adware in the bottom left corner of google chrome

mogmac · April 18, 2013

Hi,

A couple of days ago I started getting ads popping up in the bottom left corner of my screen. Ive tried everything to get rid of it (malwarebites, rouge detector, etc), but nothing seems to be working at the moment. I hope somebody can give me some assistance with this.

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume2

Install Date: 19/05/2011 9:33:11 PM

System Uptime: 18/04/2013 11:03:01 AM (0 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | U36JC

Processor: Intel® Core™ i5 CPU M 480 @ 2.67GHz | Socket 989 | 2667/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 116 GiB total, 19.496 GiB free.

D: is FIXED (NTFS) - 328 GiB total, 214.6 GiB free.

E: is CDROM (CDFS)

F: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: Lexmark X422

Device ID: ROOT\IMAGE\0001

Manufacturer: Lexmark

Name: Lexmark X422

PNP Device ID: ROOT\IMAGE\0001

Service: usbscan

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: USB2.0 UVC 1.3M WebCam

Device ID: ROOT\IMAGE\0002

Manufacturer: AzureWave

Name: USB2.0 UVC 1.3M WebCam

PNP Device ID: ROOT\IMAGE\0002

Service: rtsuvc

.

Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}

Description: HP HD Webcam [Fixed]

Device ID: ROOT\IMAGE\0003

Manufacturer: Chicony Electronics Co., Ltd.

Name: HP HD Webcam [Fixed]

PNP Device ID: ROOT\IMAGE\0003

Service: rtsuvc

.

==== System Restore Points ===================

.

RP185: 18/04/2013 10:08:53 AM - ComboFix created restore point

RP186: 18/04/2013 10:31:22 AM - Windows Update

.

==== Hosts File Hijack ======================

.

Hosts: 212.59.28.228 www.google-analytics.com.

Hosts: 212.59.28.228 ad-emea.doubleclick.net.

Hosts: 212.59.28.228 www.statcounter.com.

Hosts: 93.115.241.27 www.google-analytics.com.

Hosts: 93.115.241.27 ad-emea.doubleclick.net.

Hosts: 93.115.241.27 www.statcounter.com.

.

==== Installed Programs ======================

.

??????? Windows Live Mesh ActiveX ??(????)

??????? Windows Live Mesh ActiveX ???

Acrobat.com

Adobe AIR

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Reader XI (11.0.02)

Advertising Center

Akamai NetSession Interface

Alcor Micro USB Card Reader

Apple Application Support

Apple Mobile Device Support

Apple Software Update

ASUS Ai Charger (NB edition)

ASUS AI Recovery

ASUS FancyStart

ASUS LifeFrame3

ASUS Live Update

ASUS Power4Gear Hybrid

ASUS SmartLogon

ASUS Splendid Video Enhancement Technology

ASUS Virtual Camera

ASUS WebStorage

AsusScr_U Series_ENG

AsusVibe2.0

Atheros WLAN and Bluetooth Client Installation Program

ATK Package

AuthenTec TrueSuite

Bing Bar

Bing Rewards Client Installer

Bluetooth Win7 Suite (64)

Bonjour

Bookworm Deluxe

Burn4Free DVD Burning 5.7.0.0

Complemento Messenger

Complément Messenger

Contrôle ActiveX Windows Live Mesh pour connexions à distance

Control ActiveX de Windows Live Mesh para conexiones remotas

ControlDeck

Controlo ActiveX do Windows Live Mesh para Ligações Remotas

Cooking Dash

CyberLink LabelPrint

CyberLink Power2Go

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DivX Setup

DolbyFiles

Driver Detective

Driver Updater

Dropbox

e-tax 2011

ExpressGate Cloud

Fast Boot

Freecorder 5

Freecorder Toolbar

Fresco Logic USB3.0 Host Controller

Galeria de Fotografias do Windows Live

Galerie de photos Windows Live

Galería fotográfica de Windows Live

Game Park Console

Google Chrome

Google Drive

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

Governor of Poker

Hotel Dash Suite Success

HP HD Webcam Driver

HP LaserJet Professional M1130-M1210 MFP Series

HP LaserJet Professional M1210 MFP Series Fax Installer

HP LaserJet Professional M1210 MFP Series Toolbox

HP LaserJet Toolbox

hppLaserJetService

hppM1130M1210SeriesLaserJetService

hppusgM1130M1210Series

HPSSupply

iCloud

ImagXpress

Intel® Control Center

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Intel® Turbo Boost Technology Monitor

iTunes

Java 7 Update 15

Java Auto Updater

Java™ 6 Update 31

Jewel Quest 3

Junk Mail filter update

K-Lite Codec Pack 7.2.0 (Basic)

LightScribe System Software

Luxor 3

Mahjongg dimensions

Malwarebytes Anti-Malware version 1.75.0.1300

MarketResearch

Menu Templates - Starter Kit

Mesh Runtime

Messenger ????

Messenger ?????

Messenger Companion

Metfone 3G

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Home and Student 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Works

MobileMe Control Panel

Movie Templates - Starter Kit

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

MSXML 4.0 SP3 Parser (KB973685)

NB Probe

Nero 9 Essentials

Nero BurnRights

Nero BurnRights Help

Nero ControlCenter

Nero CoverDesigner

Nero CoverDesigner Help

Nero DiscSpeed

Nero DiscSpeed Help

Nero DriveSpeed

Nero DriveSpeed Help

Nero Express Help

Nero InfoTool

Nero InfoTool Help

Nero Installer

Nero Online Upgrade

Nero ShowTime

Nero StartSmart

Nero StartSmart Help

Nero Vision

Nero Vision Help

NeroExpress

neroxml

Net4Switch

Nuance PDF Reader

NVIDIA Display Control Panel

NVIDIA Drivers

NVIDIA Stereoscopic 3D Driver

NVIDIA Updatus

QuickTime

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Safari

Scan To

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Skype Click to Call

Skype™ 6.3

Synaptics Pointing Device Driver

syncables desktop SE

Trend Micro Titanium Internet Security

Tuvaro toolbar

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

USB 2.0 VGA UVC WebCam

VC80CRTRedist - 8.0.50727.4053

VLC media player 2.0.1

Windows Live

Windows Live ???

Windows Live ????

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinFlash

WinRAR 4.00 (32-bit)

Wireless Console 3

World of Goo

.

==== Event Viewer Messages From Past Week ========

.

18/04/2013 9:59:11 AM, Error: Service Control Manager [7034] - The ASLDR Service service terminated unexpectedly. It has done this 1 time(s).

18/04/2013 4:17:53 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

18/04/2013 2:09:02 AM, Error: Service Control Manager [7031] - The BrowserProtect service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

18/04/2013 11:03:13 AM, Error: Service Control Manager [7003] - The ATKGFNEX Service service depends the following service: ASMMAP64. This service might not be installed.

18/04/2013 10:42:38 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom

18/04/2013 10:10:30 AM, Error: Service Control Manager [7034] - The VideAceWindowsService service terminated unexpectedly. It has done this 1 time(s).

17/04/2013 9:47:59 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000003, 0x0000000000000002, 0x0000000000000000, 0xfffff88000e069a5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041713-12932-01.

12/04/2013 9:27:11 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000003, 0x0000000000000002, 0x0000000000000000, 0xfffff88000ed99a5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041213-11403-01.

12/04/2013 7:56:46 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000003, 0x0000000000000002, 0x0000000000000000, 0xfffff88000e8b9a5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041213-14835-01.

12/04/2013 2:06:30 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x0000000000000003, 0x0000000000000002, 0x0000000000000000, 0xfffff88000e969a5). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 041213-24757-01.

11/04/2013 1:46:30 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer PUNLEU-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6FB6720F-FBF3-4D71-BB75-D7491C81CD60}. The master browser is stopping or an election is being forced.

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.15.2

Run by Morgan Macdonald at 11:09:19 on 2013-04-18

Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.3884.1528 [GMT 7:00]

.

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\TrueSuite\TrueSuite.Service.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k WbioSvcGroup

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\TrueSuite\TrueSuite.TouchControl.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\ASUS Ai Charger (NB edition)\AiCharger.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe

C:\Program Files (x86)\Atheros\Bluetooth Suite\adminservice.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe

C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe

C:\Windows\system32\HPSIsvc.exe

C:\ProgramData\DatacardService\HWDeviceService64.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Trend Micro\Titanium\TiMiniService.exe

C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe

C:\Program Files\Intel\TurboBoost\TurboBoost.exe

C:\ExpressGateUtil\VAWinService.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe

C:\Program Files (x86)\Metfone 3G\Metfone 3G.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe

C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Users\Morgan Macdonald\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\ExpressGateUtil\VAWinAgent.exe

C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Freecorder\FLVSrvc.exe

C:\Program Files (x86)\QuickTime\QTTask.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Users\Morgan Macdonald\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\sppsvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com

uDefault_Page_URL = hxxp://asus.msn.com

mStart Page = hxxp://www.google.com

uProxyOverride = <local>

uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll

mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll

BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: tuvaro Helper Object: {5CB02877-EFBC-4317-B608-9E24B11BAB40} - C:\Program Files (x86)\tuvaro\tuvaro\1.8.17.3\bh\tuvaro.dll

BHO: TrueSuite WebStore: {5cb2b77d-c8ca-44db-af20-a7a4df462a12} -

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Freecorder Toolbar: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Tuvaro Toolbar: {6F001652-AF51-45C6-B029-86E0265A1851} - C:\Program Files (x86)\tuvaro\tuvaro\1.8.17.3\tuvaroTlbr.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe

uRun: [Driver Updater] <no file>

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

mRun: [sessionLogon] C:\ExpressGateUtil\SessionLogon.exe

mRun: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe

mRun: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

StartupFolder: C:\Users\MORGAN~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Morgan Macdonald\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: Interfaces\{58ECD299-FB66-45D5-BB23-24F3E8DDD351} : NameServer = 27.109.112.20 203.118.242.92

TCP: Interfaces\{6FB6720F-FBF3-4D71-BB75-D7491C81CD60} : DHCPNameServer = 203.176.128.10 203.176.130.34

TCP: Interfaces\{6FB6720F-FBF3-4D71-BB75-D7491C81CD60}\242455745756374737 : DHCPNameServer = 172.173.23.201

TCP: Interfaces\{6FB6720F-FBF3-4D71-BB75-D7491C81CD60}\242756775684F6573756F5F4E656 : DHCPNameServer = 203.176.128.10 203.176.130.34

TCP: Interfaces\{6FB6720F-FBF3-4D71-BB75-D7491C81CD60}\2427F677E6025313026427F6E647 : DHCPNameServer = 203.176.128.10 203.176.130.34

TCP: Interfaces\{6FB6720F-FBF3-4D71-BB75-D7491C81CD60}\2616263616D626F6469616 : DHCPNameServer = 119.82.248.67 119.82.249.10

TCP: Interfaces\{6FB6720F-FBF3-4D71-BB75-D7491C81CD60}\3747275697B686D65627 : DHCPNameServer = 117.120.24.1 203.113.188.1

TCP: Interfaces\{6FB6720F-FBF3-4D71-BB75-D7491C81CD60}\655676F6D257073747169627 : DHCPNameServer = 119.82.248.67 119.82.249.10

TCP: Interfaces\{6FB6720F-FBF3-4D71-BB75-D7491C81CD60}\7414443413 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{BCCE4C5B-65BF-48AA-A863-1B36086E54C1} : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

x64-mStart Page = hxxp://asus.msn.com

x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll

x64-BHO: TrueSuite WebStore: {5cb2b77d-c8ca-44db-af20-a7a4df462a12} -

x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe

x64-Run: [VizorHtmlDialog.exe] "C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" "DEF" "EULA" "C:\Program Files\Trend Micro\Titanium\UI\Installer.cmpt\resources\preinstall_01_welcome_trial.html" "DEF" "DEF" "DEF"

x64-Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe"

x64-Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe -ReFlush "none" "none"

x64-Run: [ClientAppLogon] C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe

x64-Run: [ClientAppLogon32] C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe

x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe"

x64-Run: [AthBtTray] "C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe"

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [synAsusAcpi] C:\Program Files (x86)\Synaptics\SynTP\SynAsusAcpi.exe

x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

x64-Run: [setwallpaper] c:\programdata\SetWallpaper.cmd

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll

x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

Hosts: 212.59.28.228 www.google-analytics.com.

Hosts: 212.59.28.228 ad-emea.doubleclick.net.

Hosts: 212.59.28.228 www.statcounter.com.

Hosts: 93.115.241.27 www.google-analytics.com.

Hosts: 93.115.241.27 ad-emea.doubleclick.net.

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

============= SERVICES / DRIVERS ===============

.

R0 AiCharger;AiCharger;C:\Windows\System32\drivers\AiCharger.sys [2011-4-5 14976]

R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-4-18 14456]

R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2010-9-5 24680]

R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-4-5 379520]

R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe [2011-4-5 151552]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Atheros\Bluetooth Suite\AdminService.exe [2010-11-26 52896]

R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 FPLService;TrueSuiteService;C:\Program Files\TrueSuite\TrueSuite.Service.exe [2010-12-10 290632]

R2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-10-15 136192]

R2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [2010-5-11 362296]

R2 HPSIService;HP SI Service;C:\Windows\System32\HPSIsvc.exe [2011-6-4 127800]

R2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe -/service --> C:\ProgramData\DatacardService\HWDeviceService64.exe -/service [?]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-18 418376]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-9-6 235624]

R2 TiMiniService;TiMiniService;C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [2010-10-27 241488]

R2 tmevtmgr;tmevtmgr;C:\Windows\System32\drivers\tmevtmgr.sys [2011-4-5 67664]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-4-17 13832]

R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-17 134928]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-4-5 2314240]

R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-21 77312]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-11-26 36000]

R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;C:\Windows\System32\drivers\ATSwpWDF.sys [2010-11-12 893728]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-11-26 298144]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-11-26 28832]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-11-26 201376]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-11-26 55456]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-11-26 154272]

R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-11-26 275616]

R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\System32\drivers\FLxHCIc.sys [2010-11-20 210944]

R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\System32\drivers\FLxHCIh.sys [2010-11-20 49664]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-4-5 56344]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-18 25928]

R3 mbbdatacard;MBB DataCard USB Modem and USB Serial;C:\Windows\System32\drivers\ewusbmdm.sys [2012-6-27 121600]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-5 333928]

R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]

R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]

R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]

R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-18 701512]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-4-5 267480]

S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2010-8-11 44032]

S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE [2012-2-10 240408]

S3 ew_mbbusbdev;MBB USB PNP Device;C:\Windows\System32\drivers\ew_mbbusbdev.sys [2012-6-27 115584]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-4-5 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-4-18 36680]

S3 rtsuvc;HP HD Webcam [Fixed];C:\Windows\System32\drivers\rtsuvc.sys [2012-3-25 8199016]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-11 56832]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-5-24 1255736]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]

.

=============== Created Last 30 ================

.

2013-04-18 03:42:24 -------- dcsh--w- C:\$RECYCLE.BIN

2013-04-18 03:41:15 2560 ----a-w- C:\Windows\_MSRSTRT.EXE

2013-04-18 03:31:37 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D8A6B019-55F2-4C50-9761-30D9E3E4BA8C}\mpengine.dll

2013-04-18 03:31:36 282744 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-18 03:08:51 98816 ----a-w- C:\Windows\sed.exe

2013-04-18 03:08:51 256000 ----a-w- C:\Windows\PEV.exe

2013-04-18 03:08:51 208896 ----a-w- C:\Windows\MBR.exe

2013-04-18 03:08:48 -------- dcs---w- C:\ComboFix

2013-04-18 02:49:30 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2013-04-17 18:53:45 -------- d-----w- C:\Windows\SysWow64\searchplugins

2013-04-17 18:53:45 -------- d-----w- C:\Windows\SysWow64\Extensions

2013-04-17 18:49:54 -------- d-----w- C:\Program Files (x86)\tuvaro

2013-04-17 18:49:52 -------- d-----w- C:\Users\Morgan Macdonald\AppData\Roaming\tuvaro

2013-04-17 18:47:18 -------- d-----w- C:\Users\Morgan Macdonald\AppData\Roaming\LavasoftStatistics

2013-04-17 18:46:27 47496 ----a-w- C:\Windows\System32\sbbd.exe

2013-04-17 18:46:27 14456 ----a-w- C:\Windows\System32\drivers\gfibto.sys

2013-04-17 18:46:27 -------- d-----w- C:\Users\Morgan Macdonald\AppData\Roaming\Ad-Aware Antivirus

2013-04-17 18:26:49 -------- d-----w- C:\Users\Morgan Macdonald\AppData\Roaming\Malwarebytes

2013-04-17 18:26:38 -------- d-----w- C:\ProgramData\Malwarebytes

2013-04-17 18:26:37 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-04-17 18:26:37 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-04-17 18:26:26 -------- d-----w- C:\Users\Morgan Macdonald\AppData\Local\Programs

2013-04-16 16:45:17 192512 --sh--w- C:\Users\Morgan Macdonald\a98sy07v.dll

2013-04-16 10:51:23 -------- d-----w- C:\Users\Morgan Macdonald\AppData\Roaming\Otcica

2013-04-16 10:51:23 -------- d-----w- C:\Users\Morgan Macdonald\AppData\Roaming\Itesr

2013-04-16 10:51:23 -------- d-----w- C:\Users\Morgan Macdonald\AppData\Roaming\Foac

2013-04-10 13:37:59 763520 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2013-04-10 09:47:21 3717632 ----a-w- C:\Windows\System32\mstscax.dll

2013-04-10 09:47:21 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-04-10 09:47:20 44032 ----a-w- C:\Windows\System32\tsgqec.dll

2013-04-10 09:47:20 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll

2013-04-10 09:47:20 158720 ----a-w- C:\Windows\System32\aaclient.dll

2013-04-10 09:47:20 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll

2013-04-10 09:46:12 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-04-10 09:45:52 1655656 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-10 09:45:49 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys

2013-04-10 09:45:45 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-04-10 09:45:45 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-04-10 09:45:45 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-04-10 09:45:44 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-04-10 09:45:44 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-04-10 09:45:44 112640 ----a-w- C:\Windows\System32\smss.exe

2013-04-01 04:13:49 -------- dc----w- C:\Temp

.

==================== Find3M ====================

.

2013-04-17 18:38:17 45056 ----a-w- C:\Windows\System32\acovcnt.exe

2013-03-13 02:19:32 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 02:19:32 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-02-28 03:16:47 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-02-28 03:16:46 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-02-28 03:16:46 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-02-22 06:27:49 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-02-22 06:20:51 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-02-22 06:19:37 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-02-22 06:15:48 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-02-22 06:15:23 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-02-22 06:12:41 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-22 03:46:00 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-02-22 03:38:00 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-02-22 03:37:50 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-02-22 03:34:17 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-02-22 03:34:03 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-02-22 03:31:46 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-02-12 04:12:05 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

.

============= FINISH: 11:09:57.88 ===============

Larusso · April 18, 2013

:welcome:

My name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
I am currently visiting an evening school and working nightshift only which might be evening for you. In this time I am mostly online with my mobile devices and won't be able to reply.

Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if present):

Tuvaro toolbar

Please go to: VirusTotal

In the middle of the page you'll find a "Browse" button.
Click the Browse Button and Copy/Paste the following red text into the File name: field
C:\Users\Morgan Macdonald\a98sy07v.dll
Click "Open".
Then click the "Send File" button at the bottom of the VirusTotal page.
This will scan the file. Please be patient.
NOTE: If you get a message saying File already submitted: click Reanalyze
Once scanned, copy and paste the results in your next reply.

Do not delete any files unless I told you to do so

I see you ran ComboFix without being instructed to. I would like to quote a section of the ComboFix tutorial located here: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.

Please post the C:\Combofix.txt ( do not run Combofix again )

mogmac · April 18, 2013

Hi Daniel,

Thank you very much, and I am sorry for any inconvenience caused by me running Combofix. Unfortunately I can't find any file called 'combofix.txt'. I can find the 'txt' files from other programs I have run such as adwcleaner's 'adwcleaner.txt', but not the Combofix file. The 'combofix.txt' possibly got deleted when I deleted the Combofix program originally, I downloaded it again since deleting it, but I did not run it this time.

I will not run combofix or any other program without instruction from you. Apologies once again.

I uninstalled 'Tuvaro toolbar'

Below are the results from the virus total scan

SHA256: 911f3629cfcda687f885c77e0f72d8d9e0863485ba6aa65924ae121db8a410aa SHA1: a67c4c0413d7e32d6d42d3c52c7a1f420da1f27a MD5: 8269e025689c5a75274edf94b7f030ac File size: 188.0 KB ( 192512 bytes ) File name: a98sy07v.dll File type: Win32 DLL Detection ratio: 2 / 46 Analysis date: 2013-04-18 13:03:49 UTC ( 0 minutes ago )

0

Less details

Antivirus Result Update Agnitum 20130418 AhnLab-V3 20130418 AntiVir 20130418 Antiy-AVL 20130418 Avast 20130418 AVG 20130418 BitDefender 20130418 ByteHero 20130418 CAT-QuickHeal 20130418 ClamAV 20130418 Commtouch 20130418 Comodo 20130418 DrWeb Trojan.Packed.792 20130418 Emsisoft 20130418 eSafe 20130418 ESET-NOD32 20130418 F-Prot 20130418 F-Secure 20130418 Fortinet W32/Kryptik.AQQF!tr 20130418 GData 20130418 Ikarus 20130418 Jiangmin 20130418 K7AntiVirus 20130417 K7GW 20130417 Kaspersky 20130418 Kingsoft 20130415 Malwarebytes 20130418 McAfee 20130418 McAfee-GW-Edition 20130418 Microsoft 20130418 MicroWorld-eScan 20130418 NANO-Antivirus 20130418 Norman 20130418 nProtect 20130418 Panda 20130418 PCTools 20130418 Sophos 20130418 SUPERAntiSpyware 20130418 Symantec 20130418 TheHacker 20130418 TotalDefense 20130418 TrendMicro 20130418 TrendMicro-HouseCall 20130418 VBA32 20130417 VIPRE 20130418 ViRobot 20130418

ssdeep

3072:rrc1tvja6rk4O6F59dlLNli6sReRlZEJLBlOm+yeIL5jWzlUrsf+pHxtENCuLE:3OvO4zTpNcRI0VHOmCIL5ihUAf

TrID

Win32 Executable MS Visual C++ (generic) (61.9%)

Win32 Dynamic Link Library (generic) (13.0%)

Win32 Executable (generic) (12.9%)

Win16/32 Executable Delphi generic (4.1%)

Generic Win/DOS Executable (3.9%)

ExifTool

MIMEType.................: application/octet-stream

Subsystem................: Windows GUI

MachineType..............: Intel 386 or later, and compatibles

TimeStamp................: 2010:01:27 12:36:08+00:00

FileType.................: Win32 DLL

PEType...................: PE32

CodeSize.................: 155648

LinkerVersion............: 6.0

FileAccessDate...........: 2013:04:18 14:03:41+01:00

EntryPoint...............: 0x229b7

InitializedDataSize......: 32768

SubsystemVersion.........: 4.0

ImageVersion.............: 0.0

OSVersion................: 4.0

FileCreateDate...........: 2013:04:18 14:03:41+01:00

UninitializedDataSize....: 0

Portable Executable structural information

Compilation timedatestamp.....: 2010-01-27 12:36:08

Target machine................: Intel 386 or later processors and compatible processors

Entry point address...........: 0x000229B7

PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5

.text 4096 154720 155648 5.84 b43d66f79631509375840cf667b1c30d

.rdata 159744 12931 16384 4.93 558f1726a571b3a01e92242b3f700be0

.data 176128 6096 8192 4.68 4923825112605c86570ed61b1ae1297b

.reloc 184320 6874 8192 6.11 c862ce5570b9478c3b7a1d1ffb347ed9

PE Imports....................:

[[OPENGL32.dll]]

glFlush, wglCreateContext, glRasterPos3sv, glPushClientAttrib, glTexCoord4sv, glTexCoord2dv, glColor4iv, glGetString, glEvalCoord2d, glEvalCoord2f, glScalef, glIndexf, glGetTexLevelParameteriv, glLineWidth, glLighti, glGetMapfv, glLightf, glNormal3iv, glFogiv, glInitNames, glColor3dv, glColorMaterial, wglDeleteContext, glTexCoord3fv, glGenTextures, glTexCoord4iv, glListBase, glGetLightiv, glRenderMode, glCopyTexSubImage2D, glPixelTransferi, glTexSubImage2D, glGetPolygonStipple, glRasterPos2i, glTexCoord4fv, glMap2d, glColor4sv, wglDescribePixelFormat, glPopClientAttrib, glPointSize, glColor4bv, glVertex3sv, glColor3iv, glGetTexGenfv, glTexEnvf, glVertex3f, glTexCoord1d, glTexCoord1f, glColor3i, glCopyTexImage2D, glTexEnvi, glTexGeniv, glTexCoord1s, GlmfCloseMetaFile, glGenLists, glReadBuffer, glFeedbackBuffer, wglGetLayerPaletteEntries, glEndList, glPushName, glGetClipPlane, glTexCoord2d, glVertex4sv, glColor3usv, glPassThrough, glCallList, glGetDoublev, glBegin, glIndexMask, glColor3ubv, glTexCoord2s, glScaled, glDrawArrays, wglUseFontBitmapsW, glLightfv, glVertex2sv, glIsEnabled, glEdgeFlagPointer, glLightModeli, wglUseFontOutlinesA, wglUseFontBitmapsA, glVertex4i, glEvalCoord2fv, glTranslatef, glTranslated, glMapGrid1d, glEvalPoint2, glTexCoord3f, glGetError, wglGetCurrentContext, glTexParameteriv, glTexSubImage1D, glGetMaterialfv, glAlphaFunc, glPixelMapuiv, glEvalCoord1f, glPixelMapfv, glIsTexture, glIndexsv, glStencilFunc, GlmfBeginGlsBlock, glGetIntegerv, glRectiv, glIsList, glRasterPos3dv, glTexCoord2iv, glRasterPos4sv, glColor4s, glTexCoord4f, glTexCoord4i, glMultMatrixd, glMultMatrixf, glTexCoord4s, glColor4b, glGetMaterialiv, glTexCoord3i, glRasterPos2iv, glRasterPos3i, glRasterPos3iv, glEnable, glVertex2dv, glTexParameterfv, glTexCoord2sv, wglMakeCurrent, glGetPixelMapuiv, glBlendFunc, glPixelMapusv, glArrayElement, glViewport, glGetPointerv, glTexCoord3iv, glDepthRange, glFrustum, GlmfPlayGlsRecord, glColorPointer, glDrawBuffer, glLoadName, glScissor, glGetBooleanv, glTexGendv, glIndexub, glPixelStoref, glRasterPos4fv, glMap1f

[[GDI32.dll]]

GetICMProfileA, PlayMetaFile, ExtSelectClipRgn, CreatePolygonRgn, EndPath, CombineRgn, SelectFontLocal, GetViewportOrgEx, GetObjectType, GetGlyphOutlineA, Rectangle, PlgBlt, GetObjectA, CreateCompatibleDC, DeleteDC, GetMapMode, GetCharacterPlacementW, GetWorldTransform, SetPixel, CreateSolidBrush, DeleteObject, CreateDIBSection, GetEnhMetaFileDescriptionW, GetTextExtentPointW, ExtFloodFill, GdiGetPageHandle, GetStockObject, PlayEnhMetaFile, GetDIBits, CreateEnhMetaFileA, SetPixelFormat, GetEnhMetaFileBits, SetViewportOrgEx, GdiGetDC, AddFontResourceExA, CloseFigure, SelectObject, GdiGetSpoolFileHandle, CreateCompatibleBitmap, SetTextJustification, Arc, UpdateColors, SetBkColor, GetBkColor, Ellipse, SetSystemPaletteUse

[[KERNEL32.dll]]

WaitForSingleObject, GetConsoleAliasW, GetHandleInformation, GetFileAttributesW, GetPrivateProfileStructW, DisconnectNamedPipe, GetCurrentProcess, RtlZeroMemory, LocalAlloc, UnhandledExceptionFilter, VirtualLock, WideCharToMultiByte, WaitForDebugEvent, SetComputerNameW, FindNextVolumeMountPointW, GetSystemTimeAsFileTime, SetFileAttributesA, FreeLibrary, GetProfileIntW, ReadConsoleInputExW, LoadResource, GetLogicalDriveStringsW, DeleteTimerQueue, EnumDateFormatsA, GetSystemTime, ReadConsoleInputA, GetUserDefaultLangID, CancelTimerQueueTimer, SetConsoleActiveScreenBuffer, ExitProcess, lstrcmpiW, ShowConsoleCursor, GetCurrencyFormatA, GetProfileSectionW, GetSystemDefaultLCID, GetLocalTime, GetProfileSectionA, WriteProfileStringW, GetPrivateProfileStringW, CreateMutexA, GetModuleHandleA, SetCalendarInfoA, HeapUnlock, GlobalAddAtomA, SetConsoleIcon, GetMailslotInfo, ClearCommError, WaitForMultipleObjectsEx, ReadConsoleOutputW, GetVersion, FindAtomA, ExpandEnvironmentStringsW, SetWaitableTimer, GetProcAddress, GetOEMCP, GetTickCount, LoadLibraryA, Process32Next, GetConsoleCommandHistoryLengthA, GlobalDeleteAtom, GetNamedPipeHandleStateA, SetProcessPriorityBoost, GetDateFormatW, WaitForMultipleObjects, GetConsoleScreenBufferInfo, SetSystemTimeAdjustment, GetProcessHeap, CreateFileMappingW, lstrcpyW, SetCriticalSectionSpinCount, GetBinaryTypeW, EnumDateFormatsExA, FreeEnvironmentStringsW, FindFirstFileExA, CompareStringA, FindFirstFileW, IsValidLocale, ExpandEnvironmentStringsA, GetBinaryTypeA, EscapeCommFunction, GetPrivateProfileSectionW, WriteProfileSectionA, GetTimeZoneInformation, FindFirstVolumeA, SetCommState, IsDebuggerPresent, SetVolumeLabelA, GetProcessShutdownParameters, InterlockedIncrement, LCMapStringW, VirtualAllocEx, GetTapeStatus, DefineDosDeviceA, GetThreadLocale, GetEnvironmentStringsW, GetConsoleAliasExesW, IsDBCSLeadByte, FileTimeToLocalFileTime, GetCurrentProcessId, ChangeTimerQueueTimer, GetCommandLineW, GetCPInfo, ClearCommBreak, GetConsoleTitleA, GetCommandLineA, GetCurrentThread, GetSystemDefaultLangID, SetFilePointer, DeleteVolumeMountPointW, PeekConsoleInputW, SetTimerQueueTimer, CloseHandle, EnumSystemCodePagesA, EnumResourceTypesW, UnlockFileEx, GetACP, GlobalLock, GetCurrentThreadId, IsBadStringPtrW, UnmapViewOfFile, VirtualFree, Sleep, IsBadStringPtrA, OpenSemaphoreW, VirtualAlloc

[[MSVCRT.dll]]

_ismbbtrail, __p__winver, fclose, strtol, fputc, fwrite, _wcsdup, fputs, _adj_fdiv_r, _atoldbl, __p__dstbias, _rmtmp, isleadbyte, _ismbbgraph, _wunlink, vswprintf, _safe_fdivr, _umask, __p__mbcasemap, _write, strcoll, fmod, _mbsbtype, strcmp, _CIacos, tmpfile, _cprintf, _getmaxstdio, _endthread, memset, _chmod, fopen, clock, _mbsdec, fsetpos, $I10_OUTPUT, ftell, sprintf, _mbsnbset, _CIasin, ferror, _mktemp, _ismbcpunct, _wfsopen, islower, _fpieee_flt, strftime, _mbsncat, _pipe, _tempnam, _wenviron, _wstrdate, printf, _commit, getchar, __p__pgmptr, puts, _heapwalk, __iscsym, memcmp, _searchenv, log10, __p__pwctype, wcscspn, _mbstok, _y1, tanh, _beginthreadex, fprintf, _EH_prolog, rename, _mbsnbcoll, fread, _mbsnextc, _adj_fpatan, tan, feof, _atodbl, _ismbcspace, fseek, _mbsnbicoll, _wcsnset, isgraph, _mbsstr, fwprintf, setbuf, _CIlog10, iswprint, __argc, exp, _wtol, __set_app_type

[[WINSPOOL.DRV]]

OpenPrinterA, SetJobA, Ord(210), DocumentPropertiesA, DeletePrinterDataExA, EnumPrintProcessorDatatypesW, DeletePrintProcessorA, DeletePrinterConnectionW, OpenPrinterW

[[sHELL32.dll]]

ExtractIconA, DragQueryFileW, SheChangeDirExW, Shell_NotifyIconW, SHGetSpecialFolderLocation, SHUpdateRecycleBinIcon, CommandLineToArgvW, SheGetDirA

[[sHLWAPI.dll]]

StrChrW, StrRChrW

[[uSER32.dll]]

IMPQueryIMEW, MapWindowPoints, GetForegroundWindow, CloseDesktop, RegisterWindowMessageW, BeginPaint, SetLastErrorEx, GetCapture, keybd_event, TrackMouseEvent, FindWindowA, GetShellWindow, GetMessagePos, SetMenuInfo, GetPropA, DlgDirListComboBoxA, ArrangeIconicWindows, MessageBoxExA, GetWindowRect, InflateRect, CreateDesktopA, OpenWindowStationW, WindowFromPoint, GetMessageExtraInfo, PeekMessageA, GetWindowDC, DdeQueryConvInfo, GetMessageTime, DestroyCaret, GetClipboardSequenceNumber, SetScrollInfo, EndDeferWindowPos, GetWindowModuleFileNameA, ShowCaret, SetWindowWord, GetMenuItemRect, mouse_event, WinHelpW, SetForegroundWindow, DdeConnect, DdeGetLastError, IsZoomed, MonitorFromWindow, ScreenToClient, LoadIconA, DdeFreeDataHandle, wsprintfA, SendMessageTimeoutA, GetMenuDefaultItem, LoadCursorA, OemToCharA, GetKeyboardState, GetActiveWindow, DefDlgProcA, GetUpdateRgn, GetDesktopWindow, SetWindowsHookExW, GetCursor, GetFocus, GetUpdateRect, CreateAcceleratorTableA, OpenClipboard

PE Exports....................:

Drin, Dxmwmoye, Ezert, Gusoov, Jlvcdhr, Kbfzp, Ledkwrkq, Lnkbcvwb, Mugwqz, Nbyiwim, Nrjhjd, Nxxtnbyb, Nyexlycr, Obwmgurm, Ohpr, Oinh, Oivyhgcwq, Rtcu, Sgqd, Snsd, Tfzqbwvaj, Vbpd, Xaezinea, Xugp, Yipji, Yqwkte

Symantec Reputation

Suspicious.Insight

First seen by VirusTotal

2013-04-18 13:03:49 UTC ( 3 minutes ago )

Last seen by VirusTotal

2013-04-18 13:03:49 UTC ( 3 minutes ago )

File names (max. 25)

a98sy07v.dll

mogmac · April 18, 2013

Im not sure if it is clear from the text so I'll post the link

https://www.virustotal.com/en/file/911f3629cfcda687f885c77e0f72d8d9e0863485ba6aa65924ae121db8a410aa/analysis/1366290229/

as well as the flagged results-

Dr Web Trojan.Packed.792 20130418

Fortinet W32/Kryptik.AQQF!tr 20130418

Every other result had a green tick.

Larusso · April 18, 2013

Hy there.

The file is OK.

Could you look into the directory below for a Combofix.txt

C:\ComboFix

Download OTL to your Desktop.

Double click on the icon to run it.
Under the box paste this in


activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
/md5start
services.exe
user32.dll
/md5stop
CREATERESTOREPOINT

Make sure all other windows are closed to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please post both logfiles in your next reply.

mogmac · April 18, 2013

I had a good look in the directory and the only 'combofix' file that I have is an application of some sort. its 57 mb so I dont want to open it in case it starts the combofix program again. there is no '.txt' file in there for 'combofix'.

OTL Extras logfile created on: 4/18/2013 9:40:40 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Morgan Macdonald\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.79 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 55.40% Memory free

7.58 Gb Paging File | 5.54 Gb Available in Paging File | 73.07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 116.44 Gb Total Space | 19.16 Gb Free Space | 16.45% Space Free | Partition Type: NTFS

Drive D: | 327.83 Gb Total Space | 214.60 Gb Free Space | 65.46% Space Free | Partition Type: NTFS

Drive E: | 52.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MORGAN | User Name: Morgan Macdonald | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

.reg[@ = regfile] -- C:\Windows\regedit.exe ()

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.reg [@ = regfile] -- C:\Windows\regedit.exe ()

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [open] -- regedit.exe "%1" ()

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [open] -- regedit.exe "%1" ()

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{10D3598D-D98C-4EE4-8657-742C7868C1C0}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{1319C389-BC07-4255-BC58-32EEF9B45824}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

"{15814CB8-3137-4137-A7C0-A8DD9C31A6E0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{1839E70E-F3A2-4078-A2B1-9621FB159A55}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

"{3076923C-EBF1-401F-9C8C-1EB69308E7C7}" = rport=139 | protocol=6 | dir=out | app=system |

"{3121CF7E-D546-4BBB-BBF8-53CE4C30310D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{33ADAEAF-2B55-4B96-AD5E-D5583542D6EB}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |

"{3A7DA692-E8AA-42C6-A933-B000A20D5FD5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{3E5E27FC-45C4-48E0-AA86-A0F4ADAB3200}" = rport=445 | protocol=6 | dir=out | app=system |

"{4BA9E730-3B41-42CD-84E3-209D13DCD4D8}" = lport=139 | protocol=6 | dir=in | app=system |

"{4F1445F0-AEA1-4389-8DA3-DEAA50B00178}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{794B0EAC-7F25-447B-8652-3787B07F9474}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{8D70B7F7-7DBC-48EE-92A5-10DD2299095F}" = rport=138 | protocol=17 | dir=out | app=system |

"{9FF08B47-7817-47E6-9AA1-43C2A004D775}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |

"{B485412E-BDF6-4C25-89EB-433EF196836E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

"{B51D3392-2113-4C15-91BB-1139E3ADC5BF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{B8802655-A397-4347-B8E6-BD134F0894C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

"{C9E1CDDE-4FC8-44E5-9D7F-AFF4C85D5EB6}" = rport=137 | protocol=17 | dir=out | app=system |

"{CB4BE29E-3ECC-4AE6-B7E6-FFED0FA1EE78}" = lport=137 | protocol=17 | dir=in | app=system |

"{EB594F69-E3B2-4612-A667-BFEA2F46B7CA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

"{EF148FC4-CE47-4654-A7E8-CD6797A5AE11}" = lport=445 | protocol=6 | dir=in | app=system |

"{F481D0AB-3883-455C-9C90-5631413047AC}" = lport=138 | protocol=17 | dir=in | app=system |

"{F833CE48-DD95-439D-AC60-1D91E02CA86F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0742E021-DB49-4C06-A612-F080F567DB34}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |

"{0AF80BF4-CA70-4A21-9886-5072F2FEA993}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |

"{272E508B-0A63-48F2-A885-2FF107AB859F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{306AE25F-C2DB-4A5C-8D79-8D785F0C917F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |

"{5C45036A-6E93-491E-84F2-3E607F53BDA5}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |

"{7191A0C3-A0D3-4D4B-9E43-5C30F7D7E16C}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |

"{7DC1532A-CA7B-415A-B058-7CC961359F5F}" = protocol=6 | dir=in | app=c:\users\morgan macdonald\appdata\roaming\dropbox\bin\dropbox.exe |

"{806A0758-2361-4EC4-BFD3-B99DB41F9C06}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |

"{87230001-1C02-4A32-801C-59884620A5FC}" = protocol=17 | dir=in | app=c:\users\morgan macdonald\appdata\roaming\dropbox\bin\dropbox.exe |

"{ACCFE04A-591C-44C4-93F0-8B08D937BECD}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

"{CC0D789E-7415-455E-9A3B-8CE2C6639764}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

"{CDAE3E67-26ED-4EB7-A307-7BDB31CE805E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |

"{D6ED6355-04E6-449F-953E-24B3399CF4B8}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe |

"{EEE96975-9505-43FD-B9D6-4AE3A7E49EAD}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

"TCP Query User{2B8F246A-015B-47EA-890D-3FA88BED8548}C:\users\morgan macdonald\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\morgan macdonald\appdata\local\akamai\netsession_win.exe |

"TCP Query User{306836F7-4D5C-4A15-8290-8066EC96C084}C:\users\morgan macdonald\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\morgan macdonald\appdata\local\akamai\netsession_win.exe |

"TCP Query User{D46778F5-ECE6-46DB-8037-F8E533B5FB06}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |

"TCP Query User{D4C6F2D8-9A9F-48BB-AD20-151C71AC29B3}C:\users\morgan macdonald\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\morgan macdonald\appdata\roaming\dropbox\bin\dropbox.exe |

"TCP Query User{E2AC6F36-F51A-4729-841D-5AF3A3AFDD4A}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |

"UDP Query User{3E0B99E7-E385-457F-8746-5F3051C24DEF}C:\users\morgan macdonald\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\morgan macdonald\appdata\local\akamai\netsession_win.exe |

"UDP Query User{AA1DC9A3-4479-42DA-A38D-19B85B7CC085}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |

"UDP Query User{CC4183CF-C9C7-4282-9CAB-9DA9AD575D82}C:\users\morgan macdonald\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\morgan macdonald\appdata\roaming\dropbox\bin\dropbox.exe |

"UDP Query User{CC92BE62-8A3A-46E4-8943-0CA92C4B2E66}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe |

"UDP Query User{F186B06F-58C2-4D33-A870-536C686BCB26}C:\users\morgan macdonald\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\morgan macdonald\appdata\local\akamai\netsession_win.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{01833AAD-880F-4A22-96BC-14D570871D3A}" = AuthenTec TrueSuite

"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot

"{1AAF3A3B-7B32-4DDF-8ABB-438DAEB46EEC}" = Windows Live Family Safety

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources

"{1FA6376A-3120-45DA-8686-96DEFC8A0513}" = HP LaserJet Toolbox

"{206BD2C5-DE08-4577-A0D7-D441A79D5A3A}" = Windows Live Remote Client Resources

"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)

"{289809B1-078A-49F3-83D0-7E51715B3915}" = Windows Live Family Safety

"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support

"{3946328A-5B3A-434C-A22B-64CF6652FBAD}" = Windows Live Family Safety

"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel® Turbo Boost Technology Monitor

"{401C50F6-B443-43EE-8F27-A80DB19B03FD}" = Windows Live Family Safety

"{43C4BDBB-0FA3-4E79-8E9F-6ACF0F2FC0A4}" = HP LaserJet Professional M1210 MFP Series Toolbox

"{45C1C61B-9DA9-4B61-8C89-C76B1746C3AA}" = Fresco Logic USB3.0 Host Controller

"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety

"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources

"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector

"{5FE78439-7CAA-45FE-A808-2D7A0FC98643}" = iTunes

"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources

"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources

"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{825C7D3F-D0B3-49D5-A42B-CBB0FBE85E99}" = Windows Live Remote Client Resources

"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources

"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010

"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010

"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010

"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

"{911519EB-BD75-4B3B-BD17-BA3747C9B854}" = Windows Live Family Safety

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid

"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources

"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

"{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security

"{ABBD4BA9-6703-40D2-AB1E-5BB1F7DB49A4}" = Trend Micro Titanium Internet Security

"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{AE91E0F3-C49A-4EF4-8B98-A07BD409EB90}" = Windows Live Remote Service Resources

"{AF5020D9-116A-46AC-A922-087592F37EC9}" = MobileMe Control Panel

"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources

"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter

"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client

"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service

"{E65099C4-9110-4C31-BD03-5C17EFB5FE92}" = HP LaserJet Professional M1210 MFP Series Fax Installer

"{E8A34AC8-0137-4515-A94B-0A0946DDC251}" = Scan To

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"{FAA3933C-6F0D-4350-B66B-9D7F7031343E}" = Windows Live Remote Service Resources

"{FE4BE0BD-1EDB-4D24-9614-847B3C472887}" = Windows Live Family Safety

"HP LaserJet Professional M1130-M1210 MFP Series" = HP LaserJet Professional M1130-M1210 MFP Series

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"USB 2.0 VGA UVC WebCam" = USB 2.0 VGA UVC WebCam

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{000F2A10-9CDF-47BF-9CF2-9AC87567B433}" = Windows Live Photo Common

"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime

"{03241D8D-2217-42F7-9FCB-6A68D141C14D}" = Windows Live 软件包

"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas

"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology

"{09F56A49-A7B1-4AAB-95B9-D13094254AD1}" = Windows Live UX Platform Language Pack

"{0ABBF310-94E4-4AE8-A6BD-10345A3F6439}" = Google Drive

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail

"{0E448256-D515-4C3E-A5BE-0A7B76CED5D4}" = hppM1130M1210SeriesLaserJetService

"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live

"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer

"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker

"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help

"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3

"{21B49B4A-BBC3-4A09-9C68-6C3CC0B1EA01}" = Windows Live Messenger

"{23181592-0ECD-4A16-81C6-F0424D2DCABF}" = Windows Live UX Platform Language Pack

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help

"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail

"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java 6 Update 31

"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros WLAN and Bluetooth Client Installation Program

"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections

"{29373E24-AC72-424E-8F2A-FB0F9436F21F}" = Windows Live Photo Common

"{2AD2DD70-27F7-4343-BB4E-DE50A32D854B}" = Windows Live Messenger

"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart

"{2C865FB0-051E-4D22-AC62-428E035AEAF0}" = Windows Live Mesh

"{317D56AC-0DB3-48F5-929A-42032DAC9AD7}" = Windows Live Writer

"{32C01DD0-3260-4D2B-BDB2-36CEC3E5B27A}" = Windows Live UX Platform Language Pack

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed

"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE

"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live

"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery

"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common

"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery

"{3A09ED0F-8DDF-47BB-B53D-841AB9D1D3A7}" = Complemento Messenger

"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision

"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support

"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective

"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live

"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer

"{499DED08-6FA8-4749-8E94-8526CC9D1CA8}" = ExpressGate Cloud

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger

"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform

"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3

"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter

"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion

"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{588CE0C0-860B-49A8-AFCF-3C69465B345F}" = Windows Live Mesh

"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress

"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck

"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker

"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{6057E21C-ABE9-4059-AE3E-3BEB9925E660}" = Windows Live Messenger

"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer

"{622DE1BE-9EDE-49D3-B349-29D64760342A}" = 適用遠端連線的 Windows Live Mesh ActiveX 控制項

"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources

"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner

"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe

"{63AE67AA-1AB1-4565-B4EF-ABBC5C841E8D}" = Windows Live Messenger

"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon

"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components

"{6807427D-8D68-4D30-AF5B-0B38F8F948C8}" = Windows Live Writer Resources

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack

"{6CB36609-E3A6-446C-A3C1-C71E311D2B9C}" = Windows Live Movie Maker

"{6D172D0A-B9F1-4046-AFAB-8599288545BF}" = Safari

"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works

"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker

"{6E5324C1-84FC-4F76-9A3A-C65E07F80EE6}" = Complément Messenger

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7115EEBC-DA7B-434C-B81C-EA5B26EA9A94}" = Windows Live Writer Resources

"{753F0A72-59C3-41CE-A36A-F2DF2079275C}" = Windows Live Mail

"{76046298-768C-492C-8C93-2983C9E3719E}" = Windows Live UX Platform Language Pack

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart

"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com

"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights

"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh

"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply

"{7B982EBD-D017-4527-BF1A-FC489EC6B100}" = Windows Live 照片库

"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime

"{7C7E53BC-41E7-440F-9394-5C6103EAF5BF}" = ASUS Ai Charger (NB edition)

"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials

"{7F061FA8-5A87-4758-876B-17EE28B358D0}" = Messenger 浏览器插件

"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger

"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help

"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh

"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed

"{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader

"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash

"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010

"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010

"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010

"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010

"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010

"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010

"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010

"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010

"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010

"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010

"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010

"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010

"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010

"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)

"{903EDF14-4E28-4463-AA5E-4AEE71C0263B}" = Windows Live Movie Maker

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion

"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer

"{98e2cf89-8c50-4fa1-8eba-80d6e78a7779}" = Nero 9 Essentials

"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch

"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center

"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail

"{A0B91308-6666-4249-8FF6-1E11AFD75FE1}" = Windows Live Mail

"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{A9CE0266-6801-3B33-94AD-00520085CF4B}" = Google Talk Plugin

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer

"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package

"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.02)

"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles

"{B480904D-F73F-4673-B034-8A5F492C9184}" = Nuance PDF Reader

"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call

"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit

"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail

"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade

"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common

"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help

"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help

"{CF088261-BC81-4FB9-9BA0-7B5B9602D01A}" = Messenger 分享元件

"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64

"{D371F551-0DB9-4CEC-844B-4C90CE91EA0B}" = hppLaserJetService

"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar

"{D777D80E-13AE-4E6C-BCB2-9AEE10D9DEF1}" = Driver Updater

"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime

"{DA6CC3A5-1F5B-4068-8BFF-C597BB6B8158}" = hppusgM1130M1210Series

"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker

"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources

"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = HP HD Webcam Driver

"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit

"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas

"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help

"{E62E0550-C098-43A2-B54B-03FB1E634483}" = Windows Live Writer

"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update

"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console

"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources

"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live

"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger

"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera

"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack

"{EEF99142-3357-402C-B298-DEC303E12D92}" = Windows Live 影像中心

"{EF7EAB13-46FC-49DD-8E3C-AAF8A286C5BB}" = Windows Live 程式集

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help

"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center

"{F992409C-9D10-4AE2-BAEB-B5409AD3785E}" = 用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文)

"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool

"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh

"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Asus Vibe2.0" = AsusVibe2.0

"ASUS WebStorage" = ASUS WebStorage

"AsusScr_U Series_ENG" = AsusScr_U Series_ENG

"Bookworm Deluxe" = Bookworm Deluxe

"Burn4Free DVD Burning_is1" = Burn4Free DVD Burning 5.7.0.0

"Cooking Dash" = Cooking Dash

"DivX Setup.divx.com" = DivX Setup

"Freecorder Toolbar" = Freecorder Toolbar

"Freecorder5.04" = Freecorder 5

"Google Chrome" = Google Chrome

"Governor of Poker" = Governor of Poker

"Hotel Dash Suite Success" = Hotel Dash Suite Success

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"InstallShield_{499DED08-6FA8-4749-8E94-8526CC9D1CA8}" = ExpressGate Cloud

"InstallShield_{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader

"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"Jewel Quest 3" = Jewel Quest 3

"KLiteCodecPack_is1" = K-Lite Codec Pack 7.2.0 (Basic)

"Luxor 3" = Luxor 3

"Mahjongg dimensions" = Mahjongg dimensions

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300

"Metfone 3G" = Metfone 3G

"NVIDIA.Updatus" = NVIDIA Updatus

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"Office14.Click2Run" = Microsoft Office Click-to-Run 2010

"Office14.SingleImage" = Microsoft Office Home and Student 2010

"VLC media player" = VLC media player 2.0.1

"WinLiveSuite" = Windows Live Essentials

"WinRAR archiver" = WinRAR 4.00 (32-bit)

"World of Goo" = World of Goo

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Akamai" = Akamai NetSession Interface

"Dropbox" = Dropbox

"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]

Error - 4/17/2013 10:48:58 AM | Computer Name = Morgan | Source = RasClient | ID = 20227

Description =

Error - 4/17/2013 10:49:07 AM | Computer Name = Morgan | Source = RasClient | ID = 20227

Description =

Error - 4/17/2013 10:49:12 AM | Computer Name = Morgan | Source = RasClient | ID = 20227

Description =

Error - 4/17/2013 10:49:16 AM | Computer Name = Morgan | Source = RasClient | ID = 20227

Description =

Error - 4/17/2013 11:00:31 AM | Computer Name = Morgan | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time

stamp: 0x5018ff18 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time

stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x000332bd Faulting process

id: 0x1c54 Faulting application start time: 0x01ce3b7aed6f66ae Faulting application

path: C:\Windows\SysWOW64\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll

Report

Id: 8ba2dda4-a76f-11e2-a1e0-e0b9a549c831

Error - 4/17/2013 11:06:03 AM | Computer Name = Morgan | Source = Application Error | ID = 1000

Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time

stamp: 0x5018ff18 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time

stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x000343a8 Faulting process

id: 0x29a8 Faulting application start time: 0x01ce3b7c73e66d31 Faulting application

path: C:\Windows\SysWOW64\svchost.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll

Report

Id: 51859608-a770-11e2-a1e0-e0b9a549c831

Error - 4/17/2013 11:32:02 AM | Computer Name = Morgan | Source = Application Error | ID = 1000

Description = Faulting application name: GoogleCrashHandler.exe, version: 1.3.21.135,

time stamp: 0x50ee29eb Faulting module name: ntdll.dll, version: 6.1.7601.17725,

time stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00077552 Faulting

process id: 0x1708 Faulting application start time: 0x01ce3b80b1b55bd3 Faulting application

path: C:\Users\Morgan Macdonald\AppData\Local\Google\Update\1.3.21.135\GoogleCrashHandler.exe

Faulting

module path: C:\Windows\SysWOW64\ntdll.dll Report Id: f335a409-a773-11e2-8b89-e0b9a549c831

Error - 4/17/2013 11:32:37 AM | Computer Name = Morgan | Source = RasClient | ID = 20227

Description =

Error - 4/17/2013 5:02:50 PM | Computer Name = Morgan | Source = SideBySide | ID = 16842815

Description = Activation context generation failed for "c:\Program Files (x86)\Common

Files\Adobe AIR\Versions\1.0\Adobe AIR.dll".Error in manifest or policy file "c:\Program

Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" on line 3. The value

"MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute

"version" in element "assemblyIdentity" is invalid.

Error - 4/18/2013 10:34:23 AM | Computer Name = Morgan | Source = RasClient | ID = 20227

Description =

Error - 4/18/2013 10:34:28 AM | Computer Name = Morgan | Source = RasClient | ID = 20227

Description =

[ Media Center Events ]

Error - 1/19/2013 12:33:37 PM | Computer Name = MorganMacdonald | Source = MCUpdate | ID = 0

Description = 11:33:37 PM - Error connecting to the internet. 11:33:37 PM - Unable

to contact server..

Error - 1/20/2013 8:42:58 AM | Computer Name = MorganMacdonald | Source = MCUpdate | ID = 0

Description = 7:42:54 PM - Error connecting to the internet. 7:42:54 PM - Unable

to contact server..

Error - 1/25/2013 9:03:29 AM | Computer Name = MorganMacdonald | Source = MCUpdate | ID = 0

Description = 8:03:29 PM - Error connecting to the internet. 8:03:29 PM - Unable

to contact server..

Error - 1/25/2013 9:03:41 AM | Computer Name = MorganMacdonald | Source = MCUpdate | ID = 0

Description = 8:03:34 PM - Error connecting to the internet. 8:03:34 PM - Unable

to contact server..

Error - 1/25/2013 10:27:21 AM | Computer Name = MorganMacdonald | Source = MCUpdate | ID = 0

Description = 9:27:21 PM - Error connecting to the internet. 9:27:21 PM - Unable

to contact server..

Error - 1/25/2013 10:27:30 AM | Computer Name = MorganMacdonald | Source = MCUpdate | ID = 0

Description = 9:27:27 PM - Error connecting to the internet. 9:27:27 PM - Unable

to contact server..

Error - 1/25/2013 11:53:19 PM | Computer Name = MorganMacdonald | Source = MCUpdate | ID = 0

Description = 10:53:19 AM - Error connecting to the internet. 10:53:19 AM - Unable

to contact server..

Error - 1/25/2013 11:53:28 PM | Computer Name = MorganMacdonald | Source = MCUpdate | ID = 0

Description = 10:53:25 AM - Error connecting to the internet. 10:53:25 AM - Unable

to contact server..

Error - 1/26/2013 12:57:31 AM | Computer Name = MorganMacdonald | Source = MCUpdate | ID = 0

Description = 11:57:31 AM - Error connecting to the internet. 11:57:31 AM - Unable

to contact server..

Error - 1/26/2013 12:57:39 AM | Computer Name = MorganMacdonald | Source = MCUpdate | ID = 0

Description = 11:57:37 AM - Error connecting to the internet. 11:57:37 AM - Unable

to contact server..

[ System Events ]

Error - 4/18/2013 6:19:37 AM | Computer Name = Morgan | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

Error - 4/18/2013 7:20:32 AM | Computer Name = Morgan | Source = Service Control Manager | ID = 7003

Description = The ATKGFNEX Service service depends the following service: ASMMAP64.

This service might not be installed.

Error - 4/18/2013 7:20:56 AM | Computer Name = Morgan | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

Error - 4/18/2013 8:38:22 AM | Computer Name = Morgan | Source = Service Control Manager | ID = 7003

Description = The ATKGFNEX Service service depends the following service: ASMMAP64.

This service might not be installed.

Error - 4/18/2013 8:38:45 AM | Computer Name = Morgan | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

Error - 4/18/2013 10:32:10 AM | Computer Name = Morgan | Source = EventLog | ID = 6008

Description = The previous system shutdown at 8:51:00 PM on ?18/?04/?2013 was unexpected.

Error - 4/18/2013 10:32:11 AM | Computer Name = Morgan | Source = Service Control Manager | ID = 7003

Description = The ATKGFNEX Service service depends the following service: ASMMAP64.

This service might not be installed.

Error - 4/18/2013 10:32:54 AM | Computer Name = Morgan | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

cdrom

Error - 4/18/2013 10:32:58 AM | Computer Name = Morgan | Source = Service Control Manager | ID = 7023

Description = The iPod Service service terminated with the following error: %%-2147417831

Error - 4/18/2013 10:33:27 AM | Computer Name = Morgan | Source = DCOM | ID = 10010

Description =

< End of report >

mogmac · April 18, 2013

OTL logfile created on: 4/18/2013 9:40:40 PM - Run 1

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Morgan Macdonald\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.79 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 55.40% Memory free

7.58 Gb Paging File | 5.54 Gb Available in Paging File | 73.07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 116.44 Gb Total Space | 19.16 Gb Free Space | 16.45% Space Free | Partition Type: NTFS

Drive D: | 327.83 Gb Total Space | 214.60 Gb Free Space | 65.46% Space Free | Partition Type: NTFS

Drive E: | 52.73 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MORGAN | User Name: Morgan Macdonald | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/18 21:38:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Morgan Macdonald\Desktop\OTL.exe

PRC - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2013/03/12 14:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\Morgan Macdonald\AppData\Roaming\Dropbox\bin\Dropbox.exe

PRC - [2012/12/19 02:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012/02/10 08:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE

PRC - [2011/10/01 04:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

PRC - [2011/10/01 04:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

PRC - [2011/04/05 22:44:27 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe

PRC - [2011/03/24 15:11:25 | 000,167,936 | ---- | M] (Applian Technologies, Inc.) -- C:\Program Files (x86)\Freecorder\FLVSrvc.exe

PRC - [2011/03/22 01:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2010/12/10 16:50:34 | 000,308,040 | ---- | M] (AuthenTec, Inc.) -- C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe

PRC - [2010/11/16 20:37:30 | 000,230,912 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe

PRC - [2010/11/13 02:58:06 | 000,383,616 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Ai Charger (NB edition)\AiCharger.exe

PRC - [2010/10/08 04:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

PRC - [2010/10/07 23:43:00 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

PRC - [2010/09/30 12:15:20 | 001,078,912 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe

PRC - [2010/09/24 06:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

PRC - [2010/09/06 08:38:10 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2010/09/06 08:24:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2010/08/21 08:47:58 | 000,077,312 | ---- | M] () -- C:\ExpressGateUtil\VAWinService.exe

PRC - [2010/08/18 04:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

PRC - [2010/08/13 07:52:16 | 000,021,504 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe

PRC - [2010/05/25 05:44:48 | 000,151,552 | ---- | M] (Atheros) -- C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe

PRC - [2009/11/03 04:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

PRC - [2009/10/15 15:43:42 | 000,030,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe

PRC - [2009/10/15 08:13:50 | 000,136,192 | ---- | M] (HP) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe

PRC - [2009/10/01 09:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

PRC - [2009/10/01 09:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

PRC - [2009/08/01 00:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

PRC - [2009/07/20 08:51:52 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

PRC - [2009/06/20 00:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

PRC - [2009/06/20 00:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

PRC - [2009/06/16 07:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

PRC - [2008/12/23 07:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

PRC - [2008/08/14 11:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

PRC - [2007/12/01 01:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

PRC - [2007/08/03 09:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

========== Modules (No Company Name) ==========

MOD - [2013/02/14 10:34:11 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\7366a39c36523a084bc11c230929ff92\Microsoft.VisualBasic.ni.dll

MOD - [2013/02/14 08:36:00 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll

MOD - [2013/02/14 08:35:52 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll

MOD - [2013/02/14 08:35:35 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll

MOD - [2013/01/11 09:57:54 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll

MOD - [2013/01/10 15:38:37 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll

MOD - [2013/01/10 15:38:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll

MOD - [2013/01/10 15:38:14 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll

MOD - [2013/01/10 15:37:57 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll

MOD - [2013/01/10 15:37:55 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll

MOD - [2013/01/10 15:37:46 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll

MOD - [2013/01/10 15:37:42 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll

MOD - [2013/01/10 15:37:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll

MOD - [2013/01/10 15:37:39 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll

MOD - [2013/01/10 15:37:35 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll

MOD - [2011/03/22 01:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll

MOD - [2011/03/22 01:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

MOD - [2010/09/30 12:14:04 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll

MOD - [2010/09/30 12:13:38 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll

MOD - [2010/09/30 12:13:12 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll

MOD - [2010/09/30 12:13:06 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll

MOD - [2010/09/24 06:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

MOD - [2010/08/13 07:52:16 | 000,021,504 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe

MOD - [2009/11/03 04:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll

MOD - [2009/11/03 04:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll

MOD - [2009/10/15 15:44:46 | 000,067,128 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT LEDM\bin\HPTools.dll

MOD - [2009/10/15 15:44:24 | 000,075,320 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT LEDM\bin\HPToolkit.dll

MOD - [2009/10/15 15:44:06 | 000,969,784 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT LEDM\bin\LEDMXMLObjects.dll

MOD - [2009/10/15 15:43:56 | 000,140,856 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT LEDM\bin\DMBaseObjects.dll

MOD - [2009/10/15 15:43:10 | 000,240,128 | ---- | M] () -- C:\Program Files (x86)\HP\HP UT LEDM\bin\LEDMMapperObjects.dll

MOD - [2007/12/01 01:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

========== Services (SafeList) ==========

SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)

SRV:64bit: - [2010/12/10 16:50:04 | 000,290,632 | ---- | M] (AuthenTec, Inc) [Auto | Running] -- C:\Program Files\TrueSuite\TrueSuite.Service.exe -- (FPLService)

SRV:64bit: - [2010/12/01 03:19:52 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)

SRV:64bit: - [2010/09/23 08:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV:64bit: - [2010/09/17 15:32:56 | 000,241,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe -- (TiMiniService)

SRV:64bit: - [2010/05/11 13:05:40 | 000,362,296 | ---- | M] (HP) [Auto | Running] -- C:\Program Files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe -- (HPM1210RcvFaxSrvc)

SRV:64bit: - [2010/04/30 08:10:40 | 000,127,800 | ---- | M] (HP) [Auto | Running] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)

SRV:64bit: - [2010/04/17 06:07:42 | 000,134,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)

SRV:64bit: - [2009/07/14 08:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV:64bit: - [2009/07/14 08:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV:64bit: - [2007/08/03 09:24:54 | 000,125,496 | ---- | M] () [On_Demand | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)

SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2013/03/13 09:19:33 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/02/28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/12/19 02:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012/02/10 08:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012/02/10 08:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)

SRV - [2011/10/01 04:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)

SRV - [2011/10/01 04:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)

SRV - [2010/11/26 10:29:54 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Atheros\Bluetooth Suite\AdminService.exe -- (AtherosSvc)

SRV - [2010/11/16 20:38:16 | 000,339,456 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService64.exe -- (HWDeviceService64.exe)

SRV - [2010/09/06 08:38:10 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010/09/06 08:24:14 | 001,620,584 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2010/08/21 08:47:58 | 000,077,312 | ---- | M] () [Auto | Running] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService)

SRV - [2010/05/25 05:44:48 | 000,151,552 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Atheros\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)

SRV - [2010/03/18 10:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/12/16 00:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)

SRV - [2009/10/15 08:13:50 | 000,136,192 | ---- | M] (HP) [Auto | Running] -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service)

SRV - [2009/10/01 09:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2009/10/01 09:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2009/07/20 08:51:52 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)

SRV - [2009/06/16 07:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)

SRV - [2009/06/11 04:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/18 09:49:30 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)

DRV:64bit: - [2013/04/18 01:46:27 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\gfibto.sys -- (gfibto)

DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012/06/27 15:10:57 | 000,121,600 | ---- | M] (MBB Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (mbbdatacard)

DRV:64bit: - [2012/06/27 15:10:57 | 000,115,584 | ---- | M] (MBB Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ew_mbbusbdev.sys -- (ew_mbbusbdev)

DRV:64bit: - [2012/03/01 13:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/10/01 04:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)

DRV:64bit: - [2011/10/01 04:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)

DRV:64bit: - [2011/10/01 04:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)

DRV:64bit: - [2011/10/01 04:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)

DRV:64bit: - [2011/04/05 22:44:01 | 000,014,976 | ---- | M] (ASUSTek Computer Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AiCharger.sys -- (AiCharger)

DRV:64bit: - [2011/03/11 13:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 13:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/09 16:07:58 | 008,199,016 | ---- | M] (Realtek Semiconductor Corp.) [Fixed] [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc)

DRV:64bit: - [2010/11/26 10:30:12 | 000,275,616 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)

DRV:64bit: - [2010/11/26 10:30:12 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)

DRV:64bit: - [2010/11/26 10:30:12 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)

DRV:64bit: - [2010/11/26 10:30:12 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)

DRV:64bit: - [2010/11/26 10:30:12 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)

DRV:64bit: - [2010/11/26 10:30:12 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)

DRV:64bit: - [2010/11/26 10:30:10 | 000,298,144 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)

DRV:64bit: - [2010/11/20 20:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 18:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 06:25:40 | 000,210,944 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)

DRV:64bit: - [2010/11/20 06:25:40 | 000,049,664 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)

DRV:64bit: - [2010/11/12 14:10:28 | 000,893,728 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATSwpWDF.sys -- (ATSwpWDF)

DRV:64bit: - [2010/09/23 14:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)

DRV:64bit: - [2010/09/17 15:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)

DRV:64bit: - [2010/09/17 15:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)

DRV:64bit: - [2010/09/17 15:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)

DRV:64bit: - [2010/09/17 15:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)

DRV:64bit: - [2010/09/07 16:19:37 | 001,800,832 | ---- | M] (Sonix Technology Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)

DRV:64bit: - [2010/09/05 16:36:59 | 000,024,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)

DRV:64bit: - [2010/08/25 16:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2010/08/12 20:13:29 | 001,388,080 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010/08/11 13:11:25 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)

DRV:64bit: - [2010/07/08 15:03:48 | 002,228,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010/06/23 08:31:11 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2010/06/21 14:07:37 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2010/06/08 09:33:13 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2010/04/17 06:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)

DRV:64bit: - [2010/02/26 15:32:11 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)

DRV:64bit: - [2009/09/18 02:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)

DRV:64bit: - [2009/07/20 16:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)

DRV:64bit: - [2009/07/14 08:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/14 08:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/14 08:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/07/14 07:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009/07/14 07:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)

DRV:64bit: - [2009/06/11 03:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)

DRV:64bit: - [2009/06/11 03:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/11 03:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/11 03:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/11 03:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/13 23:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)

DRV:64bit: - [2008/05/24 07:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)

DRV:64bit: - [2007/08/03 11:26:47 | 000,017,464 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)

DRV - [2009/07/14 08:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKLM\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com

IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope =

IE - HKCU\..\SearchScopes\{54BA4721-17EA-4CFB-BF0F-0D2A42551BDD}: "URL" = http://tuvaro.com/ws/?source=4c3f95e5&tbp=rbox&toolbarid=base&u=04b84b51000000000000000000000000&q={searchTerms}

IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7'>http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Morgan Macdonald\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\Morgan Macdonald\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)

FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Morgan Macdonald\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Morgan Macdonald\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Morgan Macdonald\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011/04/05 22:18:30 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/06/26 15:02:34 | 000,000,000 | ---D | M]

[2013/04/18 01:49:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},

CHR - homepage: http://www.google.com/

CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Morgan Macdonald\AppData\Local\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll

CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Users\Morgan Macdonald\AppData\Local\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Users\Morgan Macdonald\AppData\Local\Google\Chrome\Application\26.0.1410.64\pdf.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll

CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll

CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Morgan Macdonald\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Morgan Macdonald\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

CHR - plugin: Google Talk Plugin Video Renderer (Enabled) = C:\Users\Morgan Macdonald\AppData\Roaming\Mozilla\plugins\npo1d.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

CHR - plugin: Java Platform SE 7 U15 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll

CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

CHR - plugin: Zeon Plus (Enabled) = C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll

CHR - plugin: Java Deployment Toolkit 7.0.150.3 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll

CHR - Extension: YouTube = C:\Users\Morgan Macdonald\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\

CHR - Extension: Google Search = C:\Users\Morgan Macdonald\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\

CHR - Extension: Gmail = C:\Users\Morgan Macdonald\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2013/04/17 10:32:25 | 000,001,395 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O1 - Hosts: 212.59.28.228 www.google-analytics.com.

O1 - Hosts: 212.59.28.228 ad-emea.doubleclick.net.

O1 - Hosts: 212.59.28.228 www.statcounter.com.

O1 - Hosts: 93.115.241.27 www.google-analytics.com.

O1 - Hosts: 93.115.241.27 ad-emea.doubleclick.net.

O1 - Hosts: 93.115.241.27 www.statcounter.com.

O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)

O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\TrueSuite.IEBHO.dll (AuthenTec Inc.)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)

O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)

O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll (Conduit Ltd.)

O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)

O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files\TrueSuite\x86\TrueSuite.IEBHO.dll (AuthenTec Inc.)

O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)

O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\prxtbFree.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)

O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()

O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Atheros\Bluetooth Suite\BtvStack.exe (Atheros Commnucations)

O4:64bit: - HKLM..\Run: [ClientAppLogon] C:\Program Files\TrueSuite\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.)

O4:64bit: - HKLM..\Run: [ClientAppLogon32] C:\Program Files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe (AuthenTec, Inc.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd File not found

O4:64bit: - HKLM..\Run: [synAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)

O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)

O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (Trend Micro Inc.)

O4:64bit: - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows ® Win 7 DDK provider)

O4 - HKLM..\Run: [Freecorder FLV Service] C:\Program Files (x86)\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)

O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)

O4 - HKLM..\Run: [HPUsageTrackingLEDM] C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)

O4 - HKLM..\Run: [sessionLogon] C:\ExpressGateUtil\SessionLogon.exe File not found

O4 - HKLM..\Run: [updateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [updateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe ()

O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()

O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Morgan Macdonald\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKCU..\Run: [Driver Updater] File not found

O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)

O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)

O4 - HKCU..\Run: [syncables] C:\Program Files (x86)\syncables\syncables desktop\syncables.exe (syncables, LLC)

O4 - Startup: C:\Users\Morgan Macdonald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Morgan Macdonald\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll ()

O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Atheros\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.15.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FB6720F-FBF3-4D71-BB75-D7491C81CD60}: DhcpNameServer = 203.176.128.10 203.176.130.34

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCCE4C5B-65BF-48AA-A863-1B36086E54C1}: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)

O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)

O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/11/17 12:37:37 | 000,142,336 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ]

O32 - AutoRun File - [2008/09/20 16:12:34 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

O32 - AutoRun File - [2009/07/04 05:13:04 | 000,000,094 | R--- | M] () - E:\autorun.sh -- [ CDFS ]

O33 - MountPoints2\{2a7b48d3-c02f-11e1-a885-f46d041d3038}\Shell - "" = AutoRun

O33 - MountPoints2\{2a7b48d3-c02f-11e1-a885-f46d041d3038}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/11/17 12:37:37 | 000,142,336 | R--- | M] ()

O33 - MountPoints2\{2a7b48f1-c02f-11e1-a885-f46d041d3038}\Shell - "" = AutoRun

O33 - MountPoints2\{2a7b48f1-c02f-11e1-a885-f46d041d3038}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/11/17 12:37:37 | 000,142,336 | R--- | M] ()

O33 - MountPoints2\{2a7b490a-c02f-11e1-a885-eab9a5499fbd}\Shell - "" = AutoRun

O33 - MountPoints2\{2a7b490a-c02f-11e1-a885-eab9a5499fbd}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/11/17 12:37:37 | 000,142,336 | R--- | M] ()

O33 - MountPoints2\{d2b41735-c71a-11e1-9d99-e0b9a549c831}\Shell - "" = AutoRun

O33 - MountPoints2\{d2b41735-c71a-11e1-9d99-e0b9a549c831}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/11/17 12:37:37 | 000,142,336 | R--- | M] ()

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010/11/17 12:37:37 | 000,142,336 | R--- | M] ()

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found

MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)

MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)

MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)

MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/04/18 21:38:34 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Morgan Macdonald\Desktop\OTL.exe

[2013/04/18 21:32:59 | 000,000,000 | R--D | C] -- C:\Users\Morgan Macdonald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

[2013/04/18 10:42:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2013/04/18 10:08:51 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013/04/18 10:08:51 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013/04/18 10:08:51 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013/04/18 10:08:48 | 000,000,000 | --SD | C] -- C:\ComboFix

[2013/04/18 10:08:45 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013/04/18 10:08:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013/04/18 10:08:31 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW

[2013/04/18 01:53:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins

[2013/04/18 01:53:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions

[2013/04/18 01:49:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013/04/18 01:47:18 | 000,000,000 | ---D | C] -- C:\Users\Morgan Macdonald\AppData\Roaming\LavasoftStatistics

[2013/04/18 01:46:27 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe

[2013/04/18 01:46:27 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys

[2013/04/18 01:46:27 | 000,000,000 | ---D | C] -- C:\Users\Morgan Macdonald\AppData\Roaming\Ad-Aware Antivirus

[2013/04/18 01:26:49 | 000,000,000 | ---D | C] -- C:\Users\Morgan Macdonald\AppData\Roaming\Malwarebytes

[2013/04/18 01:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2013/04/18 01:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2013/04/18 01:26:37 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/04/18 01:26:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2013/04/18 01:26:26 | 000,000,000 | ---D | C] -- C:\Users\Morgan Macdonald\AppData\Local\Programs

[2013/04/17 22:16:47 | 000,000,000 | ---D | C] -- C:\Users\Morgan Macdonald\Desktop\RK_Quarantine

[2013/04/17 15:04:25 | 000,000,000 | ---D | C] -- C:\Users\Morgan Macdonald\Desktop\sihanoukville

[2013/04/16 17:51:23 | 000,000,000 | ---D | C] -- C:\Users\Morgan Macdonald\AppData\Roaming\Otcica

[2013/04/16 17:51:23 | 000,000,000 | ---D | C] -- C:\Users\Morgan Macdonald\AppData\Roaming\Itesr

[2013/04/16 17:51:23 | 000,000,000 | ---D | C] -- C:\Users\Morgan Macdonald\AppData\Roaming\Foac

[2013/04/11 15:02:45 | 000,000,000 | ---D | C] -- C:\Users\Morgan Macdonald\Desktop\rad nat new

[2013/04/08 09:42:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2013/04/02 19:44:03 | 000,000,000 | ---D | C] -- C:\Users\Morgan Macdonald\AppData\Roaming\Mozilla

[2013/04/01 11:13:49 | 000,000,000 | ---D | C] -- C:\Temp

========== Files - Modified Within 30 Days ==========

[2013/04/18 21:39:59 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/04/18 21:39:59 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/04/18 21:38:35 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Morgan Macdonald\Desktop\OTL.exe

[2013/04/18 21:36:01 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-678360098-3848388213-4069928809-1002UA.job

[2013/04/18 21:32:53 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini

[2013/04/18 21:32:26 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe

[2013/04/18 21:32:18 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/04/18 21:32:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013/04/18 21:32:08 | 3054,723,072 | -HS- | M] () -- C:\hiberfil.sys

[2013/04/18 20:42:44 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/04/18 20:02:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/04/18 14:36:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-678360098-3848388213-4069928809-1002Core.job

[2013/04/18 10:41:16 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE

[2013/04/18 10:05:31 | 000,019,474 | ---- | M] () -- C:\Users\Morgan Macdonald\Desktop\download.htm

[2013/04/18 09:49:30 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2013/04/18 02:16:18 | 000,001,561 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini

[2013/04/18 01:46:27 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe

[2013/04/18 01:46:27 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys

[2013/04/18 01:26:38 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/04/17 22:51:52 | 000,122,666 | ---- | M] () -- C:\Users\Morgan Macdonald\Desktop\558149_10152746860410080_159638850_n.jpg

[2013/04/17 21:53:43 | 000,795,844 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013/04/17 21:53:43 | 000,676,872 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013/04/17 21:53:43 | 000,129,658 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013/04/17 10:32:25 | 000,001,395 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013/04/16 23:45:04 | 000,192,512 | -HS- | M] () -- C:\Users\Morgan Macdonald\a98sy07v.dll

[2013/04/11 11:39:14 | 000,002,423 | ---- | M] () -- C:\Users\Morgan Macdonald\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

[2013/04/11 06:30:38 | 000,425,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013/04/08 11:55:58 | 003,491,125 | ---- | M] () -- C:\Users\Morgan Macdonald\Desktop\COG1_Medcalf_Indo-Pacific.pdf

[2013/04/05 08:34:38 | 003,225,089 | ---- | M] () -- C:\Users\Morgan Macdonald\Desktop\photo.JPG

[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2013/04/02 14:09:10 | 000,044,889 | ---- | M] () -- C:\Users\Morgan Macdonald\Desktop\Reccommendatiosn.pdf

[2013/03/28 09:25:08 | 000,001,062 | ---- | M] () -- C:\Users\Morgan Macdonald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2013/03/28 09:25:00 | 000,001,052 | ---- | M] () -- C:\Users\Morgan Macdonald\Desktop\Dropbox.lnk

========== Files Created - No Company Name ==========

[2013/04/18 10:41:15 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE

[2013/04/18 10:08:51 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013/04/18 10:08:51 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013/04/18 10:08:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013/04/18 10:08:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013/04/18 10:08:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013/04/18 10:05:31 | 000,019,474 | ---- | C] () -- C:\Users\Morgan Macdonald\Desktop\download.htm

[2013/04/18 09:49:30 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys

[2013/04/18 01:26:38 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2013/04/17 22:51:52 | 000,122,666 | ---- | C] () -- C:\Users\Morgan Macdonald\Desktop\558149_10152746860410080_159638850_n.jpg

[2013/04/16 23:45:17 | 000,192,512 | -HS- | C] () -- C:\Users\Morgan Macdonald\a98sy07v.dll

[2013/04/08 11:55:58 | 003,491,125 | ---- | C] () -- C:\Users\Morgan Macdonald\Desktop\COG1_Medcalf_Indo-Pacific.pdf

[2013/04/05 08:31:19 | 003,225,089 | ---- | C] () -- C:\Users\Morgan Macdonald\Desktop\photo.JPG

[2013/04/02 14:09:10 | 000,044,889 | ---- | C] () -- C:\Users\Morgan Macdonald\Desktop\Reccommendatiosn.pdf

[2012/03/25 15:18:38 | 000,000,000 | ---- | C] () -- C:\Users\Morgan Macdonald\AppData\Roaming\wklnhst.dat

[2011/09/20 09:39:51 | 000,109,216 | ---- | C] () -- C:\Windows\SysWow64\EasyHook64.dll

[2011/09/20 09:39:51 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\EasyHook32.dll

[2011/07/03 12:10:17 | 000,000,000 | ---- | C] () -- C:\Users\Morgan Macdonald\AppData\Roaming\downloads.m3u

[2011/06/26 15:00:27 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

[2011/06/07 10:30:13 | 000,000,029 | ---- | C] () -- C:\Users\Morgan Macdonald\AppData\Roaming\default.rss

[2011/06/04 08:50:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\mvusbews.dll

[2011/06/04 08:20:25 | 003,521,438 | R--- | C] () -- C:\Users\Morgan Macdonald\drvxps32.cab

[2011/06/04 08:20:25 | 000,190,870 | R--- | C] () -- C:\Users\Morgan Macdonald\hptsx6.cat

[2011/06/04 08:20:25 | 000,185,986 | R--- | C] () -- C:\Users\Morgan Macdonald\hptsx3.cat

[2011/06/04 08:20:25 | 000,014,404 | R--- | C] () -- C:\Users\Morgan Macdonald\HPM1210XPS.INF

[2011/05/26 07:36:47 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI

[2011/05/26 07:36:47 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2040.DAT

[2011/05/19 23:01:35 | 000,781,756 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/05/19 21:57:24 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini

[2011/04/05 22:16:09 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2009/07/14 11:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 12:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 11:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 08:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 19:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 08:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/18 01:46:27 | 000,000,000 | ---D | M] -- C:\Users\Morgan Macdonald\AppData\Roaming\Ad-Aware Antivirus

[2013/04/10 06:47:28 | 000,000,000 | ---D | M] -- C:\Users\Morgan Macdonald\AppData\Roaming\ASUS Drivers Update Utility

[2011/05/19 21:58:06 | 000,000,000 | ---D | M] -- C:\Users\Morgan Macdonald\AppData\Roaming\Asus WebStorage

[2013/04/18 01:16:53 | 000,000,000 | ---D | M] -- C:\Users\Morgan Macdonald\AppData\Roaming\Azureus

[2011/06/02 08:52:55 | 000,000,000 | ---D | M] -- C:\Users\Morgan Macdonald\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

[2011/06/18 01:59:48 | 000,000,000 | ---D | M] -- C:\Users\Morgan Macdonald\AppData\Roaming\Command & Conquer 3 Tiberium Wars

[2013/04/18 21:34:51 | 000,000,000 | ---D | M] -- C:\Users\Morgan Macdonald\AppData\Roaming\Dropbox

[2013/04/16 17:51:23 | 000,000,000 | ---D | M] -- C:\Users\Morgan Macdonald\AppData\Roaming\Foac

[2013/04/16 17:51:23 | 000,000,000 | ---D | M] -- C:\Users\Morgan Macdonald\AppData\Roaming\Itesr

[2011/05/19 21:56:13 | 000,000,000 | ---D | M] -- C:\Users\Morgan Macdonald\AppData\Roaming\Nuance

[2013/04/16 23:54:16 | 000,000,000 | ---D | M] -- C:\Users\Morgan Macdonald\AppData\Roaming\Otcica

[2013/03/28 17:35:45 | 000,000,000 | ---D | M] -- C:\Users\Morgan Macdonald\AppData\Roaming\SoftGrid Client

[2012/03/25 15:18:37 | 000,000,000 | ---D | M] -- C:\Users\Morgan Macdonald\AppData\Roaming\Template

[2011/05/19 23:02:22 | 000,000,000 | ---D | M] -- C:\Users\Morgan Macdonald\AppData\Roaming\TP

[2011/05/19 21:56:12 | 000,000,000 | ---D | M] -- C:\Users\Morgan Macdonald\AppData\Roaming\Zeon

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*. >

[2013/04/18 10:42:24 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN

[2013/04/18 10:08:48 | 000,000,000 | --SD | M] -- C:\32788R22FWJFW

[2013/04/18 21:32:54 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT

[2012/03/25 14:57:17 | 000,000,000 | ---D | M] -- C:\AsusVibeData

[2012/06/23 19:12:49 | 000,000,000 | ---D | M] -- C:\audio tuff

[2012/02/13 17:05:51 | 000,000,000 | -HSD | M] -- C:\Boot

[2013/04/18 10:26:46 | 000,000,000 | --SD | M] -- C:\ComboFix

[2009/07/14 12:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2012/03/25 15:11:30 | 000,000,000 | ---D | M] -- C:\DriverBin_32bit

[2012/03/25 15:11:31 | 000,000,000 | ---D | M] -- C:\DriverBin_64bit

[2012/11/05 16:13:30 | 000,000,000 | ---D | M] -- C:\DropBox Backup

[2011/04/05 22:44:07 | 000,000,000 | ---D | M] -- C:\eSupport

[2011/05/19 22:02:20 | 000,000,000 | -H-D | M] -- C:\ExpressGateUtil

[2011/04/05 22:29:29 | 000,000,000 | ---D | M] -- C:\Intel

[2011/05/19 23:07:05 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2009/07/14 10:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2013/03/14 08:28:27 | 000,000,000 | R--D | M] -- C:\Program Files

[2013/04/18 20:02:18 | 000,000,000 | R--D | M] -- C:\Program Files (x86)

[2013/04/18 11:02:22 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2013/04/18 10:08:48 | 000,000,000 | ---D | M] -- C:\Qoobox

[2011/05/19 21:32:33 | 000,000,000 | -HSD | M] -- C:\Recovery

[2012/06/15 01:52:34 | 000,000,000 | ---D | M] -- C:\sound driver

[2013/04/18 21:42:38 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2013/04/18 01:36:11 | 000,000,000 | ---D | M] -- C:\Temp

[2011/05/19 21:33:13 | 000,000,000 | R--D | M] -- C:\Users

[2013/04/18 10:41:15 | 000,000,000 | ---D | M] -- C:\Windows

< %PROGRAMFILES%\*.exe >

< %LOCALAPPDATA%\*.exe >

< %systemroot%\*. /mp /s >

< %windir%\installer\*. /5 >

< %localappdata%\*. /5 >

[2013/04/17 22:32:04 | 000,000,000 | ---D | M] -- C:\Users\Morgan Macdonald\AppData\Local\CrashDumps

[2013/04/18 01:26:26 | 000,000,000 | ---D | M] -- C:\Users\Morgan Macdonald\AppData\Local\Programs

[2013/04/18 21:40:28 | 000,000,000 | ---D | M] -- C:\Users\Morgan Macdonald\AppData\Local\Temp

[2013/04/16 20:45:06 | 000,000,000 | ---D | M] -- C:\Users\Morgan Macdonald\AppData\Local\VirtualStore

< MD5 for: SERVICES.EXE >

[2009/07/14 08:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe

[2009/07/14 08:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< MD5 for: USER32.DLL >

[2010/11/20 19:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010/11/20 19:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009/07/14 08:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009/07/14 08:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010/11/20 20:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010/11/20 20:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 108 bytes -> C:\ProgramData\Temp:553CA6CA

< End of report >

Larusso · April 18, 2013

Please download AdwCleaner by Xplode onto your desktop.

- Close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Delete.
- Confirm each time with Ok.
- You will be prompted to restart your computer. A text file will open after the restart.
- Please post the contents of that logfile with your next reply.
- You can find the logfile at C:\AdwCleaner[s1].txt as well.

let me know if you still get those pop ups

mogmac · April 19, 2013

Hi Daniel,

I haven't had any popups yet (hooray!), but I want to play around for another couple of hours just to see if something comes.

Is it okay if a re-activate malwarebytes program?

I'll make a donation to the paypal account in your signature (sorry but it wont be a large sum, im working in Cambodia ATM earning a pittance). It may take a couple of days as I need to set up an account with paypal first. Thank you very much for your help!

# AdwCleaner v2.200 - Logfile created 04/19/2013 at 06:58:53

# Updated 02/04/2013 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : Morgan Macdonald - MORGAN

# Boot Mode : Normal

# Running from : C:\Users\Morgan Macdonald\Downloads\AdwCleaner (2).exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Morgan Macdonald\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [14323 octets] - [17/04/2013 22:29:37]

AdwCleaner[R2].txt - [14384 octets] - [17/04/2013 22:29:55]

AdwCleaner[R3].txt - [1076 octets] - [18/04/2013 01:09:43]

AdwCleaner[R4].txt - [1260 octets] - [18/04/2013 11:02:03]

AdwCleaner[s1].txt - [13444 octets] - [17/04/2013 22:30:13]

AdwCleaner[s2].txt - [1141 octets] - [18/04/2013 01:09:54]

AdwCleaner[s3].txt - [2143 octets] - [18/04/2013 02:40:34]

AdwCleaner[s4].txt - [1325 octets] - [18/04/2013 11:02:18]

AdwCleaner[s5].txt - [1176 octets] - [19/04/2013 06:58:53]

########## EOF - C:\AdwCleaner[s5].txt - [1236 octets] ##########

mogmac · April 19, 2013

Hi Daniel,

The ads are still coming.

How do we proceed from here?

Thanks

mogmac · April 19, 2013

Hi Daniel,

Sorry, but I just started to install the latest version of Java, but I cancelled it when I remembered the instructions you gave not to add new software.

Also, I tried to use a website called 'keepvid' (this was so I could show a video during a class I am teaching), it tried to install a program on my computer but I denied it.

Im not sure if these actions will affect future logfiles.

Larusso · April 19, 2013

Good mornin'

Feel free to install Java as soon as it asks again.

You preferences file from Chrome appears to be clean. Does the PopUps appear with FF and/or IE ?

mogmac · April 19, 2013

good morning!

Is it alright to just download the latest version of Java ithout waiting for the prompt? I know I have an old version (which I understand can be a problem for viruses) but I am not being prompted. ill get the correct link from my current version.

I opened internet explorer (for the first time in years) and a window came up saying 'view and manage your internet explorer add-ons'. The were four add-ons

Bing- Enabled

Google- Enabled

Tuvaro- Not available (if I remember correctly this is the problem)

Also, I dont have Firefox on my computer. Am i okay to download it?

Larusso · April 19, 2013

[2013/04/18 01:49:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

Created yesterday ? But you are right. It does not appear in your list of installed software. Odd

We may end with a complete reinstall of Chrome ( this browser is a pain for us Malware fighters )

Download ComboFix from this location:

Link 1

* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================

Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to this topic How to disable your security applications

====================================================

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

*Note - if after running ComboFix you see a message similar to 'registry key marked for deletion..' rebooting the machine will resolve that.

mogmac · April 19, 2013

stuff, I just realise that windows defender was enabled. I did spend a long time going through all the anti-viruses from the list. Sorry.

I cant even find a firefox file. I havent heard from you that I should download it, so I haven't yet.

Also, I havent removed 'Tuvaro' from my search providers in 'add-ons' for IE, should I do that?

ComboFix 13-04-18.03 - Morgan Macdonald 19/04/2013 15:01:03.2.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.61.1033.18.3884.2078 [GMT 7:00]

Running from: c:\users\Morgan Macdonald\Desktop\ComboFix.exe

AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\esupport\eDriver\Software\ASUS\MultiFrame\XP32_Vista32_Vista64_Win7_32_Win7_64_1.0.0021\Desktop_.ini

c:\program files (x86)\Common Files\Net4Switch.ico

c:\programdata\FullRemove.exe

c:\users\Morgan Macdonald\a98sy07v.dll

c:\windows\AsPatch10430001.exe

c:\windows\msvcr71.dll

.

((((((((((((((((((((((((( Files Created from 2013-03-19 to 2013-04-19 )))))))))))))))))))))))))))))))

.

2013-04-19 08:14 . 2013-04-19 08:14 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-04-19 08:14 . 2013-04-19 08:14 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-19 07:43 . 2013-04-19 07:43 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-04-19 07:13 . 2013-04-19 07:13 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D8A6B019-55F2-4C50-9761-30D9E3E4BA8C}\offreg.dll

2013-04-18 03:41 . 2013-04-18 03:41 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2013-04-18 03:31 . 2013-03-18 22:50 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D8A6B019-55F2-4C50-9761-30D9E3E4BA8C}\mpengine.dll

2013-04-18 03:31 . 2013-03-11 18:10 282744 ------w- c:\windows\system32\MpSigStub.exe

2013-04-18 02:49 . 2013-04-18 02:49 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-04-17 18:53 . 2013-04-17 18:53 -------- d-----w- c:\windows\SysWow64\searchplugins

2013-04-17 18:53 . 2013-04-17 18:53 -------- d-----w- c:\windows\SysWow64\Extensions

2013-04-17 18:47 . 2013-04-17 18:47 -------- d-----w- c:\users\Morgan Macdonald\AppData\Roaming\LavasoftStatistics

2013-04-17 18:46 . 2013-04-17 18:46 47496 ----a-w- c:\windows\system32\sbbd.exe

2013-04-17 18:46 . 2013-04-17 18:46 14456 ----a-w- c:\windows\system32\drivers\gfibto.sys

2013-04-17 18:46 . 2013-04-17 18:46 -------- d-----w- c:\users\Morgan Macdonald\AppData\Roaming\Ad-Aware Antivirus

2013-04-17 18:26 . 2013-04-17 18:26 -------- d-----w- c:\users\Morgan Macdonald\AppData\Roaming\Malwarebytes

2013-04-17 18:26 . 2013-04-17 18:26 -------- d-----w- c:\programdata\Malwarebytes

2013-04-17 18:26 . 2013-04-17 18:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-04-17 18:26 . 2013-04-04 07:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-04-17 18:26 . 2013-04-17 18:26 -------- d-----w- c:\users\Morgan Macdonald\AppData\Local\Programs

2013-04-16 10:51 . 2013-04-16 16:54 -------- d-----w- c:\users\Morgan Macdonald\AppData\Roaming\Otcica

2013-04-16 10:51 . 2013-04-16 10:51 -------- d-----w- c:\users\Morgan Macdonald\AppData\Roaming\Itesr

2013-04-16 10:51 . 2013-04-16 10:51 -------- d-----w- c:\users\Morgan Macdonald\AppData\Roaming\Foac

2013-04-10 13:37 . 2013-02-22 07:04 763520 ----a-w- c:\program files\Internet Explorer\iexplore.exe

2013-04-10 09:47 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll

2013-04-10 09:47 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll

2013-04-10 09:47 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll

2013-04-10 09:47 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll

2013-04-10 09:47 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll

2013-04-10 09:47 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll

2013-04-10 09:46 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-04-10 09:45 . 2013-03-02 06:04 1655656 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-10 09:45 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys

2013-04-10 09:45 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-10 09:45 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-04-10 09:45 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-04-10 09:45 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-04-10 09:45 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-04-10 09:45 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe

2013-04-08 02:42 . 2013-04-08 02:42 -------- d-----w- c:\program files (x86)\Common Files\Skype

2013-04-01 04:13 . 2013-04-17 18:36 -------- dc----w- C:\Temp

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-19 07:43 . 2013-02-28 03:16 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2013-04-19 07:43 . 2012-04-05 07:28 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-04-19 02:14 . 2011-05-19 14:33 45056 ----a-w- c:\windows\system32\acovcnt.exe

2013-03-13 02:19 . 2012-06-14 18:33 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-13 02:19 . 2012-06-14 18:33 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-02-12 05:45 . 2013-03-13 03:42 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-13 03:42 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-13 03:42 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-13 03:42 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-13 03:42 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-13 03:42 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-02-12 04:12 . 2013-03-14 08:09 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-01-27 08:47 . 2011-07-04 02:07 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2013-01-27 08:47 . 2011-07-04 02:07 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2013-01-22 05:25 . 2012-12-21 07:32 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2013-01-20 08:23 . 2013-01-09 00:05 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFree.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

2011-01-17 06:54 175912 ----a-w- c:\program files (x86)\Freecorder\prxtbFree.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\prxtbFree.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]

"Akamai NetSession Interface"="c:\users\Morgan Macdonald\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-03-07 19357112]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 37888]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-13 21504]

"HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-10-15 30264]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-18 152392]

.

c:\users\Morgan Macdonald\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Morgan Macdonald\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-5 549040]

FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe [2011-5-25 12862]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]

R2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312]

R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-08-11 44032]

R3 ew_mbbusbdev;MBB USB PNP Device;c:\windows\system32\DRIVERS\ew_mbbusbdev.sys [2012-06-27 115584]

R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-04-18 36680]

R3 mbbdatacard;MBB DataCard USB Modem and USB Serial;c:\windows\system32\DRIVERS\ewusbmdm.sys [2012-06-27 121600]

R3 rtsuvc;HP HD Webcam [Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [2011-03-09 09:07 8199016]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-24 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 AiCharger;AiCharger; [x]

S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-04-17 14456]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-09-05 24680]

S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Atheros\Ath_CoexAgent.exe [2010-05-24 151552]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Atheros\Bluetooth Suite\adminservice.exe [2010-11-26 52896]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 FPLService;TrueSuiteService;c:\program files\TrueSuite\TrueSuite.Service.exe [2010-12-10 290632]

S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-10-15 136192]

S2 HPM1210RcvFaxSrvc;HP LaserJet Professional M1210 MFP Series Receive Fax Service;c:\program files\HP\HP LaserJet M1210 MFP Series\ReceiveFaxUtility.exe [2010-05-11 362296]

S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [2010-04-30 127800]

S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2010-11-16 339456]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-09-30 508776]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-09-06 235624]

S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]

S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-16 13832]

S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-11-26 36000]

S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [2010-11-12 893728]

S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-11-26 298144]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-11-26 28832]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-11-26 201376]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-11-26 55456]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-11-26 154272]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-11-26 275616]

S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-11-19 210944]

S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2010-11-19 49664]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 333928]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-09-30 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-09-30 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-09-30 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-09-30 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-09-30 219496]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2009-08-20 03:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-19 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 02:19]

.

2013-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-05 15:07]

.

2013-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-05 15:07]

.

2013-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-678360098-3848388213-4069928809-1002Core.job

- c:\users\Morgan Macdonald\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14 13:16]

.

2013-04-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-678360098-3848388213-4069928809-1002UA.job

- c:\users\Morgan Macdonald\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-14 13:16]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Morgan Macdonald\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Morgan Macdonald\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Morgan Macdonald\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Morgan Macdonald\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-03-07 09:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-03-07 09:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-03-07 09:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-03-07 09:31 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\TSFPLOlayIcon]

@="{F4DD9208-8229-492D-BCBF-2955F7AC38F4}"

[HKEY_CLASSES_ROOT\CLSID\{F4DD9208-8229-492D-BCBF-2955F7AC38F4}]

2010-12-10 09:49 298312 ----a-w- c:\program files\TrueSuite\TrueSuite.FPLOlayIcon.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]

"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\VizorShortCut.exe" [2010-09-17 322384]

"ClientAppLogon"="c:\program files\TrueSuite\TrueSuite.ClientAppLogonExe.exe" [2010-12-10 421192]

"ClientAppLogon32"="c:\program files\TrueSuite\x86\TrueSuite.ClientAppLogonExe.exe" [2010-12-10 308040]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]

"AtherosBtStack"="c:\program files (x86)\Atheros\Bluetooth Suite\BtvStack.exe" [2010-11-26 613536]

"AthBtTray"="c:\program files (x86)\Atheros\Bluetooth Suite\AthBtTray.exe" [2010-11-26 379040]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 203.176.128.10 203.176.130.34

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Morgan Macdonald\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Morgan Macdonald\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - c:\users\Morgan Macdonald\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

Wow6432Node-HKCU-Run-Driver Updater - (no file)

Wow6432Node-HKLM-Run-SessionLogon - c:\expressgateutil\SessionLogon.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

SafeBoot-78561144.sys

Toolbar-Locked - (no file)

WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe

HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-678360098-3848388213-4069928809-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:c8,f7,b1,39,15,4a,7b,8e,b1,c6,7d,3e,aa,78,61,61,3c,c0,5e,38,37,50,fd,

78,f8,5a,f6,29,c6,1d,1b,12,cd,3e,b4,fd,35,77,da,86,d1,00,9b,27,e6,60,5b,f7,\

"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\06\00\1a\06\03 ?"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-04-19 15:17:53

ComboFix-quarantined-files.txt 2013-04-19 08:17

.

Pre-Run: 19,915,837,440 bytes free

Post-Run: 19,712,036,864 bytes free

.

- - End Of File - - 654CF56A550B79129470449E03836F8F

mogmac · April 19, 2013

From the 'combofix.txt' file