00 | 000,065,024 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/06/03 16:41:49 | 000,017,464 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2007/12/18 18:57:12 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2007/12/06 04:12:55 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/02 14:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2007/08/10 21:19:44 | 000,034,872 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2007/07/27 20:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 21:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/24 12:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2006/10/28 08:01:07 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV - [2011/06/02 12:58:28 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\SySWOW64\DRIVERS\szkg64.sys -- (szkg5)
DRV - [2011/06/02 12:58:28 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SySWOW64\drivers\is3srv64.sys -- (is3srv)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\InprocServer32 File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C 25 68 0E 56 F2 86 49 94 E6 00 27 6A DB F1 1A [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C 25 68 0E 56 F2 86 49 94 E6 00 27 6A DB F1 1A [binary data]

IE - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wowhead.com/
IE - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.wowhead.com/
IE - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C 25 68 0E 56 F2 86 49 94 E6 00 27 6A DB F1 1A [binary data]
IE - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No CLSID value found
IE - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\InprocServer32 File not found
IE - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2010/01/26 16:37:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hellyer\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Hellyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\

O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Reg Error: Value error.) - {0E68259C-F256-4986-94E6-00276ADBF11a} - C:\Users\Hellyer\AppData\Local\TCPIPWin32.dll (Apple Inc.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3:64bit: - HKLM\..\Toolbar: (The Shield Deluxe 2010 Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\IEToolbar.dll (BitDefender S.R.L.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (The Shield Deluxe 2010 Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\Antispam32\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\..\Toolbar\WebBrowser: (no name) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No CLSID value found.
O3 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll File not found
O3 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdagent.exe (PCSecurityShield)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\Antispam32\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKU\.DEFAULT..\Run: [Absolute_Software Update] C:\Users\Hellyer\AppData\Local\Absolute_Software\Absolute_SoftwareUpdate\Absolute_Softwareupdt32.exe (Apple Inc.)
O4 - HKU\S-1-5-18..\Run: [Absolute_Software Update] C:\Users\Hellyer\AppData\Local\Absolute_Software\Absolute_SoftwareUpdate\Absolute_Softwareupdt32.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\Run: [Absolute_Software Update] C:\Users\Hellyer\AppData\Local\Absolute_Software\Absolute_SoftwareUpdate\Absolute_Softwareupdt32.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Absolute_Software Update] C:\Users\Hellyer\AppData\Local\Absolute_Software\Absolute_SoftwareUpdate\Absolute_Softwareupdt32.exe (Apple Inc.)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000..\Run: [Absolute_Software Update] C:\Users\Hellyer\AppData\Local\Absolute_Software\Absolute_SoftwareUpdate\Absolute_Softwareupdt32.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000..\Run: [Conduit Update] C:\Users\Hellyer\AppData\Local\Conduit\ConduitUpdate\Conduitupdt32.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000..\Run: [JavaProfileProfile] C:\ProgramData\JavaProfileProfile.dll (Apple Inc.)
O4 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Hellyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe File not found
O1364bit: - gopher Prefix: missing
O15 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\..Trusted Domains: army.mil ([www.us] https in Trusted sites)
O15 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\..Trusted Domains: wowarmory.com ([www] https in Trusted sites)
O16 - DPF: {13EB7AC8-4811-461C-8581-89650F3D716B} http://www.worldwinn.../walloffame.cab (WallOfFame Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://gsn.worldwinn...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinn...0/tpir/tpir.cab (TPIR Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} http://www.worldwinn...t/moneylist.cab (MoneyList Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} https://www.telepc.n...ank/arview2.cab (ActiveReports Viewer2)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinn...ly/monopoly.cab (Monopoly Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinn...h/dinerdash.cab (DinerDash Control)
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinn...i/mysterypi.cab (MysteryPI Control)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinn...paint/paint.cab (Paint Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3582DEDA-2CFD-4060-A6C8-6A7030E9ECCA}: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83ED007C-73E6-4B01-BB64-67DA2C73A314}: NameServer = 216.228.34.51,137.118.1.28
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6E30DD2-F552-4975-9DA4-DF1019B4A507}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2fba11fe-cab7-11e0-8c1b-0026182af85e}\Shell - "" = AutoRun
O33 - MountPoints2\{2fba11fe-cab7-11e0-8c1b-0026182af85e}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{f28e94be-ff40-11df-b72e-0026182af85e}\Shell - "" = AutoRun
O33 - MountPoints2\{f28e94be-ff40-11df-b72e-0026182af85e}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/09/27 20:43:13 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Hellyer\Desktop\OTL.exe
[2011/09/27 20:17:40 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{76A2F659-3664-4A14-89A7-6ABD56BA475B}
[2011/09/27 20:17:22 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{5F473F2E-C9C5-4901-BD65-627D6CA73BDD}
[2011/09/27 14:52:00 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{E667F4C2-2329-47F3-B7B7-500300438F4C}
[2011/09/26 10:13:27 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{FA7F3D8B-F953-402C-921C-8735F1D4F7B6}
[2011/09/26 10:13:11 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{E98BB8C5-4335-471E-BC6B-0688CA3456ED}
[2011/09/26 10:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2011/09/26 10:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!
[2011/09/26 10:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/09/26 10:01:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
[2011/09/25 20:01:34 | 000,262,656 | ---- | C] (Apple Inc.) -- C:\Users\Hellyer\AppData\Local\TCPIPWin32.dll
[2011/09/25 20:01:17 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\ProgramData\JavaProfileProfile.dll
[2011/09/25 18:30:14 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{A4D0FCEE-20AD-45D0-B6C9-2E04A667B2D5}
[2011/09/25 18:30:02 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{522317B5-FEC1-4082-A08B-F51E4E8B98A9}
[2011/09/25 15:14:36 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/09/25 15:04:01 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{B8BE4856-72DB-419A-8FC3-6F44D9CAA9D8}
[2011/09/25 15:03:49 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{D76E6A06-8148-4010-87BF-D7DE72D6B137}
[2011/09/23 18:10:48 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3HTUI5.dll
[2011/09/23 18:10:46 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZComp5.dll
[2011/09/23 18:10:46 | 000,480,720 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZBase5.dll
[2011/09/23 18:10:46 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3XDat5.dll
[2011/09/23 18:10:46 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZIO5.dll
[2011/09/23 18:10:44 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3DBA5.dll
[2011/09/23 18:10:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Svc5.dll
[2011/09/23 18:10:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Inet5.dll
[2011/09/23 18:10:44 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Hks5.dll
[2011/09/23 18:10:42 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Base5.dll
[2011/09/23 18:10:42 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3UI5.dll
[2011/09/23 18:10:42 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Win325.dll
[2011/09/23 14:44:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SupportSoft
[2011/09/23 14:15:08 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{C3B28DD3-A659-43C4-A986-A11F6EBEA8F0}
[2011/09/23 14:14:49 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{F90D7D11-88DD-4BE4-ADE2-E02ED94902D0}
[2011/09/22 09:44:02 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Roaming\vlc
[2011/09/22 09:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Verizon
[2011/09/22 09:43:55 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon V CAST Media Manager
[2011/09/22 09:43:55 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\V CAST Media Manager
[2011/09/22 09:43:21 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysWow64\pthreadGC2.dll
[2011/09/22 09:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon V CAST Media Manager
[2011/09/22 09:32:45 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\Documents\Resume stuff
[2011/09/20 19:46:38 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{E266202E-E8EC-4696-957D-BC3813BF90CF}
[2011/09/20 19:46:25 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{9FF479A4-0F0D-4B4B-8F4C-336BDFF992C5}
[2011/09/19 16:00:17 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{F2A36F4B-33DA-4509-A93F-88A0F3D333F7}
[2011/09/19 16:00:02 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{8592BADF-32D8-4DB2-A237-E2EA8CD9D123}
[2011/09/18 11:11:22 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{EDE8BF92-632A-4D01-AB93-F42AD050DC8C}
[2011/09/18 11:11:05 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{890C13AD-86A4-4B8D-91F1-E8799AD005FE}
[2011/09/17 07:36:05 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{9A903D91-F38E-4D21-907D-689A73727D2D}
[2011/09/17 07:35:44 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{1625B139-6758-4E4C-90DA-73F8E2E09C2A}
[2011/09/17 07:31:46 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{D9B26BB4-0B51-4C75-9AE1-2714B9C337B7}
[2011/09/17 07:31:33 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{09A9CD5E-695C-4391-960D-0E1F1976CEE1}
[2011/09/12 10:35:56 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{AD29224B-1685-4B61-B848-F3447B94430D}
[2011/09/12 10:35:43 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{DDB191E0-2C80-4C6E-8362-48C71BE76068}
[2011/09/11 13:11:12 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{B5A0E4F9-A14C-4FD7-B7C4-70015373AAF9}
[2011/09/05 20:13:59 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{39A42FD3-D1BC-42CC-9F54-2846FC23CBD2}
[2011/09/05 20:13:44 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{593C143D-019C-4523-8121-A514F79590B8}
[2011/09/05 10:18:37 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\Desktop\Wii Stuff
[2011/09/04 15:52:15 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{79F1C5D1-2A80-4C13-8292-62709C535AB0}
[2011/09/04 15:52:03 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{A616A4D2-47FA-4F6C-B6E8-F57FAE949AED}
[2011/09/02 11:20:51 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{B579B734-FD84-4EC6-869A-D47B72251324}
[2011/09/02 01:21:28 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{6D06B3BE-535D-4C23-8886-4CEB2A6F76F7}
[2011/09/01 17:16:40 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{A637D7A3-EF71-4E80-A862-E0CE154CCAFE}
[2011/09/01 17:16:25 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{16AE9D9F-D103-4CB5-9FE2-31778F329228}
[2011/09/01 15:57:51 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{1A6E293A-4771-4A65-9CFB-B12B62C6BA13}
[2011/09/01 15:57:38 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{13C59381-B249-41AE-BB6D-7BD725381882}
[2011/08/30 11:10:37 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{A09B7C2E-FB6D-4589-AC1C-123E129B3B5A}
[2011/08/30 11:10:20 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{34188A8C-8BD3-400A-9840-B7BA55D9110D}
[2011/08/30 09:50:26 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{37C4CD91-511A-418C-8764-27C3F7B0B855}
[2011/08/30 09:50:13 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{6F17539A-B5D1-4FDC-99E5-5F862DAAC444}
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Hellyer\Desktop\*.tmp files -> C:\Users\Hellyer\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/28 13:09:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/28 09:18:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/27 23:09:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/27 20:50:41 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/27 20:50:41 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/27 20:43:14 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Hellyer\Desktop\OTL.exe
[2011/09/27 20:18:45 | 000,001,416 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/09/27 20:16:16 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011/09/27 20:14:55 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/27 14:49:53 | 000,000,132 | ---- | M] () -- C:\Windows\SysNative\rezumatenoi.dat
[2011/09/26 19:11:32 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/26 19:11:32 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/26 19:11:32 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/26 10:09:34 | 000,000,384 | ---- | M] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg
[2011/09/23 18:10:48 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3HTUI5.dll
[2011/09/23 18:10:46 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZComp5.dll
[2011/09/23 18:10:46 | 000,480,720 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZBase5.dll
[2011/09/23 18:10:46 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3XDat5.dll
[2011/09/23 18:10:46 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZIO5.dll
[2011/09/23 18:10:44 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3DBA5.dll
[2011/09/23 18:10:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Svc5.dll
[2011/09/23 18:10:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Inet5.dll
[2011/09/23 18:10:44 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Hks5.dll
[2011/09/23 18:10:42 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Base5.dll
[2011/09/23 18:10:42 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3UI5.dll
[2011/09/23 18:10:42 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Win325.dll
[2011/09/23 14:20:19 | 000,007,615 | ---- | M] () -- C:\Users\Hellyer\AppData\Local\resmon.resmoncfg
[2011/09/22 09:43:55 | 000,001,856 | ---- | M] () -- C:\Users\Hellyer\Desktop\Verizon V CAST Media Manager.lnk
[2011/09/18 22:23:29 | 000,001,552 | ---- | M] () -- C:\Users\Hellyer\Desktop\Wow.exe - Shortcut.lnk
[2011/09/17 14:56:49 | 000,001,246 | ---- | M] () -- C:\Users\Hellyer\Desktop\World of Warcraft.lnk
[2011/09/07 11:01:25 | 000,000,572 | ---- | M] () -- C:\Users\Hellyer\AppData\Roaming\wklnhst.dat
[2011/09/05 10:19:56 | 000,009,652 | ---- | M] () -- C:\SeagateAdapter
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Hellyer\Desktop\*.tmp files -> C:\Users\Hellyer\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/27 20:17:46 | 000,001,416 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/09/26 10:09:33 | 000,000,384 | ---- | C] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg
[2011/09/22 09:43:55 | 000,001,856 | ---- | C] () -- C:\Users\Hellyer\Desktop\Verizon V CAST Media Manager.lnk
[2011/09/18 22:23:29 | 000,001,552 | ---- | C] () -- C:\Users\Hellyer\Desktop\Wow.exe - Shortcut.lnk
[2011/08/05 01:54:41 | 000,003,584 | ---- | C] () -- C:\Users\Hellyer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/07 14:28:49 | 000,002,384 | ---- | C] () -- C:\Windows\SysWow64\BattleP.ini
[2011/01/07 14:28:49 | 000,001,248 | ---- | C] () -- C:\Windows\SysWow64\BattlePOff.ini
[2011/01/07 10:11:34 | 000,000,600 | ---- | C] () -- C:\Users\Hellyer\AppData\Local\PUTTY.RND
[2010/01/26 15:21:44 | 000,007,615 | ---- | C] () -- C:\Users\Hellyer\AppData\Local\resmon.resmoncfg
[2009/10/20 10:53:18 | 000,000,572 | ---- | C] () -- C:\Users\Hellyer\AppData\Roaming\wklnhst.dat
[2009/08/18 13:45:45 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/08/12 12:29:33 | 000,870,128 | ---- | C] () -- C:\Users\Hellyer\AppData\Roaming\mcs.rma
[2009/08/12 12:29:33 | 000,000,004 | ---- | C] () -- C:\Users\Hellyer\AppData\Roaming\D511CB
[2009/08/09 18:28:46 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/03 01:01:08 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2009/06/03 01:00:48 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/11/07 19:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/10/08 21:38:27 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2007/08/05 21:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe

========== LOP Check ==========

[2009/12/28 19:48:03 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\Absolute
[2010/04/10 16:56:17 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\Ascaron Entertainment
[2009/12/28 19:48:03 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\EA
[2011/08/27 08:42:41 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\ImgBurn
[2011/08/26 14:32:57 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\Leadertech
[2011/08/28 16:25:26 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\Memeo
[2011/08/21 19:20:25 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\PFStaticIP
[2010/03/24 12:58:36 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\Pogo Games
[2011/08/26 14:30:35 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\Seagate
[2009/12/28 19:48:12 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\Template
[2010/08/05 12:17:17 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\The Shield Deluxe
[2011/09/27 20:17:17 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\uTorrent
[2011/06/01 13:14:38 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\Windows Live Writer
[2011/08/23 14:21:32 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 185 bytes -> C:\ProgramData\Temp:588B60C7
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:9B7E8561
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BE64143E

< End of report >



Step 2)

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-28 13:42:24
-----------------------------
13:42:24.444 OS Version: Windows x64 6.1.7601 Service Pack 1
13:42:24.444 Number of processors: 2 586 0x1706
13:42:24.444 ComputerName: HELLYER-LAPTOP UserName: Hellyer
13:42:29.155 Initialize success
13:43:05.940 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
13:43:05.940 Disk 0 Vendor: ST932042 SD14 Size: 305245MB BusType: 3
13:43:06.050 Disk 0 MBR read successfully
13:43:06.050 Disk 0 MBR scan
13:43:06.050 Disk 0 Windows 7 default MBR code
13:43:06.050 Service scanning
13:43:07.376 Modules scanning
13:43:07.376 Disk 0 trace - called modules:
13:43:07.376 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
13:43:07.376 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800584b060]
13:43:07.391 3 CLASSPNP.SYS[fffff88001bc343f] -> nt!IofCallDriver -> [0xfffffa8003cf2040]
13:43:07.391 5 ACPI.sys[fffff88000f7a7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004b41050]
13:43:07.391 Scan finished successfully
13:44:27.700 Disk 0 MBR has been saved successfully to "C:\Users\Hellyer\Desktop\MBR.dat"
13:44:27.794 The log file has been saved successfully to "C:\Users\Hellyer\Desktop\aswMBR.txt"
  • 0

#4
BlackOxide
Posted 28 September 2011 - 02:55 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Excellent, now lets start removing these infections which are present :)


Just follow the steps below, then get back to me with the relevants logs please.



1)
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C 25 68 0E 56 F2 86 49 94 E6 00 27 6A DB F1 1A [binary data]
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No CLSID value found
O2 - BHO: (Reg Error: Value error.) - {0E68259C-F256-4986-94E6-00276ADBF11a} - C:\Users\Hellyer\AppData\Local\TCPIPWin32.dll (Apple Inc.)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O4 - HKCU..\Run: [Absolute_Software Update] C:\Users\Hellyer\AppData\Local\Absolute_Software\Absolute_SoftwareUpdate\Absolute_Softwareupdt32.exe (Apple Inc.)
O4 - HKCU..\Run: [Conduit Update] C:\Users\Hellyer\AppData\Local\Conduit\ConduitUpdate\Conduitupdt32.exe (Apple Inc.)
O4 - HKCU..\Run: [JavaProfileProfile] C:\ProgramData\JavaProfileProfile.dll (Apple Inc.)
[2011/09/25 20:01:34 | 000,262,656 | ---- | C] (Apple Inc.) -- C:\Users\Hellyer\AppData\Local\TCPIPWin32.dll
[2011/09/25 20:01:17 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\ProgramData\JavaProfileProfile.dll
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C 25 68 0E 56 F2 86 49 94 E6 00 27 6A DB F1 1A [binary data]
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C 25 68 0E 56 F2 86 49 94 E6 00 27 6A DB F1 1A [binary data]
IE - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 9C 25 68 0E 56 F2 86 49 94 E6 00 27 6A DB F1 1A [binary data]
IE - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - No CLSID value found
O2 - BHO: (Reg Error: Value error.) - {0E68259C-F256-4986-94E6-00276ADBF11a} - C:\Users\Hellyer\AppData\Local\TCPIPWin32.dll (Apple Inc.)
O4 - HKU\.DEFAULT..\Run: [Absolute_Software Update] C:\Users\Hellyer\AppData\Local\Absolute_Software\Absolute_SoftwareUpdate\Absolute_Softwareupdt32.exe (Apple Inc.)
O4 - HKU\S-1-5-18..\Run: [Absolute_Software Update] C:\Users\Hellyer\AppData\Local\Absolute_Software\Absolute_SoftwareUpdate\Absolute_Softwareupdt32.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\Run: [Absolute_Software Update] C:\Users\Hellyer\AppData\Local\Absolute_Software\Absolute_SoftwareUpdate\Absolute_Softwareupdt32.exe (Apple Inc.)
O4 - HKU\S-1-5-20..\Run: [Absolute_Software Update] C:\Users\Hellyer\AppData\Local\Absolute_Software\Absolute_SoftwareUpdate\Absolute_Softwareupdt32.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000..\Run: [Absolute_Software Update] C:\Users\Hellyer\AppData\Local\Absolute_Software\Absolute_SoftwareUpdate\Absolute_Softwareupdt32.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000..\Run: [Conduit Update] C:\Users\Hellyer\AppData\Local\Conduit\ConduitUpdate\Conduitupdt32.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000..\Run: [JavaProfileProfile] C:\ProgramData\JavaProfileProfile.dll (Apple Inc.)

:Services

:Reg
[HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-
[HKU\S-1-5-21-2588422089-1467853779-785523288-1000\SOFTWARE\Microsoft\Internet Explorer\Main]
XMLHTTP_UUID_Default=-

:Files
ipconfig /flushdns /c

:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • A log may appear when the PC restarts. Just close this text file.
  • Open OTL again, Tick the Scan All Users box at the top and then click the Quick Scan button. Post the log it produces in your next reply.




2)
Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.




In your next reply
Please post the contents of...
OTL log
MBAM log
  • 0

#5
Hellyer
Posted 28 September 2011 - 05:33 PM

Hellyer

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
OTL logfile created on: 9/28/2011 5:05:39 PM - Run 3
OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Hellyer\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 58.17% Memory free
8.00 Gb Paging File | 6.17 Gb Available in Paging File | 77.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 52.71 Gb Free Space | 35.37% Space Free | Partition Type: NTFS
Drive D: | 137.32 Gb Total Space | 15.94 Gb Free Space | 11.61% Space Free | Partition Type: NTFS

Computer Name: HELLYER-LAPTOP | User Name: Hellyer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/27 20:43:14 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Hellyer\Desktop\OTL.exe
PRC - [2011/09/23 18:11:02 | 000,181,712 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
PRC - [2011/09/23 18:10:56 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
PRC - [2011/08/26 15:26:59 | 000,640,888 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2011/06/28 03:19:50 | 004,950,664 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/06/01 10:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 10:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 10:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2011/05/06 11:07:21 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe
PRC - [2011/05/04 15:04:32 | 000,325,344 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
PRC - [2011/01/27 15:13:50 | 000,226,624 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/01/27 15:13:40 | 000,673,088 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2010/11/20 06:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\schtasks.exe
PRC - [2009/06/03 01:01:08 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2009/03/04 11:26:24 | 008,392,704 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
PRC - [2009/03/04 10:55:52 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
PRC - [2008/12/22 18:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
PRC - [2008/12/09 16:00:58 | 000,297,528 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2008/08/19 11:34:04 | 000,159,744 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
PRC - [2008/08/13 22:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
PRC - [2008/08/13 21:59:56 | 000,301,624 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
PRC - [2008/08/13 21:59:52 | 000,100,920 | ---- | M] () -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/08/13 17:21:56 | 002,482,176 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
PRC - [2008/07/18 20:52:16 | 000,104,936 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2008/04/01 00:09:30 | 000,266,240 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2008/03/31 03:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007/11/30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2007/08/08 01:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/22 03:40:08 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\47a4b624c147aae197214d4ee5f0661b\Microsoft.VisualBasic.ni.dll
MOD - [2011/08/22 03:39:49 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll
MOD - [2011/08/22 03:28:00 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\86a2ec5efbcfcd1105475364d7975b15\System.ServiceProcess.ni.dll
MOD - [2011/08/22 03:27:49 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\33b601c8e2cf4993e68d763389246197\System.Web.ni.dll
MOD - [2011/08/22 03:27:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
MOD - [2011/08/22 03:27:40 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\b7d1c271ec6b4df64c95563fc81ffc2f\System.Data.ni.dll
MOD - [2011/08/22 03:27:12 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011/08/22 03:27:04 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011/08/22 03:26:44 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011/08/22 03:26:28 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011/08/22 03:26:27 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011/07/01 03:33:31 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b614f2d2f13857c09c98b02944fc1c41\Accessibility.ni.dll
MOD - [2011/07/01 03:32:57 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011/06/28 03:19:50 | 004,950,664 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe
MOD - [2011/06/28 03:19:28 | 000,100,352 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\avutil-50.dll
MOD - [2011/06/28 03:19:26 | 000,684,032 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\libexpat.dll
MOD - [2011/06/28 03:19:26 | 000,466,975 | ---- | M] () -- C:\Program Files\Verizon V CAST Media Manager\sqlite3.dll
MOD - [2011/06/01 10:46:02 | 000,030,984 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/06/01 10:42:24 | 000,108,296 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/06/01 10:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2011/06/01 10:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2011/05/04 15:04:54 | 002,896,608 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll
MOD - [2011/05/04 15:04:50 | 000,027,360 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
MOD - [2011/05/04 15:04:32 | 000,325,344 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
MOD - [2011/01/27 15:13:40 | 000,673,088 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2010/11/04 19:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/03/22 16:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.dll
MOD - [2009/06/03 01:01:08 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
MOD - [2008/07/18 20:52:08 | 000,649,704 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2008/06/09 10:55:08 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2007/11/30 12:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
MOD - [2007/08/14 14:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 14:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 14:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/03/20 11:42:01 | 000,431,216 | ---- | M] (BitDefender S.R.L.) [Auto | Running] -- C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Update Service\livesrv.exe -- (LIVESRV)
SRV:64bit: - [2009/09/28 14:47:26 | 002,273,816 | ---- | M] (PCSecurityShield) [Auto | Running] -- C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\vsserv.exe -- (VSSERV)
SRV:64bit: - [2009/09/25 17:24:56 | 000,412,672 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Threat Scanner\scan.dll -- (scan)
SRV:64bit: - [2009/09/14 00:03:04 | 000,278,224 | ---- | M] (BitDefender S.R.L. http://www.bitdefender.com) [On_Demand | Stopped] -- C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Arrakis Server\bin\arrakis3.exe -- (Arrakis3)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/03/31 03:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV:64bit: - [2007/08/08 01:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2011/09/23 18:10:56 | 000,067,024 | R--- | M] (iS3, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011/06/08 06:33:28 | 000,329,080 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\SupportSoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/06/01 10:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/05/04 15:04:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2011/01/27 15:13:50 | 000,226,624 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/08/13 21:59:52 | 000,100,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/06/16 05:54:06 | 000,069,888 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S3XXx64.sys -- (S3XXx64)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/03 14:03:26 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/29 17:14:00 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/04/01 13:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010/01/25 18:57:54 | 000,010,240 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2009/09/17 16:12:16 | 000,162,312 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\bdfm.sys -- (BDFM)
DRV:64bit: - [2009/09/01 15:24:42 | 000,088,584 | ---- | M] (BitDefender LLC) [Kernel | System | Running] -- C:\Program Files\Common Files\The Shield Deluxe\The Shield Deluxe Firewall\bdfwfpf.sys -- (bdfwfpf)
DRV:64bit: - [2009/07/24 12:26:02 | 000,340,488 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\bdfsfltr.sys -- (bdfsfltr)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/19 20:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 14:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/08 10:56:26 | 000,053,632 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motodrv.sys -- (MotDev)
DRV:64bit: - [2009/02/11 03:26:17 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/01/29 16:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009/01/29 16:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/10/08 21:39:01 | 001,821,952 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2008/08/06 18:26:07 | 000,174,592 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/06/24 14:50:00 | 000,065,024 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2008/06/03 16:41:49 | 000,017,464 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2007/12/18 18:57:12 | 000,059,392 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2007/12/06 04:12:55 | 000,320,048 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2007/11/02 14:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV:64bit: - [2007/08/10 21:19:44 | 000,034,872 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2007/07/27 20:45:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2007/07/26 21:33:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2007/07/24 12:11:32 | 000,014,904 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV:64bit: - [2006/10/28 08:01:07 | 000,013,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV - [2011/06/02 12:58:28 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\SySWOW64\DRIVERS\szkg64.sys -- (szkg5)
DRV - [2011/06/02 12:58:28 | 000,074,768 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SySWOW64\drivers\is3srv64.sys -- (is3srv)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=ASUS&bmod=ASUS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\InprocServer32 File not found


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wowhead.com/
IE - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.wowhead.com/
IE - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - SOFTWARE\Classes\CLSID\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\InprocServer32 File not found
IE - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)


[2010/01/26 16:37:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hellyer\AppData\Roaming\Mozilla\Extensions

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Hellyer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\

O1 HOSTS File: ([2011/09/28 16:58:36 | 000,000,138 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: ÿþ1 2 7 . 0 . 0 . 1 l o c a l h o s t
O1 - Hosts: : : 1 l o c a l h o s t
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll File not found
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3:64bit: - HKLM\..\Toolbar: (The Shield Deluxe 2010 Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\IEToolbar.dll (BitDefender S.R.L.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (The Shield Deluxe 2010 Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\Antispam32\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll File not found
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll File not found
O3 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O4:64bit: - HKLM..\Run: [BDAgent] C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\bdagent.exe (PCSecurityShield)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [BitDefender Antiphishing Helper 32] C:\Program Files\The Shield Deluxe\The Shield Deluxe 2010\Antispam32\IEShow.exe (BitDefender S.R.L.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [NvMediaCenter] C:\Windows\SysNative\NvMcTray.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ATK)
O4 - HKLM..\Run: [ADSMTray] C:\Program Files\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\AsScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [P2Go_Menu] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000..\Run: [HLBackupScheduler] C:\Program Files\Verizon V CAST Media Manager\V CAST Backup Scheduler.exe ()
O4 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000..\Run: [JavaProfileProfile] rundll32.exe "C:\ProgramData\JavaProfileProfile.dll",DllRegisterServer File not found
O4 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Hellyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe File not found
O1364bit: - gopher Prefix: missing
O15 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\..Trusted Domains: army.mil ([www.us] https in Trusted sites)
O15 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\..Trusted Domains: wowarmory.com ([www] https in Trusted sites)
O16 - DPF: {13EB7AC8-4811-461C-8581-89650F3D716B} http://www.worldwinn.../walloffame.cab (WallOfFame Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://gsn.worldwinn...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinn...0/tpir/tpir.cab (TPIR Control)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.syma...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} http://www.pogo.com/...erInstaller.CAB (PogoWebLauncher Control)
O16 - DPF: {3D3DBC64-0D21-4EA4-94EE-86D6D9B31C0C} http://www.worldwinn...t/moneylist.cab (MoneyList Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitd...can8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.syma...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} https://www.telepc.n...ank/arview2.cab (ActiveReports Viewer2)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} http://www.worldwinn....0/iewwload.cab (WorldWinner ActiveX Launcher Control)
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} http://panda-plugin..../p3dactivex.cab (P3DActiveX Control)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {BA35B9B8-DE9E-47C9-AFA7-3C77E3DDFD39} http://www.worldwinn...ly/monopoly.cab (Monopoly Control)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinn...h/dinerdash.cab (DinerDash Control)
O16 - DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} http://www.worldwinn...i/mysterypi.cab (MysteryPI Control)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinn...paint/paint.cab (Paint Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3582DEDA-2CFD-4060-A6C8-6A7030E9ECCA}: DhcpNameServer = 192.168.0.1 205.171.3.25
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83ED007C-73E6-4B01-BB64-67DA2C73A314}: NameServer = 216.228.34.51,137.118.1.28
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F6E30DD2-F552-4975-9DA4-DF1019B4A507}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2fba11fe-cab7-11e0-8c1b-0026182af85e}\Shell - "" = AutoRun
O33 - MountPoints2\{2fba11fe-cab7-11e0-8c1b-0026182af85e}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{f28e94be-ff40-11df-b72e-0026182af85e}\Shell - "" = AutoRun
O33 - MountPoints2\{f28e94be-ff40-11df-b72e-0026182af85e}\Shell\AutoRun\command - "" = F:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2588422089-1467853779-785523288-1000\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/09/28 16:49:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/09/28 14:45:22 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{649E6709-C211-4FC4-9802-BFAB8341DE03}
[2011/09/28 14:44:47 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{2F7488A8-CA2A-4860-A68A-2009CDC115C3}
[2011/09/28 13:42:00 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Hellyer\Desktop\aswMBR.exe
[2011/09/27 20:43:13 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Hellyer\Desktop\OTL.exe
[2011/09/27 20:17:40 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{76A2F659-3664-4A14-89A7-6ABD56BA475B}
[2011/09/27 20:17:22 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{5F473F2E-C9C5-4901-BD65-627D6CA73BDD}
[2011/09/27 14:52:00 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{E667F4C2-2329-47F3-B7B7-500300438F4C}
[2011/09/26 10:13:27 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{FA7F3D8B-F953-402C-921C-8735F1D4F7B6}
[2011/09/26 10:13:11 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{E98BB8C5-4335-471E-BC6B-0688CA3456ED}
[2011/09/26 10:01:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2011/09/26 10:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\STOPzilla!
[2011/09/26 10:01:23 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2011/09/26 10:01:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\iS3
[2011/09/25 18:30:14 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{A4D0FCEE-20AD-45D0-B6C9-2E04A667B2D5}
[2011/09/25 18:30:02 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{522317B5-FEC1-4082-A08B-F51E4E8B98A9}
[2011/09/25 15:14:36 | 000,000,000 | ---D | C] -- C:\Windows\en
[2011/09/25 15:04:01 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{B8BE4856-72DB-419A-8FC3-6F44D9CAA9D8}
[2011/09/25 15:03:49 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{D76E6A06-8148-4010-87BF-D7DE72D6B137}
[2011/09/23 18:10:48 | 000,132,560 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3HTUI5.dll
[2011/09/23 18:10:46 | 000,546,256 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZComp5.dll
[2011/09/23 18:10:46 | 000,480,720 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZBase5.dll
[2011/09/23 18:10:46 | 000,028,624 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3XDat5.dll
[2011/09/23 18:10:46 | 000,022,992 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\SZIO5.dll
[2011/09/23 18:10:44 | 000,398,800 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3DBA5.dll
[2011/09/23 18:10:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Svc5.dll
[2011/09/23 18:10:44 | 000,099,792 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Inet5.dll
[2011/09/23 18:10:44 | 000,067,024 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Hks5.dll
[2011/09/23 18:10:42 | 000,738,768 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Base5.dll
[2011/09/23 18:10:42 | 000,390,608 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3UI5.dll
[2011/09/23 18:10:42 | 000,230,864 | R--- | C] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Win325.dll
[2011/09/23 14:44:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SupportSoft
[2011/09/23 14:15:08 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{C3B28DD3-A659-43C4-A986-A11F6EBEA8F0}
[2011/09/23 14:14:49 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{F90D7D11-88DD-4BE4-ADE2-E02ED94902D0}
[2011/09/22 09:44:02 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Roaming\vlc
[2011/09/22 09:43:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Verizon
[2011/09/22 09:43:55 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verizon V CAST Media Manager
[2011/09/22 09:43:55 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\V CAST Media Manager
[2011/09/22 09:43:21 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysWow64\pthreadGC2.dll
[2011/09/22 09:42:38 | 000,000,000 | ---D | C] -- C:\Program Files\Verizon V CAST Media Manager
[2011/09/22 09:32:45 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\Documents\Resume stuff
[2011/09/20 19:46:38 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{E266202E-E8EC-4696-957D-BC3813BF90CF}
[2011/09/20 19:46:25 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{9FF479A4-0F0D-4B4B-8F4C-336BDFF992C5}
[2011/09/19 16:00:17 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{F2A36F4B-33DA-4509-A93F-88A0F3D333F7}
[2011/09/19 16:00:02 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{8592BADF-32D8-4DB2-A237-E2EA8CD9D123}
[2011/09/18 11:11:22 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{EDE8BF92-632A-4D01-AB93-F42AD050DC8C}
[2011/09/18 11:11:05 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{890C13AD-86A4-4B8D-91F1-E8799AD005FE}
[2011/09/17 07:36:05 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{9A903D91-F38E-4D21-907D-689A73727D2D}
[2011/09/17 07:35:44 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{1625B139-6758-4E4C-90DA-73F8E2E09C2A}
[2011/09/17 07:31:46 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{D9B26BB4-0B51-4C75-9AE1-2714B9C337B7}
[2011/09/17 07:31:33 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{09A9CD5E-695C-4391-960D-0E1F1976CEE1}
[2011/09/12 10:35:56 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{AD29224B-1685-4B61-B848-F3447B94430D}
[2011/09/12 10:35:43 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{DDB191E0-2C80-4C6E-8362-48C71BE76068}
[2011/09/11 13:11:12 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{B5A0E4F9-A14C-4FD7-B7C4-70015373AAF9}
[2011/09/05 20:13:59 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{39A42FD3-D1BC-42CC-9F54-2846FC23CBD2}
[2011/09/05 20:13:44 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{593C143D-019C-4523-8121-A514F79590B8}
[2011/09/05 10:18:37 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\Desktop\Wii Stuff
[2011/09/04 15:52:15 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{79F1C5D1-2A80-4C13-8292-62709C535AB0}
[2011/09/04 15:52:03 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{A616A4D2-47FA-4F6C-B6E8-F57FAE949AED}
[2011/09/02 11:20:51 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{B579B734-FD84-4EC6-869A-D47B72251324}
[2011/09/02 01:21:28 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{6D06B3BE-535D-4C23-8886-4CEB2A6F76F7}
[2011/09/01 17:16:40 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{A637D7A3-EF71-4E80-A862-E0CE154CCAFE}
[2011/09/01 17:16:25 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{16AE9D9F-D103-4CB5-9FE2-31778F329228}
[2011/09/01 15:57:51 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{1A6E293A-4771-4A65-9CFB-B12B62C6BA13}
[2011/09/01 15:57:38 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{13C59381-B249-41AE-BB6D-7BD725381882}
[2011/08/30 11:10:37 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{A09B7C2E-FB6D-4589-AC1C-123E129B3B5A}
[2011/08/30 11:10:20 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{34188A8C-8BD3-400A-9840-B7BA55D9110D}
[2011/08/30 09:50:26 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{37C4CD91-511A-418C-8764-27C3F7B0B855}
[2011/08/30 09:50:13 | 000,000,000 | ---D | C] -- C:\Users\Hellyer\AppData\Local\{6F17539A-B5D1-4FDC-99E5-5F862DAAC444}
[1 C:\Users\Hellyer\Desktop\*.tmp files -> C:\Users\Hellyer\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/09/28 17:09:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/09/28 17:05:07 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/09/28 17:05:07 | 000,011,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/09/28 16:59:29 | 000,001,664 | ---- | M] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/09/28 16:58:36 | 000,000,138 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011/09/28 16:58:31 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/09/28 16:58:28 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2011/09/28 16:57:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/09/28 16:57:23 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/28 16:56:28 | 000,000,132 | ---- | M] () -- C:\Windows\SysNative\rezumatenoi.dat
[2011/09/28 13:44:27 | 000,000,512 | ---- | M] () -- C:\Users\Hellyer\Desktop\MBR.dat
[2011/09/28 13:42:10 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Hellyer\Desktop\aswMBR.exe
[2011/09/27 20:43:14 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Hellyer\Desktop\OTL.exe
[2011/09/26 19:11:32 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/09/26 19:11:32 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/09/26 19:11:32 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/09/26 10:09:34 | 000,000,384 | ---- | M] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg
[2011/09/23 18:10:48 | 000,132,560 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3HTUI5.dll
[2011/09/23 18:10:46 | 000,546,256 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZComp5.dll
[2011/09/23 18:10:46 | 000,480,720 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZBase5.dll
[2011/09/23 18:10:46 | 000,028,624 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3XDat5.dll
[2011/09/23 18:10:46 | 000,022,992 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\SZIO5.dll
[2011/09/23 18:10:44 | 000,398,800 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3DBA5.dll
[2011/09/23 18:10:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Svc5.dll
[2011/09/23 18:10:44 | 000,099,792 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Inet5.dll
[2011/09/23 18:10:44 | 000,067,024 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Hks5.dll
[2011/09/23 18:10:42 | 000,738,768 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Base5.dll
[2011/09/23 18:10:42 | 000,390,608 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3UI5.dll
[2011/09/23 18:10:42 | 000,230,864 | R--- | M] (iS3, Inc.) -- C:\Windows\SysWow64\IS3Win325.dll
[2011/09/23 14:20:19 | 000,007,615 | ---- | M] () -- C:\Users\Hellyer\AppData\Local\resmon.resmoncfg
[2011/09/22 09:43:55 | 000,001,856 | ---- | M] () -- C:\Users\Hellyer\Desktop\Verizon V CAST Media Manager.lnk
[2011/09/18 22:23:29 | 000,001,552 | ---- | M] () -- C:\Users\Hellyer\Desktop\Wow.exe - Shortcut.lnk
[2011/09/17 14:56:49 | 000,001,246 | ---- | M] () -- C:\Users\Hellyer\Desktop\World of Warcraft.lnk
[2011/09/07 11:01:25 | 000,000,572 | ---- | M] () -- C:\Users\Hellyer\AppData\Roaming\wklnhst.dat
[2011/09/05 10:19:56 | 000,009,652 | ---- | M] () -- C:\SeagateAdapter
[1 C:\Users\Hellyer\Desktop\*.tmp files -> C:\Users\Hellyer\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/09/28 16:58:40 | 000,001,664 | ---- | C] () -- C:\Windows\SysNative\drivers\kgpcpy.cfg
[2011/09/28 13:44:27 | 000,000,512 | ---- | C] () -- C:\Users\Hellyer\Desktop\MBR.dat
[2011/09/26 10:09:33 | 000,000,384 | ---- | C] () -- C:\Windows\SysWow64\drivers\kgpfr2.cfg
[2011/09/22 09:43:55 | 000,001,856 | ---- | C] () -- C:\Users\Hellyer\Desktop\Verizon V CAST Media Manager.lnk
[2011/09/18 22:23:29 | 000,001,552 | ---- | C] () -- C:\Users\Hellyer\Desktop\Wow.exe - Shortcut.lnk
[2011/08/05 01:54:41 | 000,003,584 | ---- | C] () -- C:\Users\Hellyer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/07 14:28:49 | 000,002,384 | ---- | C] () -- C:\Windows\SysWow64\BattleP.ini
[2011/01/07 14:28:49 | 000,001,248 | ---- | C] () -- C:\Windows\SysWow64\BattlePOff.ini
[2011/01/07 10:11:34 | 000,000,600 | ---- | C] () -- C:\Users\Hellyer\AppData\Local\PUTTY.RND
[2010/01/26 15:21:44 | 000,007,615 | ---- | C] () -- C:\Users\Hellyer\AppData\Local\resmon.resmoncfg
[2009/10/20 10:53:18 | 000,000,572 | ---- | C] () -- C:\Users\Hellyer\AppData\Roaming\wklnhst.dat
[2009/08/18 13:45:45 | 000,000,010 | ---- | C] () -- C:\Windows\SysWow64\ABLKSR.ini
[2009/08/12 12:29:33 | 000,870,128 | ---- | C] () -- C:\Users\Hellyer\AppData\Roaming\mcs.rma
[2009/08/12 12:29:33 | 000,000,004 | ---- | C] () -- C:\Users\Hellyer\AppData\Roaming\D511CB
[2009/08/09 18:28:46 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009/07/13 23:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 20:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 20:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 18:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 15:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009/06/03 01:01:08 | 000,033,136 | ---- | C] () -- C:\Windows\ASScrPro.exe
[2009/06/03 01:00:48 | 000,047,672 | ---- | C] () -- C:\Windows\AsScrProlog.exe
[2009/01/05 15:44:10 | 000,053,248 | ---- | C] () -- C:\Windows\bdoscandel.exe
[2009/01/05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2008/11/07 19:08:20 | 000,362,029 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll
[2008/10/08 21:38:27 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2007/08/05 21:18:31 | 000,081,920 | ---- | C] () -- C:\Windows\PGMonitor.exe

========== LOP Check ==========

[2009/12/28 19:48:03 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\Absolute
[2010/04/10 16:56:17 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\Ascaron Entertainment
[2009/12/28 19:48:03 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\EA
[2011/08/27 08:42:41 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\ImgBurn
[2011/08/26 14:32:57 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\Leadertech
[2011/08/28 16:25:26 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\Memeo
[2011/08/21 19:20:25 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\PFStaticIP
[2010/03/24 12:58:36 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\Pogo Games
[2011/08/26 14:30:35 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\Seagate
[2009/12/28 19:48:12 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\Template
[2010/08/05 12:17:17 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\The Shield Deluxe
[2011/09/28 17:02:03 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\uTorrent
[2011/06/01 13:14:38 | 000,000,000 | ---D | M] -- C:\Users\Hellyer\AppData\Roaming\Windows Live Writer
[2011/08/23 14:21:32 | 000,032,544 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 185 bytes -> C:\ProgramData\Temp:588B60C7
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:9B7E8561
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BE64143E

< End of report >


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7821

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

9/28/2011 6:03:37 PM
mbam-log-2011-09-28 (18-03-37).txt

Scan type: Quick scan
Objects scanned: 181614
Time elapsed: 2 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\srrstr.dll (Trojan.Tracur.VGen) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\srrstr.dll (Trojan.Tracur.VGen) -> Quarantined and deleted successfully.

Edited by Hellyer, 28 September 2011 - 06:10 PM.

  • 0

#6
BlackOxide
Posted 29 September 2011 - 12:54 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Thanks for the logs. That looks to have gone well :)

Lets do a sweep for any leftovers now...



1)
Kaspersky Virus Removal Tool

Click here to download the Kaspersky Virus Removal Tool.
  • Save it to your desktop.
  • Double click the setup file to run it.
  • Follow the onscreen prompts until it is installed
  • Click the Options button (the 'cog' icon), then make sure only the following are ticked:

  • System Memory
  • Hidden startup objects
  • Disk boot sectors
  • Local Disk (C:)
  • Also any other drives (Removable that you may have)


Leave the rest of the settings as they appear as default.

  • Then click on Automatic Scan
  • Now click the Start Scanning button, to run the scan
  • If a message appears asking how to handle an infection, tick the Apply to all objects box, then click Disinfection
  • If it says it cannot be Disinfected, then chooose the Delete option when prompted.
  • After the scan is complete, click the reports button ('Paper icon', next to the 'cog' icon) on the right hand side
  • Click Detected threats on the left
  • Now click the Save button, and save it as kaslog.txt to your Desktop
  • Please copy and paste the contents of kaslog.txt in your next reply.




2)
Could you now check to see if the redirects are still occurring.




In your next reply
Please post the contents of...
Kaspersky log
Let me know if the redirects have stopped or not
  • 0

#7
BlackOxide
Posted 19 October 2011 - 01:20 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP