Google Redirect; poss. rootkit [Closed]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Google Redirect; poss. rootkit [Closed]

#1 Juranas

Group: Member
Posts: 1
Joined: 07-May 12

Posted 07 May 2012 - 01:13 PM

Hi,

I've been having trouble with Google searches. When I click on a result, it will often (roughly 50%-75% of the time) redirect me to obscure search engines I've never heard of and various other unhelpful sites. Reclicking the link or opening it in a new tab usually fixes this. After Googling the problem (how ironic) it sounds like a rootkit or some other redirect issue. I tried checking proxy settings, LAN settings, browser settings... Already downloaded OTL and ran it, getting the below report. While this redirect thing started within the last few days, I've been having issues with the Blue Screen of Death and computer freezing for a few months. Interestingly enough, I also now find myself unable to open Trend Micro Titanium to do a virus check. :/

OTL logfile created on: 5/7/2012 2:55:59 PM - Run 1
OTL by OldTimer - Version 3.2.42.3     Folder = C:\Users\Juranas\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
5.93 Gb Total Physical Memory | 3.25 Gb Available Physical Memory | 54.82% Memory free
11.85 Gb Paging File | 8.82 Gb Available in Paging File | 74.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 576.64 Gb Total Space | 206.76 Gb Free Space | 35.86% Space Free | Partition Type: NTFS
 
Computer Name: WIDGET | User Name: Juranas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012/05/07 14:55:54 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Juranas\Downloads\OTL.exe
PRC - [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/03/27 08:40:49 | 000,357,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/05/10 23:30:16 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/10/05 15:48:58 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/05/17 11:06:10 | 001,079,936 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
PRC - [2010/05/03 17:45:50 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2009/12/15 13:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/11/02 17:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/09/30 22:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 22:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/07/31 10:38:26 | 000,428,600 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
PRC - [2009/07/31 10:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/06/19 13:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 20:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/29 19:32:54 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
PRC - [2008/12/22 20:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/14 00:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2012/04/27 22:07:01 | 000,444,400 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012/04/27 22:06:59 | 003,915,248 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/27 22:05:34 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/27 22:05:33 | 000,220,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/27 22:05:32 | 001,747,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
MOD - [2012/04/27 21:09:18 | 008,743,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
MOD - [2012/04/13 17:37:58 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\43e23da6683962ea1168aaf007bbc35d\PresentationFramework.ni.dll
MOD - [2012/04/13 17:36:55 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/13 17:36:42 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/04/13 17:35:30 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74d980e52c1791f1b8608d767a393144\PresentationCore.ni.dll
MOD - [2012/03/01 22:36:15 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
MOD - [2012/03/01 20:06:44 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/03/01 20:05:11 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/03/01 20:05:04 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/03/01 20:04:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/03/01 20:04:54 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/13 14:57:09 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010/02/23 15:14:22 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
MOD - [2010/02/23 15:14:10 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll
MOD - [2010/02/23 15:12:22 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
MOD - [2010/02/23 15:11:46 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
MOD - [2009/11/02 17:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 17:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/03/26 17:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/06 21:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:[b]64bit:[/b] - [2011/06/17 03:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:[b]64bit:[/b] - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:[b]64bit:[/b] - [2010/06/07 18:39:40 | 000,911,872 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:[b]64bit:[/b] - [2010/06/07 18:34:20 | 000,408,576 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:[b]64bit:[/b] - [2009/12/17 05:18:07 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2009/12/07 19:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:[b]64bit:[/b] - [2009/08/06 17:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:[b]64bit:[/b] - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/20 05:53:08 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/03/31 21:10:59 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/06/06 12:36:00 | 004,005,936 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011/05/10 23:30:16 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/01/14 09:56:36 | 001,294,848 | ---- | M] (Synaptics, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2010/10/05 15:45:44 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/10/05 15:45:40 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 13:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/09/30 22:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 22:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/15 20:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:[b]64bit:[/b] - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:[b]64bit:[/b] - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:[b]64bit:[/b] - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:[b]64bit:[/b] - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:[b]64bit:[/b] - [2011/04/30 07:59:32 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:[b]64bit:[/b] - [2011/04/30 07:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:[b]64bit:[/b] - [2011/04/30 07:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:[b]64bit:[/b] - [2011/04/30 07:59:10 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:[b]64bit:[/b] - [2011/04/30 07:59:10 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:[b]64bit:[/b] - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/12/22 21:19:58 | 001,407,024 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:[b]64bit:[/b] - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:[b]64bit:[/b] - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:[b]64bit:[/b] - [2010/08/08 06:04:48 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:[b]64bit:[/b] - [2010/08/08 06:04:48 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:[b]64bit:[/b] - [2010/08/08 06:04:48 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:[b]64bit:[/b] - [2010/08/08 06:04:48 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:[b]64bit:[/b] - [2010/06/23 22:05:31 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:[b]64bit:[/b] - [2010/05/16 20:28:38 | 000,175,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp) Intel(R) Centrino(R)
DRV:[b]64bit:[/b] - [2010/05/16 20:28:30 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:[b]64bit:[/b] - [2010/05/16 20:28:28 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:[b]64bit:[/b] - [2010/04/21 03:47:49 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:[b]64bit:[/b] - [2010/04/12 04:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:[b]64bit:[/b] - [2009/12/17 05:52:59 | 006,177,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:[b]64bit:[/b] - [2009/11/18 06:30:55 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:[b]64bit:[/b] - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:[b]64bit:[/b] - [2009/08/06 17:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:[b]64bit:[/b] - [2009/08/06 17:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:[b]64bit:[/b] - [2009/07/24 08:55:10 | 000,011,264 | ---- | M] (Primax Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NMgamingms.sys -- (NMgamingmsFltr)
DRV:[b]64bit:[/b] - [2009/07/20 05:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:[b]64bit:[/b] - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:[b]64bit:[/b] - [2009/06/10 16:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:[b]64bit:[/b] - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/06/05 06:16:29 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:[b]64bit:[/b] - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:[b]64bit:[/b] - [2009/05/13 12:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:[b]64bit:[/b] - [2008/05/23 20:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:[b]64bit:[/b] - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 20:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2005/01/01 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = http://search.ibryte.com/i/playbryte/search/redirect/?type=default-ie&user_id=2f55ca90-501d-4e19-80d0-ef2ca52f06a7&query={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "http://asus.msn.com/"
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npPlayNowPlugin: C:\Perfect World Entertainment\CORE Client\Plugins\npCorePluginFF.dll (Perfect World Entertainment Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Juranas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\firefoxextension\ [2012/04/18 08:08:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/05 12:53:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/13 17:38:44 | 000,000,000 | ---D | M]
 
[2010/12/20 14:09:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juranas\AppData\Roaming\Mozilla\Extensions
[2012/04/13 16:21:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juranas\AppData\Roaming\Mozilla\Firefox\Profiles\m79yr595.default\extensions
[2012/01/09 18:29:18 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\Juranas\AppData\Roaming\Mozilla\Firefox\Profiles\m79yr595.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/08/05 07:43:38 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Users\Juranas\AppData\Roaming\Mozilla\Firefox\Profiles\m79yr595.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}
[2012/02/05 12:53:55 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Juranas\AppData\Roaming\Mozilla\Firefox\Profiles\m79yr595.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/10/07 21:29:37 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Juranas\AppData\Roaming\Mozilla\Firefox\Profiles\m79yr595.default\extensions\DeviceDetection@logitech.com
[2010/10/20 14:40:12 | 000,000,923 | ---- | M] () -- C:\Users\Juranas\AppData\Roaming\Mozilla\Firefox\Profiles\m79yr595.default\searchplugins\conduit.xml
[2011/05/17 21:16:01 | 000,002,230 | ---- | M] () -- C:\Users\Juranas\AppData\Roaming\Mozilla\Firefox\Profiles\m79yr595.default\searchplugins\iBryte_playbryte.xml
[2012/04/13 17:20:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/01 18:58:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/13 17:20:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/01/07 17:01:10 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/13 17:19:48 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/30 09:50:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/08 19:09:07 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Juranas\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: CorePlugin (Enabled) = C:\Perfect World Entertainment\CORE Client\Plugins\npCorePluginFF.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Juranas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Skype Click to Call = C:\Users\Juranas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:[b]64bit:[/b] - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O2:[b]64bit:[/b] - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (CorePluginIEBHO Class) - {13FA2453-9287-4F18-8554-976D7C02F4EE} - C:\Perfect World Entertainment\CORE Client\plugins\CorePluginIE.dll (Perfect World Entertainment Inc)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Shop to Win 12) - {1F44B5B5-7976-4378-9A7F-FE6435E9660F} - C:\Program Files (x86)\Shop to Win 12\Shop to Win 12.dll (Shop To Win, LLC)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Freecorder Toolbar) - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll ()
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll File not found
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll File not found
O4:[b]64bit:[/b] - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.92.226.11 24.92.226.12 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3331F471-F919-4C7A-819C-80D56260BA15}: DhcpNameServer = 24.92.226.11 24.92.226.12 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D38A0FEA-8431-4B09-B909-9E2B1655AA0D}: DhcpNameServer = 192.168.1.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\ms-help - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msnim - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f5f06aaf-5cc1-11e0-a572-20cf306c9347}\Shell - "" = AutoRun
O33 - MountPoints2\{f5f06aaf-5cc1-11e0-a572-20cf306c9347}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/05/07 14:55:54 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Juranas\Desktop\OTL.exe
[2012/05/06 16:06:08 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{6ECBCF03-1AF9-4112-A223-138C75AE5038}
[2012/05/06 16:05:39 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{4987F648-BBC0-46A1-81A0-82F4B3190A1A}
[2012/04/26 17:33:30 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\Electronic Arts
[2012/04/26 17:33:25 | 000,000,000 | ---D | C] -- C:\Users\Juranas\Documents\Electronic Arts
[2012/04/26 17:32:34 | 000,000,000 | ---D | C] -- C:\Users\Juranas\Documents\Electrontic Arts
[2012/04/20 19:06:58 | 000,000,000 | ---D | C] -- C:\Users\Juranas\Documents\Everio MediaBrowser 4
[2012/04/20 19:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PIXELA
[2012/04/20 19:03:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PIXELA
[2012/04/18 17:50:36 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{DD043585-5DF8-4C1D-9F76-33F4C8B98161}
[2012/04/18 08:09:15 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{39E9B1FD-F622-4E55-A833-25A975C16B7F}
[2012/04/18 08:09:01 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{EC0968CC-005D-409C-9DC9-20BEB37D0D5D}
[2012/04/17 22:40:54 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{17685561-FF4D-4E4B-B8B8-C38AD8831E22}
[2012/04/17 22:40:32 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{F4BB5B72-4732-43C6-8D01-99E7C9B21917}
[2012/04/17 21:58:22 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{8BDA67DE-84A6-46A5-B27F-D83679CFFD2C}
[2012/04/17 21:58:08 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{A7F7A3D2-5BC7-4745-8A27-C951D83FA28A}
[2012/04/17 21:11:11 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{674F0FB9-0E82-4536-AB37-75E5F73D4CBE}
[2012/04/17 21:10:58 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{CFDD2E15-410C-4C78-B42D-E8AEE19A89A1}
[2012/04/17 20:21:08 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{B44F6E8B-87D4-4602-ABB9-834E64382381}
[2012/04/17 20:17:23 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{B225767E-D515-4B24-BBBB-B360EA4BE61A}
[2012/04/16 08:40:51 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{96B5ADCE-EDA5-4F5F-A5A6-D8137012C6F0}
[2012/04/16 08:40:21 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{93F8CD2B-56A0-4F80-8C01-26F77B544EA2}
[2012/04/15 00:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012/04/15 00:18:51 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCsoft
[2012/04/15 00:17:57 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\assembly
[2012/04/15 00:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCsoft
[2012/04/15 00:17:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCSoft
[2012/04/15 00:16:36 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Roaming\InstallShield
[2012/04/15 00:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/04/13 17:35:30 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{01CBDD73-AFCB-443F-AF98-A682D195080F}
[2012/04/13 17:35:14 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{905FD68B-EE2D-4565-8C66-E237482C0040}
[2012/04/13 17:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/04/13 17:11:35 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{AC42D0F2-E8F5-489E-ABAB-B1A28949B319}
[2012/04/13 17:11:20 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{7D274093-043A-4A8D-BDE3-5F2D6296D4F2}
[2012/04/13 17:07:40 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{DF9FF140-1CED-4BDF-96A5-953860DB367B}
[2012/04/13 17:07:24 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{3DB742FC-7CC8-4740-B653-56946F019BDD}
[2012/04/13 16:51:43 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{A6A238AA-6C83-47B9-8C64-B7E8BBFFA3AD}
[2012/04/13 16:20:54 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/04/13 15:53:48 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{081B12CF-5C96-46D2-94B1-F5113A9B61BD}
[2012/04/13 15:29:27 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{7359143B-5666-4A18-A7B7-026C77A004EE}
[2012/04/13 14:28:55 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{31BD5E0C-6411-401B-9BA5-5032F5504354}
[2012/04/13 14:28:40 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{04A712E0-3434-43D3-B6A4-F145087F67E6}
[2012/04/12 19:22:58 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Roaming\Webroot
[2012/04/12 19:22:10 | 000,000,000 | ---D | C] -- C:\Users\Juranas\Desktop\Webroot System Analyzer
[2012/04/12 18:35:56 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{E8A0BE6A-AC12-4E9F-97EF-410CC3F56755}
[2012/04/09 20:01:10 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{55344B45-7BD9-4DA2-B5DD-86ABF4E79FFC}
[2012/04/09 10:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Geek Squad
[2012/04/09 09:45:31 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{ABB29C48-13AB-418E-BFE7-E58F2868A676}
[2012/04/09 09:27:38 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{52B9F7EC-50B4-4416-91F1-1D4234484ADD}
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Juranas\Desktop\*.tmp files -> C:\Users\Juranas\Desktop\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/05/07 14:55:54 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Juranas\Desktop\OTL.exe
[2012/05/07 14:20:03 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/07 13:27:22 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/07 13:27:22 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/07 13:25:08 | 000,740,822 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/07 13:25:08 | 000,633,632 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/07 13:25:08 | 000,110,976 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/07 13:19:51 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012/05/07 13:19:47 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/07 13:19:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/07 13:19:25 | 477,532,159 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/06 20:17:16 | 000,000,107 | ---- | M] () -- C:\Users\Juranas\Desktop\xyz.vbs
[2012/05/06 12:15:52 | 000,076,647 | ---- | M] () -- C:\Users\Juranas\AppData\Roaming\icarus-dxdiag.xml
[2012/05/06 12:05:19 | 000,060,294 | ---- | M] () -- C:\Users\Juranas\Desktop\OVF_VoterRegForm_2012.pdf
[2012/05/05 10:46:36 | 000,000,220 | ---- | M] () -- C:\Users\Juranas\Desktop\Champions Online Free For All.url
[2012/05/05 10:44:40 | 000,000,222 | ---- | M] () -- C:\Users\Juranas\Desktop\Realm of the Mad God.url
[2012/05/04 22:43:29 | 527,831,700 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/02 18:26:42 | 000,000,222 | ---- | M] () -- C:\Users\Juranas\Desktop\Fallen Earth.url
[2012/04/28 18:18:03 | 000,112,338 | ---- | M] () -- C:\Users\Juranas\Desktop\photo (2).jpg
[2012/04/28 18:11:44 | 000,248,384 | ---- | M] () -- C:\Users\Juranas\Desktop\BSOblnS1Lri1vdhe.jpg
[2012/04/28 15:21:13 | 032,671,736 | ---- | M] () -- C:\Users\Juranas\Desktop\Selena Gomez & The Scene - Love You Like A Love Song.wav
[2012/04/28 15:14:36 | 003,526,771 | ---- | M] () -- C:\Users\Juranas\Desktop\Selena Gomez & The Scene - Love You Like A Love Song.mp3
[2012/04/25 22:59:04 | 000,000,221 | ---- | M] () -- C:\Users\Juranas\Desktop\F.E.A.R. 3.url
[2012/04/25 18:22:55 | 000,000,221 | ---- | M] () -- C:\Users\Juranas\Desktop\Dead Space.url
[2012/04/25 18:22:55 | 000,000,221 | ---- | M] () -- C:\Users\Juranas\Desktop\Dead Space 2.url
[2012/04/22 09:17:52 | 000,002,408 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/04/20 19:03:53 | 000,000,936 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor 4.lnk
[2012/04/20 19:03:53 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Everio MediaBrowser 4.lnk
[2012/04/20 19:03:53 | 000,000,898 | ---- | M] () -- C:\Users\Public\Desktop\Everio MediaBrowser 4 Player.lnk
[2012/04/15 00:18:51 | 000,002,104 | ---- | M] () -- C:\Users\Juranas\Desktop\Aion.lnk
[2012/04/15 00:17:31 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk
[2012/04/15 00:11:59 | 000,001,455 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
[2012/04/13 17:38:45 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/04/13 17:24:00 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Juranas\Desktop\*.tmp files -> C:\Users\Juranas\Desktop\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/05/06 12:15:52 | 000,076,647 | ---- | C] () -- C:\Users\Juranas\AppData\Roaming\icarus-dxdiag.xml
[2012/05/06 12:05:19 | 000,060,294 | ---- | C] () -- C:\Users\Juranas\Desktop\OVF_VoterRegForm_2012.pdf
[2012/05/06 01:38:04 | 000,000,107 | ---- | C] () -- C:\Users\Juranas\Desktop\xyz.vbs
[2012/05/05 10:46:36 | 000,000,220 | ---- | C] () -- C:\Users\Juranas\Desktop\Champions Online Free For All.url
[2012/05/05 10:44:40 | 000,000,222 | ---- | C] () -- C:\Users\Juranas\Desktop\Realm of the Mad God.url
[2012/05/02 18:26:42 | 000,000,222 | ---- | C] () -- C:\Users\Juranas\Desktop\Fallen Earth.url
[2012/04/28 18:18:15 | 000,112,338 | ---- | C] () -- C:\Users\Juranas\Desktop\photo (2).jpg
[2012/04/28 18:11:48 | 000,248,384 | ---- | C] () -- C:\Users\Juranas\Desktop\BSOblnS1Lri1vdhe.jpg
[2012/04/28 15:21:11 | 032,671,736 | ---- | C] () -- C:\Users\Juranas\Desktop\Selena Gomez & The Scene - Love You Like A Love Song.wav
[2012/04/28 15:14:29 | 003,526,771 | ---- | C] () -- C:\Users\Juranas\Desktop\Selena Gomez & The Scene - Love You Like A Love Song.mp3
[2012/04/25 22:59:04 | 000,000,221 | ---- | C] () -- C:\Users\Juranas\Desktop\F.E.A.R. 3.url
[2012/04/25 18:22:55 | 000,000,221 | ---- | C] () -- C:\Users\Juranas\Desktop\Dead Space.url
[2012/04/25 18:22:55 | 000,000,221 | ---- | C] () -- C:\Users\Juranas\Desktop\Dead Space 2.url
[2012/04/20 19:03:53 | 000,000,936 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor 4.lnk
[2012/04/20 19:03:53 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Everio MediaBrowser 4.lnk
[2012/04/20 19:03:53 | 000,000,898 | ---- | C] () -- C:\Users\Public\Desktop\Everio MediaBrowser 4 Player.lnk
[2012/04/15 00:18:51 | 000,002,104 | ---- | C] () -- C:\Users\Juranas\Desktop\Aion.lnk
[2012/04/15 00:17:31 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk
[2012/04/15 00:11:59 | 000,001,455 | ---- | C] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
[2012/03/03 16:17:07 | 000,672,256 | ---- | C] ( ) -- C:\Windows\SysWow64\LXDNhcp.dll
[2012/03/03 16:17:04 | 000,299,520 | ---- | C] () -- C:\Windows\SysWow64\lxdngrd.dll
[2011/11/05 10:56:28 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/09 08:26:55 | 000,125,128 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/08/06 12:56:38 | 000,128,512 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2011/06/29 17:46:33 | 000,000,095 | ---- | C] () -- C:\Users\Juranas\AppData\Local\fusioncache.dat
[2011/05/10 20:46:23 | 000,528,384 | ---- | C] () -- C:\Windows\SysWow64\LXDNinst.dll
[2011/05/10 20:46:23 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdncomx.dll
[2011/05/10 20:46:22 | 001,733,632 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnserv.dll
[2011/05/10 20:46:22 | 001,319,936 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnusb1.dll
[2011/05/10 20:46:22 | 001,070,080 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnhbn3.dll
[2011/05/10 20:46:22 | 000,977,920 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnpmui.dll
[2011/05/10 20:46:22 | 000,884,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnlmpm.dll
[2011/05/10 20:46:22 | 000,545,792 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdninpa.dll
[2011/05/10 20:46:22 | 000,514,048 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnih.exe
[2011/05/10 20:46:22 | 000,509,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdniesc.dll
[2011/05/10 20:46:22 | 000,047,104 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnprox.dll
[2011/05/10 20:46:21 | 001,472,512 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomc.dll
[2011/05/10 20:46:21 | 001,039,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncoms.exe
[2011/05/10 20:46:21 | 000,598,528 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncfg.exe
[2011/05/10 20:46:21 | 000,578,560 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomm.dll
[2011/04/24 00:35:00 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/04/02 00:46:37 | 002,137,381 | ---- | C] () -- C:\Users\Juranas\AppData\Roaming\data.dat
[2011/03/20 15:32:24 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/03/07 00:57:33 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/01/02 17:16:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/24 02:34:14 | 000,757,518 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/21 03:10:41 | 000,280,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/12/21 03:10:39 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/12/21 03:10:38 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/10/05 15:45:48 | 000,000,735 | ---- | C] () -- C:\Windows\FF05_Render_Spk_Hp.ini
[2010/10/05 15:45:48 | 000,000,508 | ---- | C] () -- C:\Windows\FF05_not_Spk_Hp.ini
[2010/10/05 15:45:47 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/10/05 15:45:47 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/10/05 15:38:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2012/04/28 15:22:21 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\Audacity
[2011/10/01 14:20:29 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\Azureus
[2011/08/30 21:30:31 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\CoreClient
[2011/08/12 12:13:45 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\gtk-2.0
[2011/11/03 05:38:43 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\IObit
[2011/10/07 21:37:03 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\Leadertech
[2011/02/19 15:38:11 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\LolClient
[2012/02/18 08:26:23 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\Origin
[2011/02/26 21:35:01 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\Participatory Culture Foundation
[2012/04/22 23:18:47 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\PCF-VLC
[2011/03/18 22:49:24 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\PFStaticIP
[2012/03/04 09:22:06 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\RIFT
[2012/04/27 04:40:53 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\SoftGrid Client
[2011/04/24 00:39:38 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\Synaptics
[2011/05/18 22:23:35 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\SystemRequirementsLab
[2011/12/12 20:23:46 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\thriXXX
[2010/12/24 02:34:58 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\TP
[2011/12/11 10:10:31 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\TS3Client
[2011/12/11 10:10:03 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\ts3overlay
[2010/12/21 19:46:12 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\Unity
[2011/02/15 10:20:00 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\Windows Live Writer
[2011/03/05 17:03:33 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\Xtranormal
[2012/04/09 09:26:17 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 

< End of report >

USER KNOWLEDGE ALERT: It took me almost a year to figure out that F9 disabled my touchpad. Do not assume I know anything about computers.

#2 CompCav

Group: GeekU Moderator
Posts: 6,545
Joined: 24-January 11

Posted 07 May 2012 - 01:23 PM

Hi, Juranas! Posted Image

My nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out.

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:

Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
You must reply within four days failure to reply will result in the topic being closed!
Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

I am going to repost the log so that it is easier to read.

OTL logfile created on: 5/7/2012 2:55:59 PM - Run 1
OTL by OldTimer - Version 3.2.42.3 Folder = C:\Users\Juranas\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.93 Gb Total Physical Memory | 3.25 Gb Available Physical Memory | 54.82% Memory free
11.85 Gb Paging File | 8.82 Gb Available in Paging File | 74.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 576.64 Gb Total Space | 206.76 Gb Free Space | 35.86% Space Free | Partition Type: NTFS

Computer Name: WIDGET | User Name: Juranas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/07 14:55:54 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Juranas\Downloads\OTL.exe
PRC - [2012/04/27 22:07:02 | 001,224,176 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/03/27 08:40:49 | 000,357,808 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
PRC - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2011/05/10 23:30:16 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/10/05 15:48:58 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010/05/17 11:06:10 | 001,079,936 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
PRC - [2010/05/03 17:45:50 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2009/12/15 13:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009/11/02 17:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/09/30 22:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 22:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/07/31 10:38:26 | 000,428,600 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
PRC - [2009/07/31 10:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/07/13 21:14:45 | 000,020,480 | ---- | M] () -- \\.\globalroot\systemroot\svchost.exe
PRC - [2009/06/19 13:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009/06/15 20:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2008/12/29 19:32:54 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe
PRC - [2008/12/22 20:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008/08/14 00:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

========== Modules (No Company Name) ==========

MOD - [2012/04/27 22:07:01 | 000,444,400 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012/04/27 22:06:59 | 003,915,248 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/27 22:05:34 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/27 22:05:33 | 000,220,672 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/27 22:05:32 | 001,747,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
MOD - [2012/04/27 21:09:18 | 008,743,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
MOD - [2012/04/13 17:37:58 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\43e23da6683962ea1168aaf007bbc35d\PresentationFramework.ni.dll
MOD - [2012/04/13 17:36:55 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/13 17:36:42 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/04/13 17:35:30 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\74d980e52c1791f1b8608d767a393144\PresentationCore.ni.dll
MOD - [2012/03/01 22:36:15 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
MOD - [2012/03/01 20:06:44 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012/03/01 20:05:11 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012/03/01 20:05:04 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/03/01 20:04:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/03/01 20:04:54 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011/10/13 14:57:09 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010/02/23 15:14:22 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
MOD - [2010/02/23 15:14:10 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll
MOD - [2010/02/23 15:12:22 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
MOD - [2010/02/23 15:11:46 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
MOD - [2009/11/02 17:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 17:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/03/26 17:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/06 21:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2007/11/30 14:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2011/06/17 03:34:18 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/06/07 18:39:40 | 000,911,872 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2010/06/07 18:34:20 | 000,408,576 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2009/12/17 05:18:07 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/12/07 19:16:34 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009/08/06 17:17:46 | 000,118,672 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/04/20 05:53:08 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/03/31 21:10:59 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/09 16:38:38 | 000,328,536 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe -- (AdvancedSystemCareService)
SRV - [2011/07/20 12:19:46 | 000,820,568 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/06/06 12:36:00 | 004,005,936 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011/05/10 23:30:16 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/01/14 09:56:36 | 001,294,848 | ---- | M] (Synaptics, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2010/10/05 15:45:44 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010/10/05 15:45:40 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/15 13:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009/09/30 22:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/09/30 22:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/06/15 20:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/04/30 07:59:32 | 000,042,776 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2011/04/30 07:59:22 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/04/30 07:59:22 | 000,060,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/04/30 07:59:10 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/04/30 07:59:10 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/22 21:19:58 | 001,407,024 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/11/26 18:02:18 | 000,017,720 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/23 01:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/08/08 06:04:48 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2010/08/08 06:04:48 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010/08/08 06:04:48 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2010/08/08 06:04:48 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2010/06/23 22:05:31 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®
DRV:64bit: - [2010/05/16 20:28:38 | 000,175,104 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp) Intel® Centrino®
DRV:64bit: - [2010/05/16 20:28:30 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2010/05/16 20:28:28 | 000,071,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2010/04/21 03:47:49 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/04/12 04:55:00 | 000,091,568 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2009/12/17 05:52:59 | 006,177,792 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/11/18 06:30:55 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/08/06 17:24:13 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/08/06 17:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/07/24 08:55:10 | 000,011,264 | ---- | M] (Primax Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NMgamingms.sys -- (NMgamingmsFltr)
DRV:64bit: - [2009/07/20 05:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/19 22:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/06/10 16:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 06:16:29 | 001,806,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/13 12:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008/05/23 20:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/02 20:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2005/01/01 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\InprocServer32 File not found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = http://search.ibryte...y={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://asus.msn.com/"
FF - prefs.js..extensions.enabledItems: {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npPlayNowPlugin: C:\Perfect World Entertainment\CORE Client\Plugins\npCorePluginFF.dll (Perfect World Entertainment Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Juranas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1505\6.6.1088\firefoxextension\ [2012/04/18 08:08:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/02/05 12:53:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/13 17:38:44 | 000,000,000 | ---D | M]

[2010/12/20 14:09:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juranas\AppData\Roaming\Mozilla\Extensions
[2012/04/13 16:21:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Juranas\AppData\Roaming\Mozilla\Firefox\Profiles\m79yr595.default\extensions
[2012/01/09 18:29:18 | 000,000,000 | ---D | M] (Freecorder Community Toolbar) -- C:\Users\Juranas\AppData\Roaming\Mozilla\Firefox\Profiles\m79yr595.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
[2011/08/05 07:43:38 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Users\Juranas\AppData\Roaming\Mozilla\Firefox\Profiles\m79yr595.default\extensions\{70dd86e8-b5bc-4e4a-9d5c-b6234c24323c}
[2012/02/05 12:53:55 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Juranas\AppData\Roaming\Mozilla\Firefox\Profiles\m79yr595.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011/10/07 21:29:37 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Juranas\AppData\Roaming\Mozilla\Firefox\Profiles\m79yr595.default\extensions\DeviceDetection@logitech.com
[2010/10/20 14:40:12 | 000,000,923 | ---- | M] () -- C:\Users\Juranas\AppData\Roaming\Mozilla\Firefox\Profiles\m79yr595.default\searchplugins\conduit.xml
[2011/05/17 21:16:01 | 000,002,230 | ---- | M] () -- C:\Users\Juranas\AppData\Roaming\Mozilla\Firefox\Profiles\m79yr595.default\searchplugins\iBryte_playbryte.xml
[2012/04/13 17:20:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/12/01 18:58:16 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/04/13 17:20:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012/01/07 17:01:10 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/13 17:19:48 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/09/30 09:50:49 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/08 19:09:07 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Juranas\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: CorePlugin (Enabled) = C:\Perfect World Entertainment\CORE Client\Plugins\npCorePluginFF.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Juranas\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: Skype Click to Call = C:\Users\Juranas\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (CorePluginIEBHO Class) - {13FA2453-9287-4F18-8554-976D7C02F4EE} - C:\Perfect World Entertainment\CORE Client\plugins\CorePluginIE.dll (Perfect World Entertainment Inc)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Shop to Win 12) - {1F44B5B5-7976-4378-9A7F-FE6435E9660F} - C:\Program Files (x86)\Shop to Win 12\Shop to Win 12.dll (Shop To Win, LLC)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Freecorder Toolbar) - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll File not found
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {70dd86e8-b5bc-4e4a-9d5c-b6234c24323c} - C:\Program Files (x86)\freecordertoolbar\vmntemplateX.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (HyperCam Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\HyperCam Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll File not found
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [PlayNC Launcher] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.92.226.11 24.92.226.12 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3331F471-F919-4C7A-819C-80D56260BA15}: DhcpNameServer = 24.92.226.11 24.92.226.12 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D38A0FEA-8431-4B09-B909-9E2B1655AA0D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1505\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f5f06aaf-5cc1-11e0-a572-20cf306c9347}\Shell - "" = AutoRun
O33 - MountPoints2\{f5f06aaf-5cc1-11e0-a572-20cf306c9347}\Shell\AutoRun\command - "" = "D:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/07 14:55:54 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Juranas\Desktop\OTL.exe
[2012/05/06 16:06:08 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{6ECBCF03-1AF9-4112-A223-138C75AE5038}
[2012/05/06 16:05:39 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{4987F648-BBC0-46A1-81A0-82F4B3190A1A}
[2012/04/26 17:33:30 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\Electronic Arts
[2012/04/26 17:33:25 | 000,000,000 | ---D | C] -- C:\Users\Juranas\Documents\Electronic Arts
[2012/04/26 17:32:34 | 000,000,000 | ---D | C] -- C:\Users\Juranas\Documents\Electrontic Arts
[2012/04/20 19:06:58 | 000,000,000 | ---D | C] -- C:\Users\Juranas\Documents\Everio MediaBrowser 4
[2012/04/20 19:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PIXELA
[2012/04/20 19:03:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PIXELA
[2012/04/18 17:50:36 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{DD043585-5DF8-4C1D-9F76-33F4C8B98161}
[2012/04/18 08:09:15 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{39E9B1FD-F622-4E55-A833-25A975C16B7F}
[2012/04/18 08:09:01 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{EC0968CC-005D-409C-9DC9-20BEB37D0D5D}
[2012/04/17 22:40:54 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{17685561-FF4D-4E4B-B8B8-C38AD8831E22}
[2012/04/17 22:40:32 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{F4BB5B72-4732-43C6-8D01-99E7C9B21917}
[2012/04/17 21:58:22 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{8BDA67DE-84A6-46A5-B27F-D83679CFFD2C}
[2012/04/17 21:58:08 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{A7F7A3D2-5BC7-4745-8A27-C951D83FA28A}
[2012/04/17 21:11:11 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{674F0FB9-0E82-4536-AB37-75E5F73D4CBE}
[2012/04/17 21:10:58 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{CFDD2E15-410C-4C78-B42D-E8AEE19A89A1}
[2012/04/17 20:21:08 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{B44F6E8B-87D4-4602-ABB9-834E64382381}
[2012/04/17 20:17:23 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{B225767E-D515-4B24-BBBB-B360EA4BE61A}
[2012/04/16 08:40:51 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{96B5ADCE-EDA5-4F5F-A5A6-D8137012C6F0}
[2012/04/16 08:40:21 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{93F8CD2B-56A0-4F80-8C01-26F77B544EA2}
[2012/04/15 00:27:12 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012/04/15 00:18:51 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCsoft
[2012/04/15 00:17:57 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\assembly
[2012/04/15 00:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCsoft
[2012/04/15 00:17:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCSoft
[2012/04/15 00:16:36 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Roaming\InstallShield
[2012/04/15 00:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012/04/13 17:35:30 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{01CBDD73-AFCB-443F-AF98-A682D195080F}
[2012/04/13 17:35:14 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{905FD68B-EE2D-4565-8C66-E237482C0040}
[2012/04/13 17:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/04/13 17:11:35 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{AC42D0F2-E8F5-489E-ABAB-B1A28949B319}
[2012/04/13 17:11:20 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{7D274093-043A-4A8D-BDE3-5F2D6296D4F2}
[2012/04/13 17:07:40 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{DF9FF140-1CED-4BDF-96A5-953860DB367B}
[2012/04/13 17:07:24 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{3DB742FC-7CC8-4740-B653-56946F019BDD}
[2012/04/13 16:51:43 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{A6A238AA-6C83-47B9-8C64-B7E8BBFFA3AD}
[2012/04/13 16:20:54 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/04/13 15:53:48 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{081B12CF-5C96-46D2-94B1-F5113A9B61BD}
[2012/04/13 15:29:27 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{7359143B-5666-4A18-A7B7-026C77A004EE}
[2012/04/13 14:28:55 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{31BD5E0C-6411-401B-9BA5-5032F5504354}
[2012/04/13 14:28:40 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{04A712E0-3434-43D3-B6A4-F145087F67E6}
[2012/04/12 19:22:58 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Roaming\Webroot
[2012/04/12 19:22:10 | 000,000,000 | ---D | C] -- C:\Users\Juranas\Desktop\Webroot System Analyzer
[2012/04/12 18:35:56 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{E8A0BE6A-AC12-4E9F-97EF-410CC3F56755}
[2012/04/09 20:01:10 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{55344B45-7BD9-4DA2-B5DD-86ABF4E79FFC}
[2012/04/09 10:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Geek Squad
[2012/04/09 09:45:31 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{ABB29C48-13AB-418E-BFE7-E58F2868A676}
[2012/04/09 09:27:38 | 000,000,000 | ---D | C] -- C:\Users\Juranas\AppData\Local\{52B9F7EC-50B4-4416-91F1-1D4234484ADD}
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Juranas\Desktop\*.tmp files -> C:\Users\Juranas\Desktop\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/07 14:55:54 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Juranas\Desktop\OTL.exe
[2012/05/07 14:20:03 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/07 13:27:22 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/07 13:27:22 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/07 13:25:08 | 000,740,822 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/07 13:25:08 | 000,633,632 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/07 13:25:08 | 000,110,976 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/07 13:19:51 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012/05/07 13:19:47 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/07 13:19:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/07 13:19:25 | 477,532,159 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/06 20:17:16 | 000,000,107 | ---- | M] () -- C:\Users\Juranas\Desktop\xyz.vbs
[2012/05/06 12:15:52 | 000,076,647 | ---- | M] () -- C:\Users\Juranas\AppData\Roaming\icarus-dxdiag.xml
[2012/05/06 12:05:19 | 000,060,294 | ---- | M] () -- C:\Users\Juranas\Desktop\OVF_VoterRegForm_2012.pdf
[2012/05/05 10:46:36 | 000,000,220 | ---- | M] () -- C:\Users\Juranas\Desktop\Champions Online Free For All.url
[2012/05/05 10:44:40 | 000,000,222 | ---- | M] () -- C:\Users\Juranas\Desktop\Realm of the Mad God.url
[2012/05/04 22:43:29 | 527,831,700 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/05/02 18:26:42 | 000,000,222 | ---- | M] () -- C:\Users\Juranas\Desktop\Fallen Earth.url
[2012/04/28 18:18:03 | 000,112,338 | ---- | M] () -- C:\Users\Juranas\Desktop\photo (2).jpg
[2012/04/28 18:11:44 | 000,248,384 | ---- | M] () -- C:\Users\Juranas\Desktop\BSOblnS1Lri1vdhe.jpg
[2012/04/28 15:21:13 | 032,671,736 | ---- | M] () -- C:\Users\Juranas\Desktop\Selena Gomez & The Scene - Love You Like A Love Song.wav
[2012/04/28 15:14:36 | 003,526,771 | ---- | M] () -- C:\Users\Juranas\Desktop\Selena Gomez & The Scene - Love You Like A Love Song.mp3
[2012/04/25 22:59:04 | 000,000,221 | ---- | M] () -- C:\Users\Juranas\Desktop\F.E.A.R. 3.url
[2012/04/25 18:22:55 | 000,000,221 | ---- | M] () -- C:\Users\Juranas\Desktop\Dead Space.url
[2012/04/25 18:22:55 | 000,000,221 | ---- | M] () -- C:\Users\Juranas\Desktop\Dead Space 2.url
[2012/04/22 09:17:52 | 000,002,408 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012/04/20 19:03:53 | 000,000,936 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor 4.lnk
[2012/04/20 19:03:53 | 000,000,904 | ---- | M] () -- C:\Users\Public\Desktop\Everio MediaBrowser 4.lnk
[2012/04/20 19:03:53 | 000,000,898 | ---- | M] () -- C:\Users\Public\Desktop\Everio MediaBrowser 4 Player.lnk
[2012/04/15 00:18:51 | 000,002,104 | ---- | M] () -- C:\Users\Juranas\Desktop\Aion.lnk
[2012/04/15 00:17:31 | 000,002,030 | ---- | M] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk
[2012/04/15 00:11:59 | 000,001,455 | ---- | M] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
[2012/04/13 17:38:45 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2012/04/13 17:24:00 | 000,000,129 | ---- | M] () -- C:\Windows\SysNative\MRT.INI
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Juranas\Desktop\*.tmp files -> C:\Users\Juranas\Desktop\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[1 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/06 12:15:52 | 000,076,647 | ---- | C] () -- C:\Users\Juranas\AppData\Roaming\icarus-dxdiag.xml
[2012/05/06 12:05:19 | 000,060,294 | ---- | C] () -- C:\Users\Juranas\Desktop\OVF_VoterRegForm_2012.pdf
[2012/05/06 01:38:04 | 000,000,107 | ---- | C] () -- C:\Users\Juranas\Desktop\xyz.vbs
[2012/05/05 10:46:36 | 000,000,220 | ---- | C] () -- C:\Users\Juranas\Desktop\Champions Online Free For All.url
[2012/05/05 10:44:40 | 000,000,222 | ---- | C] () -- C:\Users\Juranas\Desktop\Realm of the Mad God.url
[2012/05/02 18:26:42 | 000,000,222 | ---- | C] () -- C:\Users\Juranas\Desktop\Fallen Earth.url
[2012/04/28 18:18:15 | 000,112,338 | ---- | C] () -- C:\Users\Juranas\Desktop\photo (2).jpg
[2012/04/28 18:11:48 | 000,248,384 | ---- | C] () -- C:\Users\Juranas\Desktop\BSOblnS1Lri1vdhe.jpg
[2012/04/28 15:21:11 | 032,671,736 | ---- | C] () -- C:\Users\Juranas\Desktop\Selena Gomez & The Scene - Love You Like A Love Song.wav
[2012/04/28 15:14:29 | 003,526,771 | ---- | C] () -- C:\Users\Juranas\Desktop\Selena Gomez & The Scene - Love You Like A Love Song.mp3
[2012/04/25 22:59:04 | 000,000,221 | ---- | C] () -- C:\Users\Juranas\Desktop\F.E.A.R. 3.url
[2012/04/25 18:22:55 | 000,000,221 | ---- | C] () -- C:\Users\Juranas\Desktop\Dead Space.url
[2012/04/25 18:22:55 | 000,000,221 | ---- | C] () -- C:\Users\Juranas\Desktop\Dead Space 2.url
[2012/04/20 19:03:53 | 000,000,936 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Device Monitor 4.lnk
[2012/04/20 19:03:53 | 000,000,904 | ---- | C] () -- C:\Users\Public\Desktop\Everio MediaBrowser 4.lnk
[2012/04/20 19:03:53 | 000,000,898 | ---- | C] () -- C:\Users\Public\Desktop\Everio MediaBrowser 4 Player.lnk
[2012/04/15 00:18:51 | 000,002,104 | ---- | C] () -- C:\Users\Juranas\Desktop\Aion.lnk
[2012/04/15 00:17:31 | 000,002,030 | ---- | C] () -- C:\Users\Public\Desktop\NCsoft Launcher.lnk
[2012/04/15 00:11:59 | 000,001,455 | ---- | C] () -- C:\Users\Public\Desktop\Mass Effect 3.lnk
[2012/03/03 16:17:07 | 000,672,256 | ---- | C] ( ) -- C:\Windows\SysWow64\LXDNhcp.dll
[2012/03/03 16:17:04 | 000,299,520 | ---- | C] () -- C:\Windows\SysWow64\lxdngrd.dll
[2011/11/05 10:56:28 | 000,000,000 | ---- | C] () -- C:\Windows\iPlayer.INI
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/09 08:26:55 | 000,125,128 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/08/06 12:56:38 | 000,128,512 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2011/06/29 17:46:33 | 000,000,095 | ---- | C] () -- C:\Users\Juranas\AppData\Local\fusioncache.dat
[2011/05/10 20:46:23 | 000,528,384 | ---- | C] () -- C:\Windows\SysWow64\LXDNinst.dll
[2011/05/10 20:46:23 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxdncomx.dll
[2011/05/10 20:46:22 | 001,733,632 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnserv.dll
[2011/05/10 20:46:22 | 001,319,936 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnusb1.dll
[2011/05/10 20:46:22 | 001,070,080 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnhbn3.dll
[2011/05/10 20:46:22 | 000,977,920 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnpmui.dll
[2011/05/10 20:46:22 | 000,884,736 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnlmpm.dll
[2011/05/10 20:46:22 | 000,545,792 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdninpa.dll
[2011/05/10 20:46:22 | 000,514,048 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnih.exe
[2011/05/10 20:46:22 | 000,509,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdniesc.dll
[2011/05/10 20:46:22 | 000,047,104 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdnprox.dll
[2011/05/10 20:46:21 | 001,472,512 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomc.dll
[2011/05/10 20:46:21 | 001,039,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncoms.exe
[2011/05/10 20:46:21 | 000,598,528 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncfg.exe
[2011/05/10 20:46:21 | 000,578,560 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdncomm.dll
[2011/04/24 00:35:00 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/04/02 00:46:37 | 002,137,381 | ---- | C] () -- C:\Users\Juranas\AppData\Roaming\data.dat
[2011/03/20 15:32:24 | 003,360,624 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/03/07 00:57:33 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2011/01/02 17:16:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/12/24 02:34:14 | 000,757,518 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/21 03:10:41 | 000,280,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010/12/21 03:10:39 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010/12/21 03:10:38 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010/10/05 15:45:48 | 000,000,735 | ---- | C] () -- C:\Windows\FF05_Render_Spk_Hp.ini
[2010/10/05 15:45:48 | 000,000,508 | ---- | C] () -- C:\Windows\FF05_not_Spk_Hp.ini
[2010/10/05 15:45:47 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010/10/05 15:45:47 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010/10/05 15:38:14 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== LOP Check ==========

[2012/04/28 15:22:21 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\Audacity
[2011/10/01 14:20:29 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\Azureus
[2011/08/30 21:30:31 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\CoreClient
[2011/08/12 12:13:45 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\gtk-2.0
[2011/11/03 05:38:43 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\IObit
[2011/10/07 21:37:03 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\Leadertech
[2011/02/19 15:38:11 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\LolClient
[2012/02/18 08:26:23 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\Origin
[2011/02/26 21:35:01 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\Participatory Culture Foundation
[2012/04/22 23:18:47 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\PCF-VLC
[2011/03/18 22:49:24 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\PFStaticIP
[2012/03/04 09:22:06 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\RIFT
[2012/04/27 04:40:53 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\SoftGrid Client
[2011/04/24 00:39:38 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\Synaptics
[2011/05/18 22:23:35 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\SystemRequirementsLab
[2011/12/12 20:23:46 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\thriXXX
[2010/12/24 02:34:58 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\TP
[2011/12/11 10:10:31 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\TS3Client
[2011/12/11 10:10:03 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\ts3overlay
[2010/12/21 19:46:12 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\Unity
[2011/02/15 10:20:00 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\Windows Live Writer
[2011/03/05 17:03:33 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\Xtranormal
[2012/04/09 09:26:17 | 000,032,648 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

I am currently reviewing your log and will be back shortly with an initial response.

#3 CompCav

Group: GeekU Moderator
Posts: 6,545
Joined: 24-January 11

Posted 07 May 2012 - 01:39 PM

Step 1.

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Please reopen on your desktop.

Copy and Paste the following code into the

textbox.

:OTL
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\InprocServer32 File not found
IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = http://search.ibryte...y={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
[2012/02/05 12:53:55 | 000,000,000 | ---D | M] (Vuze Remote Community Toolbar) -- C:\Users\Juranas\AppData\Roaming\Mozilla\Firefox\Profiles\m79yr595.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2010/10/20 14:40:12 | 000,000,923 | ---- | M] () -- C:\Users\Juranas\AppData\Roaming\Mozilla\Firefox\Profiles\m79yr595.default\searchplugins\conduit.xml
[2011/05/17 21:16:01 | 000,002,230 | ---- | M] () -- C:\Users\Juranas\AppData\Roaming\Mozilla\Firefox\Profiles\m79yr595.default\searchplugins\iBryte_playbryte.xml
O2 - BHO: (Shop to Win 12) - {1F44B5B5-7976-4378-9A7F-FE6435E9660F} - C:\Program Files (x86)\Shop to Win 12\Shop to Win 12.dll (Shop To Win, LLC)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll File not found
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll (Yontoo Technology, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuz0.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
[2011/11/03 05:38:43 | 000,000,000 | ---D | M] -- C:\Users\Juranas\AppData\Roaming\IObit



:files
ipconfig /flushdns /c


:reg


:Commands
[purity]
[resethosts]
[emptytemp]
[createrestorepoint]

Push
OTL may ask to reboot the machine. Please do so if asked.
Click the OK button.
A report will open. Copy and Paste that report in your next reply.
If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

Step 2.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

When finished, it produces a log for you.
Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

After the run you may have internet problems or access to somethng problems. Simply reboot the computer.
Step 2.

Download and Install Combofix

Download ComboFix from one of the following locations:

Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.
Accept the disclaimer and allow to update if it asks

Posted Image

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Get the report by selecting Reports

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 4.

Please post:

OTL fix log
ComboFix.txt
TDSSKiller log

Give me an update on the computer performance especially redirects.

#4 CompCav

Group: GeekU Moderator
Posts: 6,545
Joined: 24-January 11

Posted 11 May 2012 - 06:56 AM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal

Share this topic:

Page 1 of 1

Please log in to reply

Google Redirect; poss. rootkit [Closed] - Geeks to Go Forums