Essentially, the homepage for my browsers (Chrome and Firefox) was changed to a fake-looking Google stand-in website: http://search.openmediasoft.com/ and when I try to do a search through the URL field in either browser I get redirected to another fake-looking Google-ripoff with my search results. The redirect is through this site: http://btsearch.name...p?q=test search (a sample search for keywords "test search" entered in the URL field), followed by the appearance of a search results page with this URL: http://www.google.co...arch&gsc.page=1
There's another intermediary redirection URL that pops up, something starting with http://search.openmediasoft.com, but it changes too quickly for me to screencap/copy it down.
I think I picked up this malware when I attempted to download Xilisoft Media Converter; I did a search for the program using Chrome's URL field and one of the top link was to CNET. When I navigated to that website and clicked on the download link, a program pop-up appeared asking me if I would like to install YouTubeDownloader; I thought that was strange, but since the website itself clearly showed that it's the download page for the Xilisoft program, I thought nothing of it and went ahead with installation. When I discovered that it was indeed the wrong program--how could CNET mislead me like that? Very confusing--I uninstalled it and later found the program I was originally looking for. However, around this time my browsers started acting up in the manner I outlined above.
I ran antivirus and anti-malware scans with AVGFree, Avast, Malwarebytes Anti-malware, Spybot S&D, and Sophos Antivirus, all to no avail. I'd appreciate some assistance with this pesky problem, as I've been unable to solve it myself.
My OTL log appears below.
---
OTL logfile created on: 13/11/2012 6:04:09 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Maya\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy
5.88 Gb Total Physical Memory | 2.95 Gb Available Physical Memory | 50.09% Memory free
11.76 Gb Paging File | 8.54 Gb Available in Paging File | 72.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 457.60 Gb Total Space | 378.46 Gb Free Space | 82.70% Space Free | Partition Type: NTFS
Drive G: | 454.81 Gb Total Space | 307.57 Gb Free Space | 67.63% Space Free | Partition Type: NTFS
Computer Name: Maya-PC | User Name: Maya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/11/13 18:03:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maya\Desktop\OTL.exe
PRC - [2012/11/06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/29 21:46:35 | 000,388,576 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/08/26 23:21:12 | 026,924,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\Maya\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/29 08:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2012/02/07 05:05:04 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/02/07 05:05:04 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/02/07 05:04:54 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012/02/07 05:04:44 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/02/06 21:17:54 | 000,636,520 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2012/02/06 19:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2012/01/04 14:59:50 | 000,291,608 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2011/11/29 22:04:56 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011/07/22 16:26:40 | 000,690,472 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/05/20 11:44:32 | 000,986,208 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\MediaEspresso\DeviceDetector\DeviceDetector.exe
PRC - [2010/11/20 22:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010/04/07 03:01:40 | 035,444,688 | ---- | M] (Adobe Systems, Incorporated) -- C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exe
PRC - [2010/02/22 03:57:06 | 000,406,992 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
PRC - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Maya\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
========== Modules (No Company Name) ==========
MOD - [2012/10/31 17:15:05 | 000,460,312 | ---- | M] () -- C:\Users\Maya\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll
MOD - [2012/10/31 17:15:04 | 012,455,448 | ---- | M] () -- C:\Users\Maya\AppData\Local\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
MOD - [2012/10/31 17:15:02 | 004,007,448 | ---- | M] () -- C:\Users\Maya\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
MOD - [2012/10/31 17:13:47 | 000,587,288 | ---- | M] () -- C:\Users\Maya\AppData\Local\Google\Chrome\Application\23.0.1271.64\libglesv2.dll
MOD - [2012/10/31 17:13:46 | 000,123,928 | ---- | M] () -- C:\Users\Maya\AppData\Local\Google\Chrome\Application\23.0.1271.64\libegl.dll
MOD - [2012/10/31 17:13:35 | 000,156,712 | ---- | M] () -- C:\Users\Maya\AppData\Local\Google\Chrome\Application\23.0.1271.64\avutil-51.dll
MOD - [2012/10/31 17:13:34 | 000,274,984 | ---- | M] () -- C:\Users\Maya\AppData\Local\Google\Chrome\Application\23.0.1271.64\avformat-54.dll
MOD - [2012/10/31 17:13:32 | 002,168,360 | ---- | M] () -- C:\Users\Maya\AppData\Local\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll
MOD - [2012/10/29 21:46:35 | 002,111,456 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2012/10/29 21:46:35 | 000,157,664 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012/10/29 21:46:35 | 000,021,984 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012/02/06 21:18:04 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2012/02/06 21:17:54 | 000,636,520 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2011/12/15 01:56:18 | 013,168,640 | ---- | M] () -- C:\Windows\SysWOW64\ig4icd32.dll
MOD - [2010/04/07 01:34:46 | 000,033,280 | ---- | M] () -- C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\QuickTimeGlue.dll
MOD - [2010/02/22 03:50:20 | 000,060,416 | ---- | M] () -- C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\zlib1.dll
MOD - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Maya\Local Settings\Apps\F.lux\flux.exe
========== Services (SafeList) ==========
SRV:64bit: - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/02/06 19:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2012/02/03 00:29:52 | 000,628,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/10/30 12:16:43 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/29 21:46:35 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/10/09 10:33:16 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/02/29 08:49:06 | 000,028,264 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2012/02/07 05:05:04 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/02/07 05:05:04 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/02/07 05:04:54 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe -- (Intel®
SRV - [2012/02/07 05:04:44 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2011/12/21 05:04:42 | 000,274,200 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2011/11/29 22:04:56 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011/07/22 16:26:40 | 000,690,472 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/06/21 14:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/10/30 18:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 18:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 18:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 18:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/10/05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2012/10/02 02:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/09/21 02:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/09/21 02:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2012/09/14 02:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/08/20 13:48:50 | 000,019,032 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:64bit: - [2012/08/20 13:48:48 | 000,012,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:64bit: - [2012/03/22 08:32:40 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2012/03/22 08:32:40 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2012/03/22 08:32:40 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/04 14:58:50 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012/01/04 14:58:50 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012/01/04 14:58:50 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2011/12/15 04:01:08 | 014,646,560 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/12/05 14:23:08 | 000,331,264 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011/11/30 02:09:34 | 000,358,576 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2011/11/29 21:40:32 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/11/09 12:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011/07/14 00:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/14 00:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/08/10 22:40:06 | 001,014,624 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\SearchScopes,DefaultScope = {8d492f70-ea37-453e-a0e4-9d709483a4cd}
IE - HKCU\..\SearchScopes\{8d492f70-ea37-453e-a0e4-9d709483a4cd}: "URL" = http://btsearch.name...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Custom search"
FF - prefs.js..browser.search.selectedEngine: "Custom search"
FF - prefs.js..browser.startup.homepage: "http://btsearch.name"
FF - prefs.js..extensions.enabledAddons: [email protected]:3.0.0.0
FF - prefs.js..extensions.enabledAddons: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledAddons: [email protected]:7.0.1474
FF - prefs.js..keyword.URL: "http://btsearch.name...results.php?q="
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: G:\VLCPlayer\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Maya\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Maya\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Maya\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Maya\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/06 18:18:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/10/31 15:14:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/09/21 19:14:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/10/31 15:14:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/10/29 21:46:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/10/31 15:14:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\FireFox\Extensions\\[email protected]: C:\PROGRA~2\YOUTUB~1\YouTube Downloader.xpi
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/10/29 21:46:33 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012/10/31 15:14:00 | 000,000,000 | ---D | M]
[2012/09/21 19:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maya\AppData\Roaming\Mozilla\Extensions
[2012/10/23 19:13:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\q2ux1cto.default\extensions
[2012/09/21 19:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRA~2\YOUTUB~1\YOUTUBE DOWNLOADER.XPI
[2012/10/31 15:14:00 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/11/06 18:18:38 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/09/05 20:27:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/11 23:00:27 | 000,002,265 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Custom search.xml
[2012/09/05 20:26:22 | 000,002,253 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage:
CHR - default_search_provider: Custom search (Enabled)
CHR - default_search_provider: search_url = http://btsearch.name...q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Maya\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Maya\AppData\Local\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Maya\AppData\Local\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Maya\AppData\Local\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Maya\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: AdBlock = C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.47_0\
CHR - Extension: video2mp3.net = C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\higgajlpbghlddcdenhmgdkmngaefgfp\0.0.3_0\
CHR - Extension: avast! WebRep = C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: StumbleUpon = C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcahibnffhnnjcedflmchmokndkjnhpg\4.10.11.1_0\
CHR - Extension: Google Dictionary (by Google) = C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja\3.0.15_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Maya\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
O1 HOSTS File: ([2012/10/05 22:09:06 | 000,001,794 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 www.adobeereg.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 125.252.224.90
O1 - Hosts: 127.0.0.1 125.252.224.91
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKCU..\Run: [F.lux] C:\Users\Maya\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe ()
O4 - HKLM..\RunOnce: [Z1] C:\Users\Maya\MalwareBytes Anti-Rootkit\mbar\mbar.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Maya\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C68429D-A528-4FDC-9BD0-C6C9B810F357}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E2DEBA69-1FEC-4994-AB5C-7EC35E625BBE}: DhcpNameServer = 8.15.12.5 8.5.244.6
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/11/13 18:03:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Maya\Desktop\OTL.exe
[2012/11/13 17:49:14 | 000,000,000 | ---D | C] -- C:\Users\Maya\MalwareBytes Anti-Rootkit
[2012/11/13 16:55:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/11/13 13:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/11/13 13:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/11/13 13:34:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/11/11 23:46:50 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Roaming\Malwarebytes
[2012/11/11 23:46:44 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/11/11 23:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/11 23:46:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/11/11 23:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/11 23:38:33 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Roaming\AVG
[2012/11/11 23:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2012/11/11 23:37:35 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2012/11/11 23:22:10 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/11/11 23:21:59 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/11/11 23:21:56 | 000,000,000 | ---D | C] -- C:\Windows\fr
[2012/11/11 23:21:54 | 000,000,000 | ---D | C] -- C:\Windows\es
[2012/11/11 23:21:52 | 000,000,000 | ---D | C] -- C:\Windows\pt-br
[2012/11/11 23:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/11/11 23:19:02 | 000,000,000 | R--D | C] -- C:\Users\Maya\SkyDrive
[2012/11/11 23:19:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2012/11/11 23:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2012/11/11 23:18:19 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Local\Windows Live
[2012/11/11 23:13:47 | 000,000,000 | ---D | C] -- C:\Users\Maya\Documents\AVS4YOU
[2012/11/11 23:06:38 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xilisoft
[2012/11/11 23:05:58 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Roaming\Xilisoft
[2012/11/11 23:05:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xilisoft
[2012/11/11 22:48:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012/11/11 22:48:21 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Roaming\AVS4YOU
[2012/11/11 22:47:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2012/11/11 22:34:32 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Local\{4A8B074C-CD09-4765-B7BE-208E01B9DFEC}
[2012/11/10 13:32:28 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Local\{FE66B1DB-883C-4832-B75D-B5E9EF739107}
[2012/11/08 13:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/11/07 22:12:43 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2012/11/07 22:12:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP240 series
[2012/11/07 22:12:27 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2012/11/06 18:18:41 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/11/06 18:18:40 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/11/06 18:18:40 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/10/31 15:14:44 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Local\DDMSettings
[2012/10/31 15:13:50 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Roaming\DivX
[2012/10/31 15:13:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012/10/31 15:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2012/10/31 15:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2012/10/31 15:13:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2012/10/31 15:12:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2012/10/31 15:11:46 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2012/10/31 15:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2012/10/31 15:04:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2012/10/30 18:20:35 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Local\{0C58C22E-C237-4B4E-BC58-D06A8B1EA87D}
[2012/10/30 12:19:09 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012/10/30 12:14:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012/10/30 12:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012/10/30 12:14:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012/10/29 21:46:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012/10/27 01:17:36 | 000,421,888 | ---- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaSplitter.ax
[2012/10/27 01:17:34 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2012/10/27 01:17:30 | 002,174,976 | ---- | C] (Advanced Micro Devices Inc.) -- C:\Program Files (x86)\Common Files\atimpenc.dll
[2012/10/22 13:02:44 | 000,154,464 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2012/10/19 12:55:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2012/10/16 21:44:40 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Local\{6B5F8DC8-8410-4925-B6A4-9E68CF647BA3}
[2012/10/15 03:48:50 | 000,063,328 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
========== Files - Modified Within 30 Days ==========
[2012/11/13 18:07:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-836651890-575607221-4199847269-1000UA.job
[2012/11/13 18:07:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-836651890-575607221-4199847269-1000Core.job
[2012/11/13 18:03:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Maya\Desktop\OTL.exe
[2012/11/13 17:33:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/13 17:22:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/13 16:59:14 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/13 16:59:11 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2012/11/13 15:22:16 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/13 15:22:16 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/13 15:21:40 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/11/13 15:21:40 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/11/13 15:21:40 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/11/13 15:14:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/13 15:14:43 | 440,299,519 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/13 13:34:15 | 000,001,263 | ---- | M] () -- C:\Users\Maya\Desktop\Spybot - Search & Destroy.lnk
[2012/11/11 23:46:44 | 000,001,114 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/11 23:26:17 | 004,968,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/11/11 23:06:38 | 000,002,183 | ---- | M] () -- C:\Users\Maya\Desktop\Xilisoft Video Converter Standard.lnk
[2012/11/11 23:00:27 | 000,000,034 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefoxoverride.ini
[2012/11/09 15:09:17 | 000,002,444 | ---- | M] () -- C:\Users\Maya\Desktop\Google Chrome.lnk
[2012/11/08 13:43:48 | 000,000,970 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/11/07 22:05:37 | 000,000,132 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/11/06 18:18:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/11/05 10:40:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2012/10/31 15:14:01 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012/10/31 15:13:47 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/10/30 18:51:55 | 000,984,144 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/10/30 18:51:55 | 000,370,288 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/10/30 18:51:55 | 000,071,600 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/10/30 18:51:53 | 000,025,232 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/10/30 18:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/30 18:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/10/30 18:50:30 | 000,285,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/10/30 12:21:27 | 000,000,221 | ---- | M] () -- C:\Users\Maya\Desktop\Dead Island.url
[2012/10/30 12:20:45 | 000,000,220 | ---- | M] () -- C:\Users\Maya\Desktop\The Longest Journey.url
[2012/10/30 12:20:17 | 000,000,221 | ---- | M] () -- C:\Users\Maya\Desktop\Machinarium.url
[2012/10/30 12:19:26 | 000,000,221 | ---- | M] () -- C:\Users\Maya\Desktop\Broken Sword II The Smoking Mirror.url
[2012/10/30 12:19:09 | 000,000,221 | ---- | M] () -- C:\Users\Maya\Desktop\Broken Sword Shadow of the Templars - Director's Cut.url
[2012/10/30 12:14:34 | 000,000,922 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/10/27 01:17:36 | 000,421,888 | ---- | M] (Gabest) -- C:\Windows\SysWow64\RealMediaSplitter.ax
[2012/10/27 01:17:34 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2012/10/22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys
[2012/10/19 12:58:41 | 000,001,212 | ---- | M] () -- C:\Users\Maya\Desktop\Adobe Photoshop CS5.lnk
[2012/10/15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
========== Files Created - No Company Name ==========
[2012/11/13 13:34:15 | 000,001,263 | ---- | C] () -- C:\Users\Maya\Desktop\Spybot - Search & Destroy.lnk
[2012/11/11 23:46:44 | 000,001,114 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/11/11 23:21:50 | 000,001,310 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012/11/11 23:21:45 | 000,001,379 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2012/11/11 23:19:02 | 000,002,120 | ---- | C] () -- C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2012/11/11 23:06:38 | 000,002,183 | ---- | C] () -- C:\Users\Maya\Desktop\Xilisoft Video Converter Standard.lnk
[2012/11/11 23:00:20 | 000,000,034 | ---- | C] () -- C:\Program Files (x86)\Mozilla Firefoxoverride.ini
[2012/11/07 22:05:37 | 000,000,132 | ---- | C] () -- C:\Users\Maya\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/10/31 15:13:47 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2012/10/31 15:13:37 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk
[2012/10/31 15:04:43 | 000,696,832 | ---- | C] () -- C:\Windows\SysNative\xvidcore.dll
[2012/10/31 15:04:43 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/10/31 15:04:43 | 000,255,488 | ---- | C] () -- C:\Windows\SysNative\xvidvfw.dll
[2012/10/31 15:04:43 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/10/31 15:04:43 | 000,173,568 | ---- | C] () -- C:\Windows\SysNative\xvid.ax
[2012/10/31 15:04:43 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\xvid.ax
[2012/10/30 12:21:27 | 000,000,221 | ---- | C] () -- C:\Users\Maya\Desktop\Dead Island.url
[2012/10/30 12:20:45 | 000,000,220 | ---- | C] () -- C:\Users\Maya\Desktop\The Longest Journey.url
[2012/10/30 12:20:17 | 000,000,221 | ---- | C] () -- C:\Users\Maya\Desktop\Machinarium.url
[2012/10/30 12:19:26 | 000,000,221 | ---- | C] () -- C:\Users\Maya\Desktop\Broken Sword II The Smoking Mirror.url
[2012/10/30 12:19:09 | 000,000,221 | ---- | C] () -- C:\Users\Maya\Desktop\Broken Sword Shadow of the Templars - Director's Cut.url
[2012/10/30 12:14:34 | 000,000,922 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012/10/19 12:58:41 | 000,001,212 | ---- | C] () -- C:\Users\Maya\Desktop\Adobe Photoshop CS5.lnk
[2012/10/11 15:58:31 | 000,000,132 | ---- | C] () -- C:\Users\Maya\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/03/22 08:27:38 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/03/22 08:27:35 | 000,261,196 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/03/22 08:27:33 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/03/22 08:27:33 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/03/22 08:27:32 | 013,168,640 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/03 00:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
========== ZeroAccess Check ==========
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2012/11/11 23:38:33 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\AVG
[2012/09/21 19:38:36 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\AVG2013
[2012/11/13 16:59:15 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Dropbox
[2012/11/04 21:45:52 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\MediaMonkey
[2012/09/21 16:30:03 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\OEM
[2012/09/25 17:00:51 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Thunderbird
[2012/09/21 19:36:00 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\TuneUp Software
[2012/11/11 00:05:30 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\uTorrent
[2012/09/21 22:22:55 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\WildTangent
[2012/11/11 23:05:58 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Xilisoft
========== Purity Check ==========
< End of report >