Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

slow computer


  • Please log in to reply

#1
isaacevanava

isaacevanava

    Member

  • Member
  • PipPip
  • 45 posts
I have all the suggested applications installed but somehow always seem to get slowed down. Computer just seems to run slower especially on certain sites like Huffington post or FB. Any info you could give would be appreciated. Thanks!


OTL logfile created on: 9/11/2013 12:40:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Evan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 1.32 Gb Available Physical Memory | 36.02% Memory free
7.36 Gb Paging File | 4.62 Gb Available in Paging File | 62.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.66 Gb Total Space | 385.03 Gb Free Space | 85.63% Space Free | Partition Type: NTFS

Computer Name: EVANSPC | User Name: Evan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/11 12:40:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Evan\Downloads\OTL (7).exe
PRC - [2013/08/26 23:48:26 | 000,064,008 | ---- | M] (Google) -- C:\Users\Evan\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/05/24 19:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Evan\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/09 03:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 03:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/09 03:58:27 | 000,137,960 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/03 11:12:35 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2011/12/06 16:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/06/16 23:40:58 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
PRC - [2011/03/31 07:38:38 | 000,416,848 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/03/31 07:38:36 | 000,352,848 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/02/22 12:02:16 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/02/22 12:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/02/18 18:21:22 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011/02/15 13:36:10 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/02/15 13:35:34 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/01/31 15:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/09/27 21:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
PRC - [2010/09/17 18:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/09/17 18:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/04/13 11:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 11:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/17 23:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/17 23:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/02 15:35:56 | 000,410,576 | ---- | M] () -- C:\Users\Evan\AppData\Local\Google\Chrome\Application\29.0.1547.66\ppgooglenaclpluginchrome.dll
MOD - [2013/09/02 15:35:55 | 013,599,184 | ---- | M] () -- C:\Users\Evan\AppData\Local\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
MOD - [2013/09/02 15:35:54 | 004,053,456 | ---- | M] () -- C:\Users\Evan\AppData\Local\Google\Chrome\Application\29.0.1547.66\pdf.dll
MOD - [2013/09/02 15:35:04 | 000,709,584 | ---- | M] () -- C:\Users\Evan\AppData\Local\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
MOD - [2013/09/02 15:35:03 | 000,099,792 | ---- | M] () -- C:\Users\Evan\AppData\Local\Google\Chrome\Application\29.0.1547.66\libegl.dll
MOD - [2013/09/02 15:35:01 | 001,604,560 | ---- | M] () -- C:\Users\Evan\AppData\Local\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
MOD - [2013/08/15 08:20:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e06dbdafb38c38517aef61ac41e2fd9d\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 08:19:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/08/15 08:19:32 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 08:19:13 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll
MOD - [2013/08/15 08:19:00 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 08:18:54 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/08/15 08:18:51 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/16 18:13:41 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/03/13 15:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Evan\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 18:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Evan\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/12/06 16:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/22 12:01:38 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/02/22 12:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011/02/15 13:37:10 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/09 03:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/09 03:58:27 | 000,137,960 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2012/09/08 08:31:05 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/01/31 15:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/09/10 20:05:35 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/12 23:37:22 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/03 11:12:35 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/09 14:28:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/16 23:40:58 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2011/03/31 07:38:36 | 000,352,848 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/02/15 13:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/27 20:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/13 11:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/17 23:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/17 23:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/27 17:17:35 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/06/27 17:17:35 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/06/27 17:17:35 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/05/09 03:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 03:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 03:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 03:59:06 | 000,270,824 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2013/05/09 03:59:06 | 000,131,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2013/05/09 03:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 03:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/05/09 03:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/11 23:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/09/03 11:12:36 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/08 13:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/06 15:10:01 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/18 23:51:36 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/04/18 23:51:36 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/04/18 23:51:36 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/04/05 06:26:26 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/04/04 15:55:54 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2011/03/31 15:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2011/03/17 04:42:38 | 002,712,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/09 23:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011/03/09 23:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/03/01 09:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/01/17 17:56:14 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/21 20:47:10 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/07/19 19:10:40 | 010,603,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/13 11:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/01 15:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010/02/26 18:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/29 18:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009/01/29 18:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2007/11/02 16:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylo...0005a59f95e5257
IE - HKCU\..\SearchScopes,DefaultScope = {91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www1.delta-se...123485&tsp=4955
IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = playbryte/search/redirect/?type=default&user_id=b1ea10fc-34a1-4dc7-975d-b1318dad3683&query={searchTerms}
IE - HKCU\..\SearchScopes\{AFF39B82-75E1-4602-8B42-A9851EA1C0C1}: "URL" = http://websearch.ask...93-31E5F8CFF418
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..CT3291327.browser.search.defaultthis.engineName: "true"
FF - prefs.js..browser.search.defaultenginename: "KeyBar 1.14 Customized Web Search"
FF - prefs.js..browser.search.defaultthis.engineName: "KeyBar 1.14 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.condui...earchSource=13"
FF - prefs.js..extensions.enabledAddons: 2020Player_WEB%402020Technologies.com:5.0.91.0
FF - prefs.js..extensions.enabledAddons: text_links%40arcadeweb.com:1.0.0
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7Bda51d4f6-3e7e-4ef8-b400-9198e0874606%7D:10.16.70.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "http://search.condui...153114&UM=2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Evan\AppData\Local\Roblox\Versions\version-221a4807685c44e7\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Evan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Evan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Evan\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Evan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Evan\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Evan\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/26 11:56:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/06/14 11:07:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 23:37:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/26 11:56:05 | 000,000,000 | ---D | M]

[2012/08/01 07:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Extensions
[2013/08/04 21:01:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\extensions
[2013/07/26 07:53:50 | 000,000,000 | ---D | M] (KeyBar 1.14) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\extensions\{da51d4f6-3e7e-4ef8-b400-9198e0874606}
[2012/03/19 12:12:58 | 000,000,000 | ---D | M] (20-20 3D Viewer - WEB) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\extensions\[email protected]
[2013/03/22 20:31:32 | 000,216,743 | ---- | M] () (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\extensions\[email protected]
[2013/03/27 10:03:39 | 000,224,945 | ---- | M] () (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\extensions\[email protected]
[2013/07/26 17:47:01 | 000,006,507 | ---- | M] () -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\searchplugins\babylon.xml
[2011/10/14 15:34:17 | 000,001,945 | ---- | M] () -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\searchplugins\bing-zugo.xml
[2013/08/04 21:02:06 | 000,001,096 | ---- | M] () -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\searchplugins\keybar-114-customized-web-search.xml
[2013/04/12 23:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/14 11:07:07 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/12/03 14:26:02 | 000,000,000 | ---D | M] ("ArcadeWeb") -- C:\USERS\EVAN\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]
[2013/04/12 23:37:24 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/12/23 19:09:01 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/09/28 19:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2013/03/05 20:24:59 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2012/11/20 14:18:42 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe" File not found
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [cdloader] C:\Users\Evan\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Evan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Evan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF479938-5C98-4782-90A5-D39C7AC4C15B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6E055BB-98EE-4114-892B-59092F877D86}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/04 18:17:13 | 000,000,000 | ---D | C] -- C:\Users\Evan\AppData\Local\{15308E58-4B23-46F5-8AC6-2DD19E2CAA49}
[2013/08/18 16:03:32 | 000,000,000 | ---D | C] -- C:\Users\Evan\AppData\Local\{24681726-F71A-49B4-A018-7F30707814BC}
[2013/08/16 18:48:20 | 000,000,000 | ---D | C] -- C:\Users\Evan\AppData\Local\{A2983D64-A72F-454A-9789-4F23E62BF836}
[2013/08/15 09:12:33 | 000,000,000 | ---D | C] -- C:\Users\Evan\AppData\Local\Software
[2013/08/14 23:25:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[1 C:\Users\Evan\Desktop\*.tmp files -> C:\Users\Evan\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/11 12:49:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4046523146-1281529262-768510782-1001UA.job
[2013/09/11 12:42:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/11 12:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/11 10:45:03 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4046523146-1281529262-768510782-1001UA.job
[2013/09/11 10:00:00 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task a39e6601-b5e7-4df7-8b21-269bdcb13c35.job
[2013/09/11 09:42:03 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/11 09:42:03 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/11 09:24:57 | 000,610,034 | ---- | M] () -- C:\Users\Evan\Desktop\IBR9-2013.pdf
[2013/09/11 08:03:00 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f740b301-be2e-4adf-b5cf-ad7cc5dd55e3.job
[2013/09/11 07:56:01 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/11 07:46:39 | 000,733,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/11 07:46:39 | 000,616,680 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/11 07:46:39 | 000,104,604 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/11 07:42:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/11 07:41:54 | 2962,255,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/10 16:45:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4046523146-1281529262-768510782-1001Core.job
[2013/09/09 22:49:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4046523146-1281529262-768510782-1001Core.job
[2013/09/09 08:58:09 | 493,391,071 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/09 08:12:12 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/09/05 18:56:36 | 000,002,362 | ---- | M] () -- C:\Users\Evan\Desktop\Google Chrome.lnk
[2013/08/30 16:19:43 | 000,081,043 | ---- | M] () -- C:\Users\Evan\Desktop\fancy3.jpg
[2013/08/30 16:19:18 | 000,081,711 | ---- | M] () -- C:\Users\Evan\Desktop\fancytiff.jpg
[2013/08/30 16:19:08 | 000,073,661 | ---- | M] () -- C:\Users\Evan\Desktop\fancy.jpg
[1 C:\Users\Evan\Desktop\*.tmp files -> C:\Users\Evan\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/11 09:24:54 | 000,610,034 | ---- | C] () -- C:\Users\Evan\Desktop\IBR9-2013.pdf
[2013/08/30 16:19:43 | 000,081,043 | ---- | C] () -- C:\Users\Evan\Desktop\fancy3.jpg
[2013/08/30 16:19:17 | 000,081,711 | ---- | C] () -- C:\Users\Evan\Desktop\fancytiff.jpg
[2013/08/30 16:19:06 | 000,073,661 | ---- | C] () -- C:\Users\Evan\Desktop\fancy.jpg
[2013/04/07 14:14:01 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013/03/25 17:47:26 | 000,207,259 | ---- | C] () -- C:\Windows\hpwins28.dat.temp
[2012/08/01 07:28:50 | 000,000,815 | ---- | C] () -- C:\Windows\wininit.ini
[2012/03/05 10:57:17 | 000,000,632 | RHS- | C] () -- C:\Users\Evan\ntuser.pol
[2012/02/29 14:55:10 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp
[2012/01/02 15:01:08 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/10/28 08:46:17 | 000,000,043 | ---- | C] () -- C:\Users\Evan\jagex_cl_runescape_LIVE.dat
[2011/10/28 08:46:17 | 000,000,024 | ---- | C] () -- C:\Users\Evan\random.dat
[2011/10/26 11:45:52 | 000,206,572 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011/10/18 14:37:27 | 000,749,728 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/18 03:18:40 | 000,417,902 | ---- | C] () -- C:\Users\Evan\Scary Scream.mp3

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/06/03 15:04:54 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\.minecraft
[2013/07/27 16:35:31 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\BabSolution
[2013/03/22 20:31:46 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Babylon
[2011/10/14 22:13:03 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Barnes & Noble
[2011/10/16 18:17:00 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2013/09/11 07:56:53 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Dropbox
[2012/06/05 16:30:02 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\ly.logic.LogiclyDesktop
[2012/08/25 20:28:24 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\mjusbsp
[2012/01/02 15:34:58 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Motorola
[2011/10/14 22:55:06 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\PowerCinema
[2012/03/31 22:49:08 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Rovio
[2013/07/26 07:53:52 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\SearchProtect
[2013/09/10 21:54:43 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\SoftGrid Client
[2013/03/22 20:36:24 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\TFP
[2011/10/18 14:38:21 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\TP
[2012/05/26 12:20:14 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\WildTangent
[2011/11/17 17:27:47 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\Windows Live Writer
[2012/05/04 16:30:52 | 000,000,000 | ---D | M] -- C:\Users\Evan\AppData\Roaming\WindSolutions

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 408 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and right click on the AdwCleaner icon and Run As Admin.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop.
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply


Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#3
isaacevanava

isaacevanava

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Ok, I think I got all the logs. One other thing I forgot to mention initially is that when Windows tries to update it ALWAYS FAILS to update. Not sure if this is related problem or not . THanks!:)

Also, just noticed, after I did all the below, my Word files aren't opening on desktop. Saying the files to open my short cuts aren't there. It's making them an "office" product as opposed to Word Starter (which is the type of file they are) I didn't purchase Office. If I go to a file that is still showing as Word and open others from there, they will open, but the desktop shortcut iccons look like a office product as opposed to a word only file.


# AdwCleaner v3.003 - Report created 12/09/2013 at 08:32:27
# Updated 07/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Evan - EVANSPC
# Running from : C:\Users\Evan\Downloads\AdwCleaner (2).exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : BrowserDefendert

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserDefender
Folder Deleted : C:\Program Files (x86)\Gophoto.it
Folder Deleted : C:\Program Files (x86)\LyricSing
Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Deleted : C:\Users\Evan\AppData\Local\Temp\delta
Folder Deleted : C:\Users\Evan\AppData\Local\Temp\CT3291327
Folder Deleted : C:\Users\Evan\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Evan\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Evan\AppData\Roaming\SearchProtect
Folder Deleted : C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Folder Deleted : C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\jetpack
Folder Deleted : C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\Smartbar
Folder Deleted : C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\CT3291327
Folder Deleted : C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\Extensions\{da51d4f6-3e7e-4ef8-b400-9198e0874606}
File Deleted : C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\Extensions\[email protected]
File Deleted : C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\Extensions\[email protected]
File Deleted : C:\END
File Deleted : C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\bprotector_prefs.js
File Deleted : C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\user.js
File Deleted : C:\Windows\System32\Tasks\BrowserDefendert
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKCU\Software\855d6d9e26aef17
Key Deleted : HKLM\SOFTWARE\855d6d9e26aef17
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_game-maker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_game-maker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{91607FA7-3C2F-4F90-93E3-D5337A6B0AC2}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\SearchProtect

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v20.0.1 (en-US)

[ File : C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\prefs.js ]

Line Deleted : user_pref("CT3291327.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3291327.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3291327.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3291327.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3291327.FF19Solved", "true");
Line Deleted : user_pref("CT3291327.FirstTime", "true");
Line Deleted : user_pref("CT3291327.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3291327.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3291327.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291327&SearchSource=2&CUI=UN37979959181153114&UM=2&q=");
Line Deleted : user_pref("CT3291327.UserID", "UN37979959181153114");
Line Deleted : user_pref("CT3291327.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3291327.autoDisableScopes", 0);
Line Deleted : user_pref("CT3291327.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3291327.countryCode", "US");
Line Deleted : user_pref("CT3291327.defaultSearch", "true");
Line Deleted : user_pref("CT3291327.embeddedsData", "[{\"appId\":\"130075605338768184\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3291327.enableAlerts", "true");
Line Deleted : user_pref("CT3291327.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3291327.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3291327.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3291327.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3291327.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3291327.fixUrls", true);
Line Deleted : user_pref("CT3291327.fullUserID", "UN37979959181153114.IN.20130726075350");
Line Deleted : user_pref("CT3291327.installDate", "26/07/2013 07:53:49");
Line Deleted : user_pref("CT3291327.installId", "stub.exe");
Line Deleted : user_pref("CT3291327.installSessionId", "{2656ED82-F46B-4D2A-9710-9FD04149F40F}");
Line Deleted : user_pref("CT3291327.installSp", "TRUE");
Line Deleted : user_pref("CT3291327.installType", "conduitnsisintegration");
Line Deleted : user_pref("CT3291327.installUsage", "2013-08-05T05:01:48.2070054+03:00");
Line Deleted : user_pref("CT3291327.installUsageEarly", "2013-08-05T05:01:41.2963826+03:00");
Line Deleted : user_pref("CT3291327.installerVersion", "1.5.4.4");
Line Deleted : user_pref("CT3291327.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3291327.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3291327.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3291327.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3291327.keyword", "true");
Line Deleted : user_pref("CT3291327.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3291327&octid=CT3291327&SearchSource=15&CUI=UN37979959181153114&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3291327.lastVersion", "10.16.70.5");
Line Deleted : user_pref("CT3291327.mam_gk_appStateReportTime.enc", "MTM3NTY2ODExNDUyNA==");
Line Deleted : user_pref("CT3291327.mam_gk_appState_ACplus.enc", "b24=");
Line Deleted : user_pref("CT3291327.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3291327.mam_gk_appState_Discover.enc", "b24=");
Line Deleted : user_pref("CT3291327.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3291327.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3291327.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Deleted : user_pref("CT3291327.mam_gk_appState_PiclickV2-WebSearch.enc", "b24=");
Line Deleted : user_pref("CT3291327.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3291327.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3291327.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
Line Deleted : user_pref("CT3291327.mam_gk_appsDefaultEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3291327.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3291327.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJTZWFyY2giLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiJlZWMzNDMyMC0wNjI4LTRjYTItYTRjZS01YWQyNWM4NTY2ZGIiLCJ[...]
Line Deleted : user_pref("CT3291327.mam_gk_currentVersion.enc", "MS45LjAuNA==");
Line Deleted : user_pref("CT3291327.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3291327.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3291327.mam_gk_lastLoginTime.enc", "MTM3NTY2ODExMTQxOA==");
Line Deleted : user_pref("CT3291327.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3291327.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3291327.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBlc[...]
Line Deleted : user_pref("CT3291327.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3291327.mam_gk_userId.enc", "MjJiMzMyOTQtY2NkOC00NmJjLThjNWYtNTQ5MmE5Y2ZjZmE5");
Line Deleted : user_pref("CT3291327.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3291327.missingMachineIdSent", "true");
Line Deleted : user_pref("CT3291327.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://KeyBar114.OurToolbar.com/\",\"EB_TOOLB[...]
Line Deleted : user_pref("CT3291327.openThankYouPage", "false");
Line Deleted : user_pref("CT3291327.openUninstallPage", "true");
Line Deleted : user_pref("CT3291327.originalHomepage", "hxxp://search.babylon.com/?affID=119776&babsrc=HP_ss&mntrId=cc80ff3f0000000000005a59f95e5257");
Line Deleted : user_pref("CT3291327.originalSearchAddressUrl", "hxxp://search.babylon.com/?affID=119776&babsrc=KW_ss&mntrId=cc80ff3f0000000000005a59f95e5257&q=");
Line Deleted : user_pref("CT3291327.originalSearchEngine", "Search the web (Babylon)");
Line Deleted : user_pref("CT3291327.originalSearchEngineName", "Search the web (Babylon)");
Line Deleted : user_pref("CT3291327.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3291327.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3291327.search.searchAppId", "130075605338768184");
Line Deleted : user_pref("CT3291327.search.searchCount", "0");
Line Deleted : user_pref("CT3291327.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3291327.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3291327.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3291327.searchRevert", "false");
Line Deleted : user_pref("CT3291327.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3291327.searchUserMode", "2");
Line Deleted : user_pref("CT3291327.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3291327.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3291327.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3291327.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3291327\"}");
Line Deleted : user_pref("CT3291327.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://KeyBar114.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3291327.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"KeyBar 1.14\"}");
Line Deleted : user_pref("CT3291327.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3291327.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3291327.serviceLayer_services_Configuration_lastUpdate", "1375668092550");
Line Deleted : user_pref("CT3291327.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1375668095616");
Line Deleted : user_pref("CT3291327.serviceLayer_services_appsMetadata_lastUpdate", "1375668095300");
Line Deleted : user_pref("CT3291327.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1375668095438");
Line Deleted : user_pref("CT3291327.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1375668092558");
Line Deleted : user_pref("CT3291327.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1375668100353");
Line Deleted : user_pref("CT3291327.serviceLayer_services_login_10.16.70.5_lastUpdate", "1375668100360");
Line Deleted : user_pref("CT3291327.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1375668095534");
Line Deleted : user_pref("CT3291327.serviceLayer_services_searchAPI_lastUpdate", "1375668092565");
Line Deleted : user_pref("CT3291327.serviceLayer_services_serviceMap_lastUpdate", "1375668091321");
Line Deleted : user_pref("CT3291327.serviceLayer_services_toolbarContextMenu_lastUpdate", "1375668095314");
Line Deleted : user_pref("CT3291327.serviceLayer_services_toolbarSettings_lastUpdate", "1375668092578");
Line Deleted : user_pref("CT3291327.serviceLayer_services_translation_lastUpdate", "1375668099799");
Line Deleted : user_pref("CT3291327.settingsINI", true);
Line Deleted : user_pref("CT3291327.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3291327.showToolbarPermission", "false");
Line Deleted : user_pref("CT3291327.smartbar.CTID", "CT3291327");
Line Deleted : user_pref("CT3291327.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3291327.smartbar.homepage", "true");
Line Deleted : user_pref("CT3291327.smartbar.toolbarName", "KeyBar 1.14 ");
Line Deleted : user_pref("CT3291327.startPage", "true");
Line Deleted : user_pref("CT3291327.toolbarBornServerTime", "5-8-2013");
Line Deleted : user_pref("CT3291327.toolbarCurrentServerTime", "5-8-2013");
Line Deleted : user_pref("CT3291327.toolbarLoginClientTime", "Sun Aug 04 2013 21:01:40 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT3291327.versionFromInstaller", "10.16.70.5");
Line Deleted : user_pref("CT3291327.xpeMode", "3");
Line Deleted : user_pref("CT3291327_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1375668082112,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3291327&CUI=UN37979959181153114&UM=2&SearchSource=13");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "KeyBar 1.14 Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291327&SearchSource=2&CUI=UN37979959181153114&UM=2&q=");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?affID=119776&babsrc=KW_ss&mntrId=cc80ff3f0000000000005a59f95e5257&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3291327");
Line Deleted : user_pref("browser.newtab.url", "hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=CC805A59F95E5257&affID=123485&tsp=4955");
Line Deleted : user_pref("browser.search.defaultenginename", "KeyBar 1.14 Customized Web Search");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "KeyBar 1.14 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291327&CUI=UN37979959181153114&UM=2&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3291327&CUI=UN37979959181153114&UM=2&SearchSource=13");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=119776&babsrc=NT_ss&mntrId=cc80ff3f0000000000005a59f95e5257");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291327&SearchSource=2&CUI=UN37979959181153114&UM=2&q=");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3291327");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3291327&CUI=UN37979959181153114&UM=2&SearchSource=13");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3291327&SearchSource=2&CUI=UN37979959181153114&UM=2&q=");
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3291327");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3291327");
Line Deleted : user_pref("smartbar.machineId", "");

-\\ Google Chrome v

[ File : C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [19917 octets] - [12/09/2013 08:14:42]
AdwCleaner[S0].txt - [19582 octets] - [12/09/2013 08:32:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19643 octets] ##########




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.0 (09.12.2013:1)
OS: Windows 7 Home Premium x64
Ran by Evan on Thu 09/12/2013 at 8:48:55.39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\torch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4046523146-1281529262-768510782-1001\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\torch
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1 (4)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetupV1 (4)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\st-softonic-sntb[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\st-softonic-sntb[1]_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1 (4)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetupV1 (4)_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\st-softonic-sntb[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\st-softonic-sntb[1]_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFF39B82-75E1-4602-8B42-A9851EA1C0C1}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Evan\appdata\local\software"
Successfully deleted: [Folder] "C:\Users\Evan\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{0276CE73-7A65-4E5C-A224-8B1038987B07}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{027F2FC7-D8DA-44BA-B49B-F9B7473D26C9}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{02952872-A6C1-4656-AAE9-24A9B2091D2A}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{040983C8-E550-4131-9921-990BE204C075}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{05958333-F194-4599-9CFD-D9E39B37799B}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{0690BE3F-3A7C-4EF2-9A01-A406E59D2466}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{0B6571CD-DA0C-4498-9C80-2C743423192B}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{0E3D9E8B-E747-44E7-8C09-3E1A0BABB4ED}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{0F049A8E-4D92-4CEB-B280-1910BFF888F1}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{12F2263F-65B2-49F5-BBD4-23C7AA13F94D}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{15308E58-4B23-46F5-8AC6-2DD19E2CAA49}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{157C43CC-6281-4F8E-A5D5-212A01CDAD0E}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{1840F12B-8186-4A7E-B8F7-B2BDB2221E90}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{1B4A3D47-16D6-40A2-9928-989B4C7BD418}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{1E553122-6A77-4EA5-8E11-A6BFE40AF7DA}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{1FB57DF2-ABD4-42E3-80B9-4171F5ACB31C}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{2199B912-A863-4D88-BEFC-43F90080FA55}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{24681726-F71A-49B4-A018-7F30707814BC}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{2CE53162-71DD-40E5-8BA9-E74BD317AD71}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{308DDCAF-A43F-4346-A379-F404856EC6E0}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{3866519A-0B7E-4223-ABC3-C5F88DE2AA85}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{3AF6D013-3DCB-45B3-90DA-CA18E4F45451}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{3C41FEE6-A4DE-4EDE-A958-B0DE157EB18E}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{3EC6FF13-7DEA-42D2-A97B-0A6207FD1C95}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{419CCF39-3F17-47E6-A4D3-70AB803AD628}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{461521A1-12A1-4274-8C97-930970206B36}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{47BC10E2-B76D-44EE-AE79-238DDA93C646}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{4804CC66-6A42-4CDA-88C4-847AE3B8038D}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{49504263-4309-4A13-83E0-5A4D9462CA00}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{49DF9666-A81B-4257-91CC-6DE30DC44E05}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{4E07DD86-7127-4C12-B3B8-712A0E830C60}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{4E5B4542-5319-4C82-9C7A-734A3152E1D5}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{50E5ECDA-9383-4224-8A9D-7E09F162BE94}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{515F2CEA-3A4A-4582-879F-24567EA4F934}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{53256196-0EAD-4A5B-8FE4-6790A747D7DB}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{5ABF0CCC-8B88-4B28-A5F3-398DAA632003}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{5CC247A7-612B-4387-AF32-034B7B6B2CF0}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{5D05AEE2-BBD5-4114-88B7-367C7B5267F3}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{5DB527C4-2416-49B0-B98B-81C53B3EDEE8}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{5FFC2BB8-5D8C-4EC6-AF1B-665BFD8BB7AE}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{6238E4A4-2B83-48FB-ABE7-BD3E0B0FAB8B}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{6265480F-B347-4387-885A-B28157938982}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{65D053D5-0754-4AD8-87CD-3BE89C5F0058}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{66C92298-20B8-493E-9769-EDCB93C9C3D1}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{67D19D74-F33C-4A9D-AC8E-1A5E908C0D85}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{6986CADF-7FEB-4A6F-9276-041E674A7DD0}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{702AF69B-7AD8-4812-A35B-9A4F9DC8C6AD}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{704C6628-DCF2-48BE-944D-F8F317B4435B}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{72F0282E-9158-499D-B9F0-25CFE9275E98}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{734771F1-0ACE-4FD1-9A25-C4CC143F25EB}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{742B2F27-042E-4CE5-ACFA-A3952F89D52F}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{76366777-1ADF-4522-B1F8-9A537B27C18A}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{7A9D8A2F-FD30-497E-BF38-8081DB7D26D0}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{7B7944C9-B933-4974-AF79-55E49F860121}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{7BF07A24-A62B-4BDA-8A3D-D79D564C10A7}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{7D1AA490-3582-4F2C-A071-83969DB18A25}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{7D645B4A-6801-4A53-B18E-2D2072170962}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{7EF00E5B-3CE8-44C5-8005-19EF933D8A66}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{80CE96AD-2F16-4B4C-8C5B-C770C5C0D7F6}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{81F6522E-E308-4F32-A4E5-0F17A33B1122}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{83648C9A-88B1-42FE-98EF-EE0E55082848}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{85416FE3-E611-449F-9788-81D53AAEB677}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{8B560B28-7534-4216-8B38-0E333A40CD0C}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{8BAEC98B-8548-44ED-9172-269D16C5F642}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{8CA67213-B14B-4660-8E30-99FE9EFDCFF3}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{8D6FE5C9-4460-41B7-B127-4789828C6A6A}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{8E2BA52C-EB4B-4D60-B77F-5C9674BEF25F}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{8EA8DEA8-3154-43EF-A38D-5DE6FA6BD922}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{92D3FB98-DC23-412E-815C-C05C2E5732CC}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{9582B2ED-E414-4B3E-A4E8-D722991F727D}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{971D1FBD-C4A1-4B91-97A9-3E52F860F0F9}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{98FD5603-9622-44E5-B6F3-C8835E14DBDB}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{993B4C4B-8D94-45DC-8F08-A482177B0366}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{99586C72-A6D4-4E83-B9BC-7DEBF7C412C8}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{9AD79EC1-CE04-4D84-A754-783DE191F566}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{9BB21593-708F-42F7-931A-84F7584CE793}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{9BB5A2CC-77E0-493C-8C16-CD6ED41B1AE4}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{9BF4164F-D92D-4942-9EEB-B48358F4C75A}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{9CF5D2D6-A98A-48AC-8BF7-1F6A706B14E9}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{A0377432-3A86-4EA0-ACD9-BB6A85F04E16}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{A1F0AEF8-ABBB-4137-B3C2-F5293FBA7B5B}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{A2983D64-A72F-454A-9789-4F23E62BF836}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{A4F8D20F-CAD0-456F-B8DA-ABADA545278A}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{A5D97765-0119-414D-B4B6-60F9D49D9D67}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{AA5E2BED-1A68-4BF5-85CD-16C166D55E85}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{AE260CAF-C6C4-4C29-B364-5D99FB3C0C37}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{AFDB0E97-A508-48A9-8F09-0AC1DF7B1AF5}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{B2640F19-2C6F-4653-8170-4C363FF6CE2D}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{B7AD80B1-3573-4325-91D1-FF29BBB21E3F}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{B7ADFEAE-E0CB-4F38-99AB-83D46743E2E7}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{B803B952-E3C7-48F2-A5F7-0AC329F425AE}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{C1711E57-684E-4E45-B4BF-67DC1348002A}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{C50238F8-90EF-462A-B173-E577D85838E3}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{C52982ED-192B-426E-8357-9B3BD222B1BF}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{C591D302-A663-4435-B5D8-E38D0399499D}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{C62042D7-299B-4E6B-BD51-C1F6A3A1CBB8}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{CDA84C63-0468-4BB0-B587-5A81DB1EE84D}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{CE5732A7-55A0-4EC8-BF58-FA2397EE90E0}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{D0B63667-85C6-4832-9289-9F8E234F1F51}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{D1702FE1-C579-429A-B59B-A421FA325430}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{D1912243-22AA-4FFE-956A-CB5E3008EA98}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{D3FF6D66-2BFA-4CBE-88C2-AC1272BF6705}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{D4D7F4C4-85C1-498C-9845-83C089B1EA53}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{D6C7A541-BAAE-4789-AE2D-3CD5837ED9D7}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{DA4ECF57-48E2-418C-AF7A-F938190E4975}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{DD2146C4-F0F7-4CAA-A15E-0A77998A82EE}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{DF7503CA-9862-4F35-829A-C44CF2BCC173}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{E143D590-AE2F-4AF6-99EB-CC047CEBCF28}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{E4D0A64F-735D-42E3-A52C-DCF59C2041CC}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{E8233691-10A0-40F3-A556-3F68E22A6A21}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{E884809B-448C-473F-85BB-396F38FCBE49}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{EC37D898-15DA-492D-A894-20CADF309756}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{EDE3EA1C-D939-4ECD-B650-36619FBC2E65}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{EF5AE5DE-A1FB-4088-8F55-367B9573E8C1}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{F193F5C4-54FE-4F6C-AFB6-D89E934F153D}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{F5D03959-EC66-4C7E-840E-0E3686B87639}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{F672AF27-F6E2-4797-8FD2-D5FFDC33ACEF}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{F6C4EA3E-92B8-4ED1-A949-AC260A50AAD1}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{FAECAA97-1746-4CA4-8CA6-A0E7DCF1F226}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{FB509FBF-5043-47CF-98D3-0AF4FA63365C}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{FD58E7E1-5C5A-49B7-ABDF-4253F6F1A02E}
Successfully deleted: [Empty Folder] C:\Users\Evan\appdata\local\{FF4949E4-85A4-4FB4-B8FA-DDABDDBC4250}



~~~ FireFox

Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"
Successfully deleted: [File] C:\Users\Evan\AppData\Roaming\mozilla\firefox\profiles\ruo31qt8.default\searchplugins\bing-zugo.xml
Successfully deleted the following from C:\Users\Evan\AppData\Roaming\mozilla\firefox\profiles\ruo31qt8.default\prefs.js

user_pref("ibryte_browseforchange.installpixelfired", true);
user_pref("ibryte_playbryte.installpixelfired", true);
user_pref("{5911488E-9D1E-40ec-8CBB-06B231CC153F}.update_url", "hxxp://tbupdate.zugo.com/ztb/update?partner_id={partner_id}&product_id={product_id}&affiliate_id={affiliate_id}
Emptied folder: C:\Users\Evan\AppData\Roaming\mozilla\firefox\profiles\ruo31qt8.default\minidumps [70 files]



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bgnnidmnbdkmhfkjgdnngciimpdgohok
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\kiplfnciaokpcennlkldkdaeaaomamof



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/12/2013 at 9:06:12.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




OTL logfile created on: 9/12/2013 9:43:25 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Evan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 49.81% Memory free
7.36 Gb Paging File | 5.18 Gb Available in Paging File | 70.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.66 Gb Total Space | 382.73 Gb Free Space | 85.12% Space Free | Partition Type: NTFS

Computer Name: EVANSPC | User Name: Evan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/24 19:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Evan\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/09 03:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/05/09 03:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/09 03:58:27 | 000,137,960 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe
PRC - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/18 16:31:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Evan\Downloads\OTL (1).exe
PRC - [2011/12/06 16:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
PRC - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/06/16 23:40:58 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
PRC - [2011/03/31 07:38:38 | 000,416,848 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/03/31 07:38:36 | 000,352,848 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/02/22 12:02:16 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/02/22 12:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/02/18 18:21:22 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011/02/15 13:36:10 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/02/15 13:35:34 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/01/31 15:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/09/27 21:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
PRC - [2010/09/17 18:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/09/17 18:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/04/13 11:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/04/13 11:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/17 23:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/03/17 23:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/08/15 08:21:04 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8dc1c182cd1f10cd2abcfecd01fe9eeb\System.Web.ni.dll
MOD - [2013/08/15 08:20:54 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e06dbdafb38c38517aef61ac41e2fd9d\System.Runtime.Remoting.ni.dll
MOD - [2013/08/15 08:19:43 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\28ea347a952d20959ac6ae02d7457d39\System.Windows.Forms.ni.dll
MOD - [2013/08/15 08:19:32 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5aa44bce7933e4de09d935848f868a4b\System.Drawing.ni.dll
MOD - [2013/08/15 08:19:13 | 003,348,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1f6f220f9efe936d1158c79b9d4b451f\WindowsBase.ni.dll
MOD - [2013/08/15 08:19:00 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\09db78d6068543df01862a023aca785a\System.Xml.ni.dll
MOD - [2013/08/15 08:18:54 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8f7d83126a3cf283e5ac97f2d6d99f12\System.Configuration.ni.dll
MOD - [2013/08/15 08:18:51 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5d22a30e587e2cac106b81fb351e7c08\System.ni.dll
MOD - [2013/07/16 18:13:41 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll
MOD - [2013/03/13 15:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Evan\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 18:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Evan\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/12/06 16:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/22 12:01:38 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/02/22 12:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011/02/15 13:37:10 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2013/05/09 03:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2013/05/09 03:58:27 | 000,137,960 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2012/09/08 08:31:05 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011/01/31 15:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/09/10 20:05:35 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/12 23:37:22 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/08/09 14:28:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/16 23:40:58 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe -- (DeviceMonitorService)
SRV - [2011/03/31 07:38:36 | 000,352,848 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/02/15 13:36:10 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/27 20:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/06/01 17:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/13 11:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/17 23:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/03/17 23:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/27 17:17:35 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/06/27 17:17:35 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/06/27 17:17:35 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/05/09 03:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/05/09 03:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/05/09 03:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/05/09 03:59:06 | 000,270,824 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2)
DRV:64bit: - [2013/05/09 03:59:06 | 000,131,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW)
DRV:64bit: - [2013/05/09 03:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/05/09 03:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/05/09 03:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/11 23:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/09/03 11:12:36 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/08 13:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/06 15:10:01 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/04/18 23:51:36 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/04/18 23:51:36 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/04/18 23:51:36 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/04/05 06:26:26 | 000,142,632 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2011/04/04 15:55:54 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)
DRV:64bit: - [2011/03/31 15:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2011/03/17 04:42:38 | 002,712,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/09 23:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011/03/09 23:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/03/01 09:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/01/17 17:56:14 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/21 20:47:10 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/07/19 19:10:40 | 010,603,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/04/13 11:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/04/01 15:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)
DRV:64bit: - [2010/02/26 18:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/17 00:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/29 18:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)
DRV:64bit: - [2009/01/29 18:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)
DRV:64bit: - [2007/11/02 16:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: 2020Player_WEB%402020Technologies.com:5.0.91.0
FF - prefs.js..extensions.enabledAddons: text_links%40arcadeweb.com:1.0.0
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:8.0.1489
FF - prefs.js..extensions.enabledAddons: %7Bda51d4f6-3e7e-4ef8-b400-9198e0874606%7D:10.16.70.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\4\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Evan\AppData\Local\Roblox\Versions\version-221a4807685c44e7\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Evan\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Evan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Evan\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Evan\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Evan\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Evan\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/26 11:56:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/06/14 11:07:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/12 23:37:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/10/26 11:56:05 | 000,000,000 | ---D | M]

[2012/08/01 07:28:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Extensions
[2013/09/12 08:32:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\extensions
[2012/03/19 12:12:58 | 000,000,000 | ---D | M] (20-20 3D Viewer - WEB) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\extensions\[email protected]
[2013/08/04 21:02:06 | 000,001,096 | ---- | M] () -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\searchplugins\keybar-114-customized-web-search.xml
[2013/04/12 23:36:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/06/14 11:07:07 | 000,000,000 | ---D | M] (avast! Online Security) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2011/12/03 14:26:02 | 000,000,000 | ---D | M] ("ArcadeWeb") -- C:\USERS\EVAN\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]
File not found (No name found) -- C:\USERS\EVAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RUO31QT8.DEFAULT\EXTENSIONS\{DA51D4F6-3E7E-4EF8-B400-9198E0874606}
[2013/04/12 23:37:24 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/12/23 19:09:01 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/05 20:24:59 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2012/11/20 14:18:42 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe" File not found
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [cdloader] C:\Users\Evan\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Evan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
O4 - Startup: C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Evan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF479938-5C98-4782-90A5-D39C7AC4C15B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E6E055BB-98EE-4114-892B-59092F877D86}: DhcpNameServer = 192.168.42.129
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/12 08:48:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/09/12 08:06:31 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/14 23:37:35 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/08/14 23:37:34 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/08/14 23:37:31 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/08/14 23:37:30 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/14 23:37:30 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/08/14 23:37:30 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/08/14 23:37:30 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/08/14 23:37:29 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/08/14 23:37:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/08/14 23:37:29 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/08/14 23:37:29 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/08/14 23:37:23 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/08/14 23:37:22 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/08/14 23:37:21 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/08/14 23:37:20 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/08/14 23:25:00 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/08/14 09:00:55 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/08/14 09:00:53 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/08/14 09:00:51 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/08/14 08:59:59 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/08/14 08:59:58 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/08/14 08:59:56 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/08/14 08:59:45 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/08/14 08:59:41 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/08/14 08:59:40 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/08/14 08:59:38 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/08/14 08:59:35 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/08/14 08:59:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/08/14 08:59:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/08/14 08:59:20 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/08/14 08:59:20 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/08/14 08:59:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[1 C:\Users\Evan\Desktop\*.tmp files -> C:\Users\Evan\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/12 09:49:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4046523146-1281529262-768510782-1001UA.job
[2013/09/12 09:42:14 | 000,000,512 | ---- | M] () -- C:\Users\Evan\Desktop\MBR.dat
[2013/09/12 09:42:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/12 09:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/12 08:43:15 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/12 08:43:15 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/12 08:39:40 | 000,733,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/12 08:39:40 | 000,616,680 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/12 08:39:40 | 000,104,604 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/12 08:34:45 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/12 08:34:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/12 08:34:07 | 2962,255,872 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/12 08:03:01 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f740b301-be2e-4adf-b5cf-ad7cc5dd55e3.job
[2013/09/11 16:45:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4046523146-1281529262-768510782-1001UA.job
[2013/09/11 16:45:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4046523146-1281529262-768510782-1001Core.job
[2013/09/11 10:00:00 | 000,000,508 | ---- | M] () -- C:\Windows\tasks\SUPERAntiSpyware Scheduled Task a39e6601-b5e7-4df7-8b21-269bdcb13c35.job
[2013/09/11 09:24:57 | 000,610,034 | ---- | M] () -- C:\Users\Evan\Desktop\IBR9-2013.pdf
[2013/09/10 20:05:34 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/10 20:05:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/09 22:49:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4046523146-1281529262-768510782-1001Core.job
[2013/09/09 08:58:09 | 493,391,071 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/09 08:12:12 | 000,002,018 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013/09/05 18:56:36 | 000,002,362 | ---- | M] () -- C:\Users\Evan\Desktop\Google Chrome.lnk
[2013/08/30 16:19:43 | 000,081,043 | ---- | M] () -- C:\Users\Evan\Desktop\fancy3.jpg
[2013/08/30 16:19:18 | 000,081,711 | ---- | M] () -- C:\Users\Evan\Desktop\fancytiff.jpg
[2013/08/30 16:19:08 | 000,073,661 | ---- | M] () -- C:\Users\Evan\Desktop\fancy.jpg
[1 C:\Users\Evan\Desktop\*.tmp files -> C:\Users\Evan\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/11 09:24:54 | 000,610,034 | ---- | C] () -- C:\Users\Evan\Desktop\IBR9-2013.pdf
[2013/08/30 16:19:43 | 000,081,043 | ---- | C] () -- C:\Users\Evan\Desktop\fancy3.jpg
[2013/08/30 16:19:17 | 000,081,711 | ---- | C] () -- C:\Users\Evan\Desktop\fancytiff.jpg
[2013/08/30 16:19:06 | 000,073,661 | ---- | C] () -- C:\Users\Evan\Desktop\fancy.jpg
[2013/04/07 14:14:01 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2013/03/25 17:47:26 | 000,207,259 | ---- | C] () -- C:\Windows\hpwins28.dat.temp
[2012/08/01 07:28:50 | 000,000,815 | ---- | C] () -- C:\Windows\wininit.ini
[2012/03/05 10:57:17 | 000,000,632 | RHS- | C] () -- C:\Users\Evan\ntuser.pol
[2012/02/29 14:55:10 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp
[2012/01/02 15:01:08 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/10/28 08:46:17 | 000,000,043 | ---- | C] () -- C:\Users\Evan\jagex_cl_runescape_LIVE.dat
[2011/10/28 08:46:17 | 000,000,024 | ---- | C] () -- C:\Users\Evan\random.dat
[2011/10/26 11:45:52 | 000,206,572 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011/10/18 14:37:27 | 000,749,728 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/06/18 03:18:40 | 000,417,902 | ---- | C] () -- C:\Users\Evan\Scary Scream.mp3

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 408 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >




OTL Extras logfile created on: 9/12/2013 9:43:25 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Evan\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 1.83 Gb Available Physical Memory | 49.81% Memory free
7.36 Gb Paging File | 5.18 Gb Available in Paging File | 70.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.66 Gb Total Space | 382.73 Gb Free Space | 85.12% Space Free | Partition Type: NTFS

Computer Name: EVANSPC | User Name: Evan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = comfile] -- "%1" %*
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Evan\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01394FED-2C91-4C47-A7EC-13288771BDC2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{01433AB3-EB1F-4E05-891C-25ABB0A9E7DB}" = rport=137 | protocol=17 | dir=out | app=system |
"{08986512-BC1D-4B2C-B324-16420C3892E9}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{1CC1E6C0-3F69-4252-BDD1-775DDD2E643D}" = lport=138 | protocol=17 | dir=in | app=system |
"{2AF74A9E-7B61-4FD0-8A72-1B2CAB38ABC3}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2C80425F-18EF-4E65-BADE-451CBF5A9789}" = lport=137 | protocol=17 | dir=in | app=system |
"{32DCCFD0-8EBA-44C1-8E94-3B1807640878}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3981646F-B23B-4422-9960-2CE794F225B4}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3F7C7240-0B53-47EC-BE1C-30592952E440}" = lport=2869 | protocol=6 | dir=in | app=system |
"{484CE47B-BEAF-4E1B-A5CC-875BF59940DE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{55724988-186D-44F8-A968-94011F06AF29}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{617C1F1D-D6D9-4CAD-A013-8F217BAE42C8}" = rport=139 | protocol=6 | dir=out | app=system |
"{65A46D41-604D-43AE-A3E5-BEC7AF512BE8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6F1E673C-C536-42B1-BBD6-E9DBEB0F97F9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7092585D-CA23-4AA8-90BE-DFFE1A83C901}" = lport=139 | protocol=6 | dir=in | app=system |
"{7DD6775F-5F8B-4D5C-9240-83ED035D6492}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7DDF8B23-E2DB-4394-877D-88781891C2A9}" = rport=445 | protocol=6 | dir=out | app=system |
"{825BC122-D6BA-4B65-B131-56BECB2BFA2F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{842061A0-2DC9-4DC1-A10B-290FD7E1E2CC}" = rport=138 | protocol=17 | dir=out | app=system |
"{88EC4423-239D-4F14-8724-CB90A13C9083}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{8E304BB7-F867-4E92-9BD0-BAEDB56B0431}" = lport=10243 | protocol=6 | dir=in | app=system |
"{A0E0AC03-FE2E-4395-9FE7-086F4B6E75C2}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AA9C802F-F2BD-4774-9BA9-DFBC5C603644}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{C8E2A43A-81B5-474B-8EDF-3D9AABF7B796}" = lport=445 | protocol=6 | dir=in | app=system |
"{CBBEED1D-064A-4F24-A734-446771852FEC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2E1A62E-CE45-4CA5-BDB4-442C5D4490B0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04D1465C-1807-4791-983C-B9430B717CE9}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe |
"{06BB339D-BF4C-4559-81D9-8691B04269D0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{11EB90A9-957B-4E6F-A800-C4BFF2755CBE}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |
"{219C9C1B-8FF7-4DEE-A24A-B808D6438C5B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{227C4E5A-914D-47E3-80D8-E1089CC940A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2E5F0F5E-87F4-4FE8-AE0E-944624621AD0}" = protocol=17 | dir=in | app=c:\users\evan\appdata\roaming\dropbox\bin\dropbox.exe |
"{2EBF1664-FF90-49E1-AA7E-62688ADC8FB5}" = protocol=58 | dir=in | [email protected],-28545 |
"{2F9E69A5-3C5D-46CD-9DF0-8020182CB2C0}" = protocol=6 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{3A63D09C-B03D-4662-8DE2-B6B84FE6518D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{3F8A0029-D970-4077-B63E-EE3C5D02E91A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{443DF061-54AC-4547-AC1A-B6DD3BC78901}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{4524C0F8-5A24-4D15-8210-D0ED66225C5E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{4FBC4B3F-92E1-4426-B740-457EBC6696BA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4FF2E6F1-3947-4903-93C6-B0A66CA936B0}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{5528598B-C462-4ECB-ACD6-EDC2ED0C817E}" = protocol=1 | dir=in | [email protected],-28543 |
"{55A84D97-600B-4DD8-B648-D26690FDE54F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{58A03610-3E74-427C-8256-30E616E5FE33}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{5CC57C4C-D3A1-447F-B76E-D868420F4B4E}" = protocol=1 | dir=out | [email protected],-28544 |
"{5CC808F5-A796-435B-A9CD-4F187B159A4F}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{63B8EE0F-E1DC-4301-8551-9FCE193F7648}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{67D129A0-FCDD-4C79-B7FB-710C1CE92CF5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6BA4F0C3-6E5A-4F96-8109-30D58CFB2D52}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{6D4ADB25-3721-4AB5-B64F-5409B6D26CD5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{6D5BFA71-E60C-4FA4-B1C4-49D094576F3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7374E92D-A1ED-42B0-9949-1ED09D72848B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{742EAE0B-B3C8-4E0F-9821-CD9ADC5D7AA6}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{756AC999-590F-4FF2-B895-E19C7963CE33}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{78F2AB84-C066-43F0-880F-4260EA149B1F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{794B97B1-25B1-477B-8ABF-834BD0A572BC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{8162076C-A1BB-4BC0-B686-4FD30A40B57A}" = protocol=6 | dir=in | app=c:\users\evan\appdata\roaming\dropbox\bin\dropbox.exe |
"{81923247-6374-46BD-BD33-E62DCDACDF84}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{82171A90-1918-4FE6-8FF9-E7046E955CBA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{82C41BBB-D2D5-47F5-A78C-E80AC19A949C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{83C1161B-840F-4E03-AAD9-D1B79F8716AE}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{89113A14-E2ED-4C31-B3B3-EC743806B618}" = protocol=58 | dir=out | [email protected],-28546 |
"{984D0582-E176-4371-B6B6-156ED07EDF2A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{9DDDA98C-DCA9-4E82-BDD8-632D236DD93C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A1C5BFA6-31A7-4807-9E1C-6499373D730B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A6483A7A-DC10-4082-9FC1-D89792BC0DE3}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{AC7BCBE6-DEBE-456C-B67E-26AC953945BF}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe |
"{AE9681FF-B544-4D0B-A70B-7CB126CD275A}" = dir=in | app=c:\users\evan\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{B12A3D03-1FF3-43CC-AFD5-5D6489C21518}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{B52A0F61-6028-4ABE-A4DD-53036C05C4F8}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{B8615B31-9EAE-4BF9-987E-4597DAF01CEC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{C0DC918D-0524-46D5-A6C2-C7788443675C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D18EF1FD-CDA4-413E-BB91-E01B89E92ADC}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe |
"{D2B662B0-D17A-4C7B-B040-58C3AB45FA4E}" = protocol=6 | dir=out | app=system |
"{D6D7A743-A4EC-43A9-AEEA-D9C3EF71F0DE}" = protocol=17 | dir=in | app=c:\program files (x86)\frostwire 5\frostwire.exe |
"{D7BBE4FB-C35F-4EA6-92E0-359A197A9F21}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{D9C93FF8-AAE3-4B84-B4A7-114743808B2B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{DB9F1171-E943-409E-B6FD-76202DC75251}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DD0840D2-13D1-473E-853E-56CB68F67DCC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{E109F8CE-F645-4C66-848B-A10DEC263951}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{E86C8B36-6736-4D1D-99B0-8BE540BC7144}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{E894F427-F8B0-4C5A-AC92-1E9CBAED6FDF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{E98AFD87-AE0E-4AC2-AA3F-B0B853B7EA50}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EB22D0B8-169C-40F2-873B-5FAC4774075D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{ECE973A0-6DA4-4D4B-92DD-D1357EED80BA}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe |
"{EFB07D05-2B42-4D88-8F35-974F9D8A628A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F387E469-FC23-4A1E-B6E3-398C329C228B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F7FC4F6D-7F74-4FF1-8FC1-9719FF91AB88}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{FAE5332C-7BC0-46E2-A7D9-A70127BD8CC1}" = dir=in | app=d:\setup\hpznui40.exe |
"TCP Query User{0F7A4A99-C429-4CDE-9390-13F5447D7FF6}C:\users\evan\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\evan\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{4563F81F-469B-4085-9D4A-361A43B5979B}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{B693764C-47BB-41C7-B053-0266C0112128}C:\program files (x86)\motorola media link\lite\mml.exe" = protocol=6 | dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe |
"TCP Query User{D3ADFBB2-01EF-4DB4-BF5E-49F9D75FC7ED}C:\users\evan\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\evan\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{EF92F1BE-3417-48EF-B96B-07EC52A8A229}C:\program files (x86)\motorola media link\lite\mml.exe" = protocol=6 | dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe |
"UDP Query User{04B64D93-9BE6-479E-804B-CFF587C1E1B2}C:\users\evan\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\evan\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{5221344D-255D-4EAC-B68B-DEC124B8B624}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{CC6C453F-B4BE-45FC-BB0D-07939326DD84}C:\program files (x86)\motorola media link\lite\mml.exe" = protocol=17 | dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe |
"UDP Query User{E5B633BD-5B6F-4874-98C1-5D243444D794}C:\program files (x86)\motorola media link\lite\mml.exe" = protocol=17 | dir=in | app=c:\program files (x86)\motorola media link\lite\mml.exe |
"UDP Query User{E7731B66-A515-4B7C-8CB6-0914795E83BF}C:\users\evan\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\evan\appdata\roaming\dropbox\bin\dropbox.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{B0C6CCC9-0BAB-4636-A06F-B43B6FBC25DF}" = Motorola Mobile Drivers Installation 5.4.0
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{C91DCB72-F5BB-410D-A91A-314F5D1B4284}" = Broadcom Gigabit NetLink Controller
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Elantech" = ETDWare PS/2-X64 8.0.6.3_WHQL
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"MediaInfo" = MediaInfo 0.7.52
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = MediaEspresso
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java™ 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{378397D6-FD32-4092-A854-6A75CB7EDA46}" = MOTOROLA MEDIA LINK
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}" = Angry Birds Space
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72199E33-4F2A-4B7F-8E25-95DDDD50A678}" = Acer System Information
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0409-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}" = Google Earth
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.5 MUI
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EB38C3E0-4863-3123-9114-5BE86EC8E5C7}" = Google Talk Plugin
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Internet Security
"BN_DesktopReader" = NOOK for PC
"Busytown" = Busytown Uninstall
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"LManager" = Launch Manager
"[email protected]" = LyricsSing
"ly.logic.LogiclyDesktop" = Logicly
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MotoHelper" = MotoHelper 2.1.32 Driver 5.4.0
"Mozilla Firefox 20.0.1 (x86 en-US)" = Mozilla Firefox 20.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Quick Screen Capture 3.0_is1" = Quick Screen Capture 3.0
"Revo Uninstaller" = Revo Uninstaller 1.94
"SpywareBlaster_is1" = SpywareBlaster 5.0
"WildTangent acer Master Uninstall" = Acer Games
"WildTangent wildgames Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 5.00 beta 7 (32-bit)
"WTA-036dc91c-3596-41cf-afb5-8fe9d76b3bfa" = Dora's World Adventure
"WTA-10f999da-3c38-4d87-99a6-08e748bc4ba3" = Zuma's Revenge
"WTA-2426fbc3-e9a4-4c29-a0e0-0e1d4e09dac2" = Chuzzle Deluxe
"WTA-307d684f-8bcc-4503-bd58-e0668db6dcee" = Bejeweled 2 Deluxe
"WTA-33f18576-3d19-4dd3-8aed-e5f1426eec54" = Torchlight
"WTA-3ad4add0-74f7-4427-af1c-b53fd4ae149e" = Poker Superstars III
"WTA-3aec2ce0-a643-49ae-8194-e6c66943a931" = Polar Golfer
"WTA-3fee7dc0-7906-4d83-af4b-9082669c7728" = Penguins!
"WTA-55a36a0e-cdb4-40e8-8991-ea915b04200d" = Virtual Villagers 4 - The Tree of Life
"WTA-5a6d223e-900a-444b-8c22-6305da7969cb" = Agatha Christie - 4:50 from Paddington
"WTA-5b83c434-767d-4534-ae04-0b469d42494a" = FATE: The Cursed King
"WTA-6416da14-ff05-49d1-b29a-b02e570a0151" = Final Drive: Nitro
"WTA-7b109e19-a2a7-4b5e-89d9-97cd63d3c014" = Polar Bowler
"WTA-925d71b3-6eb9-4e84-832d-7508c57cde5c" = Mystery P.I. - Stolen in San Francisco
"WTA-acf2bd08-527f-443b-9b95-0fe1fe832281" = Build-a-lot 2
"WTA-b66be362-fd3d-4611-b53b-23a494960737" = Plants vs. Zombies - Game of the Year
"WTA-c31c13b2-3d44-43d5-a9d1-8506d541cea9" = Diner Dash 2 Restaurant Rescue
"WTA-dab7998f-5b94-454a-a1c2-5fc158365431" = Jewel Quest Heritage
"WTA-e550e22e-d07b-4a1b-8e1a-7f6d371cf0db" = FATE - The Traitor Soul
"WTA-f226e527-daaa-41cf-bc32-d211e6ba9153" = Namco All-Stars: PAC-MAN

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{373B1718-8CC5-4567-8EE2-9033AD08A680}" = Roblox for Evan
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"magicJack" = magicJack

< End of report >

Edited by isaacevanava, 13 September 2013 - 07:14 AM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Sorry. Seem to have lost your reply.

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do not have the latest Java.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
JavaFX 2.1.1
Java™ 6 Update 29
Java 7 Update 21

Java has been very vulnerable to infection so unless you absolutely need it you should not reinstall it.

If you feel you must have Java:
Get the latest Java at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Do not let it install the yahoo toolbar or other foistware.
Once installed, go into Control Panel, Java, Security and set the slider to the Highest then OK.

(If you also want the 64 bit version then use the 64 bit version of IE to get it.)



Copy the text in the code box by highlighting and Ctrl + c

:OTL
FF - prefs.js..extensions.enabledAddons: %7Bda51d4f6-3e7e-4ef8-b400-9198e0874606%7D:10.16.70.5
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2012/03/19 12:12:58 | 000,000,000 | ---D | M] (20-20 3D Viewer - WEB) -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\extensions\[email protected]
[2013/08/04 21:02:06 | 000,001,096 | ---- | M] () -- C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\searchplugins\keybar-114-customized-web-search.xml
[2011/12/03 14:26:02 | 000,000,000 | ---D | M] ("ArcadeWeb") -- C:\USERS\EVAN\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]
File not found (No name found) -- C:\USERS\EVAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RUO31QT8.DEFAULT\EXTENSIONS\{DA51D4F6-3E7E-4EF8-B400-9198E0874606}
O4 - HKLM..\Run: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe" File not found
O4 - HKCU..\Run: [Facebook Update] C:\Users\Evan\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.5.1)

:Commands
[EMPTYFLASH]
[EMPTYJAVA]
[purity]
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\09172013-some number.log so look there if you don't see it.


Download aswMBR.exe to your desktop.
Right click aswMBR.exe and Run as Administrator
uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply

Since you have Avast it would be wise to let it run a boot-time scan some night while you sleep:


First mute the speakers so it won't wake you up when Windows loads. Click on the Orange ball. Click on Security. Click on AntiVirus. Scroll down to the bottom and find Boot-time scan. Click on Settings. Where it says Heuristic Sensitivity click on the last rectangle so that all of them are orange and it says High. Then change When a threat is found ... to: Move to Chest. OK. Now click on Schedule Now. Close the Avast window and then reboot. The scan will start. It will tell you where it will save the report. Usually it's
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location. When Windows loads Click on the Orange Ball then Maintenance then Scan Logs. Click on the Boot-time scan log and then View Results. IF it found anything then open the saved Report and copy and paste the text into a reply so I can see it.
  • 0

#5
isaacevanava

isaacevanava

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
========== OTL ==========
Prefs.js: %7Bda51d4f6-3e7e-4ef8-b400-9198e0874606%7D:10.16.70.5 removed from extensions.enabledAddons
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\Adobe Reader\ deleted successfully.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll moved successfully.
C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\extensions\[email protected]\plugins folder moved successfully.
C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\extensions\[email protected]\META-INF folder moved successfully.
C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\extensions\[email protected] folder moved successfully.
C:\Users\Evan\AppData\Roaming\Mozilla\Firefox\Profiles\ruo31qt8.default\searchplugins\keybar-114-customized-web-search.xml moved successfully.
C:\USERS\EVAN\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]\components folder moved successfully.
C:\USERS\EVAN\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected]\Chrome folder moved successfully.
C:\USERS\EVAN\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\[email protected] folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Sendori Tray deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
C:\Users\Evan\AppData\Local\Facebook\Update\FacebookUpdate.exe moved successfully.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\Windows\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Evan
->Flash cache emptied: 2309 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Evan
->Java cache emptied: 1 bytes

User: Guest

User: Public

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09172013_223154





aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-17 22:42:14
-----------------------------
22:42:14.156 OS Version: Windows x64 6.1.7601 Service Pack 1
22:42:14.156 Number of processors: 2 586 0x2505
22:42:14.158 ComputerName: EVANSPC UserName: Evan
22:42:16.679 Initialize success
22:42:17.042 AVAST engine defs: 13091701
22:42:45.979 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:42:45.984 Disk 0 Vendor: ST950032 0001 Size: 476940MB BusType: 3
22:42:46.115 Disk 0 MBR read successfully
22:42:46.121 Disk 0 MBR scan
22:42:46.128 Disk 0 Windows 7 default MBR code
22:42:46.138 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 16384 MB offset 2048
22:42:46.163 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 33556480
22:42:46.180 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 460454 MB offset 33761280
22:42:46.307 Disk 0 scanning C:\Windows\system32\drivers
22:43:03.336 Service scanning
22:43:33.201 Modules scanning
22:43:34.835 AVAST engine scan C:\Windows
22:43:38.567 AVAST engine scan C:\Windows\system32
22:47:05.233 AVAST engine scan C:\Windows\system32\drivers
22:47:22.772 AVAST engine scan C:\Users\Evan
22:48:47.111 File: C:\Users\Evan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MLKI155\optin[1].php **INFECTED** Win32:Webcake-A [Adw]
22:56:26.044 File: C:\Users\Evan\Downloads\Setup_ODM.exe **INFECTED** Win32:Adware-gen [Adw]
22:57:14.021 AVAST engine scan C:\ProgramData
23:00:11.462 Scan finished successfully
23:04:57.230 Disk 0 MBR has been saved successfully to "C:\Users\Evan\Desktop\MBR.dat"
23:04:57.244 The log file has been saved successfully to "C:\Users\Evan\Desktop\aswMBR.txt"

Edited by isaacevanava, 17 September 2013 - 10:12 PM.

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
We can let OTL delete the two files that aswMBR found. Doubt that they are in use so it should not need to reboot:

Copy the text in the code box by highlighting and Ctrl + c

:files
C:\Users\Evan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MLKI155\optin[1].php **INFECTED** Win32:Webcake-A [Adw]
C:\Users\Evan\Downloads\Setup_ODM.exe 



then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, it should not need to reboot.
  • 0

#7
isaacevanava

isaacevanava

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
I ran this before I went to bed, when I woke up the computer was shut down and didn't want to restart. Windows asked if i wanted to do a repair or go back to system restore point so it could load. I didn't do that but just cancelled and restarted and it then loaded. So, here was the boot log, not sure if everything went as it was supposed to.


CmdLine - quick
aswBoot.exe /A:"*" /L:"1033" /heur:100 /RA:chest /pup /archives /IA:0 /KBD:2 /wow /dir:"C:\Program Files\AVAST Software\Avast"
CmdLine end
SafeBoot: 0
CreateKbThread
new CKbBuffer
CKbBuffer::Init
CKbBuffer::Init end
NtCreateEvent(g_hStopEvent)
dep_osBeginThread - KbThread
CreateKbThread end
NtInitializeRegistry
KbThread start
ReadRegistry
DATA=C:\ProgramData\AVAST Software\Avast
PROG=C:\Program Files\AVAST Software\Avast
BUILD=1489
Windows 7 Home Premium Service Pack 1
SystemRoot=C:\Windows
TEMP=C:\Windows\TEMP
TMP=C:\Windows\TEMP
ReadRegistry end
CreateTemp
CreateTemp end
aswcmnbDllMain
cmnbInit
aswEnginDllMain(DLL_PROCESS_ATTACH)
InitLog
InitLog end
CmdLine - full
aswBoot.exe /A:"*" /L:"1033" /heur:100 /RA:chest /pup /archives /IA:0 /KBD:2 /wow /dir:"C:\Program Files\AVAST Software\Avast"
CmdLine end
Program folder: C:\Program Files\AVAST Software\Avast
Engine folder: C:\Program Files\AVAST Software\Avast\defs\13091701
Base addr: 76f80000
TimeStamp: 52288257
Unschedule
61,00,75,00,74,00,6F,00,63,00,68,00,65,00,63,00,
6B,00,20,00,61,00,75,00,74,00,6F,00,63,00,68,00,
6B,00,20,00,2A,00,00,00,61,00,73,00,77,00,42,00,
6F,00,6F,00,74,00,2E,00,65,00,78,00,65,00,20,00,
2F,00,41,00,3A,00,22,00,2A,00,22,00,20,00,2F,00,
4C,00,3A,00,22,00,31,00,30,00,33,00,33,00,22,00,
20,00,2F,00,68,00,65,00,75,00,72,00,3A,00,31,00,
30,00,30,00,20,00,2F,00,52,00,41,00,3A,00,63,00,
68,00,65,00,73,00,74,00,20,00,2F,00,70,00,75,00,
70,00,20,00,2F,00,61,00,72,00,63,00,68,00,69,00,
76,00,65,00,73,00,20,00,2F,00,49,00,41,00,3A,00,
30,00,20,00,2F,00,4B,00,42,00,44,00,3A,00,32,00,
20,00,2F,00,77,00,6F,00,77,00,20,00,2F,00,64,00,
69,00,72,00,3A,00,22,00,43,00,3A,00,5C,00,50,00,
72,00,6F,00,67,00,72,00,61,00,6D,00,20,00,46,00,
69,00,6C,00,65,00,73,00,5C,00,41,00,56,00,41,00,
53,00,54,00,20,00,53,00,6F,00,66,00,74,00,77,00,
61,00,72,00,65,00,5C,00,41,00,76,00,61,00,73,00,
74,00,22,00,00,00,00,00,
Unschedule end
LoadResources
LoadResources end
InitReport
InitReport end
New global exclusions:
NtSetEvent(g_hInitEvent) - 1
CPU: Phys(2), Log(2), Aff(2), Feat(0000003f)
FreeMemory: 3579240448
InitKeyboard
g_dwKbdNum: 2
avworkInitialize
s_dwKbdClassCnt: 2
InitKeyboard end
NtSetEvent(g_hInitEvent) - 2
GetKey
FreeMemory: 3537874944
CKbBuffer::Wait
CKbBuffer::Get
CKbBuffer::Get end
CKbBuffer::Wait end
ProcessArea
avfilesScanAdd *MBR0
avfilesScanAdd *BOOTC:
Loading raw access support
avfilesScanAdd *RAW:C:\ [Fs: 03e700ff, NTFS; Dev: 07, 00000020]
avfilesScanAdd *BOOTVolume{3b203c0c-c2bb-11e0-a947-806e6f6e6963}
avfilesScanAdd *RAW:Volume{3b203c0c-c2bb-11e0-a947-806e6f6e6963}\ [Fs: 03e700ff, NTFS; Dev: 07, 00000020]
avfilesScanAdd *BOOTVolume{3b203c0d-c2bb-11e0-a947-806e6f6e6963}
avfilesScanAdd *RAW:Volume{3b203c0d-c2bb-11e0-a947-806e6f6e6963}\ [Fs: 03e700ff, NTFS; Dev: 07, 00000020]
avfilesScanRealMulti begin
GetErrorText
GetErrorText
GetErrorText
GetErrorText
GetErrorText
  • 0

#8
isaacevanava

isaacevanava

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
========== FILES ==========
File\Folder C:\Users\Evan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4MLKI155\optin[1].php **INFECTED** Win32:Webcake-A [Adw] not found.
C:\Users\Evan\Downloads\Setup_ODM.exe moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 09182013_090229
  • 0

#9
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
That's not the right report for the Avast boot-time scan. It should be at:

C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt
  • 0

#10
isaacevanava

isaacevanava

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Sorry about that:)


11/10/2012 18:27
Scan of all local drives

File C:\Program Files (x86)\Motorola\MotoHelper\temp\MotoHelper_2.1.32_Driver_5.4.exe|>$TEMP\vcredist_x86.exe|>VCREDI~3.EXE|>vcredist.msi|>_14248_Microsoft_VC80_MFC_x86.msm Error 42144 {OLE archive is corrupted.}
File C:\Program Files (x86)\Motorola\MotoHelper\temp\MotoHelper_2.1.32_Driver_5.4.exe|>$TEMP\vcredist_x86.exe|>VCREDI~3.EXE|>vcredist.msi|>01File Error 42144 {OLE archive is corrupted.}
File C:\Program Files (x86)\Motorola\MotoHelper\temp\MotoHelper_2.1.32_Driver_5.4.exe|>$TEMP\vcredist_x86.exe|>VCREDI~3.EXE|>vcredist.msi Error 42127 {CAB archive is corrupted.}
File C:\Program Files (x86)\Motorola\MotoHelper\temp\MotoHelper_2.1.32_Driver_5.4.exe|>$TEMP\vcredist_x86.exe|>VCREDI~3.EXE Error 42127 {CAB archive is corrupted.}
File C:\Users\Evan\AppData\Local\Temp\awupdate.exe is infected by Win32:Gamevance-DC [PUP], Repair: Error 42060 {The file was not repaired.}, Deleted
File C:\Users\Evan\AppData\Local\Temp\RBX-578F57C0.tmp|>bfsl-minifigfoots2.mp3 Error 42125 {ZIP archive is corrupted.}
File C:\Users\Evan\AppData\Local\Temp\RBX-AA7709F0.tmp|>null_plainsky512_bk.jpg Error 42125 {ZIP archive is corrupted.}
File C:\Users\Evan\AppData\Local\Temp\RBX-EB7DBCA7.tmp|>bass.wav Error 42125 {ZIP archive is corrupted.}
File C:\Users\Evan\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Quarantine\quarantine.db|>data Error 42125 {ZIP archive is corrupted.}
File C:\Windows\Temp\WER8E91.tmp.hdmp is infected by Win32:Small-BTX [Trj], Deleted
File C:\Windows\Temp\WERA258.tmp.hdmp is infected by Win32:Bamital-CA [Trj], Deleted

Scanning aborted
Number of searched folders: 20057
Number of tested files: 588788
Number of infected files: 3

----------------------------------------
09/17/2013 23:24
Scan of all local drives

File C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricSing\125.crx.vir|>background.js is infected by JS:AddLyrics-D [Adw], Moved to chest
File C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricSing\125.crx.vir|>contentscript.js is infected by JS:AddLyrics-E [Adw], Moved to chest
File C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricSing\125.crx.vir|>manifest.json is infected by JS:AddLyrics-B [Adw], Moved to chest
File C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricSing\125.dll.vir is infected by Win32:AddLyrics-V [Adw], Moved to chest
File C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricSing\125.xpi.vir|>chrome.manifest is infected by Other:AddLyrics-A [Adw], Moved to chest
File C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricSing\125.xpi.vir|>chrome\content\main.js is infected by JS:AddLyrics-F [Adw], Moved to chest
File C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricSing\125.xpi.vir|>chrome\content\overlay.xul is infected by XML:AddLyrics-C [Adw], Moved to chest
File C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricSing\125.xpi.vir|>install.rdf is infected by XML:AddLyrics-A [Adw], Moved to chest
File C:\AdwCleaner\Quarantine\C\Program Files (x86)\LyricSing\chrome.manifest.vir is infected by JS:AddLyrics-B [Adw], Moved to chest
File C:\AdwCleaner\Quarantine\C\Users\Evan\AppData\Roaming\SearchProtect\Res\SPSetup.exe.vir|>$R0\Dialogs\$R0\bin\cltmng.exe is infected by Win32:SearchProtect-A [PUP], Moved to chest
File C:\AdwCleaner\Quarantine\C\Users\Evan\AppData\Roaming\SearchProtect\Res\SPSetup.exe.vir|>$R0\Dialogs\$R0\bin\SPRunner.exe is infected by Win32:SearchProtect-A [PUP], Moved to chest
File C:\AdwCleaner\Quarantine\C\Users\Evan\AppData\Roaming\SearchProtect\Res\SPSetup.exe.vir|>$R0\Dialogs\$R0\bin\ChromeModule.dll is infected by Win32:SearchProtect-A [PUP], Moved to chest
File C:\AdwCleaner\Quarantine\C\Users\Evan\AppData\Roaming\SearchProtect\Res\SPSetup.exe.vir|>$R0\Dialogs\$R0\bin\FirefoxModule.dll is infected by Win32:SearchProtect-A [PUP], Moved to chest
File C:\AdwCleaner\Quarantine\C\Users\Evan\AppData\Roaming\SearchProtect\Res\SPSetup.exe.vir|>$R0\Dialogs\$R0\bin\InternetExplorerModule.dll is infected by Win32:SearchProtect-A [PUP], Moved to chest
File C:\AdwCleaner\Quarantine\C\Users\Evan\AppData\Roaming\SearchProtect\Res\SPSetup.exe.vir|>$R0\Dialogs\$R0\bin\SPHook32.dll is infected by Win32:SearchProtect-A [PUP], Moved to chest
File C:\AdwCleaner\Quarantine\C\Users\Evan\AppData\Roaming\SearchProtect\Res\SPSetup.exe.vir|>$R0\Dialogs\$R0\bin\CltMngSvc.exe is infected by Win32:SearchProtect-A [PUP], Moved to chest
File C:\AdwCleaner\Quarantine\C\Users\Evan\AppData\Roaming\SearchProtect\Res\SPSetup.exe.vir is infected by Win32:SearchProtect-A [PUP], Moved to chest
File C:\Program Files (x86)\Motorola\MotoHelper\temp\MotoHelper_2.1.32_Driver_5.4.exe|>$TEMP\vcredist_x86.exe|>VCREDI~3.EXE|>vcredist.msi|>_14248_Microsoft_VC80_MFC_x86.msm Error 42144 {OLE archive is corrupted.}
File C:\Program Files (x86)\Motorola\MotoHelper\temp\MotoHelper_2.1.32_Driver_5.4.exe|>$TEMP\vcredist_x86.exe|>VCREDI~3.EXE|>vcredist.msi|>01File Error 42144 {OLE archive is corrupted.}
File C:\Program Files (x86)\Motorola\MotoHelper\temp\MotoHelper_2.1.32_Driver_5.4.exe|>$TEMP\vcredist_x86.exe|>VCREDI~3.EXE|>vcredist.msi Error 42127 {CAB archive is corrupted.}
File C:\Program Files (x86)\Motorola\MotoHelper\temp\MotoHelper_2.1.32_Driver_5.4.exe|>$TEMP\vcredist_x86.exe|>VCREDI~3.EXE Error 42127 {CAB archive is corrupted.}
File C:\Program Files (x86)\OpenDownloaderManager\odminstaller.exe|>$INSTDIR\Help\Free Download Manager.chm|>addanewflashvideodownload.htm Error 42136 {CHM archive is corrupted.}
  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
OK. It didn't find anything that we hadn't already removed with adwcleaner. The file:

C:\Program Files (x86)\Motorola\MotoHelper\temp\MotoHelper_2.1.32_Driver_5.4.exe

is corrupt and should be deleted.

Other than that it looks good. How is it running now?
  • 0

#12
isaacevanava

isaacevanava

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Ok, seems to be running better, but I still notice files with $ in front of them (I noticed the recycle bin had it as well) and my Word file issue (from post #3) is still there.

"Also, just noticed, after I did all the below, my Word files aren't opening on desktop. Saying the files to open my short cuts aren't there. It's making them an "office" product as opposed to Word Starter (which is the type of file they are) I didn't purchase Office. If I go to a file that is still showing as Word and open others from there, they will open, but the desktop shortcut iccons look like a office product as opposed to a word only file. "

THANKS!!
  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP

I still notice files with $ in front of them


Probably normally hidden files. We usually hide them during the clean up.

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders - you may not have this one.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

For the Word shortcuts:

If you are not using Office then try to uninstall it then:

Control Panel, Default Programs,

There are two possibilities here. Try the first one:

Set your default programs,
See if Word is on the list. If it is, select it then Choose Defaults for this program. Make sure all of the extensions which start with .do and are word type things are checked. Then Save.

If Word is not on the list then do option #2
Associate a File Type or Protocol with a Program.

Find the first .do extension (Mine is .doc and says Microsoft Word 97-2003). Double click on it. Point it at Word. If you don't see Word you can click on Browse and find it then point it at Word.

Repeat for the rest of the .do extensions.

If that doesn't help then right click on one of the shortcuts, select Properties and tell me what it says under Target:
  • 0

#14
isaacevanava

isaacevanava

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Tried first 2 options, no luck.

The target says its a .docx file type and opens with Windows Shell common.


I think I figured it out . the icons just look different for whatever reason, but they are word documents.

Edited by isaacevanava, 18 September 2013 - 04:07 PM.

  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
When I right click on a doc shortcut and select Properties it looks like this:

[attachment=66575:shortcut.jpg]

I can click on Change and point it at a different program. What happens when you try it?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP