Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Findgala (Windows 8)


  • Please log in to reply

#16
xirftwx

xirftwx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
To get a better understanding of exactly how the malware is redirecting me, here is a screenshot:

Posted Image

You can see in the lower left corner, as I hover over the first result, it says it's going to send me to some foreign address. This foreign address redirects me to Findgala or another similar bogus search site.

Hope this could help in some way :)

- Jake

Edited by xirftwx, 06 January 2013 - 03:13 PM.

  • 0

Advertisements


#17
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,491 posts
Hi xirftwx! :)

Sorry for the delay. Yes! That image might help in some way. Thank you! :)

Since this only effects Chrome, I'd you to try incognito mode to see whether that stops the redirects.

Open an incognito window
  • Click the Chrome menu Chrome menu button.JPG on the browser toolbar.
  • Select New incognito window.
  • A new window will open with the incognito icon Chrome incognito icon.JPG in the corner. You can continue browsing as normal in the other window.
You can also use the keyboard shortcuts Ctrl+Shift+N (Windows, Linux, and Chrome OS) and ⌘-Shift-N (Mac) to open an incognito window.

Please note (this applies to you):
Windows 8 users: To switch between windows, click the window switcher Chrome window switcher.JPG on the top right corner.

Here's a link that might help, if needed.

Incognito mode (browse in private)

Try a few google searches and note what happens.

Next:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED File not found
    [2013/01/02 20:54:20 | 000,037,376 | ---- | C] (Microsoft) -- C:\Users\Jake\Desktop\FastVisits.exe
    
    :reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0B41A8C4-1FB8-4B8B-B8FE-D643A617A7DB}_is1"=-
    "{2E3FA0CF-AC2D-4E6F-8EF3-D75E91681441}_is1"=-
    "uTorrent"=-
    
    :Files
    ipconfig /flushdns /c
    
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run uninterrupted, reboot the PC when it is done.
  • Post the fix log that is found in C:\_OTL\Moved Files in your next reply.
  • Open OTL again and place a checkmark in the little dial button to the left of All under the Extra Registry section.
  • Click the Run Scan button. Post the log it produces in your next reply.

In your next reply, please post the following:

Results from incognito mode
Fix log

Thank you,

Donna :)
  • 0

#18
xirftwx

xirftwx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I tried about 30 different searches and none were hijacked in incognito mode.

Note that the desktop is still black and I am still being redirected in chrome without incognito mode on.


Fix Log:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
C:\Users\Jake\Desktop\FastVisits.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{0B41A8C4-1FB8-4B8B-B8FE-D643A617A7DB}_is1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B41A8C4-1FB8-4B8B-B8FE-D643A617A7DB}_is1\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\{2E3FA0CF-AC2D-4E6F-8EF3-D75E91681441}_is1 not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E3FA0CF-AC2D-4E6F-8EF3-D75E91681441}_is1\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\uTorrent not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jake\Desktop\cmd.bat deleted successfully.
C:\Users\Jake\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: I_R_F_000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jake
->Temp folder emptied: 3196 bytes
->Temporary Internet Files folder emptied: 66998 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 142187447 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4676 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 208030 bytes

Total Files Cleaned = 136.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 01062013_165534

Files\Folders moved on Reboot...
C:\Users\Jake\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


OTL.txt:

OTL logfile created on: 1/6/2013 5:07:07 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jake\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.89 Gb Total Physical Memory | 4.58 Gb Available Physical Memory | 77.72% Memory free
11.89 Gb Paging File | 10.44 Gb Available in Paging File | 87.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 106.48 Gb Free Space | 38.10% Space Free | Partition Type: NTFS
Drive D: | 398.18 Gb Total Space | 398.03 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: JAKE-LAPTOP | User Name: Jake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/03 19:39:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jake\Desktop\OTL.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/04 19:15:17 | 001,242,728 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/11/01 11:56:20 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2012/10/31 12:09:50 | 000,020,352 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2012/09/11 12:22:06 | 000,033,512 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
PRC - [2012/09/11 12:22:04 | 003,092,200 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
PRC - [2012/09/11 12:22:04 | 001,449,192 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
PRC - [2012/08/06 15:56:14 | 000,590,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
PRC - [2012/08/03 17:31:12 | 000,184,704 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2012/07/24 19:21:22 | 001,123,536 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2012/07/23 19:59:02 | 000,105,120 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2012/07/17 17:54:20 | 000,178,848 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2012/07/17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2012/07/17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2012/07/06 12:23:40 | 000,322,208 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2012/06/25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
PRC - [2012/06/20 18:21:54 | 001,557,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
PRC - [2012/06/07 15:12:06 | 000,162,456 | ---- | M] (ASUSTeK) -- C:\Windows\SysWOW64\ACEngSvr.exe
PRC - [2012/06/07 15:12:06 | 000,090,832 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2012/05/28 11:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2012/04/13 11:14:00 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
PRC - [2012/03/28 19:34:30 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2011/11/21 15:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/01 17:54:22 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\fedb1433422296012c8ce48902458bf1\UIAutomationTypes.ni.dll
MOD - [2012/12/04 19:15:15 | 012,456,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
MOD - [2012/12/04 19:15:15 | 000,460,904 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppgooglenaclpluginchrome.dll
MOD - [2012/12/04 19:15:14 | 004,008,040 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
MOD - [2012/12/04 19:14:29 | 000,587,880 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libglesv2.dll
MOD - [2012/12/04 19:14:28 | 000,124,520 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\libegl.dll
MOD - [2012/12/04 19:14:21 | 000,157,304 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avutil-51.dll
MOD - [2012/12/04 19:14:20 | 000,275,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avformat-54.dll
MOD - [2012/12/04 19:14:19 | 002,168,952 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\avcodec-54.dll
MOD - [2012/11/30 17:08:12 | 007,559,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9ba07396ae369d010c5c3927a82ef426\System.Xml.ni.dll
MOD - [2012/11/30 17:08:08 | 001,870,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\cc4d9093563dadee370788bbc3ecf4fb\System.Xaml.ni.dll
MOD - [2012/11/30 17:08:06 | 012,692,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\22ae167d586450ad3a9b9a9ee43ebc86\System.Windows.Forms.ni.dll
MOD - [2012/11/30 17:01:16 | 001,630,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\72269ea7cc6281139e4d155e7c57dc67\System.Drawing.ni.dll
MOD - [2012/11/30 17:01:09 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\28586400bcaf94c13a9fd0dff4a1e090\System.Configuration.ni.dll
MOD - [2012/11/30 17:01:08 | 000,467,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatioaec034ca#\0823f2b72e9e64ed1c4561c58df5de48\PresentationFramework.Aero2.ni.dll
MOD - [2012/11/30 17:01:07 | 018,524,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\97e6b67983d07a066b68b3ae8be2f53d\PresentationFramework.ni.dll
MOD - [2012/11/30 17:00:57 | 010,914,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b52bc540630c3aa5de542c382af35c20\PresentationCore.ni.dll
MOD - [2012/11/30 17:00:51 | 003,905,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\cd235caf797fb017f140016be88f33b7\WindowsBase.ni.dll
MOD - [2012/11/30 17:00:42 | 009,925,120 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\e40da7a49f8c3f0108e7c835b342f382\System.ni.dll
MOD - [2012/11/30 17:00:36 | 016,501,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\51e2934144ba15628ba5a31be2dae7dc\mscorlib.ni.dll
MOD - [2012/11/28 14:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/11/28 14:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/11/01 11:57:10 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2012/11/01 11:56:20 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2012/09/11 12:23:34 | 000,033,000 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
MOD - [2012/09/11 12:23:32 | 000,044,264 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
MOD - [2012/09/11 12:23:30 | 000,057,576 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
MOD - [2012/09/11 12:23:30 | 000,017,128 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
MOD - [2012/09/11 12:23:28 | 000,195,816 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
MOD - [2012/09/11 12:23:26 | 000,841,448 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
MOD - [2012/09/11 12:23:22 | 000,825,064 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
MOD - [2012/09/11 12:23:22 | 000,049,896 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
MOD - [2012/09/11 12:23:20 | 000,033,512 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_multiprocessing.pyd
MOD - [2012/09/11 12:23:16 | 000,365,800 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
MOD - [2012/09/11 12:23:14 | 000,093,928 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
MOD - [2012/09/11 12:23:10 | 000,590,056 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
MOD - [2012/09/11 12:23:10 | 000,017,128 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
MOD - [2012/09/11 12:23:08 | 000,134,376 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
MOD - [2012/09/11 12:23:04 | 000,141,544 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll
MOD - [2012/09/11 12:23:02 | 008,494,824 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll
MOD - [2012/09/11 12:23:00 | 000,628,968 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
MOD - [2012/09/11 12:22:56 | 000,587,080 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\sqlite3.dll
MOD - [2012/09/11 12:22:54 | 000,086,760 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
MOD - [2012/09/11 12:22:52 | 000,150,248 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
MOD - [2012/09/11 12:22:42 | 001,009,896 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
MOD - [2012/09/11 12:22:42 | 000,173,288 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
MOD - [2012/09/11 12:22:36 | 000,063,208 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
MOD - [2012/09/11 12:22:30 | 001,290,984 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll
MOD - [2012/09/11 12:22:16 | 000,952,552 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll
MOD - [2012/09/11 12:22:14 | 001,038,568 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll
MOD - [2012/09/11 12:22:12 | 001,254,672 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avformat-52.dll
MOD - [2012/09/11 12:22:12 | 000,271,624 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avutil-50.dll
MOD - [2012/09/11 12:22:10 | 005,827,912 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\avcodec-52.dll
MOD - [2012/09/11 12:22:06 | 000,033,512 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
MOD - [2012/06/07 15:12:04 | 000,009,216 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/07/25 22:46:56 | 002,366,984 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/07/25 21:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/25 21:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/25 21:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/07/25 21:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 21:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 21:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 21:07:30 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/07/25 21:07:27 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/07/25 21:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 21:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/07/25 21:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 21:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 21:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 21:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/07/25 21:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 21:05:38 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 21:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 21:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/25 21:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 21:05:11 | 000,174,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/07/25 21:05:08 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/07/25 21:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV:64bit: - [2012/04/20 15:16:12 | 000,635,104 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel®
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/29 02:27:36 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/16 15:40:12 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/07/25 21:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 21:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2012/07/23 19:59:02 | 000,105,120 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012/07/17 15:57:22 | 000,365,376 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012/07/17 15:57:20 | 000,277,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012/07/13 03:02:16 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2012/06/25 11:57:14 | 000,166,720 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe -- (jhi_service)
SRV - [2012/04/13 11:14:00 | 000,277,120 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe -- (ASUS InstantOn)
SRV - [2011/11/21 15:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/03 01:53:06 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2012/10/31 12:10:00 | 000,061,824 | ---- | M] (ASUS Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsusTP.sys -- (ATP)
DRV:64bit: - [2012/09/28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/16 02:53:06 | 008,987,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/08/16 00:01:20 | 003,624,960 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012/08/01 21:22:48 | 000,014,992 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2012/07/25 23:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/25 23:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/25 23:00:58 | 000,445,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012/07/25 23:00:58 | 000,337,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/07/25 23:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/25 23:00:58 | 000,212,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/07/25 23:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/25 23:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/25 23:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/25 23:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/25 23:00:55 | 000,120,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/07/25 23:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/25 23:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/25 23:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/25 23:00:55 | 000,028,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/07/25 23:00:54 | 000,056,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/07/25 23:00:52 | 003,295,984 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/07/25 23:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/25 23:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/25 23:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/25 23:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/25 23:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/25 23:00:49 | 000,539,376 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/07/25 23:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/25 23:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/25 23:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/25 23:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 22:59:35 | 000,193,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012/07/25 22:59:35 | 000,148,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/07/25 22:59:32 | 000,055,024 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/07/25 22:58:00 | 000,068,848 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/07/25 22:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 22:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/25 22:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 22:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/25 22:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/25 21:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 21:17:38 | 000,027,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/07/25 20:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 20:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 20:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 20:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 20:28:27 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012/07/25 20:27:58 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/07/25 20:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 20:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 20:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 20:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 20:27:31 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/07/25 20:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 20:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 20:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 20:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 20:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 20:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 20:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 20:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 20:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 20:25:54 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/07/25 20:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 20:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 20:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 20:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/24 19:21:22 | 000,017,152 | ---- | M] (ASUSTek Computer Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AiCharger.sys -- (AiCharger)
DRV:64bit: - [2012/07/23 21:16:28 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/03 00:09:08 | 000,295,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RtsBaStor.sys -- (RSBASTOR)
DRV:64bit: - [2012/07/02 16:16:02 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012/06/19 08:40:51 | 000,342,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2012/06/12 07:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/06/02 08:34:37 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2012/06/02 08:31:50 | 008,604,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2012/06/02 08:31:38 | 000,333,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\e1i63x64.sys -- (e1iexpress)
DRV:64bit: - [2012/05/30 21:47:44 | 000,021,152 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\AsHIDSwitch64.sys -- (HIDSwitch)
DRV:64bit: - [2011/01/15 10:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 16:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/09/03 16:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/12/14 21:11:00 | 000,007,168 | ---- | M] (MPlayer <http://svn.mplayerhq.../dhahelperwin/>) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\dhahelper.sys -- (DhaHelper)
DRV - [2011/09/07 10:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/02 18:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&#38;pc=ASU2JS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...R&#38;pc=ASU2JS

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus13.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus13.msn.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B9c51bd27-6ed8-4000-a2bf-36cb95c0c947%7D:11.0.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jake\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/18 14:50:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK

[2012/12/18 14:50:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jake\AppData\Roaming\mozilla\Extensions
[2012/12/18 14:50:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\JAKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\JVX0PVEO.DEFAULT\EXTENSIONS\{9C51BD27-6ED8-4000-A2BF-36CB95C0C947}.XPI
[2012/11/29 02:27:51 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/11/29 02:27:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/11/29 02:27:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Google Drive = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: MightyText - Send/Receive SMS Text Messages = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi\9.0_0\
CHR - Extension: Facebook\u2122 Video Downloader = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\enfpkglnpcnaafkgbffbplhngngjngjb\3.0.0.0_0\
CHR - Extension: Show Me Emoji!! = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfaljehflmoakhcfdopplgbieldgknai\2.0_0\
CHR - Extension: ICE Quick Stream = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapljocpedaolbooelchgnkkaplpadgp\5.5_0\
CHR - Extension: Gmail = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/25 23:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (ASUS)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.9.120\AsusWSPanel.exe (ASUS Cloud Corporation)
O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SecureW2 Tray] C:\Program Files (x86)\SecureW2\sw2_tray.exe (SecureW2 B.V.)
O4 - HKCU..\Run: [Plex Media Server] C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{662761F4-8EF4-4BA6-8244-B01E81BD8AD8}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEB39B49-F201-42D0-95E3-005C9D937860}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{5a60c9b5-485e-11e2-be76-50465de562ed}\Shell - "" = AutoRun
O33 - MountPoints2\{5a60c9b5-485e-11e2-be76-50465de562ed}\Shell\AutoRun\command - "" = "G:\TL-Bootstrap.exe"
O33 - MountPoints2\{634d71e1-3b32-11e2-be73-50465de562ed}\Shell - "" = AutoRun
O33 - MountPoints2\{634d71e1-3b32-11e2-be73-50465de562ed}\Shell\AutoRun\command - "" = "F:\SETUP.EXE"
O33 - MountPoints2\{634d71e1-3b32-11e2-be73-50465de562ed}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{634d71e1-3b32-11e2-be73-50465de562ed}\Shell\install\command - "" = F:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/06 16:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013/01/06 09:32:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/03 19:39:56 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jake\Desktop\OTL.exe
[2013/01/03 19:24:36 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/12/30 17:57:36 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Programs
[2012/12/28 14:48:53 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Airfoil
[2012/12/28 14:35:21 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Macromedia
[2012/12/28 14:31:47 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Rogue Amoeba
[2012/12/28 14:31:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Airfoil
[2012/12/28 14:31:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Airfoil
[2012/12/20 16:48:26 | 000,000,000 | ---D | C] -- C:\Users\Jake\Desktop\The Office
[2012/12/20 15:26:43 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Binreader
[2012/12/20 15:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Binreader
[2012/12/20 15:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Binreader
[2012/12/20 14:51:36 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\ScriptPower OHG
[2012/12/20 14:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\iLoad
[2012/12/20 14:51:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iLoad
[2012/12/20 14:51:25 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Paloma Networks, Inc
[2012/12/20 14:33:29 | 000,000,000 | ---D | C] -- C:\Users\Jake\School
[2012/12/19 20:32:40 | 000,007,168 | ---- | C] (MPlayer <http://svn.mplayerhq.../dhahelperwin/>) -- C:\Windows\SysWow64\drivers\dhahelper.sys
[2012/12/19 20:32:39 | 000,067,680 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0_x86.dll
[2012/12/19 20:32:39 | 000,067,680 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0.dll
[2012/12/19 20:32:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TiLP
[2012/12/19 20:31:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GTK2-Runtime
[2012/12/19 18:22:26 | 000,128,512 | ---- | C] (Texas Instruments) -- C:\Windows\SysNative\drivers\tiehdusb.sys
[2012/12/19 18:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TI Tools
[2012/12/19 18:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TI Shared
[2012/12/19 18:22:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TI Education
[2012/12/19 18:22:16 | 000,000,000 | ---D | C] -- C:\Users\Jake\Documents\MyTIData
[2012/12/19 18:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012/12/19 17:43:34 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Malwarebytes
[2012/12/19 17:43:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/19 17:43:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/19 17:43:17 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/19 17:43:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/18 14:53:28 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Adobe
[2012/12/18 14:50:32 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Roaming\Mozilla
[2012/12/18 14:50:32 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Mozilla
[2012/12/18 14:50:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/12/18 14:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/12/18 14:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/17 11:55:07 | 003,718,144 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2012/12/17 11:55:07 | 003,618,304 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\athw8x.sys
[2012/12/17 11:55:07 | 002,987,520 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\athr.sys
[2012/12/17 11:55:07 | 002,741,248 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\athw8.sys
[2012/12/17 11:54:30 | 002,741,248 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athw8.sys
[2012/12/17 11:54:13 | 002,987,520 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athr.sys
[2012/12/17 11:54:04 | 003,718,144 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2012/12/17 09:20:20 | 003,624,960 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athw8x.sys
[2012/12/17 09:19:49 | 000,000,000 | ---D | C] -- C:\SWSetup
[2012/12/15 12:13:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/12/15 12:13:32 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012/12/15 12:13:32 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012/12/15 12:13:32 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/12/15 12:13:09 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/12/15 12:13:08 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/12/15 12:13:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/12/15 12:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/12/15 11:59:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/12/15 11:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/12/15 11:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2012/12/15 11:58:10 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Apple
[2012/12/15 11:58:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012/12/15 11:57:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/12/15 11:57:40 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/12/15 11:57:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012/12/15 11:57:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012/12/13 14:26:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewsLeecher
[2012/12/13 14:26:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewsLeecher
[2012/12/13 14:13:10 | 000,000,000 | ---D | C] -- C:\Users\Jake\Documents\Newsbin
[2012/12/12 21:21:05 | 000,000,000 | ---D | C] -- C:\Users\Jake\Documents\NZBS
[2012/12/12 21:15:58 | 000,000,000 | ---D | C] -- C:\Users\Jake\AppData\Local\Newsbin
[2012/12/10 22:33:23 | 000,000,000 | ---D | C] -- C:\Users\Jake\Documents\UseNeXT
[2012/12/08 07:46:24 | 000,000,000 | ---D | C] -- C:\ProgramData\HP

========== Files - Modified Within 30 Days ==========

[2013/01/06 16:59:13 | 000,000,380 | ---- | M] () -- C:\Users\Jake\AppData\Roaming\sp_data.sys
[2013/01/06 16:58:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/06 16:57:08 | 000,000,298 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2013/01/06 16:57:02 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/06 16:56:34 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/01/06 16:56:33 | 763,088,895 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/06 15:20:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/06 15:18:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-919529226-1679702071-355095138-1001UA.job
[2013/01/06 11:42:10 | 000,108,496 | ---- | M] () -- C:\Users\Jake\Desktop\redirect.png
[2013/01/06 02:04:06 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/06 02:04:06 | 000,719,418 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/06 02:04:06 | 000,132,748 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/05 21:18:00 | 000,000,926 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-919529226-1679702071-355095138-1001Core.job
[2013/01/03 19:39:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jake\Desktop\OTL.exe
[2013/01/03 19:24:28 | 602,104,621 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/01/02 22:25:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013/01/02 22:23:00 | 000,007,315 | ---- | M] () -- C:\Windows\unins000.dat
[2013/01/02 22:22:59 | 000,727,737 | ---- | M] () -- C:\Windows\unins000.exe
[2013/01/01 17:44:01 | 000,494,280 | ---- | M] () -- C:\Users\Jake\Desktop\song.png
[2012/12/30 17:57:50 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/24 19:59:58 | 000,434,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/20 14:51:34 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\iLoad Downloads.lnk
[2012/12/20 14:51:34 | 000,000,907 | ---- | M] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\iLoad.lnk
[2012/12/20 14:51:34 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\iLoad.lnk
[2012/12/18 14:50:30 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/12/17 18:04:16 | 010,301,895 | ---- | M] () -- C:\Users\Jake\Desktop\05 Pretty Little Girl.m4a
[2012/12/17 01:38:04 | 008,082,517 | ---- | M] () -- C:\Users\Jake\Desktop\03 Disaster.m4a
[2012/12/17 01:27:16 | 007,776,387 | ---- | M] () -- C:\Users\Jake\Desktop\02 Dogs Eating Dogs.m4a
[2012/12/17 01:13:15 | 007,672,196 | ---- | M] () -- C:\Users\Jake\Desktop\01 When I Was Young.m4a
[2012/12/15 12:13:47 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/10 23:00:34 | 009,852,907 | ---- | M] () -- C:\Users\Jake\Desktop\04. Boxing Day.m4a

========== Files Created - No Company Name ==========

[2013/01/06 11:42:10 | 000,108,496 | ---- | C] () -- C:\Users\Jake\Desktop\redirect.png
[2013/01/03 19:24:28 | 602,104,621 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/01/02 22:25:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
[2013/01/02 22:22:59 | 000,727,737 | ---- | C] () -- C:\Windows\unins000.exe
[2013/01/02 22:22:59 | 000,007,315 | ---- | C] () -- C:\Windows\unins000.dat
[2013/01/01 17:44:01 | 000,494,280 | ---- | C] () -- C:\Users\Jake\Desktop\song.png
[2012/12/28 14:48:33 | 008,756,136 | ---- | C] () -- C:\Users\Jake\Desktop\AirfoilInstaller.exe
[2012/12/28 14:48:26 | 002,888,000 | ---- | C] () -- C:\Users\Jake\Desktop\REViSE.r00
[2012/12/28 14:48:22 | 002,888,000 | ---- | C] () -- C:\Users\Jake\Desktop\REViSE.rar
[2012/12/28 14:48:17 | 002,568,576 | ---- | C] () -- C:\Users\Jake\Desktop\REViSE.r01
[2012/12/28 14:48:17 | 000,003,658 | ---- | C] () -- C:\Users\Jake\Desktop\REViSE.nfo
[2012/12/28 14:48:17 | 000,000,280 | ---- | C] () -- C:\Users\Jake\Desktop\file_id.diz
[2012/12/28 14:47:59 | 002,889,180 | ---- | C] () -- C:\Users\Jake\Desktop\r-afw332.zip
[2012/12/28 14:47:59 | 002,889,180 | ---- | C] () -- C:\Users\Jake\Desktop\r-afw331.zip
[2012/12/28 14:47:59 | 002,569,756 | ---- | C] () -- C:\Users\Jake\Desktop\r-afw333.zip
[2012/12/20 14:51:34 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\iLoad Downloads.lnk
[2012/12/20 14:51:34 | 000,000,907 | ---- | C] () -- C:\Users\Jake\Application Data\Microsoft\Internet Explorer\Quick Launch\iLoad.lnk
[2012/12/20 14:51:34 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\iLoad.lnk
[2012/12/19 17:43:19 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/12/18 14:50:29 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/12/18 14:50:29 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/12/17 12:24:57 | 009,852,907 | ---- | C] () -- C:\Users\Jake\Desktop\04. Boxing Day.m4a
[2012/12/17 12:24:56 | 010,301,895 | ---- | C] () -- C:\Users\Jake\Desktop\05 Pretty Little Girl.m4a
[2012/12/17 12:24:56 | 008,082,517 | ---- | C] () -- C:\Users\Jake\Desktop\03 Disaster.m4a
[2012/12/17 12:24:56 | 007,776,387 | ---- | C] () -- C:\Users\Jake\Desktop\02 Dogs Eating Dogs.m4a
[2012/12/17 12:24:56 | 007,672,196 | ---- | C] () -- C:\Users\Jake\Desktop\01 When I Was Young.m4a
[2012/12/17 11:55:07 | 000,512,786 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2012/12/17 11:55:07 | 000,510,317 | ---- | C] () -- C:\Windows\SysNative\netathr.inf
[2012/12/17 11:55:07 | 000,326,379 | ---- | C] () -- C:\Windows\SysNative\athw8x.inf
[2012/12/17 11:55:07 | 000,324,816 | ---- | C] () -- C:\Windows\SysNative\athw8.inf
[2012/12/17 11:55:07 | 000,079,352 | ---- | C] () -- C:\Windows\SysNative\athw8x.cat
[2012/12/17 11:55:07 | 000,079,342 | ---- | C] () -- C:\Windows\SysNative\athw8.cat
[2012/12/17 11:55:07 | 000,077,253 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2012/12/17 11:55:07 | 000,077,249 | ---- | C] () -- C:\Windows\SysNative\athrext.cat
[2012/12/15 12:13:47 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/12/15 11:58:09 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/12/14 05:27:23 | 000,820,939 | ---- | C] () -- C:\Windows\Fix_V4.exe
[2012/12/03 20:38:22 | 000,000,437 | ---- | C] () -- C:\ProgramData\xsupplicant.conf
[2012/11/30 07:10:45 | 000,000,380 | ---- | C] () -- C:\Users\Jake\AppData\Roaming\sp_data.sys
[2012/08/22 06:13:17 | 000,598,780 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012/08/22 06:13:09 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/08/22 06:13:06 | 000,755,048 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012/08/04 19:42:20 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2012/08/04 19:42:20 | 000,000,217 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2012/08/04 01:53:42 | 000,164,016 | ---- | C] () -- C:\Windows\SysWow64\AirfoilInject3.dll
[2012/07/26 02:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2012/07/26 02:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2012/07/26 01:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2012/07/25 19:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2012/07/25 18:48:53 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2012/07/25 14:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2012/07/25 14:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012/07/25 14:22:56 | 000,267,284 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin
[2012/07/25 14:22:54 | 000,963,376 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin
[2012/06/02 08:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2012/04/20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2012/10/11 10:37:55 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/07/25 21:07:16 | 019,779,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/07/25 21:19:59 | 017,559,552 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 21:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 21:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 21:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >


Extras.txt:

OTL Extras logfile created on: 1/6/2013 5:07:07 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jake\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.89 Gb Total Physical Memory | 4.58 Gb Available Physical Memory | 77.72% Memory free
11.89 Gb Paging File | 10.44 Gb Available in Paging File | 87.85% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.45 Gb Total Space | 106.48 Gb Free Space | 38.10% Space Free | Partition Type: NTFS
Drive D: | 398.18 Gb Total Space | 398.03 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Computer Name: JAKE-LAPTOP | User Name: Jake | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1540F701-12F1-45CC-ACB0-5734FBA99C27}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2490A9F5-B787-4E11-909C-DD87D20D7112}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{269EBA34-B2D3-44C8-A2F0-9D7F76E727D3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2905E704-3EDE-4964-8913-B8AE7F33A863}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{2A757976-0F67-4637-AE4D-96320632CE6A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{31030113-2011-4DF6-BDFC-FDD92792C36B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{32208922-D827-45EA-9DBE-01C3831C3391}" = rport=139 | protocol=6 | dir=out | app=system |
"{38E66A6A-F854-4E59-99DD-C0E74F32B79F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{49C1DBE5-5D50-400D-8025-B60C86C80BC3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6CA6F741-99FD-48FF-B305-044A67DB1AED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{745F9A61-5FE2-4BE8-BA8E-41767AAB2603}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{756B2D3A-7890-497D-88D2-0A334F10BD47}" = rport=445 | protocol=6 | dir=out | app=system |
"{7ED12473-D930-4524-9E7D-1C5A4B509B75}" = lport=139 | protocol=6 | dir=in | app=system |
"{7F12660F-CBAB-4CFA-84E3-8476810AFCEA}" = lport=138 | protocol=17 | dir=in | app=system |
"{81166DE9-ACCF-459A-8AE6-BF66284868AF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8135B68F-7BF5-41E3-B1AC-E79469A8200A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{88E70BAF-AA08-412A-99BB-BF9A11FA93C2}" = lport=445 | protocol=6 | dir=in | app=system |
"{8EFA234F-1474-42C6-ADBD-90A9B740EA05}" = rport=137 | protocol=17 | dir=out | app=system |
"{A4CE5C79-BC99-44D5-B112-8F9B44582695}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B9523384-5E80-47D3-A874-8FD081761B48}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{C9C72725-85C7-4646-BDBF-78EFAA897604}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CCDDEDDF-D808-4E9D-9651-5F4546292FCD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED0BCB19-C7F8-47B6-834F-4C687AC55877}" = rport=138 | protocol=17 | dir=out | app=system |
"{FAA2FB44-24CA-47BD-BB06-59B6E236A550}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02C74339-650E-4BC4-B501-CB6365F21850}" = dir=out | [email protected]{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{095ACFDC-F36E-4C11-8898-3E629576AC1A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{09E37BE3-17E6-48F2-80E4-085571AE8366}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{104092C0-C594-4F56-9AAE-3F9EA6EF5432}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{10D56B12-8653-4012-A0B4-F66641916480}" = dir=in | name=music info |
"{151E8670-F970-48A5-A537-1914AA8EA747}" = dir=in | [email protected]{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{16BD20B7-0220-49A1-B37A-3BD8082B2D70}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{17E76938-D68A-45BF-AEB6-CE9D01E0B819}" = dir=in | [email protected]{microsoft.xboxcompanion_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{1862798E-A387-4F29-BB56-AD2D25EF4339}" = dir=out | [email protected]{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{18E6A1AF-4F37-4E35-84A0-9916109225C3}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{19C628EC-D591-4433-AEE3-5CA469C96CC3}" = dir=out | name=windows_ie_ac_001 |
"{2134F3B3-70DB-4961-BBE0-20DE910EEB74}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{219C0532-AA25-4A53-9269-B45C21905951}" = dir=out | [email protected]{microsoft.bingtravel_1.5.1.248_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{240A0261-A1EC-44FE-BCBA-46FFE134E838}" = dir=out | name=music info |
"{2446E9F8-A703-4DE8-B19F-7BD298B7C31C}" = protocol=6 | dir=out | app=system |
"{27DCAE8E-94EA-4797-8DB1-44276077B660}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2BF7E7BF-6B8A-4376-8A82-A2C90091FB20}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{2C67FD72-E3E6-48D5-9B97-909815A48892}" = dir=out | name=taptiles |
"{2EFF51D0-2E98-4DF4-9122-9F3A68DA1A17}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3097137B-086C-4F96-9BD3-ACCA7502DC1E}" = dir=out | [email protected]{microsoft.bingsports_1.5.1.249_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{33551323-9250-4398-B6B4-F84330BE038A}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{35404EAF-A9CA-466E-AA82-A85FD5FAE277}" = dir=out | name=adera |
"{35958DF7-8C26-4009-9C66-B19A9D22C914}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{365F3FCF-7283-42CB-A63B-29018AE95D2B}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{36CE5959-7568-4969-B3CF-0A20D83549AB}" = dir=out | [email protected]{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{3A4850E9-4179-4374-9AE7-8B427BAD4E0D}" = dir=in | app=c:\program files (x86)\plex\plex media server\plexdlnaserver.exe |
"{3BBB0D51-BE05-41E6-8AA3-4C1EEB99C7B3}" = dir=out | [email protected]{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{3C83B10A-245B-48F5-A115-960370AF5DF0}" = protocol=1 | dir=in | [email protected],-28543 |
"{3CFA8DE9-AF66-4505-90F4-5DB33821A579}" = dir=out | [email protected]{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{3F473173-33FE-44A5-9039-3F5DF65363CD}" = dir=out | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{411C13AF-9C53-4A76-A267-2DB2DEE0B2BC}" = dir=out | [email protected]{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{48E9222E-25AF-40A1-B7E4-7E6CF6070D73}" = dir=out | name=fresh paint |
"{4C7EECB2-AFF1-430C-98FD-1B22C43CD71E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4C8229DA-F178-4FD2-8706-7F6C673F0EA9}" = dir=out | name=metrotwit |
"{545C5640-8085-42ED-A713-616B1F0491D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{575EFD41-F307-4D04-8394-B1DCC370EE35}" = dir=out | [email protected]{microsoft.zunemusic_1.1.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{5A943F50-63F2-491A-A1B1-714C316C931A}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5C3D201D-48FF-436F-ABC3-7D1F15954846}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5D6C8104-CD1B-4FA1-AAFB-1561E1FB550E}" = dir=out | [email protected]{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{5F48689E-3DA0-434D-86EB-174328A3BD63}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{60DB3CE1-2BB9-4195-B714-4D9573F3F042}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6469C2C9-5001-4B22-BD4F-AD32B9730332}" = dir=out | [email protected]{microsoft.xboxcompanion_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{667DE111-73AB-4FEB-AE1E-CFD1641E4853}" = dir=in | name=skype |
"{674ECD4A-38D6-43C1-95FD-CD9BA489AE95}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{6839D05F-02F0-459A-AC9A-4209EAF0F8E7}" = dir=in | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{69B34750-308E-4342-ACD0-DB9E16BE9B07}" = dir=out | [email protected]{microsoft.bingnews_1.5.1.409_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{69B978DA-3A2D-4DBB-86B7-B2C5F9FA8613}" = dir=out | [email protected]{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{69C817A5-43A5-4CD4-BBB5-672903F0F771}" = dir=out | [email protected]{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{71F3EE54-4EA9-4446-A7AD-9A7EF230CDA6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{730B7CF3-81CF-4C3D-9CB3-C056FBB50935}" = dir=in | [email protected]{microsoft.xboxcompanion_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{7C2A4E86-C08F-4872-86AD-E801FBC499AD}" = dir=out | name=hp printer control |
"{7DD8F304-08FD-4CA5-8DF5-070BE4CF2362}" = dir=out | name=the espn app |
"{7E80189F-EDD0-475B-BDA4-5F5F5EA887D4}" = protocol=58 | dir=out | [email protected],-28546 |
"{7EFF1F1D-4395-4D85-B4A6-C8E13E0FA883}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8270B059-B6D8-4C44-BA59-FAE6FED48500}" = dir=out | name=adera |
"{840BEF54-EC42-47BF-8DE2-9B1279A69D49}" = dir=out | name=youtube+ |
"{8C384290-8E33-4E8C-8887-01273911394D}" = protocol=58 | dir=in | [email protected],-28545 |
"{8FEAEBAF-6545-4F3E-822E-DB735F2E94F4}" = dir=in | [email protected]{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{93DC039B-29E3-4096-A67D-9561E226D252}" = dir=out | [email protected]{microsoft.bing_1.5.1.251_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{962A824B-A7E8-4B37-B412-2867AB6296F8}" = dir=out | [email protected]{microsoft.xboxcompanion_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{985DC4AE-9013-4A09-B6DE-88D8B18353F3}" = dir=out | name=package tracker |
"{9876B466-55AC-4D21-A29B-F7E536560CA4}" = dir=in | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{990E9BD4-2A9A-4C88-BCEB-672FE95F8C2D}" = dir=out | [email protected]{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{9BF0567C-BB73-44AC-B771-B65EDBF66833}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9D410023-2CD9-44A8-ADB0-EADFC808DF15}" = dir=in | name=hp printer control |
"{9E21C2CA-B355-4B4B-847A-1AA511051747}" = dir=out | name=fresh paint |
"{A0E1BA66-BC6E-486D-AB23-BA9677ECE185}" = dir=in | [email protected]{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{A28E52E5-607D-4DB1-8B98-0EA8772553B5}" = dir=out | [email protected]{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{A3CDB21C-1A90-4777-A156-9058558EA266}" = dir=out | [email protected]{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{A6136EA5-CA1D-4AC6-855B-27E537986499}" = dir=out | [email protected]{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{A89116CC-E0C8-4A29-8E03-D8C3F8C8B7BB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A8F395B9-698D-4E95-870B-A77F41211EBD}" = dir=out | [email protected]{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{B008E422-D4BD-475E-8541-E06EF0E4B925}" = dir=in | name=metrotwit |
"{B3578998-4AB6-4794-986C-8B99E8416670}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{B48E3060-89C4-4AC4-B13A-421784B1B80F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{B4BEB786-3C2C-4DF6-A7A9-7ABDC36BA11F}" = dir=out | name=skype |
"{B4E835A5-E4B1-4F3E-A900-E6A04F36670D}" = dir=out | [email protected]{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{B4FE0A61-5B17-4AA0-92C5-A751FEFDD5E0}" = protocol=1 | dir=out | [email protected],-28544 |
"{BA1C6FA2-9B19-4C12-83D7-358FD1143BCA}" = dir=out | name=microsoft solitaire collection |
"{C8B8E69B-633E-4447-9DBB-E353372225C4}" = dir=out | name=microsoft solitaire collection |
"{C9BADF9E-CB12-424E-8324-B4CE7B5B9C1B}" = dir=out | name=wordament |
"{CCDD9849-A8A7-421F-8971-B498696DA447}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{CDCD2DC4-8606-4C74-B5CD-23FEC5D7044C}" = dir=in | app=c:\program files (x86)\plex\plex media server\plex media server.exe |
"{D42FCDAC-CD18-4D37-93D4-DDDEACDC2BE2}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D61225A7-7A29-429A-AA0F-6F0BF8688C59}" = dir=in | [email protected]{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{D78E0979-E6EE-439D-A513-3C5D06BA9ED5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DA1F95BA-F52D-4932-95E8-032BAF3E7808}" = dir=in | app=c:\users\jake\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{DB0C2060-1450-4661-BA81-1DA36238E244}" = dir=out | [email protected]{microsoft.bingfinance_1.5.1.406_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{E3920BA3-DDDD-46B4-BC8C-E1A6E06201F1}" = dir=out | name=taptiles |
"{E4552764-C06C-485D-B6DF-61178CDAAA66}" = dir=out | [email protected]{microsoft.bingweather_1.5.1.245_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | [email protected]{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{EA1A249A-A17F-40EC-A7FB-068249295D6C}" = dir=out | name=wordament |
"{EC2415CE-BB67-4EB0-B413-67E50643F66C}" = dir=out | [email protected]{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{EF5E1F7C-86E5-4597-849D-BC3849D3943A}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{F2E876EB-3C0E-411F-9C9A-989129010FD0}" = dir=in | app=c:\program files (x86)\plex\plex media server\plexscripthost.exe |
"{F3D0B42D-4263-4B5A-B787-531B13F53078}" = dir=out | [email protected]{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{F5B59A88-539D-4183-9358-F29A541923FB}" = dir=out | [email protected]{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{F84A3330-D771-4464-BC49-44FF72ACA9E7}" = dir=out | [email protected]{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{FD54378B-2EE2-4622-A89A-9615D88231EC}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FD8D71CA-1DE0-4F76-9F8B-9B3C49D1F7C7}" = dir=out | name=forecast hd |
"{FDC8986F-6206-4A2E-91C4-5FA8107ADE9B}" = dir=in | name=the espn app |
"{FEFEE79E-8300-41EE-A24B-B5E97891E3B5}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"TCP Query User{055846D7-9D89-4BDF-A457-E9C7D47A0992}C:\program files\airparrot\airparrot.exe" = protocol=6 | dir=in | app=c:\program files\airparrot\airparrot.exe |
"UDP Query User{DFADBD06-B570-41D0-86C5-8963047B6551}C:\program files\airparrot\airparrot.exe" = protocol=17 | dir=in | app=c:\program files\airparrot\airparrot.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7B78D802-8704-49D3-A9BD-3B4A94C5A35C}" = iLoad
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-1000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{CF8FFD12-602B-422D-AF1D-511B411E7632}" = iTunes
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel Trusted Connect Service Client
"7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
"C01F56FBD9B141017E63E2A1A141E59934D4DC67" = Windows Driver Package - ASUS (ATP) Mouse (10/29/2012 1.0.0.148)
"EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR 4.20 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B41A8C4-1FB8-4B8B-B8FE-D643A617A7DB}_is1" = Դ 汾 2.009
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Qualcomm Atheros Client Installation Program
"{2E3FA0CF-AC2D-4E6F-8EF3-D75E91681441}_is1" = ƻ 2.0.1.0
"{3D47B2C0-8748-4450-99AE-0746A5A74C8E}" = Binreader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D3286A6-F6AB-498A-82A4-E4F040529F3D}" = ASUS Smart Gesture
"{58172D66-2F69-4215-9AEC-ED8196023736}" = ASUS Tutor
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{749F674B-2674-47E8-879C-5626A06B2A91}" = ASUS InstantOn
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}" = ASUS Instant Connect
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}" = ASUS USB Charger Plus
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Qualcomm Atheros Driver Installation Program
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F90D0E4A-DB14-474D-9112-61E4E2234493}" = Plex Media Server
"{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}" = ASUS Live Update
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Airfoil" = Airfoil
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage Sync Agent
"DivX Setup" = DivX Setup
"Google Chrome" = Google Chrome
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = ASUSDVD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"QuickPar" = QuickPar 0.9
"SABnzbd" = SABnzbd 0.7.6
"SecureW2 Enterprise Client" = SecureW2 Enterprise Client 3.5.8
"uTorrent" = Torrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.1
"wpa_supplicant" = wpa_supplicant

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"XBMC" = XBMC

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/4/2013 5:34:29 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053

Error - 1/4/2013 5:34:29 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = 788: ERROR: read_msg errno 0 (The operation completed successfully.)

Error - 1/4/2013 5:41:44 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/4/2013 5:41:44 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1125

Error - 1/4/2013 5:41:44 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1125

Error - 1/4/2013 6:15:29 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = ERROR: mDNSPlatformReadTCP - recv: 10053

Error - 1/4/2013 6:15:29 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = 872: ERROR: read_msg errno 0 (The operation completed successfully.)

Error - 1/4/2013 6:15:35 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/4/2013 6:15:35 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1219

Error - 1/4/2013 6:15:35 PM | Computer Name = Jake-Laptop | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1219

[ System Events ]
Error - 12/19/2012 10:32:40 PM | Computer Name = Jake-Laptop | Source = Service Control Manager | ID = 7000
Description = The DhaHelper service failed to start due to the following error:
%%1275

Error - 12/24/2012 9:58:37 PM | Computer Name = Jake-Laptop | Source = DCOM | ID = 10010
Description =

Error - 12/24/2012 9:58:37 PM | Computer Name = Jake-Laptop | Source = DCOM | ID = 10010
Description =

Error - 12/24/2012 9:58:37 PM | Computer Name = Jake-Laptop | Source = DCOM | ID = 10010
Description =

Error - 12/24/2012 9:58:37 PM | Computer Name = Jake-Laptop | Source = DCOM | ID = 10010
Description =

Error - 12/24/2012 9:59:23 PM | Computer Name = Jake-Laptop | Source = Application Popup | ID = 1060
Description =

Error - 12/24/2012 10:09:05 PM | Computer Name = Jake-Laptop | Source = Application Popup | ID = 1060
Description =

Error - 1/3/2013 9:24:36 PM | Computer Name = Jake-Laptop | Source = EventLog | ID = 6008
Description = The previous system shutdown at 7:08:21 PM on ?1/?3/?2013 was unexpected.

Error - 1/3/2013 9:24:44 PM | Computer Name = JAKE-LAPTOP | Source = BugCheck | ID = 1001
Description =

Error - 1/3/2013 9:24:15 PM | Computer Name = Jake-Laptop | Source = Application Popup | ID = 1060
Description =


< End of report >
  • 0

#19
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,491 posts

Note that the desktop is still black and I am still being redirected in chrome without incognito mode on.


The fact that you are not redirected while in incognito mode narrows our troubleshooting down a bit.

Just to ensure that I am understanding you correctly:

While in incognito mode, is your desktop still black?
  • 0

#20
xirftwx

xirftwx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
The desktop is black whether chrome is open or not. Opening the browser in incognito mode does not affect the desktop whatsoever. This made me think that it was more than an infection of just the browser itself, but I don't know that for sure.
  • 0

#21
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,491 posts
Perfect! Exactly what I needed to know. I'll have to wait for my instructor to confirm my thoughts before we can proceed.

Your patience is truly appreciated, xirftwx. :happy:
  • 0

#22
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,491 posts
Hi xirftwx! :)

When did the desktop become black? Are the desktop icon visible on the black background?

Have you tried to Right click and choose Personalization to change the desktop background?

For Chrome, open the browser in incognito mode. By default no extensions run in incognito mode but there is a work around for that. Once in incognito mode:

Click Tools and then click Extensions.

In the Extensions console, place a checkmark to the left of Allow in Incognito for each extension one at a time and see if you get redirected.

When you come to the one that redirects you, uninstall that one.


You could also try disabling each extension one at a time as follows:

Open up Google Chrome in normal mode. In the address bar type chrome://extensions

Disable each extension one at a time. Uninstall the one that causes the redirect.

Word of warning:

Either way you choose to troubleshoot the extensions, DO NOT venture to banking sites, Paypal, etc. that contain private information. Even while in incognito mode. If any one of those extensions has a security loop hole, it could prove fatal and you could end up loosing your private information to the hands of hackers.

Let us know the results.

Good luck!

Donna

Edited by DonnaB, 07 January 2013 - 10:59 PM.

  • 0

#23
xirftwx

xirftwx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Donna, we have success!

Turns out the extension that was causing the issues was a "Facebook Video Downloader" extension that I had downloaded about a month ago. It was used for downloading a video that was shown at a recent class reunion. I tried to visit the Extension's web page on the chrome store but it seems as if the author has removed it sense then (shocking, I know :whistling: ).

I believe that the desktop background change was a result of me moving the location of the image which was used as the background image. I mistakenly took this as a sign of another infection without realizing that it could have been caused by something that I did.

Thank you so much for the help, I'm surprised at how much control an extension can have within the browser.

Your time is much appreciated -- and I'd like to thank you for helping me remove the illegitimate services which were installed as well.
  • 0

#24
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,491 posts
Hi xirftwx,

That's good news! :) I had found an article concerning that extension though it was from June of 2011, and it did mention that the extension was removed from Chrome's Web Store but not when it was removed.

I believe that the desktop background change was a result of me moving the location of the image which was used as the background image.


Were you able to Right click > Personalize and change the desktop background?

Thank you so much for the help.


You're welcome! Just a few more things to fix here!

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    CHR - Extension: Facebook\u2122 Video Downloader = C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\enfpkglnpcnaafkgbffbplhngngjngjb\3.0.0.0_0\
    [2013/01/06 16:59:17 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess

    :Commands
    [resethosts]
    [emptytemp]
    [CLEARALLRESTOREPOINTS]

  • Then click the Run Fix button at the top
  • Let the program run uninterupted, reboot the PC when it is done.
  • Post the fix log that is found in C:\_OTL\Moved Files in your next reply.

Thank you! :)
  • 0

#25
xirftwx

xirftwx

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Yes, I was able to fix the background.

Here is the OTL log:

All processes killed
========== OTL ==========
File C:\Users\Jake\AppData\Local\Google\Chrome\User Data\Default\Extensions\enfpkglnpcnaafkgbffbplhngngjngjb\3.0.0.0_0 not found.
C:\ProgramData\boost_interprocess\20130108155810.495320 folder moved successfully.
C:\ProgramData\boost_interprocess folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: I_R_F_000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Jake
->Temp folder emptied: 20668 bytes
->Temporary Internet Files folder emptied: 34935 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6041004 bytes
->Google Chrome cache emptied: 401022152 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 19052 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 10606353 bytes

Total Files Cleaned = 398.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 01112013_143931
  • 0

Advertisements


#26
DonnaB

DonnaB

    Miss Congeniality

  • GeekU Moderator
  • 7,491 posts

Yes, I was able to fix the background.


Great! Since the issue is resolved, let's remove the tools and I'll provide some tips to prevent this in the future.

Removal of tools:

OTL Clean-Up

Please click on the Posted Image on your desktop to open the main window.

Next click on the Posted Image button.

Once clean up is complete you will be prompted to reboot your computer. Please do so.
This will remove most of the programs we have used including itself.

If there are any left over tools or logs on your computer please delete them now.

Please do the following to uninstall AdwCleaner.

  • Double-click AdwCleaner.exe to run the tool.
  • Click Uninstall
  • Confirm with yes


A few tips to keep your new computer in good shape:

Not only is it essential that you regularly check and install the latest Windows Updates, you should also keep your software Updated, as well!

Update Checker
Download and install FileHippo update checker and run it monthly. It will show you which programs on your system need to be updated and will provide a download link for you.

You have Malwarebytes installed. I'd use that weekly or monthly depending on the need.

To clean out your temp folders, I'd like to recommend that you download TFC by Old Timer from here:

  • First, save any files as TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista/Windows 7 right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete cleaning.
More info:
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB).

Before running, it will stop Explorer and all other running applications. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.
-- TFC only cleans temp folders.
-- TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail.

TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.

Another good program that I like is WOT = Web of Trust

  • WOT, (Web of Trust), warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory.
  • WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
  • WOT' has an addon available for Firefox, Google Chrome, Internet Explorer, Safari and Opera.

And finally! Some of my own tips for safe computing:

  • Make back-ups of your most personal files frequently by whatever means you have available, i.e. Tape, CD, DVD, USB Drives, Ghost programs, etc. You never know when you'll have to reformat and start from scratch and without current backups of your personal files, you're basically at a lose. You can always reformat and reinstall programs, but you cannot replace your data if you haven't made backups.
  • Be careful where you "surf". If you know you are going to click a site that is questionable, then at least be intelligent enough to disable javascript, java, ActiveX installations, etc... You "surf" these sites at your own risk.
  • Uninstall and quit using P2P networking programs like uTorrent, Kazaa, BearShare, eMule and Limewire. These are your most likely weakest links if you're using them. Primarily most stuff transferred is illegally obtained and if you won't give it up you eventually pay the consequences.
  • Don't give access to your computer to friends or family who appear to be clueless about what they are doing. Otherwise you'll come home from school/work one day and your computer will be trashed.
  • In my opinion, a PC is just that, a PC (Personal Computer). Don't let your kids use it!
  • When in doubt -- don't download it and don't install it until you've researched it.


Here are a few links you might find interesting that will educate and enhance your online surfing abilities:

How did I get infected in the first place? by Tony Klein
How Malware Spreads - How did I get infected by quietman7
How to prevent Malware: by miekemoes

If you have any questions or concerns please don't hesitate to ask! Any member on this site will be more then happy to guide you in your quest for safe surfing and to prevent infection.

Happy and safe computing!

Donna :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP