Do Search Virus

jamo2oo9 · 24-11-2013 1:41pm #1

I've been trying to remove this lil shít off my PC. I've removed it via anti-virus software and cleaned out my registries. Uninstalled them before the scan and registry cleaner and it was clean after it yesterday but I turned the PC on today and opened up Chrome and directs me to Do Search page.

I have edited the link under Properties for program start.

Any ideas?

jsa112 · 24-11-2013 1:57pm

run adwcleaner

www.bleepingcomputer.com/download/adwcleaner/

jamo2oo9 · 24-11-2013 6:43pm

jsa112 wrote: »

run adwcleaner

www.bleepingcomputer.com/download/adwcleaner/

Thank you so much for the link. Worked like a charm!

jamo2oo9 · 25-11-2013 6:34pm

Ok I guess I spoke too soon. Shut the PC down last night and only turned it on a while ago and Do Search is still there. Seems that adwcleaner didn't remove it then

Any other suggestions?

jsa112 · 25-11-2013 7:34pm

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files here

jamo2oo9 · 25-11-2013 8:14pm

jsa112 wrote: »

Download OTL to your Desktop
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Quick Scan button. Do not change any settings. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files here

Both of them? All of it? There's a lot of it

jamo2oo9 · 25-11-2013 8:17pm

OTL Extras logfile created on: 25/11/2013 18:37:58 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jamie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.96 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 69.84% Memory free
7.93 Gb Paging File | 6.37 Gb Available in Paging File | 80.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 458.51 Gb Free Space | 49.22% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 83.43 Mb Free Space | 83.44% Space Free | Partition Type: NTFS
Drive F: | 152.57 Gb Total Space | 115.58 Gb Free Space | 75.76% Space Free | Partition Type: NTFS

Computer Name: JAMIE-GAMINGPC | User Name: Jamie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0998352D-5B8B-4A32-8502-57B1C042E7BC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1A6B537F-D569-4EF4-8D08-4773EDE27063}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27944177-9513-4115-96BA-DF3D21AF97B4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2E264410-5B4D-4816-9A6D-4DCA2A034B26}" = rport=10243 | protocol=6 | dir=out | app=system |
"{49F2BB61-9449-4124-BEF4-C007539453D7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office 15\root\office15\outlook.exe |
"{61A611A5-D62C-49A0-9CDB-19E97FFB3AD9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9DF7BC84-214E-4414-AE21-E88F011DDDB7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{AF4E1EAB-AC32-406E-A708-8924B0B94BDF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DF827BB6-E832-4BE3-B0FD-8B904F2E89E2}" = lport=50248 | protocol=6 | dir=in | name=autodesk content service |
"{FA211D85-C07B-4DA2-99B0-CD7BB1A0714A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FEEA21D4-1D56-46AE-B977-8BEF4708A4A0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{075DE6B5-1E35-476D-91BA-E1C5C542E633}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{08DE8505-57E5-43B2-AC1E-76C1C8C24DA1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{0C50E869-736C-4E39-8147-B804455735F4}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{164FF5E9-BE47-46F9-9462-7C70BB14304E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{172CD0F7-3BE0-4D65-B67F-14D19DD7ECDF}" = protocol=17 | dir=in | app=c:\users\jamie\appdata\roaming\dropbox\bin\dropbox.exe |
"{1BB347A9-C1B3-4788-9E0D-4DCD148AD270}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1C4AF97D-BB07-43D4-B6A8-405A3308A3E2}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\burnout paradise\burnoutparadise.exe |
"{1C950148-8D46-4250-82A1-821C147837D2}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{20A75DEB-FCBC-4F44-B50C-D98613A49216}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{31A656DB-CD17-4433-97F5-16AA0B55D516}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{32BFCB1A-0126-4D3B-8C32-6E205D073468}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{361FF22D-E22C-45C4-B446-4C3FBA2812EC}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink\common\raui.exe |
"{452A1E9E-8F5E-4AA4-9630-6327C1ACC086}" = dir=in | app=c:\users\jamie\appdata\local\microsoft\skydrive\skydrive.exe |
"{47940408-55C1-4CEA-9D18-E35E5AF1F302}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"{512EA508-4598-4A44-B40E-084DE48D6414}" = protocol=6 | dir=in | app=c:\users\jamie\appdata\roaming\dropbox\bin\dropbox.exe |
"{582D1477-CC26-4AA1-B292-841EEB0CEA0F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5D19E3DC-A5E6-451B-A9B8-9FF64CC65762}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{5FF4E5E8-B203-4016-964D-D567156994D9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62E1CE1C-5D6D-4A58-A2A0-A573387B5F0C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{64327D1D-9A5A-4B93-A818-832FA468E05B}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"{6B97ADC2-1576-49B8-BC62-173DDF1FFD41}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D4E869B-0078-416A-99F9-6476BAB38C1A}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink\common\ramediaserver.exe |
"{70A3A146-78AB-40F0-85A8-1F4E351E7402}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{716AFCAB-98E7-4DB0-8CD0-7C20BAEC0914}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{72FAF4A4-0C0D-4C0E-B54C-95C01D4F2E45}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7F14E5B9-A363-43AE-BAA6-C42392838B8F}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink\common\raui.exe |
"{8499DE9B-886D-4C1C-A745-702288FB71A1}" = protocol=6 | dir=out | app=system |
"{8502887A-178B-457A-A828-1422276F6E30}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{88B1DC18-397A-4120-A27B-229FED97D755}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{893CF852-D080-4555-BD16-2AB141FC05BA}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink\common\raui.exe |
"{8ABB0382-CFB7-44F0-9A7A-10F83E6B490E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe |
"{B2577BC6-C4D1-4530-87EE-23EA6F16C60B}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{B43ED17B-41C2-4837-995C-2FFDE4B03129}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B7BF2AD9-1974-4892-A1D7-B8ACFDB91DEF}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C2CB22AB-62B2-4E97-963D-13C4D217CB96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C9750CB6-E464-4E6D-9DA5-A87C623C4F13}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink\common\ramediaserver.exe |
"{CD134255-203E-4E90-B1A4-AED4BD9444AA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DFC53A24-D6FD-4CD7-BEA6-811B0C94DCBA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E1D5E2E3-0627-478C-A9B5-07619B479606}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\burnout paradise\burnoutparadise.exe |
"{F0FA6B51-59BE-4302-A2A4-B8E9A2369EFA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe |
"{F3488A41-A375-40BA-90CA-DF763F9C0CDD}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink\common\raui.exe |
"{FAF7BEAF-A768-4D1B-A299-DF68DF667A00}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0D745EFB-C4C0-4D44-9591-CB85CBB263CF}C:\program files (x86)\csernakgergely\euroscope\euroscope.exe" = protocol=6 | dir=in | app=c:\program files (x86)\csernakgergely\euroscope\euroscope.exe |
"TCP Query User{4A7D9409-5742-49BB-8D58-AB3E00BD8E8C}C:\users\jamie\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\jamie\appdata\local\akamai\netsession_win.exe |
"TCP Query User{60A0A566-3104-43AC-B10C-C39A5FEE2B60}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{65F59C01-5CB7-4F2D-87E4-8D29F8F30AE9}C:\users\jamie\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\jamie\appdata\local\akamai\netsession_win.exe |
"TCP Query User{8B14B573-5EC5-42C8-9D97-6F7B151BF76E}C:\program files (x86)\microsoft games\microsoft flight simulator x\flight one software\ultimate traffic 2\ut2services.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\microsoft flight simulator x\flight one software\ultimate traffic 2\ut2services.exe |
"UDP Query User{099A6F97-C3EB-4788-84ED-CAB5F5837D83}C:\users\jamie\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\jamie\appdata\local\akamai\netsession_win.exe |
"UDP Query User{0A26179F-D202-4D7E-95DB-2DC26AB315B5}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{A6A3FF7D-1FA6-4D86-96DB-0C9AECF871D9}C:\users\jamie\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\jamie\appdata\local\akamai\netsession_win.exe |
"UDP Query User{F13630AE-AF08-42D1-9F17-6F129061427E}C:\program files (x86)\microsoft games\microsoft flight simulator x\flight one software\ultimate traffic 2\ut2services.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\microsoft flight simulator x\flight one software\ultimate traffic 2\ut2services.exe |
"UDP Query User{F8E6238E-C8E7-47A9-B409-6006FD8C901B}C:\program files (x86)\csernakgergely\euroscope\euroscope.exe" = protocol=17 | dir=in | app=c:\program files (x86)\csernakgergely\euroscope\euroscope.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{14297226-E0A0-3781-8911-E9D529552663}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}" = Autodesk 360
"{5783F2D7-D001-0000-0102-0060B0CE6BBA}" = AutoCAD 2014 - English
"{5783F2D7-D001-0409-1102-0060B0CE6BBA}" = AutoCAD 2014 Language Pack - English
"{5783F2D7-D001-0409-2102-0060B0CE6BBA}" = AutoCAD 2014 - English
"{5783F2D7-D004-0000-0102-0060B0CE6BBA}" = AutoCAD Architecture 2014 - English
"{5783F2D7-D004-0409-1102-0060B0CE6BBA}" = AutoCAD Architecture 2014 Language Pack - English
"{5783F2D7-D004-0409-2102-0060B0CE6BBA}" = AutoCAD Architecture 2014 - English
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90150000-008F-0000-1000-0000000FF1CE}" = Office 15 Click-to-Run Licensing Component
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 305.27
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.0613
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"8461-7759-5462-8226" = Vuze
"AutoCAD 2014 - English" = Autodesk AutoCAD 2014 - English
"AutoCAD Architecture 2014 - English" = Autodesk AutoCAD Architecture 2014 - English
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.65.1
"Defraggler" = Defraggler
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"O365HomePremRetail - en-us" = Microsoft Office 365 Home Premium - en-us
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 5.00 beta 7 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03594E81-55C6-4036-BB32-6FB27BC7A497}_is1" = Sid Meier's Civilization V - Game of the Year Edition
"{0A297C87-BF52-43FD-AD75-EE72228E4457}" = aerosoft's - Mega Airport Amsterdam FSX
"{0F16340B-5B5B-4531-8D87-4952E3BCA6E6}" = PMDG 777-200LR/F Base Package FSX
"{1CDC8E7D-CDFC-4C2B-A080-23D943354625}" = Burnout™ Paradise: The Ultimate Box
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20708FD5-E94D-4097-A21E-E28564CDBC06}" = PMDG 737 8900 NGX
"{2E8C03EC-E09F-4868-A4AC-02B9285D3E09}" = Document Express DjVu Plug-in
"{3768DDA4-3BF1-468D-82BD-1CC4D4AB1594}" = Navigraph Charts 4
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B12.1025.1
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B13.0125.1
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4847BBB9-EADD-4C92-90BF-4223B0892FF6}" = Microsoft Flight Simulator X Service Pack 2
"{4CFCC6FD-AEA2-4208-99A6-45CBF9DFFD82}" = Real Environment Xtreme
"{51BF3210-B825-4092-8E0D-66D689916E02}" = Autodesk Material Library Base Resolution Image Library 2014
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{62F029AB-85F2-0000-866A-9FC0DD99DDBC}" = Autodesk Content Service
"{62F029AB-85F2-0001-866A-9FC0DD99DDBC}" = Autodesk Content Service Language Pack
"{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}" = NVIDIA PhysX
"{644E9589-F73A-49A4-AC61-A953B9DE5669}" = SketchUp Import for AutoCAD 2014
"{644F9B19-A462-499C-BF4D-300ABC2A28B1}" = Autodesk Material Library 2014
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8A470330-70B2-49AD-86AF-79885EF9898A}" = FARO LS 1.1.501.0 (64bit)
"{8F722FA9-B994-4C9B-B292-FD32D6206EDF}" = ASUS WLAN Card Utilities/Driver
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90150000-008C-0000-0000-0000000FF1CE}" = Office 15 Click-to-Run Extensibility Component
"{90150000-008C-0409-0000-0000000FF1CE}" = Office 15 Click-to-Run Localization Component
"{93878DDD-E621-4AFF-8203-2658451A3636}" = EuroScope 3.1d
"{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B3B8E0B9-04D0-4449-969C-A23F0C90CB85}" = PMDG744X_GE_VS
"{BAAAA86B-9FA5-49F5-9272-6587A8751C2C}" = NL2000V4_installer
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C070121A-C8C5-4D52-9A7D-D240631BD433}" = Autodesk App Manager
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.1220.1
"{D86B0FD3-5506-4230-97E1-77303E3AC063}_is1" = Active Sky 2012
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{EBA1A9E6-36A3-4200-8D44-EE05B193ACFA}" = VFlyer
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EDCEE320-0FB3-4197-9F86-8C1CCF2278FB}" = PMDG 747-400/400F for FSX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F732FEDA-7713-4428-934B-EF83B8DD65D0}" = Autodesk Featured Apps
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Anvi AD Blocker" = Anvi AD Blocker 2.2
"Anvi Smart Defender" = Anvi Smart Defender 1.9.3
"Autodesk Content Service" = Autodesk Content Service
"Battlelog Web Plugins" = Battlelog Web Plugins
"Cheat Engine 6.3_is1" = Cheat Engine 6.3
"Cities XL 2012" = Cities XL 2012
"Cloud System Booster" = Cloud System Booster
"ESN Sonar-0.70.4" = ESN Sonar
"F1UT2" = Ultimate Traffic
"F1UT2PP" = Ultimate Traffic 2 Power Pack
"FarmingSimulator2013INT_is1" = Farming Simulator 2013
"Flightbeam - San Francisco International FSX 1.0.1 +SP1" = Flightbeam - San Francisco International FSX 1.0.1 +SP1
"FlightBeam Washington Dulles FSX/P3D_is1" = FlightBeam Washington Dulles FSX/P3D 1.1
"Fraps" = Fraps
"FS2Crew: PMDG 747 Voice Commander Edition" = FS2Crew: PMDG 747 Voice Commander Edition
"FSDreamTeam KJFK V2 FSX/P3D_is1" = FSDreamTeam KJFK V2 FSX/P3D 2.1
"FSDreamTeam Las Vegas McCarran FSX/P3D_is1" = FSDreamTeam Las Vegas McCarran FSX/P3D 1.2
"FSDreamTeam Los Angeles International FSX/P3D_is1" = FSDreamTeam Los Angeles International FSX/P3D 1.4.3
"FSDreamTeam OHareX 2.2_is1" = FSDreamTeam OHareX 2.2
"Google Chrome" = Google Chrome
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B13.0125.1
"InstallShield_{9527A496-5DF9-412A-ADC7-168BA5379CA6}" = Microsoft Flight Simulator X
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.1220.1
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"IvAp-v2_is1" = IvAp v1.9.8 (build 2138)
"N360" = Norton 360
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PowerISO" = PowerISO
"Shipsim2008" = Ship Simulator 2008
"SP1_9527A496-5DF9-412A-ADC7-168BA5379CA6" = Microsoft Flight Simulator X Service Pack 1
"SpeedFan" = SpeedFan (remove only)
"SquawkBox" = SquawkBox
"TeamViewer 8" = TeamViewer 8
"UK2000 Gatwick Xtreme FSX" = UK2000 Gatwick Xtreme FSX
"UK2000 Heathrow Xtreme" = UK2000 Heathrow Xtreme FSX
"UK2000 Manchester Xtreme %simname%" = UK2000 Manchester Xtreme %simname% Uninstall
"VATSpy" = VAT-Spy
"VLC media player" = VLC media player 2.0.6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Bitcoin" = Bitcoin
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 22/11/2013 12:00:34 | Computer Name = Jamie-GamingPC | Source = ESENT | ID = 455
Description = Windows (1424) Windows: Error -1811 occurred while opening logfile
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS003B5.log.

Error - 22/11/2013 12:00:34 | Computer Name = Jamie-GamingPC | Source = Windows Search Service | ID = 9000
Description =

Error - 22/11/2013 12:00:34 | Computer Name = Jamie-GamingPC | Source = Windows Search Service | ID = 7040
Description =

Error - 22/11/2013 12:00:34 | Computer Name = Jamie-GamingPC | Source = Windows Search Service | ID = 7042
Description =

Error - 22/11/2013 12:00:34 | Computer Name = Jamie-GamingPC | Source = Windows Search Service | ID = 9002
Description =

Error - 22/11/2013 12:00:34 | Computer Name = Jamie-GamingPC | Source = Windows Search Service | ID = 3029
Description =

Error - 22/11/2013 12:00:35 | Computer Name = Jamie-GamingPC | Source = Windows Search Service | ID = 3029
Description =

Error - 22/11/2013 12:00:35 | Computer Name = Jamie-GamingPC | Source = Windows Search Service | ID = 3028
Description =

Error - 22/11/2013 12:00:35 | Computer Name = Jamie-GamingPC | Source = Windows Search Service | ID = 3058
Description =

Error - 22/11/2013 12:00:35 | Computer Name = Jamie-GamingPC | Source = Windows Search Service | ID = 7010
Description =

[ System Events ]
Error - 04/09/2013 17:41:08 | Computer Name = Jamie-GamingPC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Formatting Files (DNE).

Error - 04/09/2013 17:42:08 | Computer Name = Jamie-GamingPC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Formatting Files (DNE).

Error - 04/09/2013 17:43:08 | Computer Name = Jamie-GamingPC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Formatting Files (DNE).

Error - 04/09/2013 17:44:08 | Computer Name = Jamie-GamingPC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Formatting Files (DNE).

Error - 04/09/2013 17:45:08 | Computer Name = Jamie-GamingPC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Formatting Files (DNE).

Error - 04/09/2013 17:46:08 | Computer Name = Jamie-GamingPC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Formatting Files (DNE).

Error - 04/09/2013 17:47:08 | Computer Name = Jamie-GamingPC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Formatting Files (DNE).

Error - 04/09/2013 17:48:08 | Computer Name = Jamie-GamingPC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Formatting Files (DNE).

Error - 04/09/2013 17:49:08 | Computer Name = Jamie-GamingPC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Formatting Files (DNE).

Error - 04/09/2013 17:50:08 | Computer Name = Jamie-GamingPC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume Formatting Files (DNE).

< End of report >

Extras.txt

jamo2oo9 · 25-11-2013 8:18pm

OTL logfile created on: 25/11/2013 18:37:58 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jamie\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.96 Gb Total Physical Memory | 2.77 Gb Available Physical Memory | 69.84% Memory free
7.93 Gb Paging File | 6.37 Gb Available in Paging File | 80.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 458.51 Gb Free Space | 49.22% Space Free | Partition Type: NTFS
Drive E: | 100.00 Mb Total Space | 83.43 Mb Free Space | 83.44% Space Free | Partition Type: NTFS
Drive F: | 152.57 Gb Total Space | 115.58 Gb Free Space | 75.76% Space Free | Partition Type: NTFS

Computer Name: JAMIE-GAMINGPC | User Name: Jamie | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/25 18:37:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jamie\Downloads\OTL.exe
PRC - [2013/11/22 18:33:04 | 000,042,680 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe
PRC - [2013/11/22 18:32:58 | 000,527,544 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe
PRC - [2013/10/21 06:56:16 | 001,636,536 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe
PRC - [2013/10/21 06:56:16 | 000,742,584 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe
PRC - [2013/10/08 12:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
PRC - [2013/10/01 12:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2013/06/14 07:00:12 | 000,314,064 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe
PRC - [2013/06/14 07:00:06 | 001,256,144 | ---- | M] (Anvisoft) -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe
PRC - [2013/06/05 17:28:40 | 027,370,808 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jamie\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/11 10:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/12/13 17:37:26 | 000,012,288 | ---- | M] (Autodesk, Inc.) -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
PRC - [2012/11/29 15:07:16 | 015,642,512 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaUI.exe
PRC - [2012/07/04 18:10:06 | 000,372,736 | ---- | M] (Ralink Technology, Corp.) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
PRC - [2012/01/13 13:04:16 | 000,219,760 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
PRC - [2011/05/26 15:50:02 | 001,799,168 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\Program Files (x86)\ASUS\WLAN Card Utilities\Center.exe
PRC - [2009/05/21 14:09:04 | 000,172,032 | ---- | M] () -- C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe

========== Modules (No Company Name) ==========

MOD - [2013/11/22 18:33:48 | 000,156,344 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\ui.dll
MOD - [2013/11/22 18:33:38 | 000,018,616 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\Public.dll
MOD - [2013/11/22 18:33:36 | 000,090,808 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\libglognc.dll
MOD - [2013/11/22 18:33:28 | 000,028,856 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\extentions\TestExtention.dll
MOD - [2013/10/15 03:06:26 | 000,785,128 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\sqlite3.dll
MOD - [2013/06/14 07:00:12 | 000,785,104 | ---- | M] () -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sqlite3.dll
MOD - [2013/04/21 20:44:32 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013/04/21 20:44:04 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013/03/13 20:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Jamie\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/01/25 16:43:24 | 000,651,331 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\work.dll
MOD - [2013/01/25 16:29:46 | 002,879,559 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\Normal.dll
MOD - [2013/01/09 16:26:58 | 000,307,200 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\MFCCPU.dll
MOD - [2012/12/25 14:14:36 | 001,318,988 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\AMD8.dll
MOD - [2012/11/29 14:24:06 | 001,499,204 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\OCK.dll
MOD - [2012/11/27 14:03:02 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\ycc.dll
MOD - [2012/11/27 12:54:56 | 001,331,266 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\SF.dll
MOD - [2012/11/27 12:41:56 | 001,335,362 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\HM.dll
MOD - [2012/11/27 10:12:46 | 001,210,256 | ---- | M] () -- C:\Program Files (x86)\Ralink\Common\RaWLAPI.dll
MOD - [2012/11/22 09:06:52 | 001,429,582 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GVTunner.dll
MOD - [2012/11/13 23:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Jamie\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/09/24 00:49:38 | 003,854,336 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\platform.dll
MOD - [2012/09/24 00:49:28 | 000,573,440 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\device.dll
MOD - [2012/05/08 14:01:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GPTT.dll
MOD - [2012/01/13 13:04:16 | 000,219,760 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\GUI.exe
MOD - [2011/10/18 08:26:16 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\STT.dll
MOD - [2011/03/01 18:00:58 | 000,126,976 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\StabilityLib.dll
MOD - [2010/06/24 14:50:08 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\IccLibDll.dll
MOD - [2008/05/07 14:22:58 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\CIAMIB.dll
MOD - [2003/02/14 13:11:46 | 000,102,400 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\ET6\Sound.dll

========== Services (SafeList) ==========

SRV:64bit: - [2013/11/13 19:50:45 | 001,471,352 | ---- | M] (Flexera Software LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FlexNet Licensing Service 64)
SRV:64bit: - [2013/09/17 17:57:32 | 001,907,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe -- (OfficeSvc)
SRV:64bit: - [2013/05/27 05:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/04/06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2013/11/22 18:33:04 | 000,042,680 | ---- | M] (Anvisoft) [Auto | Running] -- C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe -- (AnviCsbSvc)
SRV - [2013/10/21 06:56:16 | 000,742,584 | ---- | M] (Anvisoft) [Auto | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDSrv.exe -- (asdsrv)
SRV - [2013/10/08 12:05:13 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2013/10/01 12:14:40 | 005,087,584 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2013/07/19 11:45:00 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2013/06/14 07:00:12 | 000,314,064 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe -- (AdblockerSrv)
SRV - [2013/05/11 10:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/25 23:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/12/13 17:37:26 | 000,012,288 | ---- | M] (Autodesk, Inc.) [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)
SRV - [2012/07/06 17:20:54 | 001,863,680 | ---- | M] (Ralink) [Auto | Stopped] -- C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe -- (RaMediaServer)
SRV - [2012/07/04 18:10:54 | 000,447,488 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2012/07/04 18:10:06 | 000,372,736 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2011/08/30 14:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 21:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 14:09:04 | 000,172,032 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\WLAN Card Utilities\ASWLCCSVC.exe -- (ASWLCCSvc)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/19 18:31:38 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/10/15 03:05:58 | 000,023,376 | ---- | M] (Anvisoft) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\asdrs.sys -- (asdrs)
DRV:64bit: - [2013/10/15 03:05:58 | 000,018,768 | ---- | M] (Anvisoft) [File_System | System | Running] -- C:\Windows\SysNative\drivers\asdrm.sys -- (asdrm)
DRV:64bit: - [2013/10/15 03:05:58 | 000,017,232 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\asdws.sys -- (asdws)
DRV:64bit: - [2013/09/27 03:18:30 | 001,147,480 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2013/09/27 02:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2013/09/27 02:26:03 | 000,858,200 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2013/09/26 03:28:00 | 000,590,936 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symnets.sys -- (SymNetS)
DRV:64bit: - [2013/09/26 02:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/10 02:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS64.sys -- (SymDS)
DRV:64bit: - [2013/09/10 01:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2013/07/03 13:11:40 | 000,127,384 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu)
DRV:64bit: - [2013/06/09 02:40:32 | 000,019,280 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\asdnet.sys -- (asdnet)
DRV:64bit: - [2012/12/13 12:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/25 08:01:20 | 000,022,680 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/07 07:09:00 | 000,088,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2012/08/07 07:09:00 | 000,065,152 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2012/03/01 06:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/23 13:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 06:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 06:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 13:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 11:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009/11/05 04:51:30 | 000,446,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8187B.sys -- (RTL8187B)
DRV:64bit: - [2009/10/28 09:59:08 | 000,045,752 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PCASp50.sys -- (PCASp50)
DRV:64bit: - [2009/07/14 01:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 01:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 01:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 20:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 20:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 20:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 20:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/11/25 17:24:14 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2013/11/25 17:24:04 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2013/10/28 19:20:51 | 000,521,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20131115.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013/10/22 23:11:13 | 001,524,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131101.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/10/18 00:00:00 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20131118.002\ex64.sys -- (NAVEX15)
DRV - [2013/10/18 00:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/10/18 00:00:00 | 000,140,376 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/10/18 00:00:00 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20131118.002\eng64.sys -- (NAVENG)
DRV - [2012/09/24 00:54:02 | 000,057,512 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files (x86)\GIGABYTE\ET6\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2009/10/28 09:59:08 | 000,045,752 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\PCASp50.sys -- (PCASp50)
DRV - [2009/07/14 01:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=1384985002&from=epom2&uid=ST1000DM003-9YN162_Z1D34NYAXXXXZ1D34NYA
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1384985002&from=epom2&uid=ST1000DM003-9YN162_Z1D34NYAXXXXZ1D34NYA&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1384985002&from=epom2&uid=ST1000DM003-9YN162_Z1D34NYAXXXXZ1D34NYA&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hp&ts=1384985002&from=epom2&uid=ST1000DM003-9YN162_Z1D34NYAXXXXZ1D34NYA
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=1384985002&from=epom2&uid=ST1000DM003-9YN162_Z1D34NYAXXXXZ1D34NYA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1384985002&from=epom2&uid=ST1000DM003-9YN162_Z1D34NYAXXXXZ1D34NYA&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1384985002&from=epom2&uid=ST1000DM003-9YN162_Z1D34NYAXXXXZ1D34NYA&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hp&ts=1384985002&from=epom2&uid=ST1000DM003-9YN162_Z1D34NYAXXXXZ1D34NYA
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=1384985002&from=epom2&uid=ST1000DM003-9YN162_Z1D34NYAXXXXZ1D34NYA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 75 FD 95 E3 49 83 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@caminova.com/DjVuPlugin: C:\Program Files (x86)\Caminova\Document Express DjVu Plug-in\npdjvu.dll (Caminova, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013/10/19 18:32:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2013/11/25 17:22:07 | 000,000,000 | ---D | M]

[2013/10/19 16:50:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/20 22:03:22 | 000,000,557 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\do-search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Google Docs = C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Protection = C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.0.27_0\
CHR - Extension: Google Wallet = C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 21:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Anvi AD Blocker] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe (Anvisoft)
O4 - HKLM..\Run: [Anvi Smart Defender] C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASDTray.exe (Anvisoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Control Center] C:\Program Files (x86)\ASUS\WLAN Card Utilities\CenterAgent.exe ()
O4 - HKCU..\Run: [Akamai NetSession Interface] File not found
O4 - HKCU..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (Autodesk, Inc.)
O4 - HKCU..\Run: [CloudSystemBooster] C:\Program Files (x86)\Anvisoft\Cloud System Booster\CloudSystemBooster.exe (Anvisoft)
O4 - HKCU..\Run: [SkyDrive] File not found
O4 - HKLM..\RunOnce: [EasyTuneVI] C:\Program Files (x86)\GIGABYTE\ET6\ETcall.exe ()
O4 - Startup: C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jamie\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9DF20284-A346-4C99-9F18-07961D6B2D97}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CEB53504-206C-4E1F-A76E-F84850E14C11}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/11/14 17:33:41 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{941139fe-ee71-11e2-bb73-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{941139fe-ee71-11e2-bb73-806e6f6e6963}\Shell\AutoRun\command - "" = \Setup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\cdstart.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\cdstart.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/25 17:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/11/24 17:12:43 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/23 12:05:30 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Anvisoft
[2013/11/23 12:01:40 | 000,023,376 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrs.sys
[2013/11/23 12:01:40 | 000,018,768 | ---- | C] (Anvisoft) -- C:\Windows\SysNative\drivers\asdrm.sys
[2013/11/23 12:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Anvisoft
[2013/11/23 11:54:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
[2013/11/23 11:54:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Anvisoft
[2013/11/20 22:03:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElcomSoft
[2013/11/14 22:27:16 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/14 22:27:15 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/14 22:27:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/14 22:27:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/14 22:27:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/14 22:27:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/14 22:27:15 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/14 22:27:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/14 22:27:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/14 22:27:14 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/14 22:27:14 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/14 22:27:13 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/14 22:27:13 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/14 22:27:13 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/14 22:27:13 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/14 19:15:27 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Documents\Autodesk
[2013/11/14 19:13:07 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Documents\Inventor Server SDK ACA 2014
[2013/11/14 12:34:03 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/11/14 12:33:59 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/11/14 12:33:59 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/11/14 12:33:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013/11/14 12:33:59 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/14 12:33:59 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/14 12:33:57 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/11/14 12:33:57 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/11/14 12:33:57 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/11/14 12:33:57 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/11/14 12:33:57 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/11/14 12:33:52 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/11/14 12:33:51 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/11/14 12:33:51 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/11/14 12:33:51 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/11/14 12:33:51 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013/11/13 20:16:57 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\cache
[2013/11/13 20:14:32 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autodesk
[2013/11/13 19:58:42 | 000,000,000 | ---D | C] -- C:\Users\Jamie\Documents\Inventor Server SDK ACAD 2014
[2013/11/13 19:50:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2013/11/13 19:49:56 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\Autodesk
[2013/11/13 19:48:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Autodesk
[2013/11/13 19:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Autodesk Shared
[2013/11/13 19:48:06 | 000,000,000 | ---D | C] -- C:\Program Files\Autodesk
[2013/11/13 19:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Autodesk
[2013/11/13 19:08:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk
[2013/11/13 19:07:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Autodesk Shared
[2013/11/13 19:05:16 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2013/11/13 19:05:16 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2013/11/13 19:05:16 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2013/11/13 19:05:16 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2013/11/13 19:05:15 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2013/11/13 19:05:15 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2013/11/13 19:05:15 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2013/11/13 19:05:14 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2013/11/13 19:05:14 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2013/11/13 19:05:13 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2013/11/13 19:05:13 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2013/11/13 19:05:13 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2013/11/13 19:05:13 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2013/11/13 19:05:13 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2013/11/13 19:05:12 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2013/11/13 19:05:12 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2013/11/13 19:05:11 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2013/11/13 19:05:11 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2013/11/13 19:05:11 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2013/11/13 19:05:11 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2013/11/13 19:04:59 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2013/11/13 19:04:59 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2013/11/13 19:01:26 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Autodesk
[2013/11/13 19:01:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Autodesk
[2013/11/13 18:55:02 | 000,000,000 | ---D | C] -- C:\Autodesk
[2013/11/09 15:01:56 | 003,799,040 | ---- | C] (Microsoft) -- C:\Users\Jamie\Desktop\TheAirline.exe
[2013/11/09 14:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/11/09 14:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/11/09 14:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/11/09 14:47:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/11/09 14:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/11/08 17:26:57 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Local\Mozilla
[2013/11/08 17:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/11/05 17:10:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navigraph Charts
[2013/11/05 17:10:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Navigraph
[2013/11/03 18:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Modèles Météo - GFS
[2013/11/03 18:18:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Modèles Météo - GFS
[2013/11/02 10:29:28 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Bitcoin
[2013/11/02 10:29:25 | 000,000,000 | ---D | C] -- C:\Users\Jamie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bitcoin
[2013/11/02 10:29:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bitcoin
[2013/10/27 18:22:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/25 18:24:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/25 17:43:06 | 000,002,289 | ---- | M] () -- C:\Users\Jamie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/25 17:42:53 | 000,002,265 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/25 17:31:07 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/25 17:31:07 | 000,015,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/25 17:28:04 | 000,782,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/25 17:28:04 | 000,667,262 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/25 17:28:04 | 000,125,938 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/25 17:24:14 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2013/11/25 17:24:14 | 000,000,004 | ---- | M] () -- C:\Windows\SysWow64\GVTunner.ref
[2013/11/25 17:24:04 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2013/11/25 17:22:27 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/25 17:21:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/25 17:21:47 | 3192,557,568 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/24 21:29:12 | 000,017,670 | ---- | M] () -- C:\Users\Jamie\Documents\Contacts.acctl
[2013/11/23 12:01:53 | 000,001,510 | ---- | M] () -- C:\Users\Public\Desktop\Anvi AD Blocker.lnk
[2013/11/23 12:01:40 | 000,001,194 | ---- | M] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
[2013/11/23 11:54:41 | 000,001,282 | ---- | M] () -- C:\Users\Public\Desktop\Cloud System Booster.lnk
[2013/11/20 22:25:35 | 000,057,910 | ---- | M] () -- C:\Users\Jamie\Documents\cc_20131120_222528.reg
[2013/11/20 22:11:18 | 000,773,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll
[2013/11/20 22:11:18 | 000,420,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll
[2013/11/20 22:03:23 | 000,001,645 | ---- | M] () -- C:\Users\Jamie\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/20 21:52:10 | 000,056,261 | ---- | M] () -- C:\Users\Jamie\Documents\view-source downloadsnack.com files password .htm
[2013/11/18 22:11:30 | 000,105,053 | ---- | M] () -- C:\Users\Jamie\Documents\okay-okay-l.png
[2013/11/15 07:35:40 | 000,524,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/14 19:16:56 | 000,002,273 | ---- | M] () -- C:\Users\Jamie\Desktop\Install Now Autodesk® AutoCAD® Architecture 2014.lnk
[2013/11/14 19:16:38 | 000,002,414 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2014 - English (US Metric).lnk
[2013/11/14 19:16:38 | 000,002,408 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2014 - English (Global).lnk
[2013/11/14 19:16:38 | 000,002,400 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2014 - English (UK).lnk
[2013/11/13 20:14:32 | 000,002,120 | ---- | M] () -- C:\Users\Jamie\Desktop\Install Now Autodesk® AutoCAD® 2014.lnk
[2013/11/13 20:14:07 | 000,002,013 | ---- | M] () -- C:\Users\Public\Desktop\Autodesk 360.lnk
[2013/11/13 19:53:45 | 000,066,949 | ---- | M] () -- C:\Users\Jamie\Documents\182.jpg
[2013/11/13 19:51:17 | 000,000,153 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/11/13 19:50:07 | 000,002,108 | ---- | M] () -- C:\Users\Public\Desktop\AutoCAD 2014 - English.lnk
[2013/11/09 14:48:22 | 000,001,793 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/11/09 12:40:57 | 000,001,212 | ---- | M] () -- C:\Users\Jamie\Desktop\bc - Shortcut.lnk
[2013/11/09 12:40:50 | 000,001,437 | ---- | M] () -- C:\Users\Jamie\Desktop\Yeni Microsoft Word Belgesi - Shortcut.lnk
[2013/11/09 08:48:36 | 003,799,040 | ---- | M] (Microsoft) -- C:\Users\Jamie\Desktop\TheAirline.exe
[2013/11/03 18:18:10 | 000,001,075 | ---- | M] () -- C:\Users\Jamie\Desktop\Modèles Météo - GFS.lnk
[2013/10/27 18:23:00 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/11/25 17:42:53 | 000,002,289 | ---- | C] () -- C:\Users\Jamie\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/25 17:42:53 | 000,002,265 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/24 21:29:12 | 000,017,670 | ---- | C] () -- C:\Users\Jamie\Documents\Contacts.acctl
[2013/11/23 12:01:52 | 000,001,510 | ---- | C] () -- C:\Users\Public\Desktop\Anvi AD Blocker.lnk
[2013/11/23 12:01:51 | 000,019,280 | ---- | C] () -- C:\Windows\SysNative\drivers\asdnet.sys
[2013/11/23 12:01:40 | 000,017,232 | ---- | C] () -- C:\Windows\SysNative\drivers\asdws.sys
[2013/11/23 12:01:40 | 000,001,194 | ---- | C] () -- C:\Users\Public\Desktop\Anvi Smart Defender.lnk
[2013/11/23 11:54:41 | 000,001,282 | ---- | C] () -- C:\Users\Public\Desktop\Cloud System Booster.lnk
[2013/11/22 19:49:18 | 000,000,004 | ---- | C] () -- C:\Windows\SysWow64\GVTunner.ref
[2013/11/20 22:25:31 | 000,057,910 | ---- | C] () -- C:\Users\Jamie\Documents\cc_20131120_222528.reg
[2013/11/20 21:52:10 | 000,056,261 | ---- | C] () -- C:\Users\Jamie\Documents\view-source downloadsnack.com files password .htm
[2013/11/18 22:11:30 | 000,105,053 | ---- | C] () -- C:\Users\Jamie\Documents\okay-okay-l.png
[2013/11/14 19:16:56 | 000,002,273 | ---- | C] () -- C:\Users\Jamie\Desktop\Install Now Autodesk® AutoCAD® Architecture 2014.lnk
[2013/11/14 19:16:38 | 000,002,414 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2014 - English (US Metric).lnk
[2013/11/14 19:16:38 | 000,002,408 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2014 - English (Global).lnk
[2013/11/14 19:16:38 | 000,002,400 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD Architecture 2014 - English (UK).lnk
[2013/11/13 20:24:06 | 001,312,923 | ---- | C] () -- C:\Users\Jamie\Desktop\Airbus_A350-900.dwg
[2013/11/13 20:20:20 | 000,996,703 | ---- | C] () -- C:\Users\Jamie\Desktop\Airbus_A380-800.dwg
[2013/11/13 20:14:32 | 000,002,120 | ---- | C] () -- C:\Users\Jamie\Desktop\Install Now Autodesk® AutoCAD® 2014.lnk
[2013/11/13 20:14:07 | 000,002,013 | ---- | C] () -- C:\Users\Public\Desktop\Autodesk 360.lnk
[2013/11/13 19:53:43 | 000,066,949 | ---- | C] () -- C:\Users\Jamie\Documents\182.jpg
[2013/11/13 19:51:17 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/11/13 19:50:06 | 000,002,108 | ---- | C] () -- C:\Users\Public\Desktop\AutoCAD 2014 - English.lnk
[2013/11/09 14:48:22 | 000,001,793 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/11/09 12:40:57 | 000,001,212 | ---- | C] () -- C:\Users\Jamie\Desktop\bc - Shortcut.lnk
[2013/11/09 12:40:50 | 000,001,437 | ---- | C] () -- C:\Users\Jamie\Desktop\Yeni Microsoft Word Belgesi - Shortcut.lnk
[2013/11/03 18:18:10 | 000,001,075 | ---- | C] () -- C:\Users\Jamie\Desktop\Modèles Météo - GFS.lnk
[2013/10/27 18:23:00 | 000,001,184 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/10/27 18:22:59 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/09/04 14:08:29 | 000,552,960 | ---- | C] () -- C:\Windows\SysWow64\RAASAUDIO32.dll
[2013/07/27 13:07:43 | 000,000,184 | ---- | C] () -- C:\Users\Jamie\FSDreamTeam_JFK V2.reg
[2013/07/21 12:48:40 | 000,000,180 | ---- | C] () -- C:\Users\Jamie\FSDreamTeam_JFK.reg
[2013/07/21 12:47:05 | 000,000,181 | ---- | C] () -- C:\Users\Jamie\FSDreamTeam_KLAS.reg
[2013/07/21 12:46:25 | 000,000,190 | ---- | C] () -- C:\Users\Jamie\FSDreamTeam_Chicago Ohare.reg
[2013/07/21 12:45:48 | 000,000,191 | ---- | C] () -- C:\Users\Jamie\FSDreamTeam_Los Angeles V2.reg
[2013/07/18 16:18:10 | 000,014,119 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2013/07/18 16:17:42 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2013/07/18 16:17:41 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2013/07/18 14:43:50 | 000,000,061 | -HS- | C] () -- C:\Windows\cnerolf.bin
[2013/07/17 20:00:29 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2013/07/17 19:47:06 | 000,768,202 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/07/17 19:43:43 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

========== ZeroAccess Check ==========

[2009/07/14 04:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 02:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 01:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 12:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 01:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:74603393

< End of report >

OTL.txt

jsa112 · 25-11-2013 9:10pm

open OTL copy this into the box

:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=138...YAXXXXZ1D34NYA
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts...q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hp&ts=138...YAXXXXZ1D34NYA
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=138...YAXXXXZ1D34NYA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hp&ts=138...YAXXXXZ1D34NYA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=138...YAXXXXZ1D34NYA
[2013/11/20 22:03:22 | 000,000,557 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\do-search.xml
O33 - MountPoints2\{941139fe-ee71-11e2-bb73-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{941139fe-ee71-11e2-bb73-806e6f6e6963}\Shell\AutoRun\command - "" =

\Setup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\cdstart.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\cdstart.exe

:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[EMPTYJAVA]
[CREATERESTOREPOINT]
[Reboot]
:Files
ipconfig /flushdns /c

click run fix post the log it gives

reboot, is dosearch now gone ?

jamo2oo9 · 25-11-2013 10:56pm

I added the text you wanted me to add in and saved it and when I go into OTL, click on Run Fix, it doesn't pick up the .txt file. Only allows .fix files.

jsa112 · 25-11-2013 11:39pm

just copy and paste from the :OTL on down to ipconfig /flushdns /c

then paste that into OTL

you don't need to save any .txt files or anything

jamo2oo9 · 26-11-2013 12:14am

That seemed to work. Thanks!

Won't be too hasty about it though. Will report in the morning!

Cheers

Do Search Virus

Comments