Infected with trojan.zeroaccess!inf4

[ironwall90]

My windows/system32/services.exe is infected with this and I've ran norton, won't get rid of it. Need help please.

[Maniac]

Hello ironwall90 and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  
• Please tick the Scan All users. Next, click the Quick Scan button. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.
    

[ironwall90]

OTL logfile created on: 8/14/2012 4:13:13 PM - Run 1

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Matt\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.86 Gb Total Physical Memory | 1.44 Gb Available Physical Memory | 50.43% Memory free

5.71 Gb Paging File | 3.79 Gb Available in Paging File | 66.43% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 200.00 Gb Total Space | 116.85 Gb Free Space | 58.42% Space Free | Partition Type: NTFS

Drive D: | 240.76 Gb Total Space | 240.66 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Drive E: | 287.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: THEBOSS | User Name: Matt | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/14 16:11:33 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe

PRC - [2012/08/03 21:44:01 | 000,686,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe

PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Matt\AppData\Local\Akamai\netsession_win.exe

PRC - [2011/12/08 16:53:32 | 008,364,288 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe

PRC - [2011/12/07 18:31:00 | 000,303,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe

PRC - [2011/06/01 08:44:54 | 008,003,448 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe

PRC - [2011/06/01 08:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

PRC - [2011/05/20 12:51:14 | 000,210,144 | ---- | M] () -- C:\Program Files (x86)\ooVoo Toolbar\ToolbarUpdaterService.exe

PRC - [2011/05/18 12:25:46 | 022,631,608 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe

PRC - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccsvchst.exe

PRC - [2010/12/13 16:14:30 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe

PRC - [2010/10/07 18:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

PRC - [2010/10/07 13:43:00 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

PRC - [2010/09/30 19:15:20 | 001,078,912 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe

PRC - [2010/09/23 20:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

PRC - [2010/08/17 18:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

PRC - [2009/12/15 14:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

PRC - [2009/11/02 18:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

PRC - [2009/09/30 23:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2009/09/30 23:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2009/07/31 14:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

PRC - [2009/06/24 16:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

PRC - [2009/06/19 14:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

PRC - [2009/06/19 14:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

PRC - [2009/06/15 21:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

PRC - [2008/12/22 21:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

PRC - [2008/03/31 06:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

PRC - [2007/12/10 18:55:26 | 000,323,584 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\Pixart\Pac7302\Monitor.exe

PRC - [2007/11/30 15:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

========== Modules (No Company Name) ==========

MOD - [2012/06/17 00:14:04 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll

MOD - [2012/06/17 00:13:40 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll

MOD - [2012/06/17 00:13:27 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll

MOD - [2012/06/17 00:13:06 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll

MOD - [2012/05/15 17:26:40 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll

MOD - [2012/05/13 11:55:41 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll

MOD - [2012/05/13 11:53:51 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll

MOD - [2012/05/13 11:53:42 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll

MOD - [2012/05/13 11:53:36 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll

MOD - [2012/05/13 11:53:35 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll

MOD - [2012/05/13 11:53:27 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll

MOD - [2011/12/08 16:53:32 | 008,364,288 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe

MOD - [2011/09/13 16:57:20 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll

MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL

MOD - [2010/11/20 08:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll

MOD - [2010/09/30 19:14:04 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll

MOD - [2010/09/30 19:13:38 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll

MOD - [2010/09/30 19:13:12 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll

MOD - [2010/09/30 19:13:06 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll

MOD - [2010/09/23 20:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

MOD - [2009/11/02 18:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

MOD - [2009/11/02 18:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

MOD - [2007/11/30 15:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

MOD - [2007/06/15 14:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll

MOD - [2007/06/01 21:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/05/28 16:24:32 | 000,173,056 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffWeb)

SRV:64bit: - [2011/05/28 16:24:32 | 000,173,056 | ---- | M] (Airytec) [Auto | Stopped] -- C:\Program Files\Airytec\Switch Off\swoff.exe -- (SwOffScheduler)

SRV:64bit: - [2010/09/30 14:50:30 | 000,377,264 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)

SRV:64bit: - [2010/09/22 22:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2012/08/03 21:44:02 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/07/11 13:21:19 | 004,419,392 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll -- (Akamai)

SRV - [2011/12/07 18:31:00 | 000,303,360 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)

SRV - [2011/06/01 08:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)

SRV - [2011/05/20 12:51:14 | 000,210,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ooVoo Toolbar\ToolbarUpdaterService.exe -- (Updater Service for ooVoo Toolbar)

SRV - [2011/04/25 16:59:00 | 004,111,224 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)

SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ccSvcHst.exe -- (NAV)

SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/12/15 14:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2009/09/30 23:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2009/09/30 23:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2009/06/15 21:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)

SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008/03/31 06:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/13 23:40:14 | 000,096,376 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR300.SYS -- (SMR300)

DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/12/12 17:42:00 | 001,256,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)

DRV:64bit: - [2011/08/31 19:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2011/07/22 10:33:48 | 000,025,056 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)

DRV:64bit: - [2011/06/27 01:37:00 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2011/06/16 18:20:38 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)

DRV:64bit: - [2011/04/20 21:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207010.003\symnets.sys -- (SymNetS)

DRV:64bit: - [2011/03/30 23:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207010.003\srtsp64.sys -- (SRTSP)

DRV:64bit: - [2011/03/30 23:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207010.003\srtspx64.sys -- (SRTSPX)

DRV:64bit: - [2011/03/14 22:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207010.003\symefa64.sys -- (SymEFA)

DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/01/27 02:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207010.003\symds64.sys -- (SymDS)

DRV:64bit: - [2011/01/27 01:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NAVx64\1207010.003\ironx64.sys -- (SymIRON)

DRV:64bit: - [2010/12/13 16:14:21 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)

DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)

DRV:64bit: - [2010/10/11 21:49:16 | 000,131,552 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)

DRV:64bit: - [2010/09/23 04:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/09/08 07:39:32 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)

DRV:64bit: - [2010/02/26 04:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2010/02/03 11:21:56 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)

DRV:64bit: - [2010/02/02 18:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010/01/18 05:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2009/09/17 16:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)

DRV:64bit: - [2009/08/19 22:41:38 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)

DRV:64bit: - [2009/08/18 04:23:32 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)

DRV:64bit: - [2009/08/06 17:24:14 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2009/07/20 05:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)

DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/18 16:18:10 | 000,015,928 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)

DRV:64bit: - [2009/06/10 16:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)

DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/13 13:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)

DRV:64bit: - [2009/04/28 13:07:52 | 000,532,480 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PAC7302.SYS -- (PAC7302)

DRV:64bit: - [2008/05/23 21:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV:64bit: - [2008/03/13 03:46:00 | 000,027,136 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ManyCam_x64.sys -- (ManyCam)

DRV - [2012/08/13 22:19:44 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120813.019\ex64.sys -- (NAVEX15)

DRV - [2012/08/13 22:19:44 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)

DRV - [2012/08/13 22:19:44 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2012/08/13 22:19:44 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\VirusDefs\20120813.019\eng64.sys -- (NAVENG)

DRV - [2012/08/10 07:05:28 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\IPSDefs\20120810.001\IDSviA64.sys -- (IDSVia64)

DRV - [2012/06/18 20:01:13 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\Definitions\BASHDefs\20120711.002\BHDrvx64.sys -- (BHDrvx64)

DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2009/07/02 21:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)

DRV - [2005/01/03 02:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/{C4DFC373-9BCD-453A-90F9-9C5CDDE7FAE2}

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3068777940-1155537506-1940195750-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve

IE - HKU\S-1-5-21-3068777940-1155537506-1940195750-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/

IE - HKU\S-1-5-21-3068777940-1155537506-1940195750-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/

IE - HKU\S-1-5-21-3068777940-1155537506-1940195750-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbhelper.dll ()

IE - HKU\S-1-5-21-3068777940-1155537506-1940195750-1000\..\SearchScopes,DefaultScope = {A0128F07-C687-4C8F-8C38-F2517AE96A87}

IE - HKU\S-1-5-21-3068777940-1155537506-1940195750-1000\..\SearchScopes\{5AFC6887-7073-E6CD-E685-A65EBB910758}: "URL" = http://oovoostart.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z053&partner_id=220&product_id=664&affiliate_id=&channel=&toolbar_id=201&toolbar_version=2.1.0&install_country=US&install_date=20110719&user_guid=82B3D3C48B7F4255878E54959D9381B6&machine_id=e94881f1b77d33dd91eaaecb8767dba1&browser=IE&os=win&os_version=6.1-x64-SP1&iesrc={referrer:source}

IE - HKU\S-1-5-21-3068777940-1155537506-1940195750-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/hypercam/{C4DFC373-9BCD-453A-90F9-9C5CDDE7FAE2}?q={searchTerms}

IE - HKU\S-1-5-21-3068777940-1155537506-1940195750-1000\..\SearchScopes\{A0128F07-C687-4C8F-8C38-F2517AE96A87}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}

IE - HKU\S-1-5-21-3068777940-1155537506-1940195750-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3068777940-1155537506-1940195750-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll (Best Buy)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Matt\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Matt\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Matt\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_18.5.0.125\IPSFFPlgn\ [2012/02/07 00:31:44 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - homepage: http://oovoostart.com/?src=startpage&provider=bing&provider_name=bing&provider_code=Z053&partner_id=220&product_id=664&affiliate_id=&channel=&toolbar_id=201&toolbar_version=2.1.0&install_country=US&install_date=20110719&user_guid=82B3D3C48B7F4255878E54959D9381B6&machine_id=e94881f1b77d33dd91eaaecb8767dba1&browser=CR&os=win&os_version=6.1-x64-SP1

CHR - default_search_provider: Bing (Enabled)

CHR - default_search_provider: search_url = http://oovoostart.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z053&partner_id=220&product_id=664&affiliate_id=&channel=&toolbar_id=201&toolbar_version=2.1.0&install_country=US&install_date=20110719&user_guid=82B3D3C48B7F4255878E54959D9381B6&machine_id=e94881f1b77d33dd91eaaecb8767dba1&browser=CR&os=win&os_version=6.1-x64-SP1

CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query=%s

CHR - homepage: http://oovoostart.com/?src=startpage&provider=bing&provider_name=bing&provider_code=Z053&partner_id=220&product_id=664&affiliate_id=&channel=&toolbar_id=201&toolbar_version=2.1.0&install_country=US&install_date=20110719&user_guid=82B3D3C48B7F4255878E54959D9381B6&machine_id=e94881f1b77d33dd91eaaecb8767dba1&browser=CR&os=win&os_version=6.1-x64-SP1

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\Application\21.0.1180.75\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\Application\21.0.1180.75\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\npSkypeChromePlugin.dll

CHR - plugin: Java Deployment Toolkit 6.0.270.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

CHR - plugin: Java Platform SE 6 U27 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Best Buy pc app Detector (Enabled) = C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll

CHR - plugin: Unity Player (Enabled) = C:\Users\Matt\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Matt\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

CHR - plugin: Google Update (Enabled) = C:\Users\Matt\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Google Search = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Skype Click to Call = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\

CHR - Extension: Gmail = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2:64bit: - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\18.7.1.3\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (ooVoo Toolbar Helper) - {92B514FD-A316-4736-99EB-2A6532D02E7D} - C:\Program Files (x86)\ooVoo Toolbar\Toolbar32.dll (ooVoo LLC)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll ()

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll ()

O3 - HKLM\..\Toolbar: (ooVoo Toolbar) - {3D475351-3508-4de9-A7C0-B0CEB0859FBE} - C:\Program Files (x86)\ooVoo Toolbar\Toolbar32.dll (ooVoo LLC)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-3068777940-1155537506-1940195750-1000\..\Toolbar\WebBrowser: (Hyperionics DB Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll ()

O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [PAC7302_Monitor] C:\Windows\Pixart\Pac7302\Monitor.exe (PixArt Imaging Incorporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd File not found

O4:64bit: - HKLM..\Run: [smartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)

O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()

O4 - HKU\S-1-5-19..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3068777940-1155537506-1940195750-1000..\Run: [Akamai NetSession Interface] C:\Users\Matt\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)

O4 - HKU\S-1-5-21-3068777940-1155537506-1940195750-1000..\Run: [Facebook Update] C:\Users\Matt\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

O4 - HKU\S-1-5-21-3068777940-1155537506-1940195750-1000..\Run: [ManyCam] C:\Program Files (x86)\ManyCam\Bin\ManyCam.exe (ManyCam LLC)

O4 - HKU\S-1-5-21-3068777940-1155537506-1940195750-1000..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)

O4 - HKU\S-1-5-21-3068777940-1155537506-1940195750-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()

O4 - HKU\S-1-5-21-3068777940-1155537506-1940195750-1000..\Run: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (Microsoft)

O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm ()

O8:64bit: - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm ()

O8 - Extra context menu item: Locate Spot on Map by GPS - C:\Program Files (x86)\Opanda\IExif 2.3\IExifMap.htm ()

O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - C:\Program Files (x86)\Opanda\IExif 2.3\IExifCom.htm ()

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3434EDEA-4D5A-45E0-8222-074FBFB49292}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{85666AE9-44C6-425B-89C0-EA69A7456DED}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E05B4CE1-44F7-465F-A18E-1021CA7CB2DC}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2003/09/29 04:55:44 | 000,000,052 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]

O33 - MountPoints2\{6fe41ba9-3d6e-11e0-9be0-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{6fe41ba9-3d6e-11e0-9be0-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Installer.exe -- [2005/08/30 11:52:48 | 001,176,001 | R--- | M] ()

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/14 16:11:33 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe

[2012/08/13 23:42:40 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{519A8D82-0BA5-4A34-8DAA-521A751C296F}

[2012/08/13 23:42:26 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{D4F34D04-6A3C-4F38-AC9E-4BCFC4FB5752}

[2012/08/13 23:40:14 | 000,096,376 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR300.SYS

[2012/08/13 23:40:11 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\NPE

[2012/08/13 22:11:07 | 000,000,000 | -H-D | C] -- C:\Users\Matt\Documents\Symantec

[2012/08/13 15:51:55 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\Wow Healbot

[2012/08/13 15:45:10 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse

[2012/08/13 15:43:31 | 000,000,000 | -H-D | C] -- C:\Users\Matt\Documents\My Curse

[2012/08/13 00:27:41 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Symantec

[2012/08/13 00:05:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment

[2012/08/13 00:03:45 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{ED543734-997A-4CDD-9128-7AAC8FABC073}

[2012/08/13 00:03:20 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{4A792714-2675-4539-9070-ED7DF12FF119}

[2012/08/12 23:51:05 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Malwarebytes

[2012/08/12 23:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/08/12 23:50:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/08/12 23:50:54 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/08/12 23:50:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/08/12 22:05:05 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012/08/12 21:37:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warcraft

[2012/08/12 21:35:20 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Blizzard Entertainment

[2012/08/12 19:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\World of Warcraft

[2012/08/12 19:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment

[2012/08/10 12:39:27 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{CD44B285-1EEA-40C8-8AB2-6C771C4B57BA}

[2012/08/10 12:38:52 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{09D07870-667A-4AF5-AFFE-46DDBA6909BE}

[2012/08/06 22:54:38 | 000,000,000 | -H-D | C] -- C:\Users\Matt\Documents\ASUS

[2012/08/06 22:54:29 | 000,000,000 | ---D | C] -- C:\ProgramData\ASUS

[2012/08/06 22:54:27 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\ASUS

[2012/08/06 13:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maxis

[2012/08/06 13:33:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Maxis

[2012/08/03 22:01:06 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\IA FB pics

[2012/08/03 21:47:05 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\IA Summer Meet

[2012/07/20 23:47:50 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{045443EA-EC42-4FE2-948A-B191B00C77CA}

[2012/07/20 23:47:39 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{051997B7-031D-4E61-AC16-F0D06B29D015}

[2012/07/19 22:46:39 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{1B4874D9-C4BC-402E-AB33-3FC75AE9E92D}

[2012/07/19 22:46:25 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\{95B70ADE-BC02-4590-9CB0-826F05722312}

[2008/08/12 01:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll

========== Files - Modified Within 30 Days ==========

[2012/08/14 16:11:33 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\OTL.exe

[2012/08/14 16:10:57 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3068777940-1155537506-1940195750-1000UA.job

[2012/08/14 16:10:56 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3068777940-1155537506-1940195750-1000UA.job

[2012/08/14 16:10:55 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/08/14 16:10:53 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3068777940-1155537506-1940195750-1000Core.job

[2012/08/14 16:10:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/08/14 00:41:45 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2012/08/13 23:49:09 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/08/13 23:49:09 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/08/13 23:48:47 | 000,741,650 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/08/13 23:48:47 | 000,635,824 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/08/13 23:48:47 | 000,110,508 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/08/13 23:41:59 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Final Media Player Update Checker.job

[2012/08/13 23:41:59 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\FreeFileViewerUpdateChecker.job

[2012/08/13 23:41:35 | 2299,822,080 | -HS- | M] () -- C:\hiberfil.sys

[2012/08/13 23:40:14 | 000,096,376 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR300.SYS

[2012/08/13 18:05:01 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3068777940-1155537506-1940195750-1000Core.job

[2012/08/13 15:45:10 | 000,000,318 | ---- | M] () -- C:\Users\Matt\Desktop\Curse Client.appref-ms

[2012/08/13 15:43:25 | 000,000,000 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

[2012/08/13 15:23:09 | 000,001,348 | ---- | M] () -- C:\Users\Matt\Desktop\Zygor Guides Updater.lnk

[2012/08/12 23:50:55 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/11 17:23:23 | 000,000,032 | ---- | M] () -- C:\Users\Matt\jagex_cl_runescape_LIVE.dat

[2012/08/10 12:38:02 | 514,350,661 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2012/08/09 16:41:51 | 000,002,451 | ---- | M] () -- C:\Users\Matt\Desktop\Google Chrome.lnk

[2012/08/06 22:55:18 | 000,501,721 | -H-- | M] () -- C:\Users\Matt\Documents\VNKLDNGIFDNVFDA.png

[2012/08/06 13:44:37 | 000,000,281 | ---- | M] () -- C:\Windows\EReg072.dat

========== Files Created - No Company Name ==========

[2012/08/13 23:46:29 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{cb3e6b12-5653-e901-2e17-28ed00402f87}\U\80000032.@

[2012/08/13 23:42:07 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{cb3e6b12-5653-e901-2e17-28ed00402f87}\U\00000008.@

[2012/08/13 15:45:10 | 000,000,318 | ---- | C] () -- C:\Users\Matt\Desktop\Curse Client.appref-ms

[2012/08/13 15:43:25 | 000,000,000 | ---- | C] () -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip

[2012/08/13 15:23:09 | 000,001,348 | ---- | C] () -- C:\Users\Matt\Desktop\Zygor Guides Updater.lnk

[2012/08/12 23:50:55 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/08/12 21:59:48 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{cb3e6b12-5653-e901-2e17-28ed00402f87}\L\00000004.@

[2012/08/12 21:59:47 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{cb3e6b12-5653-e901-2e17-28ed00402f87}\U\80000064.@

[2012/08/12 20:41:22 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\World of Warcraft.lnk

[2012/08/06 22:55:18 | 000,501,721 | -H-- | C] () -- C:\Users\Matt\Documents\VNKLDNGIFDNVFDA.png

[2012/08/06 13:44:37 | 000,000,281 | ---- | C] () -- C:\Windows\EReg072.dat

[2012/07/14 21:18:05 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll

[2012/06/17 14:37:54 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll

[2012/01/13 08:14:57 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{cb3e6b12-5653-e901-2e17-28ed00402f87}\@

[2012/01/13 08:14:57 | 000,002,048 | -HS- | C] () -- C:\Users\Matt\AppData\Local\{cb3e6b12-5653-e901-2e17-28ed00402f87}\@

[2011/11/23 18:29:25 | 000,000,044 | ---- | C] () -- C:\Users\Matt\jagex_cl_runescape_LIVE1.dat

[2011/11/04 20:14:55 | 000,000,032 | ---- | C] () -- C:\Users\Matt\jagex_cl_runescape_LIVE.dat

[2011/10/04 02:25:48 | 000,000,129 | ---- | C] () -- C:\Users\Matt\jagex_runescape_preferences2.dat

[2011/10/04 02:22:14 | 000,000,035 | ---- | C] () -- C:\Users\Matt\jagex_runescape_preferences.dat

[2011/10/04 02:21:56 | 000,000,023 | ---- | C] () -- C:\Users\Matt\jagexappletviewer.preferences

[2011/09/18 23:02:01 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini

[2011/08/31 19:51:16 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin

[2011/08/31 19:51:16 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

[2011/08/31 19:51:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

[2011/08/31 19:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll

[2011/06/27 15:58:28 | 000,000,868 | ---- | C] () -- C:\Windows\SysWow64\SP7302.INI

[2011/06/15 17:31:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011/06/15 15:31:15 | 000,105,760 | ---- | C] () -- C:\Windows\os4.exe

[2011/06/15 15:31:15 | 000,059,904 | ---- | C] () -- C:\Windows\zlib1.dll

[2011/06/15 15:31:15 | 000,000,329 | ---- | C] () -- C:\Windows\Last.dat

[2011/06/15 15:31:15 | 000,000,031 | ---- | C] () -- C:\Windows\memlist.dat

[2011/06/15 15:31:15 | 000,000,009 | ---- | C] () -- C:\Windows\Language.dat

[2011/06/15 15:31:15 | 000,000,004 | ---- | C] () -- C:\Windows\test.dat

[2011/04/09 21:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

[2010/11/24 07:03:05 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

[2009/04/08 14:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll

[2008/05/22 12:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg

========== LOP Check ==========

[2012/08/13 15:45:28 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\.minecraft

[2011/11/15 02:03:29 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Airytec

[2012/07/14 21:20:23 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Atari

[2011/06/22 19:39:47 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\DiskAid

[2011/10/29 21:13:35 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\FinalMediaPlayer

[2011/06/26 02:20:44 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\FreeFileViewer

[2012/07/14 21:18:10 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Leadertech

[2011/08/02 22:27:52 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ManyCam

[2012/02/26 03:03:31 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Need for Speed World

[2011/10/13 20:02:18 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\NPLUTO Corporation

[2011/07/18 23:40:15 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\ooVoo Details

[2011/07/20 04:13:06 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TeamViewer

[2011/06/15 16:32:08 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Tibia

[2011/06/15 20:20:08 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Tific

[2011/06/26 02:44:38 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\TS3Client

[2011/10/16 23:35:42 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Unity

[2011/08/02 22:16:32 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WeatherBug

[2012/08/13 18:05:01 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3068777940-1155537506-1940195750-1000Core.job

[2012/08/14 16:10:56 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3068777940-1155537506-1940195750-1000UA.job

[2012/08/13 23:41:59 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Final Media Player Update Checker.job

[2012/08/13 23:41:59 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\FreeFileViewerUpdateChecker.job

[2009/07/14 01:08:49 | 000,019,450 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

Thank you

[ironwall90]

OTL Extras logfile created on: 8/14/2012 4:23:19 PM - Run 1

OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Matt\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.86 Gb Total Physical Memory | 1.40 Gb Available Physical Memory | 49.13% Memory free

5.71 Gb Paging File | 3.83 Gb Available in Paging File | 67.01% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 200.00 Gb Total Space | 117.25 Gb Free Space | 58.63% Space Free | Partition Type: NTFS

Drive D: | 240.76 Gb Total Space | 240.66 Gb Free Space | 99.96% Space Free | Partition Type: NTFS

Drive E: | 287.29 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: THEBOSS | User Name: Matt | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- "C:\Program Files (x86)\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot

"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{26A24AE4-039D-4CA4-87B4-2F86417004FF}" = Java 7 Update 4 (64-bit)

"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app

"Airytec Switch Off" = Airytec Switch Off

"CNXT_AUDIO_HDA" = Conexant HD Audio

"Elantech" = ETDWare PS/2-x64 7.0.5.16_WHQL

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam

"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3

"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver

"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java 6 Update 27

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{297DCADA-86A1-4A42-8A13-66B7D7A09FD2}" = WeatherBug

"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{3AC11667-B4DD-4984-AD0B-B2D4E40AB573}" = 15354 Webcam Live

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker

"{584109EB-CEA0-4954-804B-211000018301}" = Tinker

"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck

"{5D87C09F-512F-474A-A306-0FE3B89C396F}" = RuneScape Launcher 1.0.4

"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World

"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash

"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195

"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010

"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver

"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D39F0676-163E-4595-A917-E28F99BBD4D2}" = ASUS AI Recovery

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable

"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager

"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo

"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy pc app

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Akamai" = Akamai NetSession Interface Service

"DiskAid_is1" = DiskAid 4.63

"Disney Toontown Online" = Disney Toontown Online

"Drag Racer" = Drag Racer 3.0

"FinalMediaPlayer_is1" = Final Media Player 2011

"FreeFileViewer_is1" = Free File Viewer 2011

"Game Booster_is1" = Game Booster 3

"GFWL_{584109EB-4A5E-4467-B3C4-5C1000008300}" = Tinker

"HyperCam 2" = HyperCam 2

"Hyperionics DB Toolbar" = Hyperionics DB Toolbar

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300

"ManyCam" = ManyCam 2.6.55 (remove only)

"NAV" = Norton AntiVirus

"ooVoo Toolbar" = ooVoo Toolbar

"Opanda IExif_is1" = Opanda IExif 2.3

"Opanda PowerExif Professional Trial_is1" = Opanda PowerExif 1.2 Professional Trial

"PokerStars.net" = PokerStars.net

"SimCity 3000" = SimCity 3000

"Tansee iPhone Transfer SMS_is1" = Tansee iPhone Transfer SMS

"TeamViewer 6" = TeamViewer 6

"Tibia_is1" = Tibia

"Trusted Software Assistant_is1" = File Type Assistant

"WinLiveSuite" = Windows Live Essentials

"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3068777940-1155537506-1940195750-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"101a9f93b8f0bb6f" = Curse Client

"Akamai" = Akamai NetSession Interface

"Google Chrome" = Google Chrome

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 5/27/2012 6:18:24 PM | Computer Name = TheBoss | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 5/27/2012 6:18:24 PM | Computer Name = TheBoss | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 5/27/2012 6:18:24 PM | Computer Name = TheBoss | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 6/1/2012 4:12:43 PM | Computer Name = TheBoss | Source = Google Update | ID = 20

Description =

Error - 6/2/2012 10:19:59 PM | Computer Name = TheBoss | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 6/2/2012 10:19:59 PM | Computer Name = TheBoss | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 6/2/2012 10:19:59 PM | Computer Name = TheBoss | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 6/2/2012 10:19:59 PM | Computer Name = TheBoss | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 6/2/2012 10:19:59 PM | Computer Name = TheBoss | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 6/2/2012 10:19:59 PM | Computer Name = TheBoss | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 6/2/2012 10:19:59 PM | Computer Name = TheBoss | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

Error - 6/2/2012 10:19:59 PM | Computer Name = TheBoss | Source = Microsoft-Windows-CAPI2 | ID = 4107

Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

with error: The data is invalid. .

[ System Events ]

Error - 7/4/2012 7:32:23 PM | Computer Name = TheBoss | Source = BugCheck | ID = 1001

Description =

Error - 7/7/2012 6:13:44 PM | Computer Name = TheBoss | Source = Tcpip | ID = 4199

Description = The system detected an address conflict for IP address 192.168.1.5

with the system having network hardware address 3C-74-37-AC-B9-73. Network operations

on this system may be disrupted as a result.

Error - 7/7/2012 7:33:28 PM | Computer Name = TheBoss | Source = EventLog | ID = 6008

Description = The previous system shutdown at 7:12:19 PM on ?7/?7/?2012 was unexpected.

Error - 7/7/2012 7:33:31 PM | Computer Name = THEBOSS | Source = BugCheck | ID = 1001

Description =

Error - 7/8/2012 12:56:09 PM | Computer Name = TheBoss | Source = DCOM | ID = 10016

Description =

Error - 7/8/2012 12:56:09 PM | Computer Name = TheBoss | Source = DCOM | ID = 10016

Description =

Error - 7/9/2012 2:46:01 PM | Computer Name = TheBoss | Source = DCOM | ID = 10016

Description =

Error - 7/9/2012 3:04:31 PM | Computer Name = TheBoss | Source = DCOM | ID = 10016

Description =

Error - 7/9/2012 6:01:29 PM | Computer Name = TheBoss | Source = Service Control Manager | ID = 7030

Description = The WSWNA3100 service is marked as an interactive service. However,

the system is configured to not allow interactive services. This service may not

function properly.

Error - 7/16/2012 3:04:12 PM | Computer Name = TheBoss | Source = DCOM | ID = 10016

Description =

< End of report >

Sorry, forgot this one.

[Maniac]

Step 1

Please uninstall these applications:

Hyperionics DB Toolbar

ooVoo Toolbar

Step 2

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  

  :OTL
  IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/hypercam/%7BC4DFC373-9BCD-453A-90F9-9C5CDDE7FAE2
  IE - HKU\S-1-5-21-3068777940-1155537506-1940195750-1000\..\SearchScopes\{5AFC6887-7073-E6CD-E685-A65EBB910758}: "URL" = http://oovoostart.co...referrer:source}
  IE - HKU\S-1-5-21-3068777940-1155537506-1940195750-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://oovoostart.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z053&partner_id=220&product_id=664&affiliate_id=&channel=&toolbar_id=201&toolbar_version=2.1.0&install_country=US&install_date=20110719&user_guid=82B3D3C48B7F4255878E54959D9381B6&machine_id=e94881f1b77d33dd91eaaecb8767dba1&browser=IE&os=win&os_version=6.1-x64-SP1&iesrc={referrer:source}
  IE - HKU\S-1-5-21-3068777940-1155537506-1940195750-1000\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://www.bigseekpro.com/search/browser/hypercam/%7BC4DFC373-9BCD-453A-90F9-9C5CDDE7FAE2%7D?q={searchTerms}
  IE - HKU\S-1-5-21-3068777940-1155537506-1940195750-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
  IE - HKU\S-1-5-21-3068777940-1155537506-1940195750-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
  CHR - homepage: http://oovoostart.com/?src=startpage&provider=bing&provider_name=bing&provider_code=Z053&partner_id=220&product_id=664&affiliate_id=&channel=&toolbar_id=201&toolbar_version=2.1.0&install_country=US&install_date=20110719&user_guid=82B3D3C48B7F4255878E54959D9381B6&machine_id=e94881f1b77d33dd91eaaecb8767dba1&browser=CR&os=win&os_version=6.1-x64-SP1
  CHR - default_search_provider: search_url = http://oovoostart.com/s/?q={searchTerms}&src=defsearch&provider=bing&provider_name=bing&provider_code=Z053&partner_id=220&product_id=664&affiliate_id=&channel=&toolbar_id=201&toolbar_version=2.1.0&install_country=US&install_date=20110719&user_guid=82B3D3C48B7F4255878E54959D9381B6&machine_id=e94881f1b77d33dd91eaaecb8767dba1&browser=CR&os=win&os_version=6.1-x64-SP1
  CHR - homepage: http://oovoostart.com/?src=startpage&provider=bing&provider_name=bing&provider_code=Z053&partner_id=220&product_id=664&affiliate_id=&channel=&toolbar_id=201&toolbar_version=2.1.0&install_country=US&install_date=20110719&user_guid=82B3D3C48B7F4255878E54959D9381B6&machine_id=e94881f1b77d33dd91eaaecb8767dba1&browser=CR&os=win&os_version=6.1-x64-SP1
  O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  [2012/08/13 23:46:29 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{cb3e6b12-5653-e901-2e17-28ed00402f87}\U\80000032.@
  [2012/08/13 23:42:07 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{cb3e6b12-5653-e901-2e17-28ed00402f87}\U\00000008.@
  [2012/08/12 21:59:48 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{cb3e6b12-5653-e901-2e17-28ed00402f87}\L\00000004.@
  [2012/08/12 21:59:47 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{cb3e6b12-5653-e901-2e17-28ed00402f87}\U\80000064.@
  [2012/01/13 08:14:57 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{cb3e6b12-5653-e901-2e17-28ed00402f87}\@
  [2012/01/13 08:14:57 | 000,002,048 | -HS- | C] () -- C:\Users\Matt\AppData\Local\{cb3e6b12-5653-e901-2e17-28ed00402f87}\@
  
  :files
  C:\Users\Matt\AppData\Local\{cb3e6b12-5653-e901-2e17-28ed00402f87}
  C:\Windows\Installer\{cb3e6b12-5653-e901-2e17-28ed00402f87}
  ipconfig /flushdns /c
  
  :Commands
  [emptytemp]
  [clearallrestorepoints]

  
  

• Then click the Run Fix button at the top
  
• Let the program run unhindered, reboot the PC when it is done
  
• Please post the OTL fix log in your next reply.
  

Note: A copy of an OTL fix log is saved in a text file at C:\_OTL\MovedFiles

[ironwall90]

Files\Folders moved on Reboot...

C:\Windows\Installer\{cb3e6b12-5653-e901-2e17-28ed00402f87}\U folder moved successfully.

C:\Windows\Installer\{cb3e6b12-5653-e901-2e17-28ed00402f87} folder moved successfully.

C:\Users\Matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

File C:\Windows\Installer\{cb3e6b12-5653-e901-2e17-28ed00402f87} not found!

File C:\Users\Matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...

After hitting the run fix button, my computer said it was going to shut down in 1 minute, and I believe it shut down before the program was finished.

[Maniac]

Is that the entire log file? Please post a new fresh OTL log.

[Maurice Naggar]

@ironwall90

Are you still with us? Have you resolved your issue ?

If we do not hear back from you soon, this thread will be closed.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!