Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect issue


  • This topic is locked This topic is locked
26 replies to this topic

#1 Osceola214

Osceola214

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 20 July 2012 - 03:53 PM

I've been referred to this page from a thread in another topic about this which can be seen here: http://www.bleepingcomputer.com/forums/topic461210.html

When I click on Google results, or more often when I "open in new tab" I get a similar looking page that goes to ads or malware such as this example: http://63.209.69.107/search/web/redirect+virus/C10/ecn/46938-10090/v5

Sometimes I click on a link and ask it to open in a new tab, and a new window opens with a similar page to the one linked above. The topic is always similar, but not the link I clicked. Happens most of the time, but not all the time.

I attempted the following, but still have the issue:

MiniToolBox
Tdsskiller
AVG Free 2012
ESET
Malwarebytes
SUPERAntiSpyware

The logs of all of those can be seen at the original thread linked above.

DDS log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Tom at 15:49:12 on 2012-07-20
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16366.11527 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe
C:\Program Files\CrashPlan\CrashPlanService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\HWRaidManager\XSrvSetup.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\HWRaidManager\HWRaidManager.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\CrashPlan\CrashPlanTray.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Download Energy Toolbar: {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files (x86)\Download_Energy\prxtbDown.dll
mURLSearchHooks: Download Energy Toolbar: {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files (x86)\Download_Energy\prxtbDown.dll
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Download Energy Toolbar: {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files (x86)\Download_Energy\prxtbDown.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Download Energy Toolbar: {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files (x86)\Download_Energy\prxtbDown.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\Tom\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [cdloader] "C:\Users\Tom\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [AdobeBridge]
uRun: [Apple Computer] rundll32.exe "C:\Users\Tom\AppData\Local\Apps\Apple Computer\tvzjqlnhf.dll",CreateInstance
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Intuit SyncManager] c:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CRASHP~1.LNK - C:\Program Files (x86)\CrashPlan\CrashPlanTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGOCA~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PROFIL~1.LNK - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} - file:///P:/setup/RiffLick.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{07C11825-D77E-4717-833B-B5D065C0DE7E} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Download Energy Toolbar: {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files (x86)\Download_Energy\prxtbDown.dll
BHO-X64: Download Energy - No File
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Download Energy Toolbar: {ad708c09-d51b-45b3-9d28-4eba2681febf} - C:\Program Files (x86)\Download_Energy\prxtbDown.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Intuit SyncManager] c:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\tagwnq7p.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Tom\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SbFw;SbFw;C:\Windows\system32\drivers\SbFw.sys --> C:\Windows\system32\drivers\SbFw.sys [?]
R1 SbTis;SbTis;C:\Windows\system32\drivers\sbtis.sys --> C:\Windows\system32\drivers\sbtis.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 BrcmMgmtAgent;Broadcom Management Agent;C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe [2010-6-29 158720]
R2 CrashPlanService;CrashPlan Backup Service;C:\Program Files\CrashPlan\CrashPlanService.exe [2011-3-16 222720]
R2 Freemake Improver;Freemake Improver;C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2012-6-19 96768]
R2 HWRaidManager;HWRaidManager;C:\Program Files (x86)\HWRaidManager\XSrvSetup.exe [2011-8-26 69632]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-17 13336]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2010-11-26 66560]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-8-17 2255464]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-5-25 442656]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-17 2655768]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 SBFWIMCLMP;Sunbelt Software Firewall NDIS IM Filter Miniport;C:\Windows\system32\DRIVERS\SBFWIM.sys --> C:\Windows\system32\DRIVERS\SBFWIM.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S0 rr62x;rr62x;C:\Windows\system32\DRIVERS\rr62x.sys --> C:\Windows\system32\DRIVERS\rr62x.sys [?]
S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-18 136176]
S2 hptsvr;Newer Technology Management Service;C:\Program Files (x86)\HighPoint Technologies, Inc\HighPoint RAID Management Software\Service\hptsvr.exe [2011-8-18 57344]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-7-16 1153368]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 250056]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-8-26 14216]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-8-26 8456]
S3 EyeOneDisplay;EyeOneDisplay;C:\Windows\system32\Drivers\i1display_x64.sys --> C:\Windows\system32\Drivers\i1display_x64.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-18 136176]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-8 113120]
S3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Service;C:\Windows\system32\DRIVERS\sbfwim.sys --> C:\Windows\system32\DRIVERS\sbfwim.sys [?]
S3 sbhips;sbhips;C:\Windows\system32\drivers\sbhips.sys --> C:\Windows\system32\drivers\sbhips.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-19 20:46:39 -------- d-----w- C:\Users\Tom\AppData\Roaming\SUPERAntiSpyware.com
2012-07-19 20:46:21 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-07-19 20:46:21 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-07-19 02:50:07 -------- d-----w- C:\Program Files\ESET
2012-07-19 02:42:35 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2012-07-19 02:23:40 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-07-19 02:21:45 251528 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-07-19 02:21:45 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-07-19 02:21:34 -------- d-----w- C:\ProgramData\PC Tools
2012-07-19 02:21:33 -------- d-----w- C:\Users\Tom\AppData\Roaming\TestApp
2012-07-19 01:47:25 -------- d-----w- C:\_OTM
2012-07-16 21:41:51 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-16 21:41:51 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-13 21:55:46 -------- d-----w- C:\Users\Tom\AppData\Roaming\Hard Disk Sentinel
2012-07-13 21:55:14 -------- d-----w- C:\Program Files (x86)\Hard Disk Sentinel
2012-07-13 17:02:39 -------- d-----w- C:\Users\Tom\AppData\Roaming\Ashampoo
2012-07-13 17:00:02 -------- d-----w- C:\Users\Tom\AppData\Local\ashampoo
2012-07-13 17:00:02 -------- d-----w- C:\ProgramData\ashampoo
2012-07-13 16:59:44 -------- d-----w- C:\Program Files (x86)\Ashampoo
2012-07-11 08:02:38 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 05:42:30 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-11 05:42:30 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-11 05:42:30 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-11 05:42:29 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-11 05:42:29 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2012-07-11 05:42:29 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-11 05:41:33 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-07-11 05:41:33 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-07-11 05:41:33 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-07-11 05:41:33 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-07-11 05:41:33 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-07-11 05:41:33 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-07-11 05:41:33 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-07-11 05:41:32 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-07-11 05:41:32 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-07-06 17:01:32 -------- d-----w- C:\Program Files (x86)\R-Studio
2012-07-01 19:07:50 -------- d-----w- C:\Program Files\iPod
2012-07-01 19:07:49 -------- d-----w- C:\Program Files\iTunes
2012-07-01 19:07:49 -------- d-----w- C:\Program Files (x86)\iTunes
2012-07-01 18:09:05 -------- d-----w- C:\Users\Tom\AppData\Local\Macromedia
2012-07-01 18:07:04 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-07-01 18:07:03 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-26 16:12:09 -------- d-----w- C:\Users\Tom\AppData\Local\{81B8B63E-33DD-4DA0-951B-8AD8697F3E23}
2012-06-26 16:12:00 -------- d-----w- C:\Users\Tom\AppData\Local\{F911CF33-55CD-4F82-BA3A-3548CF62CA64}
2012-06-26 16:11:39 -------- d-----w- C:\Windows\en
2012-06-26 16:10:13 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2b1681931cd53b602\DSETUP.dll
2012-06-26 16:10:13 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2b1681931cd53b602\DXSETUP.exe
2012-06-26 16:10:13 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\2b1681931cd53b602\dsetup32.dll
2012-06-26 16:10:11 -------- d-----w- C:\Users\Tom\AppData\Local\{11753328-1338-4F75-9EBB-3089C8ECA571}
2012-06-26 16:09:53 -------- d-----w- C:\Users\Tom\AppData\Local\{C2C3A252-EE92-4704-B0D4-2CB307EF076F}
2012-06-26 16:09:43 -------- d-----w- C:\Users\Tom\AppData\Local\{8859D8D9-981F-4DE6-8D0E-D134B3611731}
2012-06-26 16:09:23 -------- d-----w- C:\Users\Tom\AppData\Local\{99EC6B6B-05E1-4121-A74F-70D023BC0626}
2012-06-26 16:09:13 -------- d-----w- C:\Users\Tom\AppData\Local\{E9750EE3-C4D7-4C72-AA95-0E6A5A00F43A}
2012-06-25 21:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll
2012-06-23 05:56:35 -------- d-----w- C:\Program Files (x86)\1ClickDownload
.
==================== Find3M ====================
.
2012-07-11 23:20:06 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 23:20:06 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-12 19:19:39 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-05-10 22:22:56 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-05-10 22:22:56 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
.
============= FINISH: 15:49:32.35 ===============


During the processes above, the following were identified, but I don't know if they were removed clenly or not:

ESET info:

C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Cache\f_000050 HTML/WhiteSmoke application cleaned by deleting - quarantined

Spyware Doctor found Trojan.Tracur (4 infections), but since I wasn't registered, didn't fix it.


Thank you in advance for any help you can give me!

Attached File  Attach.txt   14.47KB   2 downloads

BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:11 AM

Posted 20 July 2012 - 04:02 PM

Good evening. :)

Download OTL by OldTimer from here and save it to your Desktop.

  • Double click the tool to run it.
  • Check the Scan All User box at the top.
  • Copy and paste the following into the Custom Scans/Fixes box at the bottom:

    • netsvcs
      %SYSTEMDRIVE%\*.exe
      /md5start
      consrv.dll
      explorer.exe
      winlogon.exe
      Userinit.exe
      svchost.exe
      /md5stop
      C:\Windows\assembly\tmp\U\*.* /s
      %Temp%\smtmp\1\*.*
      %Temp%\smtmp\2\*.*
      %Temp%\smtmp\3\*.*
      %Temp%\smtmp\4\*.*
      >C:\commands.txt echo list vol /raw /hide /c
      /wait
      >C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
      /wait
      type c:\diskreport.txt /c
      /wait
      erase c:\commands.txt /hide /c
      /wait
      erase c:\diskreport.txt /hide /c
      CREATERESTOREPOINT
  • Click the Run Scan button and allow it to do it's thing.
  • Once the scan has completed two notepad windows, OTL.Txt and Extras.Txt, will open - these text files will be saved in the same location as OTL.
  • Please post the contents of both in your next reply - you may need to post each seperately if they are overly long.

So long, and thanks for all the fish.

 

 


#3 Osceola214

Osceola214
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 20 July 2012 - 09:54 PM

Thanks. Please see results below:

OTL logfile created on: 7/20/2012 9:45:31 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Tom\Desktop\redirect issue
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 10.03 Gb Available Physical Memory | 62.78% Memory free
29.76 Gb Paging File | 23.44 Gb Available in Paging File | 78.77% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 5.87 Gb Free Space | 5.26% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 392.20 Gb Free Space | 42.10% Space Free | Partition Type: NTFS
Drive T: | 465.75 Gb Total Space | 196.28 Gb Free Space | 42.14% Space Free | Partition Type: NTFS

Computer Name: TOM-DELL-8330 | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/20 21:44:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Tom\Desktop\redirect issue\OTL.scr
PRC - [2012/07/11 17:20:06 | 000,686,280 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe
PRC - [2012/06/29 17:26:12 | 004,407,808 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
PRC - [2012/06/29 17:26:02 | 000,720,896 | ---- | M] (Luis Cobian, CobianSoft) -- C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
PRC - [2012/06/18 13:16:02 | 000,096,768 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
PRC - [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012/01/24 18:24:26 | 002,416,480 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/03 05:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/07/29 14:22:16 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2011/05/25 23:05:28 | 000,442,656 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/04/14 11:17:18 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2011/03/16 10:17:57 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2011/03/02 01:14:08 | 000,190,808 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/01/20 13:36:50 | 003,431,936 | ---- | M] (Security Stronghold) -- C:\Program Files (x86)\Adaware Removal Tool\AdawareRemovalTool.exe
PRC - [2010/10/06 14:08:48 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/10/06 14:08:44 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/09/13 20:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/03/06 06:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2009/12/05 13:36:42 | 000,045,056 | ---- | M] (Intuit) -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2009/11/08 19:19:00 | 015,229,952 | R--- | M] () -- C:\Program Files (x86)\HWRaidManager\HWRaidManager.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:12 | 005,365,592 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
PRC - [2009/01/21 14:23:00 | 000,069,632 | R--- | M] () -- C:\Program Files (x86)\HWRaidManager\XSrvSetup.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/14 03:31:06 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\09557e6c5a83a1cb68c7c50a841c8064\IAStorUtil.ni.dll
MOD - [2012/06/14 03:25:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/06/14 03:25:14 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/05/12 18:29:43 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\220b0516e45e7f9bbf6a631490c1243a\IAStorCommon.ni.dll
MOD - [2012/05/12 03:26:16 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/12 03:25:46 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/12 03:25:43 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/12 03:25:41 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/12 03:25:40 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/12 03:25:36 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 02:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2011/03/02 01:15:28 | 000,126,808 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011/03/02 01:15:28 | 000,027,480 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011/03/02 01:15:04 | 000,340,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011/03/02 01:14:42 | 007,954,776 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011/03/02 01:14:30 | 002,143,576 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2010/12/21 03:15:30 | 001,041,248 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
MOD - [2008/06/19 17:35:36 | 000,333,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\sqlite3.dll
MOD - [2008/03/05 09:34:32 | 000,795,520 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Fennel.dll
MOD - [2008/03/04 14:52:00 | 000,790,392 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Chai.dll
MOD - [2008/02/26 11:04:40 | 000,717,176 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Mate.dll
MOD - [2007/12/24 01:05:00 | 000,121,344 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/09/27 14:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2011/08/17 18:22:38 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2011/08/11 18:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2011/04/20 04:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/03/16 10:19:38 | 000,222,720 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV:64bit: - [2010/06/29 18:12:20 | 000,158,720 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom\MgmtAgent\BrcmMgmtAgent.exe -- (BrcmMgmtAgent)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/11 18:20:06 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/01 13:07:04 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/29 14:56:24 | 000,067,584 | ---- | M] (CobianSoft, Luis Cobian) [Auto | Running] -- C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe -- (cbVSCService11)
SRV - [2012/06/18 13:16:02 | 000,096,768 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2012/04/04 00:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 05:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/07/29 14:22:16 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011/05/25 23:05:28 | 000,442,656 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2010/10/22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/10/06 14:08:48 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2010/10/06 14:08:44 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2010/09/13 20:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 13:34:26 | 000,057,344 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\HighPoint Technologies, Inc\HighPoint RAID Management Software\Service\hptsvr.exe -- (hptsvr)
SRV - [2010/02/19 15:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/12/05 13:36:42 | 000,045,056 | ---- | M] (Intuit) [Auto | Running] -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2009/07/23 21:10:38 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/21 14:23:00 | 000,069,632 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\HWRaidManager\XSrvSetup.exe -- (HWRaidManager)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/09/02 01:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011/09/02 01:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011/09/02 01:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011/09/02 01:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011/08/18 13:53:31 | 000,156,256 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\rr62x.sys -- (rr62x)
DRV:64bit: - [2011/08/17 18:22:38 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/08/17 18:22:38 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/22 11:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 16:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/06/10 10:00:38 | 000,208,896 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/06/10 10:00:36 | 000,091,648 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/05/25 23:02:20 | 004,186,528 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech QuickCam Pro 9000(UVC)
DRV:64bit: - [2011/05/25 23:02:18 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/04/20 04:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 03:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/04/05 17:35:20 | 000,253,528 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SbFw.sys -- (SbFw)
DRV:64bit: - [2011/04/05 17:35:20 | 000,094,296 | ---- | M] (Sunbelt Software, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbtis.sys -- (SbTis)
DRV:64bit: - [2011/04/05 17:35:20 | 000,060,504 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV:64bit: - [2011/02/08 09:14:20 | 000,084,568 | ---- | M] (Sunbelt Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/22 02:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel®
DRV:64bit: - [2010/09/13 20:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/06/08 06:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2010/05/21 11:52:06 | 000,104,448 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\basp.sys -- (Blfp)
DRV:64bit: - [2010/04/08 06:12:02 | 000,124,944 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/11/02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2005/12/14 00:53:42 | 000,007,808 | ---- | M] (GretagMacbeth LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\i1display_x64.sys -- (EyeOneDisplay)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1269415


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-61969593-965230781-2082520423-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-61969593-965230781-2082520423-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-61969593-965230781-2082520423-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-61969593-965230781-2082520423-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 A0 6E CA 35 5D CC 01 [binary data]
IE - HKU\S-1-5-21-61969593-965230781-2082520423-1000\..\URLSearchHook: {ad708c09-d51b-45b3-9d28-4eba2681febf} - No CLSID value found
IE - HKU\S-1-5-21-61969593-965230781-2082520423-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-61969593-965230781-2082520423-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-61969593-965230781-2082520423-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS445
IE - HKU\S-1-5-21-61969593-965230781-2082520423-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1269415
IE - HKU\S-1-5-21-61969593-965230781-2082520423-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-61969593-965230781-2082520423-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Tom\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Tom\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/02/01 10:43:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/18 15:32:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 16:30:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/19 21:08:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/12/18 15:32:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/18 16:30:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/19 21:08:47 | 000,000,000 | ---D | M]

[2011/08/20 15:45:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Extensions
[2012/07/18 21:11:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\tagwnq7p.default\extensions
[2012/07/01 13:07:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/13 11:03:33 | 000,340,684 | ---- | M] () (No name found) -- C:\USERS\TOM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TAGWNQ7P.DEFAULT\EXTENSIONS\{A7C6CF7F-112C-4500-A7EA-39801A327E5F}.XPI
[2012/07/01 13:07:04 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/01 13:07:02 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/01 13:07:02 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Tom\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Tom\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Tom\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U32 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 6.0.320.5 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - Extension: YouTube = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\
CHR - Extension: Reload All Tabs = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpkdnfkjhdkcpimadpdcgapffceacjem\1.2_0\
CHR - Extension: Reload All Tabs = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\midkcinmplflbiflboepnahkboeonkam\3.2.1_0\
CHR - Extension: Gmail = C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2010/05/13 18:53:40 | 000,001,204 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKU\S-1-5-21-61969593-965230781-2082520423-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Intuit SyncManager] c:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-61969593-965230781-2082520423-1000..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-61969593-965230781-2082520423-1000..\Run: [Apple Computer] C:\Users\Tom\AppData\Local\Apps\Apple Computer\tvzjqlnhf.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-61969593-965230781-2082520423-1000..\Run: [cdloader] C:\Users\Tom\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O4 - HKU\S-1-5-21-61969593-965230781-2082520423-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-61969593-965230781-2082520423-1000..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-61969593-965230781-2082520423-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-61969593-965230781-2082520423-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-61969593-965230781-2082520423-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-61969593-965230781-2082520423-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-61969593-965230781-2082520423-1003..\RunOnce: [spchecker] "C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {0EC4C9E3-EC6A-11CF-8E3B-444553540000} file:///P:/setup/RiffLick.cab (WaveTab Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{07C11825-D77E-4717-833B-B5D065C0DE7E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - c:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{34b2568e-f763-11e0-bd40-782bcb9823ab}\Shell - "" = AutoRun
O33 - MountPoints2\{34b2568e-f763-11e0-bd40-782bcb9823ab}\Shell\AutoRun\command - "" = I:\TL-Bootstrap.exe
O33 - MountPoints2\{34b256f0-f763-11e0-bd40-782bcb9823ab}\Shell - "" = AutoRun
O33 - MountPoints2\{34b256f0-f763-11e0-bd40-782bcb9823ab}\Shell\AutoRun\command - "" = I:\TL-Bootstrap.exe
O33 - MountPoints2\{813b856c-ca7b-11e0-990d-782bcb9823ab}\Shell - "" = AutoRun
O33 - MountPoints2\{813b856c-ca7b-11e0-990d-782bcb9823ab}\Shell\AutoRun\command - "" = G:\MI.exe
O33 - MountPoints2\{813b8ca8-ca7b-11e0-990d-782bcb9823ab}\Shell - "" = AutoRun
O33 - MountPoints2\{813b8ca8-ca7b-11e0-990d-782bcb9823ab}\Shell\AutoRun\command - "" = V:\TL-Bootstrap.exe
O33 - MountPoints2\{b0af152c-c925-11e0-8abd-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b0af152c-c925-11e0-8abd-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autoRcd.exe
O33 - MountPoints2\{d6df09c1-04b3-11e1-be17-782bcb9823ab}\Shell - "" = AutoRun
O33 - MountPoints2\{d6df09c1-04b3-11e1-be17-782bcb9823ab}\Shell\AutoRun\command - "" = E:\TL-Bootstrap.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/20 18:24:20 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2012/07/20 18:24:20 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2012/07/20 18:24:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adaware Removal Tool
[2012/07/20 18:24:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adaware Removal Tool
[2012/07/20 16:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
[2012/07/20 16:07:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cobian Backup 11
[2012/07/19 15:46:39 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\SUPERAntiSpyware.com
[2012/07/19 15:46:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/07/19 15:46:21 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/07/19 15:46:21 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/07/18 21:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2012/07/18 21:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/07/18 21:42:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
[2012/07/18 21:23:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools
[2012/07/18 21:21:45 | 000,251,528 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2012/07/18 21:21:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/07/18 21:21:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/07/18 21:21:33 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\TestApp
[2012/07/18 20:47:25 | 000,000,000 | ---D | C] -- C:\_OTM
[2012/07/18 08:55:16 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\redirect issue
[2012/07/16 16:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/07/16 16:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/07/16 16:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/07/13 16:55:46 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Hard Disk Sentinel
[2012/07/13 16:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hard Disk Sentinel
[2012/07/13 16:52:45 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\Hard Disk Sentinel Pro v4.00 + Key [ChattChitto RG]
[2012/07/13 14:44:06 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\Snow Jan 2011
[2012/07/13 12:57:06 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\website
[2012/07/13 12:02:39 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Ashampoo
[2012/07/13 12:00:02 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\ashampoo
[2012/07/13 12:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\ashampoo
[2012/07/13 11:59:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo
[2012/07/12 11:58:51 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\msigns
[2012/07/12 03:00:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/12 03:00:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/12 03:00:25 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/12 03:00:25 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/12 03:00:24 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/12 03:00:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/12 03:00:24 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/12 03:00:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/12 03:00:23 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/12 03:00:23 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/12 03:00:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/12 03:00:23 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/12 03:00:23 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 00:43:05 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012/07/11 00:43:05 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012/07/11 00:42:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012/07/11 00:42:29 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012/07/11 00:41:33 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/07/10 16:03:50 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\Laura Carpenter
[2012/07/10 16:02:37 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ROES.whcc
[2012/07/07 09:20:14 | 000,000,000 | ---D | C] -- C:\Users\Tom\Desktop\desktop
[2012/07/06 12:01:34 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\R-Studio
[2012/07/06 12:01:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\R-Studio
[2012/07/06 12:01:33 | 000,000,000 | ---D | C] -- C:\Users\Tom\Documents\R-TT
[2012/07/06 12:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\R-Studio
[2012/07/01 14:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/01 14:07:50 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/01 14:07:49 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/01 14:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/07/01 13:09:05 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\Macromedia
[2012/07/01 09:25:49 | 000,000,000 | -H-D | C] -- C:\Users\Tom\Documents\Freemake_do_not_remove_this_folder634767315495873445
[2012/06/30 23:45:57 | 000,000,000 | -H-D | C] -- C:\Users\Tom\Documents\Freemake_do_not_remove_this_folder
[2012/06/26 11:12:09 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{81B8B63E-33DD-4DA0-951B-8AD8697F3E23}
[2012/06/26 11:12:00 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{F911CF33-55CD-4F82-BA3A-3548CF62CA64}
[2012/06/26 11:11:39 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/26 11:10:11 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{11753328-1338-4F75-9EBB-3089C8ECA571}
[2012/06/26 11:09:53 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{C2C3A252-EE92-4704-B0D4-2CB307EF076F}
[2012/06/26 11:09:43 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{8859D8D9-981F-4DE6-8D0E-D134B3611731}
[2012/06/26 11:09:23 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{99EC6B6B-05E1-4121-A74F-70D023BC0626}
[2012/06/26 11:09:13 | 000,000,000 | ---D | C] -- C:\Users\Tom\AppData\Local\{E9750EE3-C4D7-4C72-AA95-0E6A5A00F43A}
[2012/06/25 16:04:24 | 001,394,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll
[2012/06/23 00:56:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1ClickDownload
[1 C:\Users\Tom\Desktop\*.tmp files -> C:\Users\Tom\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/20 21:41:05 | 000,001,456 | ---- | M] () -- C:\Users\Tom\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/07/20 21:32:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/20 21:31:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-61969593-965230781-2082520423-1000UA.job
[2012/07/20 21:20:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/20 18:32:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/20 18:24:21 | 000,002,059 | ---- | M] () -- C:\Users\Tom\Desktop\Adaware Removal Tool.lnk
[2012/07/20 17:00:40 | 101,832,449 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/20 15:25:39 | 000,000,000 | ---- | M] () -- C:\Users\Tom\defogger_reenable
[2012/07/20 15:23:31 | 000,242,055 | ---- | M] () -- C:\Users\Tom\Desktop\fireplace3.jpg
[2012/07/20 14:31:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-61969593-965230781-2082520423-1000Core.job
[2012/07/20 13:06:27 | 000,305,935 | ---- | M] () -- C:\Users\Tom\Desktop\FPplacard.jpg
[2012/07/20 13:05:24 | 000,198,089 | ---- | M] () -- C:\Users\Tom\Desktop\fireplace1.jpg
[2012/07/20 13:04:22 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/20 13:03:46 | 000,689,617 | R--- | M] () -- C:\Users\Tom\Desktop\fireplace.jpg
[2012/07/19 21:08:47 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/19 16:40:44 | 000,730,512 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/19 16:40:44 | 000,627,066 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/19 16:40:44 | 000,107,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/19 16:24:19 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/19 16:24:19 | 000,013,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/19 16:17:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/19 16:17:04 | 4281,167,870 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/19 05:33:39 | 000,000,132 | ---- | M] () -- C:\Users\Tom\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/07/19 05:24:56 | 010,448,864 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/18 22:02:08 | 001,967,231 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/07/18 20:47:25 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts.old
[2012/07/18 16:35:10 | 000,000,990 | ---- | M] () -- C:\Users\Tom\Desktop\magicJack.lnk
[2012/07/17 18:37:36 | 000,439,075 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/16 16:51:56 | 000,649,843 | ---- | M] () -- C:\Users\Tom\Desktop\Survey2.jpg
[2012/07/16 13:36:34 | 000,118,187 | ---- | M] () -- C:\Users\Tom\Desktop\think_v_say.jpg
[2012/07/13 15:17:57 | 015,883,471 | ---- | M] () -- C:\Users\Tom\Desktop\romeo folders.psd
[2012/07/11 18:20:06 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/11 18:20:06 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/03 09:55:44 | 000,040,448 | ---- | M] () -- C:\Users\Tom\Documents\Delivery Status Notification (Failure).msg
[2012/06/25 16:04:24 | 001,394,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll
[1 C:\Users\Tom\Desktop\*.tmp files -> C:\Users\Tom\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/20 18:24:21 | 000,002,059 | ---- | C] () -- C:\Users\Tom\Desktop\Adaware Removal Tool.lnk
[2012/07/20 15:25:39 | 000,000,000 | ---- | C] () -- C:\Users\Tom\defogger_reenable
[2012/07/20 15:23:29 | 000,242,055 | ---- | C] () -- C:\Users\Tom\Desktop\fireplace3.jpg
[2012/07/20 13:06:26 | 000,305,935 | ---- | C] () -- C:\Users\Tom\Desktop\FPplacard.jpg
[2012/07/20 13:05:22 | 000,198,089 | ---- | C] () -- C:\Users\Tom\Desktop\fireplace1.jpg
[2012/07/20 13:03:00 | 000,689,617 | R--- | C] () -- C:\Users\Tom\Desktop\fireplace.jpg
[2012/07/19 21:08:47 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012/07/19 21:08:47 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012/07/19 15:46:23 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/07/19 05:33:39 | 000,000,132 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2012/07/18 21:21:47 | 001,967,231 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/07/16 16:51:52 | 000,649,843 | ---- | C] () -- C:\Users\Tom\Desktop\Survey2.jpg
[2012/07/16 13:36:30 | 000,118,187 | ---- | C] () -- C:\Users\Tom\Desktop\think_v_say.jpg
[2012/07/13 15:17:57 | 015,883,471 | ---- | C] () -- C:\Users\Tom\Desktop\romeo folders.psd
[2012/07/10 09:21:12 | 000,000,990 | ---- | C] () -- C:\Users\Tom\Desktop\magicJack.lnk
[2012/07/03 09:55:44 | 000,040,448 | ---- | C] () -- C:\Users\Tom\Documents\Delivery Status Notification (Failure).msg
[2012/04/09 21:22:59 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2011/12/18 15:27:59 | 000,221,601 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011/12/18 15:27:59 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011/11/07 15:18:34 | 000,103,784 | ---- | C] () -- C:\Users\Tom\GoToAssistDownloadHelper.exe
[2011/10/21 09:34:51 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\Converter_sysquict.dat
[2011/10/21 09:34:17 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/10/21 09:34:16 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2011/10/21 09:34:16 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011/10/21 09:34:16 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011/10/21 09:34:15 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/10/19 15:12:00 | 000,743,066 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/19 10:45:50 | 000,012,972 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Comma Separated Values (Windows).CAL
[2011/10/18 12:44:59 | 000,038,435 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Comma Separated Values (Windows).ADR
[2011/08/27 13:45:56 | 000,001,456 | ---- | C] () -- C:\Users\Tom\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/08/27 13:36:19 | 000,000,132 | ---- | C] () -- C:\Users\Tom\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/08/20 15:53:56 | 000,007,166 | ---- | C] () -- C:\Users\Tom\4904.html
[2011/08/19 02:42:08 | 000,000,017 | ---- | C] () -- C:\Users\Tom\AppData\Local\resmon.resmoncfg
[2011/08/18 15:33:58 | 000,000,080 | ---- | C] () -- C:\Users\Tom\AppData\Local\CrystalDiskMark30.ini
[2011/08/18 13:57:43 | 000,000,101 | ---- | C] () -- C:\Windows\hptuser.dat
[2011/08/17 20:15:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/08/17 18:18:04 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/08/03 05:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011/05/25 23:05:00 | 010,879,000 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011/05/25 23:05:00 | 000,333,336 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011/05/25 23:05:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/03/17 19:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: EXPLORER.EXE >
[2011/02/26 01:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 01:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 01:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009/08/03 01:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009/10/31 01:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 08:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009/10/31 01:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/13 20:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011/02/26 01:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009/08/03 01:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/13 20:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe

< MD5 for: USERINIT.EXE >
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 07:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/13 20:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 08:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 08:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/13 20:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 02:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 01:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

< type c:\diskreport.txt /c >
Microsoft DiskPart version 6.1.7601
Copyright © 1999-2008 Microsoft Corporation.
On computer: TOM-DELL-8330
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
Volume 0 D DVD-ROM 0 B No Media
Volume 1 NTFS Partition 100 MB Healthy System
Volume 2 C NTFS Partition 111 GB Healthy Boot
Volume 3 F Removable 0 B No Media
Volume 4 K Removable 0 B No Media
Volume 5 X Removable 0 B No Media
Volume 6 M Removable 0 B No Media
Volume 7 N Removable 0 B No Media
Volume 8 T Tango NTFS Partition 465 GB Healthy
Volume 9 I India NTFS Partition 931 GB Healthy

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:9638A27E
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >







OTL Extras logfile created on: 7/20/2012 9:45:31 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Tom\Desktop\redirect issue
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

15.98 Gb Total Physical Memory | 10.03 Gb Available Physical Memory | 62.78% Memory free
29.76 Gb Paging File | 23.44 Gb Available in Paging File | 78.77% Paging File free
Paging file location(s): [Binary data over 100 bytes]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111.69 Gb Total Space | 5.87 Gb Free Space | 5.26% Space Free | Partition Type: NTFS
Drive I: | 931.51 Gb Total Space | 392.20 Gb Free Space | 42.10% Space Free | Partition Type: NTFS
Drive T: | 465.75 Gb Total Space | 196.28 Gb Free Space | 42.14% Space Free | Partition Type: NTFS

Computer Name: TOM-DELL-8330 | User Name: Tom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
jsfile [edit] -- "C:\Program Files (x86)\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithApplianMP] -- "C:\Program Files (x86)\Applian Technologies\Applian FLV and Media Player\amp.exe" -I skins2 --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1D889ECB-FCC8-41B5-A47F-9CC27A92F462}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{303E8127-DC8B-4DFB-A90B-CD5F1BB06A44}" = lport=445 | protocol=6 | dir=in | app=system |
"{3337E49A-8DF4-468D-A484-05681D66CC79}" = rport=138 | protocol=17 | dir=out | app=system |
"{3C88B0A6-18D1-42A6-AB32-A3B1BEDE9FE4}" = lport=138 | protocol=17 | dir=in | app=system |
"{45657FD0-3E41-4867-A23A-01F00CB21D15}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4D69A2D8-EAAD-4119-BCBB-AF04C083A010}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4E46B73B-030D-4C9A-BB45-97CA6E9AEEC3}" = lport=139 | protocol=6 | dir=in | app=system |
"{5B7F4094-FBB9-4968-9774-9D9E64C320A6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{741FF444-4C1B-4D62-97C7-855D62F1AC09}" = rport=137 | protocol=17 | dir=out | app=system |
"{781CAEE4-D652-4F4F-B6AE-88B0731C0B9E}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{7AA89806-98D2-45E2-B5EB-AEDF532A995B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{80CAD2A9-A648-408A-93D6-ABC4EC6E49F8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{81699275-FBFF-4711-BA95-50F706157D05}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{84A02BD5-CFA1-4AD7-8618-2EF9173D8C3F}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{88E355B7-8865-45C5-8092-0892895E6757}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{89F283F1-73B2-4E4C-A612-EB6E45DA879A}" = rport=445 | protocol=6 | dir=out | app=system |
"{982B12C4-2966-4F38-B54B-771B680B7091}" = rport=139 | protocol=6 | dir=out | app=system |
"{992CACDC-690C-4F80-B392-2E90484B2EE9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{A3E15839-EBCE-47B8-A27E-9488C1353AD2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{AC1E7EB9-5096-4E00-9A31-A3B48FC256B0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{AF54FC82-4B42-4F47-BB44-F2D22A98E51F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B474AB1C-8020-4590-BF93-AEBF8132E6D8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C12A1E7C-CD3E-4268-84C8-7AC844F229A4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CCB9B49A-F730-4D21-AB18-7875179DA8A9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D858BA24-14E2-45E7-B3DB-F6BE24E2CBA3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E8ABA427-D517-4962-B499-A067908EF825}" = rport=10243 | protocol=6 | dir=out | app=system |
"{EA889537-B376-42F3-A37A-EB16083B6C9A}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AA2573-F611-4C80-B6FA-B64A22AAB601}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{046BC043-3F83-4F57-98EE-E8576326FA99}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{097C8551-8862-47D2-8759-131D40737D03}" = protocol=6 | dir=out | app=system |
"{1005BF97-9124-4D16-AEBC-9B70394D91AF}" = dir=in | app=c:\users\tom\appdata\local\temp\7zs1f57\setup\hpznui40.exe |
"{14B03433-DA1B-4063-8273-EA93EC68D643}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{16472EF8-6DF5-4F6F-A426-DD55FE33B475}" = protocol=17 | dir=in | app=c:\program files\crashplan\crashplanservice.exe |
"{24DBCF06-C5FD-4CA4-98C2-CF15B11B16D0}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{24FCEF42-5F2A-40F2-A6F0-2B92CE791B05}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{2C83901C-BFA5-4D1C-8FE2-079B007CFB66}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{2DC81652-1760-44A1-BF92-903F7432EC80}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{3AD273FE-A5D1-43EC-8750-B9A1CA7DF825}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{3E615F4E-0A52-4BF2-A919-9C36638E4504}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{3ED5F20E-9CFD-4EDA-B5A2-29951E06364D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{437E9637-5FC8-47DF-BE4C-B12BA44C6D17}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{45ADAB25-1856-4882-AEB9-4885E968D949}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{464F2888-1E79-4D58-AF38-8FF2CBA21011}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{48DB5356-BB12-420E-AE09-6D6D6B5180F9}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{4B0A761A-17AE-4040-8D6B-E5AFABAE9B60}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{510882B3-2A3B-4473-AF74-17973660E85A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{55059493-0D0B-451E-81F4-9FCAAB7D0262}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{575F494F-5F09-4679-AE94-16A2CAB01E5C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5E6697A2-CFD0-44CB-9224-DB50CFB611E4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{60258D71-C15F-406D-9593-48A803E77904}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{642969FC-214F-4325-BFCE-26D59537FA75}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{64E78D43-96C8-4990-8ACD-647D09B80C65}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{6533798E-F21B-491C-8D77-543871661558}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{65DC060E-61CB-428D-AF0D-6A8FB0B1751D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{6D01CED0-0B99-425C-BE16-E820DF59DAD2}" = protocol=17 | dir=in | app=c:\program files (x86)\movie torrent\movie torrent.exe |
"{6DF251A3-6D99-44A0-BF4D-E3D8657AE2B7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{734797F7-CFC7-484D-BE5F-CA662933DCC8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{751B2BC1-98B6-4CEC-ACDC-166C28560FCF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{7A24ACF2-02A0-46A8-9D0B-6685E9B31B2B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7D18C8D3-7360-45D6-91CE-7DEC506A722B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{838CCAAA-5AB2-43BD-A4DD-734419653677}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{8471B0CA-C3B0-4D6C-8BEA-E461892E4EA0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85825598-4EAC-4C59-9847-210CED72871C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8D6A2D62-F043-4782-9F6E-8F05BC0FD491}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8E05C05A-EDC2-47CA-B8F4-83854BE26430}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8E0D7EC5-B7DE-4A46-BEA7-C2E2451DD0E2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{907A061B-11B6-4ADD-A147-03A39FD1F594}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{90D8FC7D-B4B2-4E08-AC42-58FFD735D38E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{93301833-FCA4-4EF7-94AC-64D24A90C12F}" = protocol=6 | dir=in | app=c:\program files\crashplan\crashplanservice.exe |
"{9422FACF-ECEA-48A7-B946-DB7D7294C462}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{95AB13CC-8705-4515-9F41-143C8DAC3CF8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{98DE8D9C-48E1-46D5-B307-BD822F2B291C}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9D313551-AE1B-4C2A-AACC-1CB39E41C786}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9D743D75-E136-4E59-8EA8-0E97DACA96E5}" = protocol=6 | dir=in | app=c:\program files (x86)\movie torrent\movie torrent.exe |
"{9FA48F5D-D33B-4C0C-AA13-BB02A6437DEC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A7EA4C49-3548-4C23-A8CB-CF58A74D3C10}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{A895FFEC-5380-4BDF-87F6-477B43691656}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BA6F5B27-397D-4F91-AA3F-55DFD8BA0073}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{BB2FBFF7-13AC-44E4-A2E2-A493B7662BDA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BE2E6795-D59F-47B2-93FE-67200D86425C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BECE018F-3BB2-4130-A809-F02D03CDB4D3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{C3BC3EF3-52D7-45F2-A64B-28F7DF59F901}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg10\avgmfapx.exe |
"{C4E135F2-0CCD-4D09-900D-CD2687E0F051}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{C866177D-873B-49B1-9E28-62600B6490CA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{CBE580AD-CFD7-430C-89C4-4ED919ABB5BA}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{CEB73BE8-1D03-4A1F-99B6-13AEA6EE791C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D08A1C81-6CDE-46BC-9EB1-8B4256C9E4F6}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D1EEEA06-78AF-419C-8ADD-F639EFB10DD0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D6C962EF-45DC-4045-83E9-200B67A4BD35}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D80EF923-6DC2-45DA-A299-E83EE66E5A39}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{D8F37DE5-BC51-41FA-AF66-BA4FEDD5567E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{DB2EB038-AF09-4840-8EF5-B1CE4D151956}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{E18D4B7E-6401-4923-BD68-22F9FF603B51}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{EB224946-788F-450D-833D-D083E4E3B311}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{ECE07FE5-0BC9-42A3-B175-7D5DD1841538}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{ED366047-6C77-4F98-B03C-5B27679BBA4F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{F4BAEEBA-70B6-49D6-A666-4870325B9CDA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"TCP Query User{059E52F3-32DD-4DDF-BC42-1EA579A0A268}C:\users\tom\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\tom\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{227BBE7C-1CDE-406A-AE42-03A418449DE1}C:\program files (x86)\movie torrent\movie torrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\movie torrent\movie torrent.exe |
"TCP Query User{2648CC92-D1FC-4E6F-B5C7-7884CB5AC954}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{3BCCFFFB-7771-4447-94F4-CEC8FD576915}C:\users\tom\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\tom\appdata\roaming\mjusbsp\magicjack.exe |
"TCP Query User{3EC0C0B5-6748-43E2-A9E9-17946DAF7F3A}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"TCP Query User{B2D56710-7DB8-4FE2-89BC-3CA1C1C4DCF3}C:\program files (x86)\macromedia\dreamweaver 8\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\macromedia\dreamweaver 8\dreamweaver.exe |
"TCP Query User{B49A836B-890A-4683-B716-4612FA3D4AAF}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{C3E0A32F-CD45-4EFB-B1DC-99DC466463A6}C:\users\tom\appdata\roaming\mjusbsp\magicjack.exe" = protocol=6 | dir=in | app=c:\users\tom\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{2440A88B-D0B6-44EA-9404-990BC82377B8}C:\users\tom\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\tom\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{50C8B447-582D-4C0F-8736-3ED83886B1F8}C:\program files (x86)\macromedia\dreamweaver 8\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\macromedia\dreamweaver 8\dreamweaver.exe |
"UDP Query User{897FC543-20FE-4801-A6DF-1E578D0CE984}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{93761E2D-ACF1-4401-A8BC-9F413EB8AD81}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe |
"UDP Query User{B02FFDF7-04C6-47E1-B351-A03B01FA496F}C:\users\tom\appdata\roaming\mjusbsp\magicjack.exe" = protocol=17 | dir=in | app=c:\users\tom\appdata\roaming\mjusbsp\magicjack.exe |
"UDP Query User{B2B91CE0-A6A3-45DC-86EC-4EE13F31A205}C:\users\tom\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\tom\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{E83613C8-5EC0-4FBE-B045-3EEC2A078C15}C:\program files (x86)\movie torrent\movie torrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\movie torrent\movie torrent.exe |
"UDP Query User{EFDCE162-C46D-4BA8-B14E-6175083C0022}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{129C5584-DB98-4A98-B28F-299C45E1E355}" = Microsoft Camera Codec Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{14AF193A-EC13-3B3E-BFBF-D2C471F12718}" = ATI Catalyst Install Manager
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{982E1601-0DFC-4FD3-A427-AC6570697858}" = Broadcom NetXtreme-I Netlink Driver and Management Installer
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{D4F66BBA-D79E-4F11-9B06-70C3D75A2958}" = Adobe Photoshop Lightroom 3.6 64-bit
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAF63FF7-1DB6-44D4-91C3-E9422166E8F9}" = CrashPlan
"{FB237A35-F491-4AC1-95E0-85118D6751D9}" = Topaz Adjust 4 (64-bit)
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"AVG" = AVG 2012
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DW WLAN Card Utility" = DW WLAN Card Utility
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"ImagenomicNoisewareProPlugin" = Imagenomic Noiseware 4.2 Professional Plug-in (build 4205)
"ImagenomicPortraiturePlugin" = Imagenomic Portraiture 2.1 Plug-in (build 2105)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"sp6" = Logitech SetPoint 6.32

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{06A9E630-DBA6-4D92-9DE7-A235AA6496C7}" = QuickBooks
"{0700E22B-A422-40A5-BD20-04BF618CA0F9}" = QuickBooks Pro 2010
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3A7C1F27-206B-46EE-A43B-7245A5B6E828}" = 7200_Help
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{41952183-EEF7-47F9-A75C-45685252F7E3}_is1" = Bigasoft iPhone Video Converter 3.5.6.4299
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59679381-3F22-4A40-A7AD-890242D74DF4}" = Perfect Photo Suite 5.5.4
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79872596-B887-E700-8D56-CADBC78BA5DE}" = Adobe Download Assistant
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7AA36634-4324-4EF4-8C0C-D8EF1FC2BEA4}" = Duplicate Email Remover
"{7AD9D9B5-12F3-417B-886A-A211E79B3823}" = 7200
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{9FDC7042-CB9F-4336-A14C-DF10F53762E2}" = Topaz Adjust 4
"{A127C3C0-055E-38CF-B38F-1E85F8BBBFFE}" = Adobe Community Help
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{AD66335B-EF80-4A09-A479-AD24E5655A49}" = 7200Trb
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CE31F3E1-8F25-4651-9EA4-3BA08F4B75AB}}_is1" = Aneesoft iPad Video Converter Pro
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA4FD430-5084-4839-943B-CEDA5A64FFAB}" = Tune Sweeper
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Accurate Outlook Duplicate Remover_is1" = Accurate Outlook Duplicate Remover 1.0
"Adaware Removal Tool_is1" = Adaware Removal Tool
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Applian FLV and Media Player" = Applian FLV and Media Player 3.1.1.12
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"CobBackup11" = Cobian Backup 11 Gravity
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Easy Duplicate Finder_is1" = Easy Duplicate Finder v. 1.4.3.0
"Eye-One Match_is1" = Eye-One Match 3.6.2
"FLV Player2.0.25" = FLV Player
"Free Convert to DIVX AVI WMV MP4 MPEG Converter_is1" = Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8
"Free RAR Extract Frog" = Free RAR Extract Frog
"Freemake Video Converter_is1" = Freemake Video Converter version 3.0.2
"HighPoint Web RAID Management Service" = HighPoint Web RAID Management Service
"HWRaidManager" = Hardware RAID Manager
"i1_driver_installer_utility_i1Match_is1" = i1_driver_installer_utility_i1Match version 1.0
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Professional 2010
"RescuePRO-3.0" = RescuePRO 3.3
"R-Studio 4.2NSIS" = R-Studio 4.2
"VertusFluidMask3" = Vertus Fluid Mask 3 3.2.2
"WinLiveSuite" = Windows Live Essentials
"YTdetect" = Yahoo! Detect

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-61969593-965230781-2082520423-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"magicJack" = magicJack
"ROES.whcc" = ROES.whcc

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 7/20/2012 4:47:50 PM | Computer Name = Tom-Dell-8330 | Source = VSS | ID = 12294
Description =

Error - 7/20/2012 4:47:50 PM | Computer Name = Tom-Dell-8330 | Source = VSS | ID = 12294
Description =

Error - 7/20/2012 4:47:53 PM | Computer Name = Tom-Dell-8330 | Source = VSS | ID = 12294
Description =

Error - 7/20/2012 5:05:08 PM | Computer Name = Tom-Dell-8330 | Source = VSS | ID = 12294
Description =

Error - 7/20/2012 5:05:11 PM | Computer Name = Tom-Dell-8330 | Source = VSS | ID = 12294
Description =

Error - 7/20/2012 5:05:11 PM | Computer Name = Tom-Dell-8330 | Source = VSS | ID = 12294
Description =

Error - 7/20/2012 5:05:11 PM | Computer Name = Tom-Dell-8330 | Source = VSS | ID = 12294
Description =

Error - 7/20/2012 5:05:14 PM | Computer Name = Tom-Dell-8330 | Source = VSS | ID = 12294
Description =

Error - 7/20/2012 10:01:01 PM | Computer Name = Tom-Dell-8330 | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 9.0.8112.16447 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 34d0 Start
Time: 01cd66defdc54fc6 Termination Time: 62 Application Path: C:\Program Files (x86)\Internet
Explorer\iexplore.exe Report Id:

Error - 7/20/2012 10:44:16 PM | Computer Name = Tom-Dell-8330 | Source = SideBySide | ID = 16842832
Description = Activation context generation failed for "C:\Users\Tom\Desktop\redirect
issue\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line .
A
component version required by the application conflicts with another component
version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

[ System Events ]
Error - 7/19/2012 5:16:09 PM | Computer Name = Tom-Dell-8330 | Source = DCOM | ID = 10010
Description =

Error - 7/19/2012 5:17:09 PM | Computer Name = Tom-Dell-8330 | Source = volsnap | ID = 393241
Description = The shadow copies of volume C: were deleted because the shadow copy
storage could not grow in time. Consider reducing the IO load on the system or
choose a shadow copy storage volume that is not being shadow copied.

Error - 7/19/2012 5:17:13 PM | Computer Name = Tom-Dell-8330 | Source = Service Control Manager | ID = 7003
Description = The IKE and AuthIP IPsec Keying Modules service depends the following
service: BFE. This service might not be installed.

Error - 7/19/2012 5:17:13 PM | Computer Name = Tom-Dell-8330 | Source = Service Control Manager | ID = 7000
Description = The PDIHWCTL service failed to start due to the following error: %%2

Error - 7/19/2012 5:17:13 PM | Computer Name = Tom-Dell-8330 | Source = Service Control Manager | ID = 7003
Description = The IPsec Policy Agent service depends the following service: BFE.
This service might not be installed.

Error - 7/19/2012 5:17:13 PM | Computer Name = Tom-Dell-8330 | Source = Service Control Manager | ID = 7003
Description = The SBSD Security Center Service service depends the following service:
wscsvc. This service might not be installed.

Error - 7/19/2012 5:17:13 PM | Computer Name = Tom-Dell-8330 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
rr62x SBRE

Error - 7/19/2012 5:17:14 PM | Computer Name = Tom-Dell-8330 | Source = Service Control Manager | ID = 7023
Description = The Computer Browser service terminated with the following error:
%%1060

Error - 7/19/2012 5:17:28 PM | Computer Name = Tom-Dell-8330 | Source = Service Control Manager | ID = 7024
Description = The HomeGroup Listener service terminated with service-specific error
%%-2147023143.

Error - 7/20/2012 4:50:11 PM | Computer Name = Tom-Dell-8330 | Source = DCOM | ID = 10016
Description =


< End of report >

#4 Osceola214

Osceola214
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 21 July 2012 - 08:11 AM

This keeps getting more frustrating.

I tried to go back and run ESET once more, but couldn't find it. I was installing and uninstalling so many apps to try and solve this issue, I thought I maight have already uninstalled it, so I tried to reinstall it (using downloaded installer--not online--ess_nt64_enu). It failed to install, and took me to a webpage on the ESS site telling me to try and run their uninstaller. I did so--several times in safe mode. (see log below).

Still wouldn't install. I had already removed all antivirus programs, so I thought maybe it was a Windows Firewall issue, so I went to make sure WF waas turned off.


However, can't turn Windows Firewall on or off--seemed to be locked out of making any changes in it. When I try to open it, it just says it isn't using the recommended settings.

I see both "Windows Firewall" and "Windows Firewall with Advanced Security" showing when I start typing in the windows search box that pops up from the windows 7 logo.

When I try to change the settings in Windows Firewall, I get a screen saying it is not using the recommended settings. WHen I click the "Use recommended settings" button, I get an error message that says "Windows Firewall can't change some of your settings. Error code 0x80070424"

I'm wondering if this virus has taken over Windows Firewall?




>>>>>>>>>>>>>>>>>>>>>>> BEGIN >>>>>>>>>>>>>>>>>>>>>>>
[07/21/12 07:14:36] C:\Users\Tom\Desktop\redirect issue\ESETUninstaller.exe 4.0.15.5
[07/21/12 07:14:36] Input arguments:
[07/21/12 07:14:36] Online (PC booted from fixed disk) mode detected.

[07/21/12 07:14:36] WARNING! This tool uninstalls AV product in non-standard way. Your PC can be harmed seriously, please back up Your data.
Please keep in mind that as soon as this application is finished your network connection can be down and you will have to restart your PC.
Are you really sure to continue? (y/n): n


[07/21/12 07:14:56] Press any key to exit ...
>>>>>>>>>>>>>>>>>>>>>>>> END >>>>>>>>>>>>>>>>>>>>>>>>


>>>>>>>>>>>>>>>>>>>>>>> BEGIN >>>>>>>>>>>>>>>>>>>>>>>
[07/21/12 07:16:17] C:\Users\Tom\Desktop\redirect issue\ESETUninstaller.exe 4.0.15.5
[07/21/12 07:16:17] Input arguments:
[07/21/12 07:16:17] Online (PC booted from fixed disk) mode detected.

[07/21/12 07:16:17] WARNING! This tool uninstalls AV product in non-standard way. Your PC can be harmed seriously, please back up Your data.
Please keep in mind that as soon as this application is finished your network connection can be down and you will have to restart your PC.
Are you really sure to continue? (y/n): y


[07/21/12 07:16:19] Scanning available operating systems ...

[07/21/12 07:16:19] Available operating systems, which AV product can be removed from:

[07/21/12 07:16:19] [1]
[07/21/12 07:16:19] Product Name: Windows 7 Professional
[07/21/12 07:16:19] Current Version: 6.1.1.7601.WinNT.AMD64
[07/21/12 07:16:19] Volume: C:\
[07/21/12 07:16:19] System Root: C:\Windows
[07/21/12 07:16:19] Program Files: C:\Program Files
[07/21/12 07:16:19] Program Files (x86): C:\Program Files (x86)
[07/21/12 07:16:19] Common files: C:\Program Files\Common Files
[07/21/12 07:16:19] Common files (x86): C:\Program Files (x86)\Common Files
[07/21/12 07:16:19] Common application data folder: C:\ProgramData
[07/21/12 07:16:19] Common programs folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[07/21/12 07:16:19] Device path folder: C:\Windows\inf;C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\drivers
[07/21/12 07:16:19] Drives mapping:
[07/21/12 07:16:19] Current Letter: C Native Letter: C
[07/21/12 07:16:19] Current Letter: I Native Letter: I
[07/21/12 07:16:19] Current Letter: T Native Letter: T

[07/21/12 07:16:19] Building cache: 64bit COM: AppID -> DllName ...
[07/21/12 07:16:19] Building cache: 64bit COM: Category -> ReferenceCounter ...
[07/21/12 07:16:19] Building cache: 32bit COM: AppID -> DllName ...
[07/21/12 07:16:19] Building cache: 32bit COM: Category -> ReferenceCounter ...
[07/21/12 07:16:19] Scanning installed AV products ...

[07/21/12 07:16:22] Installed AV products:
[07/21/12 07:16:22] 1. ESS/EAV/EMSX

[07/21/12 07:16:22] Enter sequence number of AV product to uninstall and press ENTER (hint: to abort press 'q'): 1

[07/21/12 07:16:30] ERROR! PC is running in normal boot, to uninstall AV product ESS/EAV/EMSX please run safe boot or boot live CD/DVD/USB.


[07/21/12 07:16:30] Log file location: "C:\Users\Tom\Desktop\redirect issue\~ESETUninstaller.log"

[07/21/12 07:16:30] ERROR(s) occured in uninstallation process, please check the log!

[07/21/12 07:16:30] Press any key to exit ...
>>>>>>>>>>>>>>>>>>>>>>>> END >>>>>>>>>>>>>>>>>>>>>>>>


>>>>>>>>>>>>>>>>>>>>>>> BEGIN >>>>>>>>>>>>>>>>>>>>>>>
[07/21/12 07:21:59] C:\Users\Tom\Desktop\redirect issue\ESETUninstaller.exe 4.0.15.5
[07/21/12 07:21:59] Input arguments:
[07/21/12 07:21:59] Online (PC booted from fixed disk) mode detected.

[07/21/12 07:21:59] WARNING! This tool uninstalls AV product in non-standard way. Your PC can be harmed seriously, please back up Your data.
Please keep in mind that as soon as this application is finished your network connection can be down and you will have to restart your PC.
Are you really sure to continue? (y/n): y


[07/21/12 07:22:01] Scanning available operating systems ...

[07/21/12 07:22:01] Available operating systems, which AV product can be removed from:

[07/21/12 07:22:01] [1]
[07/21/12 07:22:01] Product Name: Windows 7 Professional
[07/21/12 07:22:01] Current Version: 6.1.1.7601.WinNT.AMD64
[07/21/12 07:22:01] Volume: C:\
[07/21/12 07:22:01] System Root: C:\Windows
[07/21/12 07:22:01] Program Files: C:\Program Files
[07/21/12 07:22:01] Program Files (x86): C:\Program Files (x86)
[07/21/12 07:22:01] Common files: C:\Program Files\Common Files
[07/21/12 07:22:01] Common files (x86): C:\Program Files (x86)\Common Files
[07/21/12 07:22:01] Common application data folder: C:\ProgramData
[07/21/12 07:22:01] Common programs folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[07/21/12 07:22:01] Device path folder: C:\Windows\inf;C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\drivers
[07/21/12 07:22:01] Drives mapping:
[07/21/12 07:22:01] Current Letter: C Native Letter: C

[07/21/12 07:22:01] Building cache: 64bit COM: AppID -> DllName ...
[07/21/12 07:22:01] Building cache: 64bit COM: Category -> ReferenceCounter ...
[07/21/12 07:22:01] Building cache: 32bit COM: AppID -> DllName ...
[07/21/12 07:22:01] Building cache: 32bit COM: Category -> ReferenceCounter ...
[07/21/12 07:22:01] Scanning installed AV products ...

[07/21/12 07:22:04] Installed AV products:
[07/21/12 07:22:04] 1. ESS/EAV/EMSX

[07/21/12 07:22:04] Enter sequence number of AV product to uninstall and press ENTER (hint: to abort press 'q'): 1

[07/21/12 07:22:09] Are you sure to uninstall ESS/EAV/EMSX from this OS? (y/n): y


[07/21/12 07:22:12] Product uninstallation: ESS/EAV/EMSX

[07/21/12 07:22:12] Uninstallation in progress, please wait ...

[07/21/12 07:22:12] Current control set ... ControlSet001

[07/21/12 07:22:12] Services: deleted: ControlSet001\Enum\Root\LEGACY_EHDRV

[07/21/12 07:22:12] WSC: ESS/EAV unregistered of Windows Security Center

[07/21/12 07:22:12] WSC: ESS/EAV (WMI) unregistered of Windows Security Center


[07/21/12 07:22:12] Installer folders (64-bit): deleted value in: Microsoft\Windows\CurrentVersion\Installer\Folders ...
[07/21/12 07:22:12] deleted: C:\ProgramData\ESET\ESET NOD32 Antivirus\
[07/21/12 07:22:12] deleted: C:\Program Files\ESET\ESET NOD32 Antivirus\

[07/21/12 07:22:12] ESET folder: deleted: C:\ProgramData\ESET\ESET NOD32 Antivirus\
[07/21/12 07:22:12] ESET folder: deleted: C:\Program Files\ESET\ESET NOD32 Antivirus\
[07/21/12 07:22:12] Delete of empty folders ...
[07/21/12 07:22:12] ESET folder: deleted: C:\Program Files\ESET\
[07/21/12 07:22:12] Installer folders (64-bit): deleted value in: Microsoft\Windows\CurrentVersion\Installer\Folders ...
[07/21/12 07:22:12] deleted: C:\Program Files\ESET\
[07/21/12 07:22:12] ESET folder: deleted: C:\ProgramData\ESET\
[07/21/12 07:22:12] Installer folders (64-bit): deleted value in: Microsoft\Windows\CurrentVersion\Installer\Folders ...
[07/21/12 07:22:12] deleted: C:\ProgramData\ESET\

[07/21/12 07:22:12] ESET Product (64-bit): deleted: ESET\ESET Security
[07/21/12 07:22:12] ESET Product (64-bit): deleted: ESET\Setup
[07/21/12 07:22:12] ESET Product (64-bit): deleted: ESET


[07/21/12 07:22:12] Dmon (64-bit): deleted: Classes\AppId\DMON.DLL
[07/21/12 07:22:12] Dmon (64-bit): deleted: Classes\AppId\{6EB1806F-1E78-4EE0-BC56-CCB3A2784379}
[07/21/12 07:22:12] Dmon (64-bit): deleted: Classes\DMON.DmonObject
[07/21/12 07:22:12] Dmon (64-bit): deleted: Classes\DMON.DmonObject.1
[07/21/12 07:22:12] Dmon (64-bit): deleted: Classes\TypeLib\{D94B2224-C2DD-49C9-9F35-C8CB74E0DCE4}

[07/21/12 07:22:12] Dmon (32-bit): deleted: Classes\CLSID\{13B65A91-FC6A-4FD8-B042-60B788FEB89C}
[07/21/12 07:22:12] Dmon (32-bit): deleted: Classes\Component Categories\{56FFCC30-D398-11d0-B2AE-00A0C908FA49}

[07/21/12 07:22:12] Uninstallation ESS/EAV/EMSX finished successfully.


[07/21/12 07:22:12] Log file location: "C:\Users\Tom\Desktop\redirect issue\~ESETUninstaller.log"

[07/21/12 07:22:12] Uninstallation finished successfully, please restart your PC now.

[07/21/12 07:22:12] Press any key to exit ...
>>>>>>>>>>>>>>>>>>>>>>>> END >>>>>>>>>>>>>>>>>>>>>>>>


>>>>>>>>>>>>>>>>>>>>>>> BEGIN >>>>>>>>>>>>>>>>>>>>>>>
[07/21/12 07:32:49] C:\Users\Tom\Desktop\redirect issue\ESETUninstaller.exe 4.0.15.5
[07/21/12 07:32:49] Input arguments:
[07/21/12 07:32:50] Online (PC booted from fixed disk) mode detected.

[07/21/12 07:32:50] WARNING! This tool uninstalls AV product in non-standard way. Your PC can be harmed seriously, please back up Your data.
Please keep in mind that as soon as this application is finished your network connection can be down and you will have to restart your PC.
Are you really sure to continue? (y/n): y


[07/21/12 07:32:52] Scanning available operating systems ...

[07/21/12 07:32:52] Available operating systems, which AV product can be removed from:

[07/21/12 07:32:52] [1]
[07/21/12 07:32:52] Product Name: Windows 7 Professional
[07/21/12 07:32:52] Current Version: 6.1.1.7601.WinNT.AMD64
[07/21/12 07:32:52] Volume: C:\
[07/21/12 07:32:52] System Root: C:\Windows
[07/21/12 07:32:52] Program Files: C:\Program Files
[07/21/12 07:32:52] Program Files (x86): C:\Program Files (x86)
[07/21/12 07:32:52] Common files: C:\Program Files\Common Files
[07/21/12 07:32:52] Common files (x86): C:\Program Files (x86)\Common Files
[07/21/12 07:32:52] Common application data folder: C:\ProgramData
[07/21/12 07:32:52] Common programs folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[07/21/12 07:32:52] Device path folder: C:\Windows\inf;C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\drivers
[07/21/12 07:32:52] Drives mapping:
[07/21/12 07:32:52] Current Letter: C Native Letter: C

[07/21/12 07:32:52] Building cache: 64bit COM: AppID -> DllName ...
[07/21/12 07:32:52] Building cache: 64bit COM: Category -> ReferenceCounter ...
[07/21/12 07:32:52] Building cache: 32bit COM: AppID -> DllName ...
[07/21/12 07:32:52] Building cache: 32bit COM: Category -> ReferenceCounter ...
[07/21/12 07:32:52] Scanning installed AV products ...

[07/21/12 07:32:55] Installed AV products:
[07/21/12 07:32:55] 1. ESS/EAV/EMSX

[07/21/12 07:32:55] Enter sequence number of AV product to uninstall and press ENTER (hint: to abort press 'q'): 1

[07/21/12 07:32:58] ERROR! PC is running in normal boot, to uninstall AV product ESS/EAV/EMSX please run safe boot or boot live CD/DVD/USB.


[07/21/12 07:32:58] Log file location: "C:\Users\Tom\Desktop\redirect issue\~ESETUninstaller.log"

[07/21/12 07:32:58] ERROR(s) occured in uninstallation process, please check the log!

[07/21/12 07:32:58] Press any key to exit ...
>>>>>>>>>>>>>>>>>>>>>>>> END >>>>>>>>>>>>>>>>>>>>>>>>


>>>>>>>>>>>>>>>>>>>>>>> BEGIN >>>>>>>>>>>>>>>>>>>>>>>
[07/21/12 07:34:42] C:\Users\Tom\Desktop\redirect issue\ESETUninstaller.exe 4.0.15.5
[07/21/12 07:34:42] Input arguments:
[07/21/12 07:34:42] Online (PC booted from fixed disk) mode detected.

[07/21/12 07:34:42] WARNING! This tool uninstalls AV product in non-standard way. Your PC can be harmed seriously, please back up Your data.
Please keep in mind that as soon as this application is finished your network connection can be down and you will have to restart your PC.
Are you really sure to continue? (y/n): y


[07/21/12 07:34:44] Scanning available operating systems ...

[07/21/12 07:34:44] Available operating systems, which AV product can be removed from:

[07/21/12 07:34:44] [1]
[07/21/12 07:34:44] Product Name: Windows 7 Professional
[07/21/12 07:34:44] Current Version: 6.1.1.7601.WinNT.AMD64
[07/21/12 07:34:44] Volume: C:\
[07/21/12 07:34:44] System Root: C:\Windows
[07/21/12 07:34:44] Program Files: C:\Program Files
[07/21/12 07:34:44] Program Files (x86): C:\Program Files (x86)
[07/21/12 07:34:44] Common files: C:\Program Files\Common Files
[07/21/12 07:34:44] Common files (x86): C:\Program Files (x86)\Common Files
[07/21/12 07:34:44] Common application data folder: C:\ProgramData
[07/21/12 07:34:44] Common programs folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[07/21/12 07:34:44] Device path folder: C:\Windows\inf;C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\drivers
[07/21/12 07:34:44] Drives mapping:
[07/21/12 07:34:44] Current Letter: C Native Letter: C

[07/21/12 07:34:44] Building cache: 64bit COM: AppID -> DllName ...
[07/21/12 07:34:44] Building cache: 64bit COM: Category -> ReferenceCounter ...
[07/21/12 07:34:44] Building cache: 32bit COM: AppID -> DllName ...
[07/21/12 07:34:44] Building cache: 32bit COM: Category -> ReferenceCounter ...
[07/21/12 07:34:44] Scanning installed AV products ...

[07/21/12 07:34:47] Installed AV products:
[07/21/12 07:34:47] 1. ESS/EAV/EMSX

[07/21/12 07:34:47] Enter sequence number of AV product to uninstall and press ENTER (hint: to abort press 'q'): 1

[07/21/12 07:34:51] Are you sure to uninstall ESS/EAV/EMSX from this OS? (y/n): y


[07/21/12 07:34:55] Product uninstallation: ESS/EAV/EMSX

[07/21/12 07:34:55] Uninstallation in progress, please wait ...

[07/21/12 07:34:55] Current control set ... ControlSet001

[07/21/12 07:34:55] Services: deleted: ControlSet001\Enum\Root\LEGACY_EHDRV

[07/21/12 07:34:55] WSC: ESS/EAV unregistered of Windows Security Center

[07/21/12 07:34:55] WSC: ESS/EAV (WMI) unregistered of Windows Security Center


[07/21/12 07:34:56] Installer folders (64-bit): deleted value in: Microsoft\Windows\CurrentVersion\Installer\Folders ...
[07/21/12 07:34:56] deleted: C:\ProgramData\ESET\ESET NOD32 Antivirus\
[07/21/12 07:34:56] deleted: C:\Program Files\ESET\ESET NOD32 Antivirus\

[07/21/12 07:34:56] ESET folder: deleted: C:\ProgramData\ESET\ESET NOD32 Antivirus\
[07/21/12 07:34:56] ESET folder: deleted: C:\Program Files\ESET\ESET NOD32 Antivirus\
[07/21/12 07:34:56] Delete of empty folders ...
[07/21/12 07:34:56] ESET folder: deleted: C:\Program Files\ESET\
[07/21/12 07:34:56] Installer folders (64-bit): deleted value in: Microsoft\Windows\CurrentVersion\Installer\Folders ...
[07/21/12 07:34:56] deleted: C:\Program Files\ESET\
[07/21/12 07:34:56] ESET folder: deleted: C:\ProgramData\ESET\
[07/21/12 07:34:56] Installer folders (64-bit): deleted value in: Microsoft\Windows\CurrentVersion\Installer\Folders ...
[07/21/12 07:34:56] deleted: C:\ProgramData\ESET\

[07/21/12 07:34:56] ESET Product (64-bit): deleted: ESET\ESET Security
[07/21/12 07:34:56] ESET Product (64-bit): deleted: ESET\Setup
[07/21/12 07:34:56] ESET Product (64-bit): deleted: ESET


[07/21/12 07:34:56] Dmon (64-bit): deleted: Classes\AppId\DMON.DLL
[07/21/12 07:34:56] Dmon (64-bit): deleted: Classes\AppId\{6EB1806F-1E78-4EE0-BC56-CCB3A2784379}
[07/21/12 07:34:56] Dmon (64-bit): deleted: Classes\DMON.DmonObject
[07/21/12 07:34:56] Dmon (64-bit): deleted: Classes\DMON.DmonObject.1
[07/21/12 07:34:56] Dmon (64-bit): deleted: Classes\TypeLib\{D94B2224-C2DD-49C9-9F35-C8CB74E0DCE4}

[07/21/12 07:34:56] Dmon (32-bit): deleted: Classes\CLSID\{13B65A91-FC6A-4FD8-B042-60B788FEB89C}
[07/21/12 07:34:56] Dmon (32-bit): deleted: Classes\Component Categories\{56FFCC30-D398-11d0-B2AE-00A0C908FA49}

[07/21/12 07:34:56] Uninstallation ESS/EAV/EMSX finished successfully.


[07/21/12 07:34:56] Log file location: "C:\Users\Tom\Desktop\redirect issue\~ESETUninstaller.log"

[07/21/12 07:34:56] Uninstallation finished successfully, please restart your PC now.

[07/21/12 07:34:56] Press any key to exit ...
>>>>>>>>>>>>>>>>>>>>>>>> END >>>>>>>>>>>>>>>>>>>>>>>>


>>>>>>>>>>>>>>>>>>>>>>> BEGIN >>>>>>>>>>>>>>>>>>>>>>>
[07/21/12 07:49:34] C:\Users\Tom\Desktop\redirect issue\ESETUninstaller.exe 4.0.15.5
[07/21/12 07:49:34] Input arguments:
[07/21/12 07:49:34] Online (PC booted from fixed disk) mode detected.

[07/21/12 07:49:34] WARNING! This tool uninstalls AV product in non-standard way. Your PC can be harmed seriously, please back up Your data.
Please keep in mind that as soon as this application is finished your network connection can be down and you will have to restart your PC.
Are you really sure to continue? (y/n): y


[07/21/12 07:49:36] Scanning available operating systems ...

[07/21/12 07:49:36] Available operating systems, which AV product can be removed from:

[07/21/12 07:49:36] [1]
[07/21/12 07:49:36] Product Name: Windows 7 Professional
[07/21/12 07:49:36] Current Version: 6.1.1.7601.WinNT.AMD64
[07/21/12 07:49:36] Volume: C:\
[07/21/12 07:49:36] System Root: C:\Windows
[07/21/12 07:49:36] Program Files: C:\Program Files
[07/21/12 07:49:36] Program Files (x86): C:\Program Files (x86)
[07/21/12 07:49:36] Common files: C:\Program Files\Common Files
[07/21/12 07:49:36] Common files (x86): C:\Program Files (x86)\Common Files
[07/21/12 07:49:36] Common application data folder: C:\ProgramData
[07/21/12 07:49:36] Common programs folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[07/21/12 07:49:36] Device path folder: C:\Windows\inf;C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\drivers
[07/21/12 07:49:36] Drives mapping:
[07/21/12 07:49:36] Current Letter: C Native Letter: C

[07/21/12 07:49:36] Building cache: 64bit COM: AppID -> DllName ...
[07/21/12 07:49:36] Building cache: 64bit COM: Category -> ReferenceCounter ...
[07/21/12 07:49:37] Building cache: 32bit COM: AppID -> DllName ...
[07/21/12 07:49:37] Building cache: 32bit COM: Category -> ReferenceCounter ...
[07/21/12 07:49:37] Scanning installed AV products ...

[07/21/12 07:49:39] Installed AV products:
[07/21/12 07:49:39] 1. ESS/EAV/EMSX
[07/21/12 07:49:39] 2. NODv2

[07/21/12 07:49:39] Enter sequence number of AV product to uninstall and press ENTER (hint: to abort press 'q'): 1

[07/21/12 07:49:48] ERROR! PC is running in normal boot, to uninstall AV product ESS/EAV/EMSX please run safe boot or boot live CD/DVD/USB.


[07/21/12 07:49:48] Installed AV products:
[07/21/12 07:49:48] 1. NODv2

[07/21/12 07:49:48] Enter sequence number of AV product to uninstall and press ENTER (hint: to abort press 'q'): 1

[07/21/12 07:49:54] ERROR! PC is running in normal boot, to uninstall AV product NODv2 please run safe boot or boot live CD/DVD/USB.


[07/21/12 07:49:54] Log file location: "C:\Users\Tom\Desktop\redirect issue\~ESETUninstaller.log"

[07/21/12 07:49:54] ERROR(s) occured in uninstallation process, please check the log!

[07/21/12 07:49:54] Press any key to exit ...
>>>>>>>>>>>>>>>>>>>>>>>> END >>>>>>>>>>>>>>>>>>>>>>>>


>>>>>>>>>>>>>>>>>>>>>>> BEGIN >>>>>>>>>>>>>>>>>>>>>>>
[07/21/12 07:51:01] C:\Users\Tom\Desktop\redirect issue\ESETUninstaller.exe 4.0.15.5
[07/21/12 07:51:01] Input arguments:
[07/21/12 07:51:01] Online (PC booted from fixed disk) mode detected.

[07/21/12 07:51:01] WARNING! This tool uninstalls AV product in non-standard way. Your PC can be harmed seriously, please back up Your data.
Please keep in mind that as soon as this application is finished your network connection can be down and you will have to restart your PC.
Are you really sure to continue? (y/n): y


[07/21/12 07:51:04] Scanning available operating systems ...

[07/21/12 07:51:04] Available operating systems, which AV product can be removed from:

[07/21/12 07:51:04] [1]
[07/21/12 07:51:04] Product Name: Windows 7 Professional
[07/21/12 07:51:04] Current Version: 6.1.1.7601.WinNT.AMD64
[07/21/12 07:51:04] Volume: C:\
[07/21/12 07:51:04] System Root: C:\Windows
[07/21/12 07:51:04] Program Files: C:\Program Files
[07/21/12 07:51:04] Program Files (x86): C:\Program Files (x86)
[07/21/12 07:51:04] Common files: C:\Program Files\Common Files
[07/21/12 07:51:04] Common files (x86): C:\Program Files (x86)\Common Files
[07/21/12 07:51:04] Common application data folder: C:\ProgramData
[07/21/12 07:51:04] Common programs folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[07/21/12 07:51:04] Device path folder: C:\Windows\inf;C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\drivers
[07/21/12 07:51:04] Drives mapping:
[07/21/12 07:51:04] Current Letter: C Native Letter: C

[07/21/12 07:51:04] Building cache: 64bit COM: AppID -> DllName ...
[07/21/12 07:51:04] Building cache: 64bit COM: Category -> ReferenceCounter ...
[07/21/12 07:51:04] Building cache: 32bit COM: AppID -> DllName ...
[07/21/12 07:51:04] Building cache: 32bit COM: Category -> ReferenceCounter ...
[07/21/12 07:51:04] Scanning installed AV products ...

[07/21/12 07:51:07] Installed AV products:
[07/21/12 07:51:07] 1. ESS/EAV/EMSX
[07/21/12 07:51:07] 2. NODv2

[07/21/12 07:51:07] Enter sequence number of AV product to uninstall and press ENTER (hint: to abort press 'q'): 1

[07/21/12 07:51:09] Are you sure to uninstall ESS/EAV/EMSX from this OS? (y/n): y


[07/21/12 07:51:11] Product uninstallation: ESS/EAV/EMSX

[07/21/12 07:51:11] Uninstallation in progress, please wait ...

[07/21/12 07:51:11] Current control set ... ControlSet001

[07/21/12 07:51:11] Services: deleted: ControlSet001\Enum\Root\LEGACY_EPFWLWF
[07/21/12 07:51:11] Services: Driver's .sys (64-bit) file deleted: EpfwLWF.sys
[07/21/12 07:51:11] Services: deleted: ControlSet001\Enum\Root\LEGACY_EPFW
[07/21/12 07:51:11] Services: deleted: ControlSet001\Enum\Root\LEGACY_EPFWWFP
[07/21/12 07:51:11] Services: deleted: ControlSet001\Enum\Root\LEGACY_EHDRV
[07/21/12 07:51:11] Services: deleted: ControlSet001\Services\ekrn

[07/21/12 07:51:11] WSC: ESS/EAV unregistered of Windows Security Center

[07/21/12 07:51:11] WSC: ESS/EAV (WMI) unregistered of Windows Security Center


[07/21/12 07:51:11] ShellEx (64-bit): deleted: Classes\*\shellex\ContextMenuHandlers\ESET Smart Security - Context Menu Shell Extension
[07/21/12 07:51:11] ShellEx (64-bit): deleted: Classes\Drive\shellex\ContextMenuHandlers\ESET Smart Security - Context Menu Shell Extension
[07/21/12 07:51:11] ShellEx (64-bit): deleted: Classes\Drives\shellex\ContextMenuHandlers\ESET Smart Security - Context Menu Shell Extension
[07/21/12 07:51:11] ShellEx (64-bit): deleted: Classes\Folder\shellex\ContextMenuHandlers\ESET Smart Security - Context Menu Shell Extension
[07/21/12 07:51:11] ESET Smart Security - Context Menu Shell Extension (64-bit): deleted: Classes\CLSID\{B089FE88-FB52-11D3-BDF1-0050DA34150D}
[07/21/12 07:51:11] ShellEx (64-bit): deleted value in: Microsoft\Windows\CurrentVersion\Shell Extensions\Approved ...
[07/21/12 07:51:11] deleted: {B089FE88-FB52-11D3-BDF1-0050DA34150D}

[07/21/12 07:51:11] ESET Smart Security - Context Menu Shell Extension (32-bit): deleted: Classes\CLSID\{B089FE88-FB52-11D3-BDF1-0050DA34150D}
[07/21/12 07:51:11] ShellEx (32-bit): deleted value in: Microsoft\Windows\CurrentVersion\Shell Extensions\Approved ...
[07/21/12 07:51:11] deleted: {B089FE88-FB52-11D3-BDF1-0050DA34150D}

[07/21/12 07:51:11] Installer folders (64-bit): deleted value in: Microsoft\Windows\CurrentVersion\Installer\Folders ...
[07/21/12 07:51:11] deleted: C:\ProgramData\ESET\ESET Smart Security\
[07/21/12 07:51:11] deleted: C:\Program Files\ESET\ESET Smart Security\
[07/21/12 07:51:11] deleted: C:\ProgramData\ESET\ESET Smart Security\Antispam\
[07/21/12 07:51:11] deleted: C:\ProgramData\ESET\ESET Smart Security\Charon\
[07/21/12 07:51:11] deleted: C:\ProgramData\ESET\ESET Smart Security\Logs\
[07/21/12 07:51:11] deleted: C:\Program Files\ESET\ESET Smart Security\x86\

[07/21/12 07:51:11] ESET folder: deleted: C:\ProgramData\ESET\ESET Smart Security\
[07/21/12 07:51:11] ESET folder: deleted: C:\Program Files\ESET\ESET Smart Security\
[07/21/12 07:51:11] Delete of empty folders ...
[07/21/12 07:51:11] ESET folder: deleted: C:\Program Files\ESET\
[07/21/12 07:51:11] Installer folders (64-bit): deleted value in: Microsoft\Windows\CurrentVersion\Installer\Folders ...
[07/21/12 07:51:11] deleted: C:\Program Files\ESET\
[07/21/12 07:51:11] ESET folder: deleted: C:\ProgramData\ESET\
[07/21/12 07:51:11] Installer folders (64-bit): deleted value in: Microsoft\Windows\CurrentVersion\Installer\Folders ...
[07/21/12 07:51:11] deleted: C:\ProgramData\ESET\

[07/21/12 07:51:11] ESET Product (64-bit): deleted: ESET\ESET Security
[07/21/12 07:51:11] ESET Product (64-bit): deleted: ESET\Setup
[07/21/12 07:51:11] ESET Product (64-bit): deleted: ESET

[07/21/12 07:51:11] ESET Product (32-bit): deleted: ESET\ESET Security


[07/21/12 07:51:11] Dmon (64-bit): deleted: Classes\AppId\DMON.DLL
[07/21/12 07:51:11] Dmon (64-bit): deleted: Classes\AppId\{6EB1806F-1E78-4EE0-BC56-CCB3A2784379}

[07/21/12 07:51:11] Email plugins (64-bit): deleted value in: Mozilla\Thunderbird\Extensions ...
[07/21/12 07:51:11] deleted: eplgTb@eset.com

[07/21/12 07:51:11] Email plugins (32-bit): deleted value in: Mozilla\Thunderbird\Extensions ...
[07/21/12 07:51:11] deleted: eplgTb@eset.com

[07/21/12 07:51:11] Uninstallation ESS/EAV/EMSX finished successfully.


[07/21/12 07:51:11] Installed AV products:
[07/21/12 07:51:11] 1. NODv2

[07/21/12 07:51:11] Enter sequence number of AV product to uninstall and press ENTER (hint: to abort press 'q'): 1

[07/21/12 07:51:18] Are you sure to uninstall NODv2 from this OS? (y/n): y


[07/21/12 07:51:20] Product uninstallation: NODv2

[07/21/12 07:51:20] Uninstallation in progress, please wait ...

[07/21/12 07:51:20] Current control set ... ControlSet001

[07/21/12 07:51:20] WSC: NODv2 unregistered of Windows Security Center


[07/21/12 07:51:20] Uninstallation NODv2 finished successfully.


[07/21/12 07:51:20] Log file location: "C:\Users\Tom\Desktop\redirect issue\~ESETUninstaller.log"

[07/21/12 07:51:20] Uninstallation finished successfully, please restart your PC now.

[07/21/12 07:51:20] Press any key to exit ...
>>>>>>>>>>>>>>>>>>>>>>>> END >>>>>>>>>>>>>>>>>>>>>>>>


>>>>>>>>>>>>>>>>>>>>>>> BEGIN >>>>>>>>>>>>>>>>>>>>>>>
[07/21/12 07:53:54] C:\Users\Tom\Desktop\redirect issue\ESETUninstaller.exe 4.0.15.5
[07/21/12 07:53:54] Input arguments:
[07/21/12 07:53:54] Online (PC booted from fixed disk) mode detected.

[07/21/12 07:53:54] WARNING! This tool uninstalls AV product in non-standard way. Your PC can be harmed seriously, please back up Your data.
Please keep in mind that as soon as this application is finished your network connection can be down and you will have to restart your PC.
Are you really sure to continue? (y/n): y


[07/21/12 07:53:56] Scanning available operating systems ...

[07/21/12 07:53:56] Available operating systems, which AV product can be removed from:

[07/21/12 07:53:56] [1]
[07/21/12 07:53:56] Product Name: Windows 7 Professional
[07/21/12 07:53:56] Current Version: 6.1.1.7601.WinNT.AMD64
[07/21/12 07:53:56] Volume: C:\
[07/21/12 07:53:56] System Root: C:\Windows
[07/21/12 07:53:56] Program Files: C:\Program Files
[07/21/12 07:53:56] Program Files (x86): C:\Program Files (x86)
[07/21/12 07:53:56] Common files: C:\Program Files\Common Files
[07/21/12 07:53:56] Common files (x86): C:\Program Files (x86)\Common Files
[07/21/12 07:53:56] Common application data folder: C:\ProgramData
[07/21/12 07:53:56] Common programs folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs
[07/21/12 07:53:56] Device path folder: C:\Windows\inf;C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\drivers
[07/21/12 07:53:56] Drives mapping:
[07/21/12 07:53:56] Current Letter: C Native Letter: C

[07/21/12 07:53:56] Building cache: 64bit COM: AppID -> DllName ...
[07/21/12 07:53:56] Building cache: 64bit COM: Category -> ReferenceCounter ...
[07/21/12 07:53:56] Building cache: 32bit COM: AppID -> DllName ...
[07/21/12 07:53:56] Building cache: 32bit COM: Category -> ReferenceCounter ...
[07/21/12 07:53:56] Scanning installed AV products ...

[07/21/12 07:53:59] No supported AV product installed!


[07/21/12 07:53:59] Log file location: "C:\Users\Tom\Desktop\redirect issue\~ESETUninstaller.log"

[07/21/12 07:53:59] Press any key to exit ...
>>>>>>>>>>>>>>>>>>>>>>>> END >>>>>>>>>>>>>>>>>>>>>>>>

Edited by Osceola214, 21 July 2012 - 08:12 AM.


#5 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:11 AM

Posted 22 July 2012 - 02:44 PM

Good evening. :)

Can you tell me which browser(s) you are having the problems with - FF, IE, Chrome or any others?

So long, and thanks for all the fish.

 

 


#6 Osceola214

Osceola214
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 26 July 2012 - 11:37 AM

Mostly IE, but I see it in FF, and I'm not positive, but I think Chrome, but I can't get it to do it now.

#7 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:11 AM

Posted 26 July 2012 - 02:28 PM

Good evening. :)

Run OTL.exe.

  • Copy and paste the following into the Custom Scans/Fixes box at the bottom:

    :OTL
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1269415
    IE - HKU\S-1-5-21-61969593-965230781-2082520423-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1269415
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\S-1-5-21-61969593-965230781-2082520423-1000..\Run: [AdobeBridge] File not found
    O4 - HKU\S-1-5-21-61969593-965230781-2082520423-1000..\Run: [Apple Computer] C:\Users\Tom\AppData\Local\Apps\Apple Computer\tvzjqlnhf.dll (Microsoft Corporation)

    :Files
    ipconfig /flushdns /c
    C:\Users\Tom\AppData\Local\Apps\Apple Computer

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Click the Run Fix button at the top.
  • Let the program run until it has completed and then reboot the PC when it is done.
Please let me have a copy of the log that appears once OTL has completed it's run.


Note:If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. The name of the log will in the following format: xxxxxxxx_xxxxxx. x representing the month, date, year and time the log was created. Eg: 03062009_170403

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

It is possible that your AV has been tampered with by the nasty in question and that it has also messed with the Windows firewall - the second seems more likely that the first as ESET should have protection against tampering by malware. Hopefully the above fix will allow you to reinstall ESET, assuming that you haven't got it or another AV installed already.

If you can't get one up and running we'll need to worry about that next.

So long, and thanks for all the fish.

 

 


#8 Osceola214

Osceola214
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 26 July 2012 - 03:37 PM

OK, here you go (thanks for the help, by the way!):

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-61969593-965230781-2082520423-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-61969593-965230781-2082520423-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-21-61969593-965230781-2082520423-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Apple Computer deleted successfully.
C:\Users\Tom\AppData\Local\Apps\Apple Computer\tvzjqlnhf.dll moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Tom\Desktop\redirect issue\cmd.bat deleted successfully.
C:\Users\Tom\Desktop\redirect issue\cmd.txt deleted successfully.
C:\Users\Tom\AppData\Local\Apps\Apple Computer folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Test
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Tom
->Temp folder emptied: 145398082 bytes
->Temporary Internet Files folder emptied: 243000922 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 74689636 bytes
->Google Chrome cache emptied: 194948386 bytes
->Flash cache emptied: 7682 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3420455 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 41769228 bytes

Total Files Cleaned = 671.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Public

User: Test
->Flash cache emptied: 0 bytes

User: Tom
->Flash cache emptied: 0 bytes

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.1 log created on 07262012_153039

Files\Folders moved on Reboot...
C:\Users\Tom\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Tom\AppData\Local\Temp\~PI9890.tmp not found!
File\Folder C:\Users\Tom\AppData\Local\Temp\~PI9891.tmp not found!
File\Folder C:\Users\Tom\AppData\Local\Temp\~PI993E.tmp not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJIT4U7U\8850704[1].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJIT4U7U\8850704[2].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJIT4U7U\8850704[3].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJIT4U7U\8850704[4].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJIT4U7U\8850704[5].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJIT4U7U\8850704[6].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJIT4U7U\adaptive[1].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJIT4U7U\ecm3[1].gif not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJIT4U7U\prod-rb[1].htm not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJIT4U7U\relatedSuggestion[1].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W32E1RCF\8850704[1].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W32E1RCF\8850704[2].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W32E1RCF\8850704[3].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W32E1RCF\footer[1].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W32E1RCF\prod-ox[1].htm not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W32E1RCF\prod-pm[1].htm not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W32E1RCF\Pug[1].htm not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W32E1RCF\sh093[1].htm not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TUJ3GADN\8850704[1].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TUJ3GADN\8850704[2].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TUJ3GADN\8850704[3].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TUJ3GADN\8850704[4].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TUJ3GADN\8850704[5].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TUJ3GADN\a9.syncuppixels[1].htm not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TUJ3GADN\autosug[4] not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TUJ3GADN\checkOAuth[1].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TUJ3GADN\iframeproxy-13[1].htm not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TUJ3GADN\p[2].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TFTIM88N\1732;tags=pictures,and,they,said,you,were,all,imaginary,2351732;mar=videoview;mar=paid-interstitial;mar=internationalvideoview;mar=matt-test-do-not-use;ord=0[1].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TFTIM88N\checkOAuth[1].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TFTIM88N\checkOAuth[2].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TFTIM88N\checkOAuth[3].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TFTIM88N\checkOAuth[4].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TFTIM88N\checkOAuth[5].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TFTIM88N\checkOAuth[6].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TFTIM88N\checkOAuth[8].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TFTIM88N\checkOAuth[9].js not found!
File\Folder C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TFTIM88N\cntid=2351745;tags=pictures,hey,bear,justpassin,through,2351745;mar=videoview;mar=paid-interstitial;mar=internationalvideoview;mar=matt-test-do-not-use;ord=0[1].js not found!
C:\Windows\temp\hsperfdata_TOM-DELL-8330$\2448 moved successfully.
C:\Windows\temp\jna8422112955562229977.dll moved successfully.

PendingFileRenameOperations files...
File C:\Users\Tom\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Tom\AppData\Local\Temp\~PI9890.tmp not found!
File C:\Users\Tom\AppData\Local\Temp\~PI9891.tmp not found!
File C:\Users\Tom\AppData\Local\Temp\~PI993E.tmp not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJIT4U7U\8850704[1].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJIT4U7U\8850704[2].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJIT4U7U\8850704[3].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJIT4U7U\8850704[4].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJIT4U7U\8850704[5].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJIT4U7U\8850704[6].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJIT4U7U\adaptive[1].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJIT4U7U\ecm3[1].gif not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJIT4U7U\prod-rb[1].htm not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\WJIT4U7U\relatedSuggestion[1].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W32E1RCF\8850704[1].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W32E1RCF\8850704[2].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W32E1RCF\8850704[3].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W32E1RCF\footer[1].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W32E1RCF\prod-ox[1].htm not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W32E1RCF\prod-pm[1].htm not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W32E1RCF\Pug[1].htm not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\W32E1RCF\sh093[1].htm not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TUJ3GADN\8850704[1].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TUJ3GADN\8850704[2].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TUJ3GADN\8850704[3].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TUJ3GADN\8850704[4].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TUJ3GADN\8850704[5].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TUJ3GADN\a9.syncuppixels[1].htm not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TUJ3GADN\autosug[4] not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TUJ3GADN\checkOAuth[1].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TUJ3GADN\iframeproxy-13[1].htm not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TUJ3GADN\p[2].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TFTIM88N\1732;tags=pictures,and,they,said,you,were,all,imaginary,2351732;mar=videoview;mar=paid-interstitial;mar=internationalvideoview;mar=matt-test-do-not-use;ord=0[1].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TFTIM88N\checkOAuth[1].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TFTIM88N\checkOAuth[2].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TFTIM88N\checkOAuth[3].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TFTIM88N\checkOAuth[4].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TFTIM88N\checkOAuth[5].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TFTIM88N\checkOAuth[6].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TFTIM88N\checkOAuth[8].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TFTIM88N\checkOAuth[9].js not found!
File C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TFTIM88N\cntid=2351745;tags=pictures,hey,bear,justpassin,through,2351745;mar=videoview;mar=paid-interstitial;mar=internationalvideoview;mar=matt-test-do-not-use;ord=0[1].js not found!
File C:\Windows\temp\hsperfdata_TOM-DELL-8330$\2448 not found!
File C:\Windows\temp\jna8422112955562229977.dll not found!

Registry entries deleted on Reboot...

#9 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:11 AM

Posted 26 July 2012 - 04:32 PM

Can you get an anti-virus program running on the system now?

So long, and thanks for all the fish.

 

 


#10 Osceola214

Osceola214
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 27 July 2012 - 08:44 AM

I already have AVG running...has been for a while.

#11 Osceola214

Osceola214
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 27 July 2012 - 08:51 AM

Firewall settings still can't be changed. See screenshots.

Attached Files



#12 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:11 AM

Posted 27 July 2012 - 02:24 PM

Good evening. :)

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

So long, and thanks for all the fish.

 

 


#13 Osceola214

Osceola214
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 28 July 2012 - 10:59 AM

Another thing I'v noticed is the last couple of tools I've installed (OTL and FSS) are showing as file type screensaver, as opposed to exe. Is that normal?


Farbar Service Scanner Version: 26-07-2012
Ran by Tom (administrator) on 28-07-2012 at 10:56:53
Running from "C:\Users\Tom\Desktop\redirect issue"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Demand
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#14 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:01:11 AM

Posted 29 July 2012 - 01:52 PM

Good evening. :)

Another thing I'v noticed is the last couple of tools I've installed (OTL and FSS) are showing as file type screensaver, as opposed to exe. Is that normal?

Yup.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Download

Windows repair tool

Extract and launch the Repair_Windows.exe file

Click on Start repairs tab-click on Start

check mark following options alone

Repair WMI
Repair Windows Firewall.
Remove Policies Set By Infections
Repair Winsock & DNS Cache


Checkmark Restart System When Finished option
click the Start button

System should restart after repair. Run FSS again and let me have the log that it produces.

So long, and thanks for all the fish.

 

 


#15 Osceola214

Osceola214
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:11 PM

Posted 29 July 2012 - 07:58 PM

Still the same issue when I try and enable firewall.

Farbar Service Scanner Version: 26-07-2012
Ran by Tom (administrator) on 29-07-2012 at 19:57:34
Running from "C:\Users\Tom\Desktop\redirect issue"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============

sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Auto
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users