Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Kaspersky reports HEUR:Trojan.Script.Generic


  • This topic is locked This topic is locked
30 replies to this topic

#1 Phydron

Phydron

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Socal
  • Local time:01:27 PM

Posted 18 October 2012 - 08:20 PM

My normally dependable Dell,i5, Win 7, laptop suddenly began to be erratic, booting at odd times
and showing strange, inappropriate errror messages. A number of antivirus programs either can't load or can't
run properly. I ran Kaspersky Security Scan and it reported the HEUR trojan, said "index (2) htm" was malware
along with several entries it said were incorrect.

I could sure use some help with this. Any assistance will be greatly appreciated.

DDS (Ver_2012-10-19.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by norm at 14:31:26 on 2012-10-18
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3893.1668 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Users\norm\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe
C:\Users\norm\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SnippingTool.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mStart Page = hxxp://www.google.com
uProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Akamai NetSession Interface] "C:\Users\norm\AppData\Local\Akamai\netsession_win.exe"
uRun: [KSS] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [Trend Micro RUBotted V2.0 Beta] C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Scrybe.lnk - C:\Windows\Installer\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}\NewShortcut11_8ACB210B42E44145A8C31F8E3DD765A3.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://test.catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1342284995127
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{91981AFE-EE85-4BFD-877F-86EBDF037E8D} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{91981AFE-EE85-4BFD-877F-86EBDF037E8D}\2756075616475627 : DHCPNameServer = 192.168.69.1
TCP: Interfaces\{92BDA7B1-5753-4081-843E-6E3A2E75CB8E} : DHCPNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
x64-BHO: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe -expressboot
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2012-4-19 28480]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-1-20 55280]
R0 SMR311;Symantec SMR Utility Service 3.1.1;C:\Windows\System32\drivers\SMR311.SYS [2012-10-18 95392]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2012-7-26 291680]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2011-12-23 47696]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2012-8-24 384352]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-10-8 31080]
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-10-10 27800]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-1-20 98208]
R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-10-10 84256]
R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-10-10 108320]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-10-10 99248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2012-10-1 108392]
R2 KSS;Kaspersky Security Scan Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [2012-4-25 202296]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-16 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-16 676936]
R2 ScrybeUpdater;Scrybe Updater;C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-5-27 1300264]
R2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-10-8 722528]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-1-20 172704]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-1-20 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-1-20 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-1-20 271872]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\l1c51x64.sys [2011-1-20 66600]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-9-1 25928]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-13 136176]
S2 RUBotSrv;Trend Micro RUBotted Service;C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [2012-8-30 439632]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-15 250808]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-13 136176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-2 227232]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-1-20 232992]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-30 1255736]
.
=============== Created Last 30 ================
.
2012-10-18 16:44:23 95392 ----a-w- C:\Windows\System32\drivers\SMR311.SYS
2012-10-18 15:57:42 -------- d-----w- C:\JRT
2012-10-18 15:15:19 -------- d-sh--w- C:\$RECYCLE.BIN
2012-10-15 01:35:03 -------- d-----w- C:\Users\norm\AppData\Roaming\SPE
2012-10-10 19:39:14 -------- d-----w- C:\Users\norm\AppData\Roaming\Synaptics
2012-10-10 19:35:08 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2012-10-10 19:29:50 -------- d-----w- C:\ProgramData\Synaptics
2012-10-10 19:29:50 -------- d-----w- C:\Program Files (x86)\Synaptics
2012-10-10 19:27:58 66856 ----a-w- C:\Windows\SysWow64\SynTPEnhPS.dll
2012-10-10 19:27:58 411432 ----a-w- C:\Windows\System32\SynCOM.dll
2012-10-10 19:27:58 274728 ----a-w- C:\Windows\System32\SynCtrl.dll
2012-10-10 19:27:58 225576 ----a-w- C:\Windows\System32\SynTPAPI.dll
2012-10-10 19:27:58 218408 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2012-10-10 19:27:58 173352 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2012-10-10 19:27:58 148264 ----a-w- C:\Windows\System32\SynTPCo9.dll
2012-10-10 19:27:57 1424944 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2012-10-10 19:15:03 -------- d-----w- C:\Users\norm\AppData\Roaming\Avira
2012-10-10 19:09:43 99248 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-10-10 19:09:43 27800 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-10-10 19:09:42 -------- d-----w- C:\ProgramData\Avira
2012-10-10 19:09:42 -------- d-----w- C:\Program Files (x86)\Avira
2012-10-10 04:27:05 -------- d-----w- C:\Program Files (x86)\Microsoft Group Policy
2012-10-10 00:05:05 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-10 00:05:05 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-10-09 18:35:15 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2012-10-08 16:26:50 -------- d-----w- C:\Users\norm\AppData\Local\CrashDumps
2012-10-08 16:03:23 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-10-08 16:03:22 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-10-08 15:56:36 -------- d-----w- C:\Users\norm\AppData\Roaming\GlarySoft
2012-10-08 15:56:36 -------- d-----w- C:\Program Files (x86)\Glary Utilities
2012-10-07 17:01:34 -------- d-----w- C:\Users\norm\AppData\Roaming\EasyBurner
2012-10-07 17:01:19 -------- d-----w- C:\Program Files (x86)\EasyBurner
2012-10-06 02:38:38 -------- d-----w- C:\Users\norm\AppData\Local\NPE
2012-10-06 02:38:38 -------- d-----w- C:\ProgramData\Norton
2012-10-05 20:38:32 -------- d-----w- C:\Program Files\Linksys
2012-10-05 20:16:39 -------- d-----w- C:\ProgramData\Pure Networks
2012-10-05 03:20:24 -------- d-----w- C:\Windows\System32\catroot2
2012-10-04 22:15:10 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2012-10-03 16:22:08 -------- d-----w- C:\Program Files\Common Files\Intel
2012-10-03 16:22:08 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2012-10-03 16:15:34 -------- d-----w- C:\Users\norm\AppData\Local\Akamai
2012-10-03 15:46:41 -------- d-----w- C:\ProgramData\CPA_VA
2012-10-03 12:54:17 -------- d-----w- C:\ProgramData\Comodo
2012-10-03 12:54:15 -------- d-----w- C:\Program Files\COMODO
2012-10-03 12:54:14 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-10-03 12:54:14 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2012-10-03 12:54:14 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2012-10-02 23:44:41 -------- d-----w- C:\Program Files (x86)\FileHippo.com
2012-10-02 04:03:50 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2012-10-02 03:54:51 -------- d-----w- C:\Program Files\HitmanPro
2012-10-02 03:47:04 -------- d-----w- C:\ProgramData\HitmanPro
2012-10-01 15:21:29 -------- d-----w- C:\Symbols
2012-09-30 05:00:50 -------- d-----w- C:\Windows\SysWow64\wbem\Performance
2012-09-30 04:59:58 303616 ----a-w- C:\SetACL.exe
2012-09-30 04:47:58 290304 ----a-w- C:\subinacl.exe
2012-09-30 04:46:20 -------- d-----w- C:\RegBackup
2012-09-30 04:14:47 -------- d-----w- C:\Tweaking.com_Windows_Repair_Logs
2012-09-30 04:14:32 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2012-09-30 01:01:00 -------- d-----w- C:\New folder (2)
2012-09-30 01:00:09 -------- d-----w- C:\New folder
2012-09-29 21:59:43 -------- d-----w- C:\Users\norm\AppData\Roaming\Windows Live Writer
2012-09-29 21:59:43 -------- d-----w- C:\Users\norm\AppData\Local\Windows Live Writer
2012-09-29 20:24:51 -------- d-----w- C:\Windows\en
2012-09-29 20:23:14 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2012-09-29 20:23:14 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2012-09-29 20:23:13 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2012-09-29 20:23:13 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2012-09-29 20:23:10 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2012-09-29 20:23:10 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2012-09-29 19:18:40 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3bdde9731cd9e7721\MeshBetaRemover.exe
2012-09-29 19:18:26 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\32b43a081cd9e771a\DSETUP.dll
2012-09-29 19:18:26 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\32b43a081cd9e771a\DXSETUP.exe
2012-09-29 19:18:26 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\32b43a081cd9e771a\dsetup32.dll
2012-09-29 19:18:24 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\322a2a381cd9e7719\DSETUP.dll
2012-09-29 19:18:24 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\322a2a381cd9e7719\DXSETUP.exe
2012-09-29 19:18:24 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\322a2a381cd9e7719\dsetup32.dll
2012-09-29 19:17:19 -------- d-----w- C:\Users\norm\AppData\Local\Windows Live
2012-09-29 19:17:13 -------- d-----w- C:\Program Files\Microsoft Device Center
2012-09-29 19:16:33 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2012-09-29 18:41:59 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2012-09-29 18:41:59 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2012-09-29 18:41:59 52224 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2012-09-29 18:41:59 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2012-09-29 18:41:59 324608 ----a-w- C:\Windows\System32\drivers\usbport.sys
2012-09-29 18:41:59 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2012-09-29 18:41:59 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2012-09-29 16:07:09 -------- d-----w- C:\Downloads
2012-09-28 11:08:35 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-09-28 01:51:17 -------- d-----w- C:\Users\norm\AppData\Roaming\WinPatrol
2012-09-28 01:51:13 -------- d-----w- C:\Program Files (x86)\BillP Studios
2012-09-27 23:18:56 -------- d-----w- C:\ProgramData\McAfee Security Scan
2012-09-27 23:18:55 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2012-09-27 23:18:04 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-27 15:39:25 -------- d-----w- C:\Program Files (x86)\WinPcap
2012-09-26 14:03:26 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2012-09-26 14:03:26 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2012-09-26 13:44:41 311808 ----a-w- C:\Windows\System32\msv1_0.dll
2012-09-26 13:44:41 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2012-09-26 13:28:43 2566144 ----a-w- C:\Windows\System32\esent.dll
2012-09-26 13:28:42 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2012-09-26 13:28:42 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2012-09-26 13:28:42 187264 ----a-w- C:\Windows\System32\drivers\storport.sys
2012-09-26 13:28:42 1686016 ----a-w- C:\Windows\SysWow64\esent.dll
2012-09-26 13:28:42 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2012-09-26 13:28:42 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2012-09-26 13:28:42 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2012-09-26 13:28:41 96768 ----a-w- C:\Windows\System32\fsutil.exe
2012-09-26 13:28:41 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2012-09-26 03:15:25 -------- d-----w- C:\Program Files\CCleaner
2012-09-25 13:09:01 -------- d-----w- C:\ProgramData\Sophos
2012-09-25 13:08:53 -------- d-----w- C:\Program Files (x86)\Sophos
2012-09-24 17:06:45 388096 ----a-r- C:\Users\norm\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-09-23 03:57:56 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-09-23 03:57:56 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-09-23 03:57:56 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-09-23 03:57:55 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-09-23 03:57:55 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-09-23 03:51:01 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys
2012-09-23 03:51:00 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
2012-09-23 03:46:34 3213824 ----a-w- C:\Windows\System32\msi.dll
2012-09-23 03:46:33 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-09-23 03:46:08 1975296 ----a-w- C:\Windows\System32\CertEnroll.dll
2012-09-23 03:46:08 1320960 ----a-w- C:\Windows\SysWow64\CertEnroll.dll
2012-09-23 03:46:03 552960 ----a-w- C:\Windows\System32\msdri.dll
2012-09-23 03:44:58 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-09-23 03:43:59 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2012-09-23 03:42:59 516096 ----a-w- C:\Program Files\Windows Mail\wab.exe
2012-09-23 03:42:59 516096 ----a-w- C:\Program Files (x86)\Windows Mail\wab.exe
2012-09-23 03:42:59 35328 ----a-w- C:\Program Files\Windows Mail\wabfind.dll
2012-09-23 03:42:58 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2012-09-23 03:42:55 84992 ----a-w- C:\Windows\System32\asycfilt.dll
2012-09-23 03:42:55 67584 ----a-w- C:\Windows\SysWow64\asycfilt.dll
2012-09-23 03:42:54 52224 ----a-w- C:\Windows\System32\rtutils.dll
2012-09-23 03:42:54 37376 ----a-w- C:\Windows\SysWow64\rtutils.dll
2012-09-23 03:42:53 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
2012-09-23 03:42:52 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2012-09-23 03:40:40 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2012-09-23 03:40:40 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2012-09-23 03:40:39 1097216 ----a-w- C:\Windows\System32\mstsc.exe
2012-09-23 03:40:39 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
2012-09-23 03:40:18 1739160 ----a-w- C:\Windows\System32\ntdll.dll
2012-09-23 03:40:18 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-09-23 03:40:15 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-09-23 03:40:13 956416 ----a-w- C:\Windows\System32\localspl.dll
2012-09-23 03:29:18 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2012-09-23 03:29:18 236032 ----a-w- C:\Windows\System32\srvsvc.dll
2012-09-23 03:16:10 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-09-23 03:15:50 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-09-23 03:15:35 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-09-23 03:15:35 186752 ----a-w- C:\Windows\System32\wuwebv.dll
.
==================== Find3M ====================
.
2012-10-09 23:23:09 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-09 23:23:09 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-09-30 02:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-27 23:17:56 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-09-27 23:17:56 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-26 03:32:45 16200 ----a-w- C:\Windows\stinger.sys
2012-08-31 18:02:20 1656688 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:11:29 5505904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:18:33 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:18:33 3902832 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-30 15:02:42 56016 ----a-w- C:\Windows\System32\drivers\fsbts.sys
2012-08-30 11:42:14 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2012-08-24 22:43:16 384352 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-08-24 18:05:28 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 17:10:47 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-18 15:43:05 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-18 15:43:05 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-18 15:43:05 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-18 15:42:31 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-18 15:40:26 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-18 15:37:49 425984 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-18 15:34:13 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-18 11:22:55 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-18 11:19:45 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-18 11:19:22 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-18 11:17:56 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-18 11:17:56 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-18 09:12:09 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-18 09:12:09 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-18 09:07:02 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-18 09:07:02 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-18 09:07:02 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-18 09:07:02 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-11 00:53:01 714752 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:54:04 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2012-08-02 17:55:04 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-08-02 17:05:42 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-07-26 10:21:28 291680 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
.
============= FINISH: 14:32:56.01 ===============

Attached Files


Edited by Noviciate, 19 October 2012 - 03:36 PM.
Added log from attachment.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:27 PM

Posted 21 October 2012 - 08:53 PM

Greetings Phydron and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary. If you would allow me to call you by your first name I would prefer to do that. :thumbup2:


===================================================


Ground Rules:

  • First, I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me about it.
  • When you post your reply, do not use the Posted Image button but use the Posted Image button instead.
  • In the upper right hand corner of the topic you will see the Posted Image button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:

===================================================


Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided. I will post back as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:27 PM

Posted 21 October 2012 - 10:09 PM

Hi Phydron,

Before taking any proactive steps I would like to gather some additional information about the state of your computer and also reduce the number of antivirus programs installed.

Please do the following, if you would.


===================================================


Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove all but one of the following:

  • AVG
  • Avira
  • RUBotted

===================================================


OTL

--------------------

Please download OTL here.

  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Copy and paste the two reports in your next reply.

  • OTL.txt <-- Will be opened
  • Extra.txt <-- Will be minimized

===================================================


GetSystemInfo

--------------

  • Download GetSystemInfo and save it to your desktop
  • Double click the icon, select Run, then I Agree
  • Make sure all 3 items are checked under Quick Options then click Create Report
  • Once completed a Congratulations! page will appear with a link
  • Copy and paste the link in your reply

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • OTL.txt
  • Extra.txt
  • GetSystemInfo link

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Phydron

Phydron
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Socal
  • Local time:01:27 PM

Posted 22 October 2012 - 10:30 AM

Hi Gary, I'm Norm, Thanks for your help.
Here are the reports you asked for. I haven't been able to completely remove AVG.
I'll stop trying until you say to.

OTL logfile created on: 10/22/2012 7:10:44 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\norm\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 61.37% Memory free
7.60 Gb Paging File | 5.70 Gb Available in Paging File | 75.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.09 Gb Total Space | 334.72 Gb Free Space | 74.04% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 8.87 Gb Free Space | 64.88% Space Free | Partition Type: NTFS

Computer Name: MININT-DHACEK5 | User Name: norm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/21 20:20:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\norm\Desktop\OTL.exe
PRC - [2012/10/09 16:23:09 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2012/10/08 09:03:22 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/25 11:00:46 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/09/25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/09/25 10:52:49 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/09/19 21:02:24 | 000,363,752 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/08/11 13:26:11 | 000,307,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/08/10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\norm\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/07/31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/04/25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/05/27 16:23:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe
PRC - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/20 14:23:00 | 000,599,419 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2012/04/25 19:52:28 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll
MOD - [2012/04/25 19:52:26 | 007,422,352 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll
MOD - [2012/04/25 19:52:24 | 000,795,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll
MOD - [2012/04/25 19:52:24 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll
MOD - [2012/04/25 19:52:22 | 002,453,904 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll
MOD - [2012/04/25 19:52:22 | 002,126,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll
MOD - [2011/03/31 19:29:46 | 000,066,856 | ---- | M] () -- C:\Windows\SysWOW64\SynTPEnhPS.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/11 08:27:09 | 000,108,392 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2009/11/17 16:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/09 16:23:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/08 09:03:22 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/25 11:00:46 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/09/25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/04/25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2010/09/02 23:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/20 11:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/08 09:03:23 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/10/01 17:14:23 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/09/13 15:52:59 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/06/26 21:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/06/24 22:24:48 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/02/29 23:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/31 19:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/07/26 19:41:28 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/26 19:41:28 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/03/31 15:47:10 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/30 04:58:06 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/03/30 04:58:06 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/03/03 17:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/07 07:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/22 07:19:20 | 000,066,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\l1c51x64.sys -- (L1c)
DRV:64bit: - [2009/12/16 06:16:00 | 003,053,560 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/10/20 11:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/09/18 01:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/15 12:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.claro-search.com/?affID=114508&tt=4212_8&babsrc=HP_clro&mntrId=762e653500000000000070f1a18ecdb6
IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 8A B3 CC 40 A0 CD 01 [binary data]
IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\..\SearchScopes,bProtectorDefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_enUS492
IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=4.0.0.1588
IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/09/10 09:53:08 | 000,000,000 | ---D | M]

[2012/09/08 10:14:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.claro-search.com/?affID=114508&tt=4212_8&babsrc=HP_clro&mntrId=762e653500000000000070f1a18ecdb6
CHR - Extension: No name found = C:\Users\norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: No name found = C:\Users\norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\
CHR - Extension: No name found = C:\Users\norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/18 20:29:52 | 000,000,698 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003..\Run: [Akamai NetSession Interface] C:\Users\norm\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Value error. File not found
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://test.catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1342284995127 (MUCatalogWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.7.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91981AFE-EE85-4BFD-877F-86EBDF037E8D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92BDA7B1-5753-4081-843E-6E3A2E75CB8E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/22 06:59:36 | 000,000,000 | ---D | C] -- C:\AVGTemp
[2012/10/22 06:51:09 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Local\MFAData
[2012/10/22 06:51:09 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Local\Avg2013
[2012/10/21 21:49:22 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2012/10/21 21:48:48 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/21 21:46:52 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/10/21 20:39:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2012/10/21 20:39:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2012/10/21 20:38:41 | 000,546,224 | ---- | C] (AVG Technologies) -- C:\Users\norm\Desktop\avg_remover_stf_x86_2011_1149.exe
[2012/10/21 20:20:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\norm\Desktop\OTL.exe
[2012/10/21 13:50:56 | 000,640,112 | ---- | C] (Dell Computer Corporation) -- C:\Users\norm\Desktop\BR84231.exe
[2012/10/18 21:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/10/18 18:40:48 | 000,000,000 | ---D | C] -- C:\FRST
[2012/10/18 08:57:42 | 000,000,000 | ---D | C] -- C:\JRT
[2012/10/18 08:15:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/14 18:35:03 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Roaming\SPE
[2012/10/11 08:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/10/10 12:39:14 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Roaming\Synaptics
[2012/10/10 12:35:08 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2012/10/10 12:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2012/10/10 12:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synaptics
[2012/10/10 12:27:58 | 000,411,432 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
[2012/10/10 12:27:58 | 000,274,728 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
[2012/10/10 12:27:58 | 000,225,576 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2012/10/10 12:27:58 | 000,218,408 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
[2012/10/10 12:27:58 | 000,173,352 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2012/10/10 12:27:58 | 000,148,264 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo9.dll
[2012/10/10 12:27:57 | 001,424,944 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2012/10/10 12:19:42 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\norm\Desktop\TFC.exe
[2012/10/10 12:15:03 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Roaming\Avira
[2012/10/10 12:09:43 | 000,129,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/10/10 12:09:43 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/10/10 12:09:43 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/10/10 12:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/10/10 12:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/10/09 21:27:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Group Policy
[2012/10/09 17:04:59 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/09 17:04:58 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/10/09 17:04:52 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/09 17:04:45 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/10/09 17:04:45 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/10/09 17:04:45 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/10/09 17:04:45 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/10/09 17:04:45 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/10/09 17:04:45 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/10/09 17:04:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/10/09 17:04:45 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/10/09 17:04:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/10/09 17:04:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/10/09 17:04:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/10/09 17:04:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/09 17:04:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/09 17:04:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/10/09 17:04:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/09 17:04:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/09 17:04:44 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/09 17:04:44 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/09 17:04:44 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/09 17:04:44 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/09 17:04:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/09 17:04:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/09 17:04:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/09 17:04:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/09 17:04:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/09 17:04:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/09 17:04:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/09 17:04:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/09 17:04:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/09 17:04:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/10/09 17:04:35 | 005,505,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/09 17:04:34 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/09 17:04:34 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/09 11:35:16 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/10/09 11:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/10/09 11:33:03 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\norm\Desktop\revosetup.exe
[2012/10/08 12:14:15 | 000,000,000 | ---D | C] -- C:\Users\norm\Documents\Desktop Virus
[2012/10/08 09:26:50 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Local\CrashDumps
[2012/10/08 09:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/10/08 09:03:23 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/10/08 09:03:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/10/08 08:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2012/10/08 08:56:36 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Roaming\GlarySoft
[2012/10/08 08:56:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2012/10/07 10:01:34 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Roaming\EasyBurner
[2012/10/07 10:01:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EasyBurner
[2012/10/07 10:01:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Burner
[2012/10/07 09:58:24 | 001,496,792 | ---- | C] (Aedge Performance BCN SL) -- C:\Users\norm\Desktop\easyburner-setup.exe
[2012/10/05 19:38:38 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Local\NPE
[2012/10/05 19:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/10/05 19:37:34 | 002,957,840 | ---- | C] (Symantec Corporation) -- C:\Users\norm\Desktop\NPE.exe
[2012/10/05 13:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys
[2012/10/05 13:16:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/10/05 13:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Pure Networks
[2012/10/04 15:15:36 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
[2012/10/04 15:15:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/10/04 15:10:59 | 000,180,000 | ---- | C] (Kaspersky Lab) -- C:\Users\norm\Desktop\kss12.0.1.117EN_RU_DE_FR_2926.exe
[2012/10/03 09:22:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2012/10/03 09:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2012/10/03 09:15:34 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Local\Akamai
[2012/10/03 08:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/10/03 08:44:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012/10/03 05:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/10/03 05:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2012/10/03 05:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012/10/03 05:54:14 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2012/10/03 05:54:14 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2012/10/02 16:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2012/10/01 20:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2012/10/01 20:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/10/01 20:53:04 | 008,864,168 | ---- | C] (SurfRight B.V.) -- C:\Users\norm\Desktop\HitmanPro36_x64.exe
[2012/10/01 20:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/10/01 08:21:29 | 000,000,000 | ---D | C] -- C:\Symbols
[2012/09/30 20:48:43 | 100,029,288 | ---- | C] (Emsi Software GmbH ) -- C:\Users\norm\Desktop\EmsisoftAntiMalwareSetup.exe
[2012/09/30 09:38:40 | 017,483,288 | ---- | C] (Microsoft Corporation) -- C:\Users\norm\Desktop\Windows-KB890830-x64-V4.12.exe
[2012/09/30 09:38:09 | 207,128,168 | ---- | C] (Emsisoft GmbH ) -- C:\Users\norm\Desktop\EmsisoftAntiMalwareSetup_softpedia.exe
[2012/09/29 21:47:58 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\subinacl.exe
[2012/09/29 21:46:20 | 000,000,000 | ---D | C] -- C:\RegBackup
[2012/09/29 21:15:34 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/09/29 21:14:47 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/09/29 21:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/09/29 21:14:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2012/09/29 18:01:00 | 000,000,000 | ---D | C] -- C:\New folder (2)
[2012/09/29 18:00:09 | 000,000,000 | ---D | C] -- C:\New folder
[2012/09/29 17:58:09 | 000,000,000 | ---D | C] -- C:\Users\norm\Desktop\Packs
[2012/09/29 14:59:43 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Roaming\Windows Live Writer
[2012/09/29 14:59:43 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Local\Windows Live Writer
[2012/09/29 13:24:51 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/09/29 13:24:40 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/09/29 13:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/09/29 13:23:14 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012/09/29 13:23:14 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012/09/29 13:23:13 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012/09/29 13:23:13 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012/09/29 13:23:10 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012/09/29 13:23:10 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012/09/29 12:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2012/09/29 12:17:19 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Local\Windows Live
[2012/09/29 12:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Center
[2012/09/29 11:41:59 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012/09/29 11:41:59 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012/09/29 09:41:35 | 062,164,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/09/29 09:07:09 | 000,000,000 | ---D | C] -- C:\Downloads
[2012/09/28 04:08:35 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/09/27 18:51:17 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Roaming\WinPatrol
[2012/09/27 18:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2012/09/27 18:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2012/09/27 16:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/09/27 16:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/09/27 16:18:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012/09/27 16:18:04 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/09/27 08:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/09/27 08:39:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012/09/26 06:28:43 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012/09/26 06:28:42 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012/09/26 06:28:42 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012/09/26 06:28:42 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012/09/26 06:28:42 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012/09/26 06:28:41 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012/09/26 06:28:41 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012/09/25 20:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/09/25 20:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/09/25 06:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/09/25 06:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/09/23 13:49:40 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/09/22 21:17:50 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/09/22 21:17:50 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/09/22 21:17:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/09/22 21:17:48 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/09/22 21:17:48 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/09/22 21:17:48 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/09/22 21:17:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/09/22 21:17:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/09/22 21:17:47 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/09/22 21:17:47 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/09/22 21:17:47 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/09/22 21:17:47 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/09/22 21:17:45 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/09/22 21:17:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/09/22 21:17:44 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/09/22 20:57:56 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll
[2012/09/22 20:57:56 | 000,022,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys
[2012/09/22 20:47:58 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2012/09/22 20:47:58 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2012/09/22 20:47:56 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2012/09/22 20:47:56 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2012/09/22 20:47:56 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2012/09/22 20:47:56 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2012/09/22 20:47:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2012/09/22 20:47:12 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012/09/22 20:46:34 | 003,213,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/09/22 20:46:08 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2012/09/22 20:46:08 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2012/09/22 20:46:03 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2012/09/22 20:45:59 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/09/22 20:45:59 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/09/22 20:45:59 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/09/22 20:45:50 | 002,228,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2012/09/22 20:45:49 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2012/09/22 20:45:49 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2012/09/22 20:45:48 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2012/09/22 20:45:47 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2012/09/22 20:45:47 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2012/09/22 20:45:47 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2012/09/22 20:45:46 | 000,779,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2012/09/22 20:45:46 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2012/09/22 20:45:46 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2012/09/22 20:45:46 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2012/09/22 20:45:46 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2012/09/22 20:45:46 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2012/09/22 20:45:44 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2012/09/22 20:45:43 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2012/09/22 20:45:42 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2012/09/22 20:45:42 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2012/09/22 20:45:42 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2012/09/22 20:45:42 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2012/09/22 20:45:31 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2012/09/22 20:45:30 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2012/09/22 20:45:28 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2012/09/22 20:45:28 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2012/09/22 20:45:23 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2012/09/22 20:45:23 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2012/09/22 20:45:22 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2012/09/22 20:45:22 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2012/09/22 20:45:16 | 000,142,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\poqexec.exe
[2012/09/22 20:45:16 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\poqexec.exe
[2012/09/22 20:45:14 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/09/22 20:45:13 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/09/22 20:45:11 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2012/09/22 20:45:11 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2012/09/22 20:45:11 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2012/09/22 20:45:11 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2012/09/22 20:45:11 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2012/09/22 20:45:11 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2012/09/22 20:45:10 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2012/09/22 20:45:10 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2012/09/22 20:45:05 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012/09/22 20:45:05 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012/09/22 20:45:02 | 001,541,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/09/22 20:45:01 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2012/09/22 20:45:01 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2012/09/22 20:45:01 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2012/09/22 20:45:00 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2012/09/22 20:44:46 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/09/22 20:44:46 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/09/22 20:44:44 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012/09/22 20:44:44 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012/09/22 20:44:44 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012/09/22 20:44:37 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2012/09/22 20:44:36 | 001,359,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42u.dll
[2012/09/22 20:44:35 | 001,395,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfc42.dll
[2012/09/22 20:44:35 | 001,164,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42u.dll
[2012/09/22 20:44:35 | 001,137,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc42.dll
[2012/09/22 20:44:31 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2012/09/22 20:44:29 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/09/22 20:44:29 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/09/22 20:44:29 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/09/22 20:44:15 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012/09/22 20:44:15 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012/09/22 20:44:14 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012/09/22 20:44:14 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012/09/22 20:44:12 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2012/09/22 20:44:12 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2012/09/22 20:44:12 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2012/09/22 20:44:12 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2012/09/22 20:44:12 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2012/09/22 20:44:11 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2012/09/22 20:44:11 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2012/09/22 20:44:11 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2012/09/22 20:44:10 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2012/09/22 20:44:10 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2012/09/22 20:44:10 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2012/09/22 20:44:10 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2012/09/22 20:44:10 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2012/09/22 20:44:10 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2012/09/22 20:44:09 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2012/09/22 20:44:09 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2012/09/22 20:44:08 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/09/22 20:44:08 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/09/22 20:44:04 | 000,640,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.efi
[2012/09/22 20:44:04 | 000,603,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winload.exe
[2012/09/22 20:44:04 | 000,556,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.efi
[2012/09/22 20:44:04 | 000,518,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winresume.exe
[2012/09/22 20:44:04 | 000,020,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdusb.dll
[2012/09/22 20:44:04 | 000,019,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kd1394.dll
[2012/09/22 20:44:04 | 000,017,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kdcom.dll
[2012/09/22 20:43:54 | 000,476,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2012/09/22 20:43:53 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2012/09/22 20:43:51 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2012/09/22 20:43:51 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2012/09/22 20:43:50 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2012/09/22 20:43:50 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2012/09/22 20:43:50 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2012/09/22 20:43:50 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2012/09/22 20:43:50 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2012/09/22 20:43:49 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2012/09/22 20:43:48 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2012/09/22 20:43:46 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2012/09/22 20:43:46 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2012/09/22 20:43:46 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2012/09/22 20:43:46 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2012/09/22 20:43:45 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2012/09/22 20:43:45 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2012/09/22 20:43:45 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2012/09/22 20:43:45 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2012/09/22 20:43:45 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2012/09/22 20:43:44 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2012/09/22 20:43:43 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/09/22 20:43:43 | 000,294,912 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/09/22 20:43:43 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2012/09/22 20:43:43 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2012/09/22 20:43:43 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/09/22 20:43:42 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/09/22 20:43:41 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnsapi.dll
[2012/09/22 20:43:40 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dnscacheugc.exe
[2012/09/22 20:43:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dnscacheugc.exe
[2012/09/22 20:43:39 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/09/22 20:43:36 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012/09/22 20:43:33 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2012/09/22 20:43:33 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2012/09/22 20:43:28 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2012/09/22 20:43:21 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012/09/22 20:43:21 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012/09/22 20:43:18 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2012/09/22 20:43:18 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2012/09/22 20:43:16 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/09/22 20:43:16 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/09/22 20:43:16 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/09/22 20:43:15 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012/09/22 20:43:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012/09/22 20:43:09 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2012/09/22 20:43:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2012/09/22 20:43:08 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2012/09/22 20:43:05 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2012/09/22 20:43:03 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2012/09/22 20:43:02 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2012/09/22 20:43:02 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2012/09/22 20:43:01 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2012/09/22 20:42:54 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2012/09/22 20:42:53 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2012/09/22 20:42:52 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012/09/22 20:40:40 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/09/22 20:40:40 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/09/22 20:40:39 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/09/22 20:40:39 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/09/22 20:40:18 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012/09/22 20:40:13 | 000,956,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/09/22 20:39:56 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2012/09/22 20:39:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2012/09/22 20:39:32 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2012/09/22 20:39:32 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2012/09/22 20:39:24 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012/09/22 20:39:24 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012/09/22 20:39:22 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2012/09/22 20:39:22 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2012/09/22 20:39:18 | 000,634,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012/09/22 20:39:05 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prevhost.exe
[2012/09/22 20:39:05 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prevhost.exe
[2012/09/22 20:39:04 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2012/09/22 20:39:03 | 000,267,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FXSCOVER.exe
[2012/09/22 20:29:18 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2012/09/22 20:16:10 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/09/22 20:16:10 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/09/22 20:16:10 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/09/22 20:15:50 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/09/22 20:15:50 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/09/22 20:15:50 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/09/22 20:15:35 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/09/22 20:15:35 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/22 07:07:10 | 000,017,424 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/22 07:07:10 | 000,017,424 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/22 07:06:43 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/22 07:06:43 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/22 07:06:43 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/22 07:02:37 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/22 07:02:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/22 07:01:52 | 3061,202,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/22 07:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/22 06:58:40 | 000,765,264 | ---- | M] () -- C:\Users\norm\Desktop\avgremover_en.exe
[2012/10/22 06:54:04 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/21 21:48:53 | 000,286,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/21 21:47:22 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/10/21 21:44:00 | 000,726,316 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/21 21:09:37 | 000,006,126 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2012/10/21 20:38:43 | 000,546,224 | ---- | M] (AVG Technologies) -- C:\Users\norm\Desktop\avg_remover_stf_x86_2011_1149.exe
[2012/10/21 20:20:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\norm\Desktop\OTL.exe
[2012/10/21 13:50:56 | 000,640,112 | ---- | M] (Dell Computer Corporation) -- C:\Users\norm\Desktop\BR84231.exe
[2012/10/18 20:29:52 | 000,000,698 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/10/15 15:55:59 | 000,000,512 | ---- | M] () -- C:\Users\norm\Documents\MBR.dat
[2012/10/11 08:33:10 | 000,002,279 | ---- | M] () -- C:\Users\norm\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/11 08:30:24 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/10 12:29:51 | 000,002,669 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
[2012/10/10 12:19:42 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\norm\Desktop\TFC.exe
[2012/10/10 12:09:47 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/10/09 16:23:09 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/09 16:23:09 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/09 11:35:16 | 000,001,270 | ---- | M] () -- C:\Users\norm\Desktop\Revo Uninstaller.lnk
[2012/10/09 11:33:03 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\norm\Desktop\revosetup.exe
[2012/10/08 09:03:23 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/10/08 08:56:38 | 000,001,072 | ---- | M] () -- C:\Users\norm\Desktop\Glary Utilities.lnk
[2012/10/07 09:58:24 | 001,496,792 | ---- | M] (Aedge Performance BCN SL) -- C:\Users\norm\Desktop\easyburner-setup.exe
[2012/10/05 19:37:34 | 002,957,840 | ---- | M] (Symantec Corporation) -- C:\Users\norm\Desktop\NPE.exe
[2012/10/04 19:35:34 | 022,063,616 | ---- | M] () -- C:\Users\norm\Desktop\Win7-2008R2-admx.msi
[2012/10/04 15:15:18 | 000,001,079 | ---- | M] () -- C:\Users\norm\Desktop\Kaspersky Security Scan.lnk
[2012/10/04 15:10:59 | 000,180,000 | ---- | M] (Kaspersky Lab) -- C:\Users\norm\Desktop\kss12.0.1.117EN_RU_DE_FR_2926.exe
[2012/10/04 09:18:38 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_598
[2012/10/04 08:58:27 | 000,002,293 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/10/04 08:27:52 | 000,000,698 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_433
[2012/10/03 18:21:58 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/03 09:19:49 | 040,968,128 | ---- | M] () -- C:\Users\norm\Documents\R268991.exe
[2012/10/03 08:59:19 | 000,368,337 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012/10/03 08:59:00 | 000,000,422 | ---- | M] () -- C:\Windows\SysWow64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2012/10/03 05:54:17 | 000,001,071 | ---- | M] () -- C:\Users\norm\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/10/03 05:54:14 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2012/10/03 05:54:14 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2012/10/02 16:44:42 | 000,001,975 | ---- | M] () -- C:\Users\norm\Desktop\Update Checker.lnk
[2012/10/02 16:43:34 | 000,264,271 | ---- | M] () -- C:\Users\norm\Desktop\FHSetup.exe
[2012/10/01 20:54:52 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/10/01 20:53:15 | 008,864,168 | ---- | M] (SurfRight B.V.) -- C:\Users\norm\Desktop\HitmanPro36_x64.exe
[2012/10/01 17:14:23 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/10/01 06:54:52 | 369,773,976 | ---- | M] () -- C:\Users\norm\Desktop\Windows6.1-KB947821-v24-x64.msu
[2012/09/30 21:03:58 | 100,029,288 | ---- | M] (Emsi Software GmbH ) -- C:\Users\norm\Desktop\EmsisoftAntiMalwareSetup.exe
[2012/09/29 21:47:21 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-MININT-DHACEK5-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/09/29 21:09:30 | 005,313,275 | ---- | M] () -- C:\Users\norm\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/29 17:57:30 | 000,023,783 | ---- | M] () -- C:\Users\norm\Desktop\Packs.zip
[2012/09/29 11:16:24 | 207,128,168 | ---- | M] (Emsisoft GmbH ) -- C:\Users\norm\Desktop\EmsisoftAntiMalwareSetup_softpedia.exe
[2012/09/29 09:45:22 | 017,483,288 | ---- | M] (Microsoft Corporation) -- C:\Users\norm\Desktop\Windows-KB890830-x64-V4.12.exe
[2012/09/28 11:43:13 | 000,513,501 | ---- | M] () -- C:\Users\norm\Desktop\adwcleaner.exe
[2012/09/27 16:17:56 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/09/27 16:17:56 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/09/27 16:17:56 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/09/27 16:17:56 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/09/27 16:17:56 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/09/27 16:17:56 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/09/27 06:59:57 | 000,000,163 | ---- | M] () -- C:\Users\norm\Report to moderator.url
[2012/09/25 21:27:40 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/25 20:32:45 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/09/24 10:06:45 | 000,002,971 | ---- | M] () -- C:\Users\norm\Desktop\HiJackThis.lnk
[2012/09/24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/09/23 13:08:56 | 000,302,592 | ---- | M] () -- C:\Users\norm\Desktop\lrvftx7n.exe
[2012/09/23 08:04:32 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_193
[2012/09/22 13:36:18 | 000,000,672 | ---- | M] () -- C:\Users\norm\Desktop\HijackThis.exe - Shortcut.lnk
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/22 06:58:40 | 000,765,264 | ---- | C] () -- C:\Users\norm\Desktop\avgremover_en.exe
[2012/10/21 21:09:37 | 000,006,126 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2012/10/15 15:55:59 | 000,000,512 | ---- | C] () -- C:\Users\norm\Documents\MBR.dat
[2012/10/11 08:33:10 | 000,002,279 | ---- | C] () -- C:\Users\norm\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/10 12:29:51 | 000,002,669 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
[2012/10/10 12:27:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012/10/10 12:09:47 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/10/09 11:35:16 | 000,001,270 | ---- | C] () -- C:\Users\norm\Desktop\Revo Uninstaller.lnk
[2012/10/08 08:56:38 | 000,001,072 | ---- | C] () -- C:\Users\norm\Desktop\Glary Utilities.lnk
[2012/10/04 19:34:26 | 022,063,616 | ---- | C] () -- C:\Users\norm\Desktop\Win7-2008R2-admx.msi
[2012/10/04 15:15:36 | 000,001,079 | ---- | C] () -- C:\Users\norm\Desktop\Kaspersky Security Scan.lnk
[2012/10/03 09:17:28 | 040,968,128 | ---- | C] () -- C:\Users\norm\Documents\R268991.exe
[2012/10/03 08:59:00 | 000,000,422 | ---- | C] () -- C:\Windows\SysWow64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2012/10/03 05:55:31 | 000,368,337 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012/10/03 05:54:17 | 000,001,071 | ---- | C] () -- C:\Users\norm\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/10/02 16:44:41 | 000,001,975 | ---- | C] () -- C:\Users\norm\Desktop\Update Checker.lnk
[2012/10/02 16:43:33 | 000,264,271 | ---- | C] () -- C:\Users\norm\Desktop\FHSetup.exe
[2012/10/01 20:54:52 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/10/01 06:16:53 | 369,773,976 | ---- | C] () -- C:\Users\norm\Desktop\Windows6.1-KB947821-v24-x64.msu
[2012/09/29 21:59:58 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
[2012/09/29 21:47:21 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-MININT-DHACEK5-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/09/29 21:14:36 | 000,002,293 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/09/29 21:08:54 | 005,313,275 | ---- | C] () -- C:\Users\norm\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/09/29 17:57:30 | 000,023,783 | ---- | C] () -- C:\Users\norm\Desktop\Packs.zip
[2012/09/29 13:24:38 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/09/29 13:24:29 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/09/29 13:24:15 | 000,001,460 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/09/29 13:24:02 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/09/28 11:43:13 | 000,513,501 | ---- | C] () -- C:\Users\norm\Desktop\adwcleaner.exe
[2012/09/27 06:59:57 | 000,000,163 | ---- | C] () -- C:\Users\norm\Report to moderator.url
[2012/09/25 20:15:27 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/09/23 13:49:40 | 000,002,971 | ---- | C] () -- C:\Users\norm\Desktop\HiJackThis.lnk
[2012/09/23 13:17:46 | 000,302,592 | ---- | C] () -- C:\Users\norm\Desktop\lrvftx7n.exe
[2012/09/23 11:16:10 | 000,000,672 | ---- | C] () -- C:\Users\norm\Desktop\HijackThis.exe - Shortcut.lnk
[2012/09/22 21:01:11 | 000,726,316 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/02 21:04:59 | 000,159,876 | ---- | C] () -- C:\Users\norm\AppData\Local\census.cache
[2012/09/02 21:04:56 | 000,090,707 | ---- | C] () -- C:\Users\norm\AppData\Local\ars.cache
[2012/09/02 20:50:54 | 000,000,036 | ---- | C] () -- C:\Users\norm\AppData\Local\housecall.guid.cache
[2012/09/02 05:46:05 | 000,000,296 | ---- | C] () -- C:\Users\norm\AppData\Roaming\burnaware.ini
[2012/07/24 09:09:37 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/20 18:41:42 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/01/20 18:41:42 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/01/20 18:41:42 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/01/20 18:41:35 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/01/20 18:41:25 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/01/20 17:18:26 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\sysWOW64\wbem\fastprox.dll -- [2009/07/13 18:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 967 bytes -> C:\Users\norm\Documents\[Heathkit] Tubes.eml:OECustomProperty
@Alternate Data Stream - 877 bytes -> C:\Users\norm\Documents\Receipt for Your Payment to www_pandawill_com.eml:OECustomProperty
@Alternate Data Stream - 684 bytes -> C:\Users\norm\Documents\Zen Vision M complaint.eml:OECustomProperty

< End of report >


OTL Extras logfile created on: 10/22/2012 7:10:44 AM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\norm\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.33 Gb Available Physical Memory | 61.37% Memory free
7.60 Gb Paging File | 5.70 Gb Available in Paging File | 75.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.09 Gb Total Space | 334.72 Gb Free Space | 74.04% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 8.87 Gb Free Space | 64.88% Space Free | Partition Type: NTFS

Computer Name: MININT-DHACEK5 | User Name: norm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-4040365602-1674829592-1211785086-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4754F8F7-1B2B-42CC-ACD8-42BF6CF772A8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C90E3ACF-6955-4DAF-94EC-7572B55C0D2D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DDA862E3-4596-4E80-9897-17B964E745F5}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E4F3AB6E-C5B3-402C-A092-B576CFFE134B}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{11CBC530-D0BE-411C-B016-EDB4C3A843AE}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{1A529F6C-31D6-4FD3-AB45-65CD75E42071}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{21DA5DEA-926B-441D-A741-1DCD47919C56}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{26079CFA-9B5E-4DE8-A29C-58D8BAB0B9D3}" = protocol=6 | dir=in | app=c:\program files (x86)\windows live\mail\wlmail.exe |
"{29D86437-2515-4266-B0AD-523C3FC27E2F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{2AEE9E51-EBB9-4C29-87E5-8B6BFB81ADF7}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\tvnserver.exe |
"{3E430048-3357-4649-8839-E8DD56C0E52B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{47AB703C-8EDF-4C55-B53C-D7BEFB5ABF61}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{4B589178-9501-4B8B-9BF3-5220172C4775}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\tvnserver.exe |
"{56EF0891-29BD-48A5-A81B-E37E5772DDAE}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{685997E7-22BB-4A2C-8145-35FD6BA57BED}" = protocol=17 | dir=in | app=c:\program files (x86)\windows live\mail\wlmail.exe |
"{6891BC09-84EE-47AF-A018-91D3C32DEE2B}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{AA72497A-B9EA-4FC2-8FA3-7B23EE62D7B1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{B96E130A-1F36-4104-AF8E-127010B0DC5F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{B975ADAD-C583-4B72-B0EF-5D332E5E1A23}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{C7875786-6FE2-4020-A1AD-7E2AC9647983}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{D68919F8-9ADE-4AC1-BE77-B5C78D658883}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\pure networks shared\platform\nmsrvc.exe |
"{ED7038D4-4660-4AAB-AE3E-ACF0841BBE00}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{F98B2B1F-FA8B-47C2-8897-2C80E4124A4B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"TCP Query User{239341CA-4DC2-49A0-B8B8-A15FF2CCA51E}C:\users\norm\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\norm\appdata\local\akamai\netsession_win.exe |
"TCP Query User{9B1B2FF7-BE7C-4A21-8F0D-7074B35DA684}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{F2539540-89B7-433D-ABB8-FCDC260C7133}C:\users\norm\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\norm\appdata\local\akamai\netsession_win.exe |
"UDP Query User{16215A48-E955-40C0-8DD3-2138074F61A3}C:\users\norm\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\norm\appdata\local\akamai\netsession_win.exe |
"UDP Query User{3FF9E1D3-D4C3-4A76-A556-45A79396B20C}C:\users\norm\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\norm\appdata\local\akamai\netsession_win.exe |
"UDP Query User{CEFD6E4A-55E9-4E47-96A6-C1B0FAF6C70F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B1D3C64-EEBC-4807-93FF-DB71719E77F7}" = Image Resizer for Windows (64 bit)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2C22EA92-CB30-4932-0052-000001000000}" = InfraRecorder 0.52 (x64 edition)
"{344C0D46-2EF4-4BC8-AE03-3DACDA9B9485}" = AVG 2012
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}" = WinPatrol
"{AEF6C676-D7A2-4487-BD4B-1BED17B229B5}" = Microsoft Mouse and Keyboard Center
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2012
"CCleaner" = CCleaner
"CNXT_MODEM_USB_VID_0572&PID_1300" = USB SoftV92 Data Fax Modem
"HitmanPro36" = HitmanPro 3.6
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46EA439E-2D16-49B6-AA80-00DE992FE7CE}" = Microsoft Windows Debugging Symbols
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{520C2939-555B-40BF-A91B-8B671AB560EB}" = Easy Burner
"{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9dfff2f7-5cd7-4fd4-9b75-7d53b042d94b}" = Image Resizer for Windows
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA962DA0-E528-41E9-A20C-2AA438C73731}" = Administative Templates for Windows 7 and Windows Server 2008 R2 (.admx)
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{B5BF7B43-E13D-4A76-9F8F-E933817131EC}" = calibre
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira Free Antivirus
"Dell Webcam Central" = Dell Webcam Central
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"ESET Online Scanner" = ESET Online Scanner v3
"FileHippo.com" = FileHippo.com Update Checker
"Glary Utilities_is1" = Glary Utilities 2.49.0.1600
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.8
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9.5
"InstallWIX_{56009CA3-423B-41F8-884A-E5B049534F15}" = Kaspersky Security Scan
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Revo Uninstaller" = Revo Uninstaller 1.94
"Tweaking.com - Windows Repair (All in One)" = Tweaking.com - Windows Repair (All in One)
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.1

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4040365602-1674829592-1211785086-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Amazon Kindle" = Amazon Kindle

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/21/2012 11:46:01 PM | Computer Name = MININT-DHACEK5 | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error
27046. CA_Error27046: DriverInstallation(0xE0010057): Driver installation failed

Error - 10/21/2012 11:47:22 PM | Computer Name = MININT-DHACEK5 | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error
27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed

Error - 10/21/2012 11:47:22 PM | Computer Name = MININT-DHACEK5 | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error
27046. CA_Error27046: DriverInstallation(0xE0010057): Driver installation failed

Error - 10/22/2012 12:15:59 AM | Computer Name = MININT-DHACEK5 | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error
27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed

Error - 10/22/2012 12:15:59 AM | Computer Name = MININT-DHACEK5 | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error
27046. CA_Error27046: DriverInstallation(0xE0010057): Driver installation failed

Error - 10/22/2012 12:46:56 AM | Computer Name = MININT-DHACEK5 | Source = VSS | ID = 1
Description = Volume Shadow Copy Service initialization error: the control dispatcher
cannot be started [0x80070427, The service process could not connect to the service
controller. ].

Error - 10/22/2012 9:47:32 AM | Computer Name = MININT-DHACEK5 | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error
27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed

Error - 10/22/2012 9:47:32 AM | Computer Name = MININT-DHACEK5 | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error
27046. CA_Error27046: DriverInstallation(0xE0010057): Driver installation failed

Error - 10/22/2012 10:06:24 AM | Computer Name = MININT-DHACEK5 | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error
27046. CA_Error27046: DriverInstallationFun(0x00000000): Driver installation failed

Error - 10/22/2012 10:06:24 AM | Computer Name = MININT-DHACEK5 | Source = MsiInstaller | ID = 10005
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error
27046. CA_Error27046: DriverInstallation(0xE0010057): Driver installation failed

[ System Events ]
Error - 10/22/2012 12:16:06 AM | Computer Name = MININT-DHACEK5 | Source = Service Control Manager | ID = 7001
Description = The AVGIDSAgent service depends on the AVGIDSDriver service which
failed to start because of the following error: %%1058

Error - 10/22/2012 12:49:00 AM | Computer Name = MININT-DHACEK5 | Source = Service Control Manager | ID = 7001
Description = The AVGIDSAgent service depends on the AVGIDSDriver service which
failed to start because of the following error: %%1058

Error - 10/22/2012 12:50:26 AM | Computer Name = MININT-DHACEK5 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Avgrkx64

Error - 10/22/2012 12:55:27 AM | Computer Name = MININT-DHACEK5 | Source = Service Control Manager | ID = 7001
Description = The AVGIDSAgent service depends on the AVGIDSDriver service which
failed to start because of the following error: %%1058

Error - 10/22/2012 12:56:17 AM | Computer Name = MININT-DHACEK5 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Avgrkx64

Error - 10/22/2012 9:42:06 AM | Computer Name = MININT-DHACEK5 | Source = Service Control Manager | ID = 7001
Description = The AVGIDSAgent service depends on the AVGIDSDriver service which
failed to start because of the following error: %%1058

Error - 10/22/2012 9:42:38 AM | Computer Name = MININT-DHACEK5 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Avgrkx64

Error - 10/22/2012 9:47:32 AM | Computer Name = MININT-DHACEK5 | Source = Service Control Manager | ID = 7000
Description = The AVG Anti-Rootkit Driver service failed to start due to the following
error: %%2

Error - 10/22/2012 9:47:50 AM | Computer Name = MININT-DHACEK5 | Source = Service Control Manager | ID = 7001
Description = The AVGIDSAgent service depends on the AVGIDSDriver service which
failed to start because of the following error: %%1058

Error - 10/22/2012 10:02:49 AM | Computer Name = MININT-DHACEK5 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVGIDSHA


< End of report >



Something happened with the GetSystemInfo file, it's huge! If you want to see it, I'll attach it.

Thanks again, I do appreciate your help.


Norm

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:27 PM

Posted 22 October 2012 - 02:06 PM

Hi Norm,

Thanks for the quick reply and all the information. Let's pass on the GetSystemInfo file for now.

Can you tell me if you recognize this unique file name on your desktop?

C:\Users\norm\Desktop\lrvftx7n.exe

When you say your computer is "booting at odd times" does this mean you are getting random reboots? Can you provide any information about the inappropriate error messages you are receiving? What do they say?

Please perform the following for me, if you would.


===================================================


Run OTL Fix

--------------------

  • Double click on the Posted Image icon on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.claro-search.com/?affID=114508&tt=4212_8&babsrc=HP_clro&mntrId=762e653500000000000070f1a18ecdb6
    IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=4.0.0.1588
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
    O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O3 - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - Reg Error: Value error. File not found
    O18:64bit: - Protocol\Handler\ipp - No CLSID value found
    O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    @Alternate Data Stream - 967 bytes -> C:\Users\norm\Documents\[Heathkit] Tubes.eml:OECustomProperty
    @Alternate Data Stream - 877 bytes -> C:\Users\norm\Documents\Receipt for Your Payment to www_pandawill_com.eml:OECustomProperty
    @Alternate Data Stream - 684 bytes -> C:\Users\norm\Documents\Zen Vision M complaint.eml:OECustomProperty
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

===================================================


Please refer to this link to download an AVG Uninstall Tool


===================================================


Modifying Chrome Search Engine

--------------------

  • Lauch Chrome web browser
  • Type chrome:settings and press Enter
  • Under the Search category click Manage search engines... and see if either Claro is listed
  • If either or both are listed place the cursor over the entry and click the X on the right side to delete the entry (you may be prohibited from deleting)
  • Place the cursor over a listed trustworthy search engine and click Make Default
  • Click OK
  • Restart Chrome and see if your selected default search engine is loaded

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Clarification
  • OTL.txt
  • Did AVG uninstall?
  • Did Chrome homepage change?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Phydron

Phydron
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Socal
  • Local time:01:27 PM

Posted 22 October 2012 - 05:58 PM

Hi Gary, Here are the items you asked for:

lrftx7n.exe is on my HDD, seems like it's associated with OTL.

Most of the odd messsages are gone. Chrome had a box saying it was corrupted, but it ran properly. Claro seems to be gone. Google is
now it's search engine.
AVG is gone completely, thank you.

Here is the OTL file:

HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4040365602-1674829592-1211785086-1003\Software\Microsoft\Internet Explorer\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_USERS\S-1-5-21-4040365602-1674829592-1211785086-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\0x00000001\ not found.
File Protocol\Handler\ipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ not found.
File Protocol\Handler\linkscanner - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
ADS C:\Users\norm\Documents\[Heathkit] Tubes.eml:OECustomProperty deleted successfully.
ADS C:\Users\norm\Documents\Receipt for Your Payment to www_pandawill_com.eml:OECustomProperty deleted successfully.
ADS C:\Users\norm\Documents\Zen Vision M complaint.eml:OECustomProperty deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 10222012_152039



I just noticed that my received emails have no text in the body, headers only.



Thanks, Norm

Edited by Phydron, 22 October 2012 - 06:54 PM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:27 PM

Posted 22 October 2012 - 07:48 PM

Hi Norm,

I am going to have you run System Restore. We will also double check the file you believe is related to OTL just to be sure.


===================================================


Selecting Previous System Restore Point

--------------------

  • Click on the Start button to open your Start Menu
  • Click on the Control Panel menu option.
  • Click on the System menu option.
  • Click on System Protection in the left-hand task list
  • Click on the System Restore button
  • Click Choose a different restore point, then Next
  • Select the most recent Restore Point prior to today
  • Click Next, then Finish
  • Once your computer reboots please check the status of your emails

===================================================


Virustotal Online Virus Scanner

--------------------

  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file, double click on it so the file name is populated, then click Scan it!

    C:\Users\norm\Desktop\lrvftx7n.exe
  • Once completed, highlight the information in the address bar and copy then paste the link in your reply


    Posted Image

===================================================


Things I would like to see in your next reply. :thumbsup2:

  • Are your emails displaying properly?
  • Virustotal link

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Phydron

Phydron
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Socal
  • Local time:01:27 PM

Posted 22 October 2012 - 10:52 PM

Gary, I may be mistaken but it looks like we've gotten this computer back on it's feet. Emails look good,
C:\Users\norm\Desktop\lrvftx7n.exe said GMER in Virustotal who said it was 1/22, whatever that means, and
then the file disappeared. Search couldn't find any sign of it and it's not on my desktop anymore.
One more thing I almost forgot, earlier (before restore), windows couldn't find Avira A/V but it recognizes
it now.
Unless there's something else you'd like to check, it looks like we've got this thing whipped.
Many thanks Gary, I really appreciate your time and efforts.

73, Norm

Edited by Phydron, 22 October 2012 - 10:53 PM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:27 PM

Posted 22 October 2012 - 10:56 PM

Hi Norm,

Well we are not quite done yet. Since we reverted back a bit we need to continue to check the current state of your computer.

Please rerun an OTL scan and post the results.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Phydron

Phydron
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Socal
  • Local time:01:27 PM

Posted 23 October 2012 - 08:43 AM

Good morning Gary, here are the results from the OTL scan:

HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-4040365602-1674829592-1211785086-1003\Software\Microsoft\Internet Explorer\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_USERS\S-1-5-21-4040365602-1674829592-1211785086-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\0x00000001\ not found.
File Protocol\Handler\ipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ not found.
File Protocol\Handler\linkscanner - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
ADS C:\Users\norm\Documents\[Heathkit] Tubes.eml:OECustomProperty deleted successfully.
ADS C:\Users\norm\Documents\Receipt for Your Payment to www_pandawill_com.eml:OECustomProperty deleted successfully.
ADS C:\Users\norm\Documents\Zen Vision M complaint.eml:OECustomProperty deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 10222012_152039

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:27 PM

Posted 23 October 2012 - 08:56 AM

Hi Norm,

Please try running OTL again. It appear the program merely spit out the previous results. I am looking for something similar to Post #4.

System Restore worked because it restored some entries I ordered moved, which then resulted in your email issue. What we need to determine is whether or not any of the other entries, which still need to go, were restored as well.

Thanks for the double duty! :thumbup2:
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Phydron

Phydron
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Socal
  • Local time:01:27 PM

Posted 23 October 2012 - 10:06 AM

This looks a little better:

OTL logfile created on: 10/23/2012 7:53:02 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\norm\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 62.51% Memory free
7.60 Gb Paging File | 5.72 Gb Available in Paging File | 75.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.09 Gb Total Space | 332.08 Gb Free Space | 73.46% Space Free | Partition Type: NTFS
Drive D: | 13.67 Gb Total Space | 8.87 Gb Free Space | 64.88% Space Free | Partition Type: NTFS
Drive F: | 3.73 Gb Total Space | 3.25 Gb Free Space | 87.01% Space Free | Partition Type: NTFS

Computer Name: MININT-DHACEK5 | User Name: norm | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/23 07:52:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\norm\Desktop\OTL.exe
PRC - [2012/10/09 16:23:09 | 000,692,152 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
PRC - [2012/10/08 09:03:22 | 000,722,528 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/25 11:00:46 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/09/25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/09/25 10:52:49 | 000,386,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/09/19 21:02:24 | 000,363,752 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2012/08/11 13:26:11 | 000,307,856 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/08/10 18:59:52 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\norm\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/04/25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
PRC - [2011/05/27 16:23:00 | 004,999,976 | ---- | M] (Synaptics Incorporated) -- C:\Program Files (x86)\Synaptics\Scrybe\scrybe.exe
PRC - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/20 14:23:00 | 000,599,419 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2012/04/25 19:52:28 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtscript4.dll
MOD - [2012/04/25 19:52:26 | 007,422,352 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtgui4.dll
MOD - [2012/04/25 19:52:24 | 000,795,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtnetwork4.dll
MOD - [2012/04/25 19:52:24 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtsql4.dll
MOD - [2012/04/25 19:52:22 | 002,453,904 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtdeclarative4.dll
MOD - [2012/04/25 19:52:22 | 002,126,224 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\qtcore4.dll
MOD - [2011/03/31 19:29:46 | 000,066,856 | ---- | M] () -- C:\Windows\SysWOW64\SynTPEnhPS.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/11 08:27:09 | 000,108,392 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Program Files\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV:64bit: - [2009/11/17 16:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/09 16:23:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/08 09:03:22 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/25 11:00:46 | 000,084,256 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/09/25 10:52:56 | 000,108,320 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/04/25 19:53:38 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe -- (KSS)
SRV - [2011/05/27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2010/09/02 23:45:02 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/20 11:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/08 09:03:23 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/10/01 17:14:23 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/09/24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/09/13 15:52:59 | 000,099,248 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/06/26 21:38:30 | 000,046,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2012/06/24 22:24:48 | 000,052,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2012/02/29 23:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/03/31 19:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/03/10 23:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/07/26 19:41:28 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/26 19:41:28 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/03/31 15:47:10 | 010,322,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/30 04:58:06 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/03/30 04:58:06 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/03/03 17:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/01/07 07:05:46 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/12/22 07:19:20 | 000,066,600 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\l1c51x64.sys -- (L1c)
DRV:64bit: - [2009/12/16 06:16:00 | 003,053,560 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/10/20 11:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2009/09/18 01:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 02:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/15 12:06:42 | 000,172,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,defaultscope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 8A B3 CC 40 A0 CD 01 [binary data]
IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_enUS492
IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=4.0.0.1588
IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX

[2012/09/08 10:14:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: AVG Safe Search = C:\Users\norm\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\

O1 HOSTS File: ([2012/10/18 20:29:52 | 000,000,698 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (no name) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No CLSID value found.
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Device Center\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Device Center\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003..\Run: [Akamai NetSession Interface] C:\Users\norm\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003..\Run: [KSS] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe (Kaspersky Lab ZAO)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://test.catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1342284995127 (MUCatalogWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.7.0_07)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{91981AFE-EE85-4BFD-877F-86EBDF037E8D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92BDA7B1-5753-4081-843E-6E3A2E75CB8E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/23 07:52:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\norm\Desktop\OTL.exe
[2012/10/22 21:44:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2012/10/22 21:43:04 | 000,000,000 | -HSD | C] -- C:\Windows\TEMP
[2012/10/22 21:41:47 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/10/22 19:53:44 | 003,222,280 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\norm\Desktop\avg_remover_stf_x64_2013_2706.exe
[2012/10/21 20:39:06 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Extensions
[2012/10/21 20:39:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\searchplugins
[2012/10/21 13:50:56 | 000,640,112 | ---- | C] (Dell Computer Corporation) -- C:\Users\norm\Desktop\BR84231.exe
[2012/10/18 21:03:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/10/18 08:57:42 | 000,000,000 | ---D | C] -- C:\JRT
[2012/10/18 08:15:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/16 08:00:54 | 002,148,896 | ---- | C] (Boost Software Inc.) -- C:\Users\norm\Desktop\PCHealthBoost-Setup.exe
[2012/10/14 18:35:03 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Roaming\SPE
[2012/10/11 08:33:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/10/10 12:39:14 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Roaming\Synaptics
[2012/10/10 12:35:08 | 000,107,816 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynTPCOM.dll
[2012/10/10 12:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Synaptics
[2012/10/10 12:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Synaptics
[2012/10/10 12:27:58 | 000,411,432 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCOM.dll
[2012/10/10 12:27:58 | 000,274,728 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynCtrl.dll
[2012/10/10 12:27:58 | 000,225,576 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPAPI.dll
[2012/10/10 12:27:58 | 000,218,408 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCtrl.dll
[2012/10/10 12:27:58 | 000,173,352 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysWow64\SynCOM.dll
[2012/10/10 12:27:58 | 000,148,264 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\SynTPCo9.dll
[2012/10/10 12:27:57 | 001,424,944 | ---- | C] (Synaptics Incorporated) -- C:\Windows\SysNative\drivers\SynTP.sys
[2012/10/10 12:19:42 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\norm\Desktop\TFC.exe
[2012/10/10 12:15:03 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Roaming\Avira
[2012/10/10 12:09:43 | 000,129,576 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/10/10 12:09:43 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/10/10 12:09:43 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/10/10 12:09:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/10/10 12:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/10/09 21:27:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Group Policy
[2012/10/09 17:04:59 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/10/09 17:04:58 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/10/09 17:04:52 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012/10/09 17:04:45 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/10/09 17:04:45 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/10/09 17:04:45 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/10/09 17:04:45 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/10/09 17:04:45 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/10/09 17:04:45 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/10/09 17:04:45 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/10/09 17:04:45 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/10/09 17:04:45 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/10/09 17:04:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/10/09 17:04:44 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/10/09 17:04:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/10/09 17:04:44 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/10/09 17:04:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/10/09 17:04:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/10/09 17:04:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/10/09 17:04:44 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/09 17:04:44 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/10/09 17:04:44 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/09 17:04:44 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/10/09 17:04:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/09 17:04:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/10/09 17:04:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/10/09 17:04:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/10/09 17:04:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/10/09 17:04:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/09 17:04:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/10/09 17:04:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/10/09 17:04:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/10/09 17:04:44 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/10/09 17:04:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/10/09 17:04:35 | 005,505,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/10/09 17:04:34 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/10/09 17:04:34 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/10/09 11:35:16 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/10/09 11:35:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/10/09 11:33:03 | 002,617,648 | ---- | C] (VS Revo Group Ltd.) -- C:\Users\norm\Desktop\revosetup.exe
[2012/10/08 12:14:15 | 000,000,000 | ---D | C] -- C:\Users\norm\Documents\Desktop Virus
[2012/10/08 09:26:50 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Local\CrashDumps
[2012/10/08 09:03:23 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/10/08 09:03:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/10/08 08:56:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2012/10/08 08:56:36 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Roaming\GlarySoft
[2012/10/08 08:56:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2012/10/07 10:01:34 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Roaming\EasyBurner
[2012/10/07 10:01:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EasyBurner
[2012/10/07 10:01:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Burner
[2012/10/07 09:58:24 | 001,496,792 | ---- | C] (Aedge Performance BCN SL) -- C:\Users\norm\Desktop\easyburner-setup.exe
[2012/10/05 19:38:38 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Local\NPE
[2012/10/05 19:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/10/05 19:37:34 | 002,957,840 | ---- | C] (Symantec Corporation) -- C:\Users\norm\Desktop\NPE.exe
[2012/10/05 13:38:32 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys
[2012/10/05 13:16:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012/10/05 13:16:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Pure Networks
[2012/10/04 15:15:36 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Scan
[2012/10/04 15:15:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2012/10/04 15:10:59 | 000,180,000 | ---- | C] (Kaspersky Lab) -- C:\Users\norm\Desktop\kss12.0.1.117EN_RU_DE_FR_2926.exe
[2012/10/03 09:22:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2012/10/03 09:22:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2012/10/03 09:15:34 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Local\Akamai
[2012/10/03 08:46:41 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/10/03 08:44:27 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012/10/03 05:54:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/10/03 05:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
[2012/10/03 05:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012/10/03 05:54:14 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2012/10/03 05:54:14 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2012/10/02 16:44:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2012/10/01 21:03:50 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/10/01 20:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2012/10/01 20:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2012/10/01 20:53:04 | 008,864,168 | ---- | C] (SurfRight B.V.) -- C:\Users\norm\Desktop\HitmanPro36_x64.exe
[2012/10/01 20:47:04 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/10/01 08:21:29 | 000,000,000 | ---D | C] -- C:\Symbols
[2012/09/30 20:48:43 | 100,029,288 | ---- | C] (Emsi Software GmbH ) -- C:\Users\norm\Desktop\EmsisoftAntiMalwareSetup.exe
[2012/09/30 09:38:40 | 017,483,288 | ---- | C] (Microsoft Corporation) -- C:\Users\norm\Desktop\Windows-KB890830-x64-V4.12.exe
[2012/09/30 09:38:09 | 207,128,168 | ---- | C] (Emsisoft GmbH ) -- C:\Users\norm\Desktop\EmsisoftAntiMalwareSetup_softpedia.exe
[2012/09/29 21:47:58 | 000,290,304 | ---- | C] (Microsoft Corporation) -- C:\subinacl.exe
[2012/09/29 21:46:20 | 000,000,000 | ---D | C] -- C:\RegBackup
[2012/09/29 21:15:34 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/09/29 21:14:47 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/09/29 21:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/09/29 21:14:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2012/09/29 18:01:00 | 000,000,000 | ---D | C] -- C:\New folder (2)
[2012/09/29 18:00:09 | 000,000,000 | ---D | C] -- C:\New folder
[2012/09/29 17:58:09 | 000,000,000 | ---D | C] -- C:\Users\norm\Desktop\Packs
[2012/09/29 14:59:43 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Roaming\Windows Live Writer
[2012/09/29 14:59:43 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Local\Windows Live Writer
[2012/09/29 13:24:51 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/09/29 13:24:40 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012/09/29 13:23:31 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012/09/29 13:23:14 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012/09/29 13:23:14 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012/09/29 13:23:13 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2012/09/29 13:23:13 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012/09/29 13:23:10 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012/09/29 13:23:10 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012/09/29 12:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
[2012/09/29 12:17:19 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Local\Windows Live
[2012/09/29 12:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Device Center
[2012/09/29 11:41:59 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2012/09/29 11:41:59 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2012/09/29 09:41:35 | 062,164,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012/09/29 09:07:09 | 000,000,000 | ---D | C] -- C:\Downloads
[2012/09/28 04:08:35 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012/09/27 18:51:17 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Roaming\WinPatrol
[2012/09/27 18:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
[2012/09/27 18:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BillP Studios
[2012/09/27 16:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2012/09/27 16:18:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
[2012/09/27 16:18:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan
[2012/09/27 16:18:04 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/09/27 08:39:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2012/09/27 08:39:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2012/09/26 06:28:43 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2012/09/26 06:28:42 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2012/09/26 06:28:42 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2012/09/26 06:28:42 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2012/09/26 06:28:42 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2012/09/26 06:28:41 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2012/09/26 06:28:41 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2012/09/25 20:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/09/25 20:15:25 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/09/25 06:09:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/09/25 06:08:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/09/23 13:49:40 | 000,000,000 | ---D | C] -- C:\Users\norm\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/10/23 07:54:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/23 07:52:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\norm\Desktop\OTL.exe
[2012/10/23 07:50:31 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/23 07:50:31 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/23 07:50:31 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/23 07:32:14 | 000,017,424 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/23 07:32:14 | 000,017,424 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/23 07:27:51 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/23 07:26:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/23 07:26:48 | 3061,202,944 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/23 07:00:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/10/22 21:44:12 | 000,286,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/22 21:42:26 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/10/22 21:38:24 | 000,726,316 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/22 21:10:06 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012/10/22 20:56:18 | 005,345,318 | ---- | M] () -- C:\Users\norm\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/10/22 19:54:32 | 003,222,280 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\norm\Desktop\avg_remover_stf_x64_2013_2706.exe
[2012/10/22 15:32:05 | 000,021,255 | ---- | M] () -- C:\Users\norm\Desktop\Capture.PNG
[2012/10/22 15:20:41 | 000,021,850 | ---- | M] () -- C:\Users\norm\Documents\Receipt for Your Payment to www_pandawill_com.eml
[2012/10/22 15:20:41 | 000,009,887 | ---- | M] () -- C:\Users\norm\Documents\Zen Vision M complaint.eml
[2012/10/22 15:20:40 | 000,003,594 | ---- | M] () -- C:\Users\norm\Documents\[Heathkit] Tubes.eml
[2012/10/22 08:19:22 | 000,106,475 | ---- | M] () -- C:\Users\norm\Desktop\GetSystemInfo_MININT-DHACEK5_norm_2012_10_22_08_18_25.zip
[2012/10/22 07:23:19 | 000,106,558 | ---- | M] () -- C:\Users\norm\Desktop\GetSystemInfo_MININT-DHACEK5_norm_2012_10_22_07_22_24.zip
[2012/10/21 13:50:56 | 000,640,112 | ---- | M] (Dell Computer Corporation) -- C:\Users\norm\Desktop\BR84231.exe
[2012/10/18 20:29:52 | 000,000,698 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/10/16 08:00:55 | 002,148,896 | ---- | M] (Boost Software Inc.) -- C:\Users\norm\Desktop\PCHealthBoost-Setup.exe
[2012/10/15 15:55:59 | 000,000,512 | ---- | M] () -- C:\Users\norm\Documents\MBR.dat
[2012/10/11 08:33:10 | 000,002,279 | ---- | M] () -- C:\Users\norm\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/11 08:30:24 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/10/10 12:29:51 | 000,002,669 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
[2012/10/10 12:19:42 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\norm\Desktop\TFC.exe
[2012/10/10 12:09:47 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/10/09 16:23:09 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/10/09 16:23:09 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/10/09 11:35:16 | 000,001,270 | ---- | M] () -- C:\Users\norm\Desktop\Revo Uninstaller.lnk
[2012/10/09 11:33:03 | 002,617,648 | ---- | M] (VS Revo Group Ltd.) -- C:\Users\norm\Desktop\revosetup.exe
[2012/10/08 09:03:23 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012/10/08 08:56:38 | 000,001,072 | ---- | M] () -- C:\Users\norm\Desktop\Glary Utilities.lnk
[2012/10/07 09:58:24 | 001,496,792 | ---- | M] (Aedge Performance BCN SL) -- C:\Users\norm\Desktop\easyburner-setup.exe
[2012/10/05 19:37:34 | 002,957,840 | ---- | M] (Symantec Corporation) -- C:\Users\norm\Desktop\NPE.exe
[2012/10/04 19:35:34 | 022,063,616 | ---- | M] () -- C:\Users\norm\Desktop\Win7-2008R2-admx.msi
[2012/10/04 15:15:18 | 000,001,079 | ---- | M] () -- C:\Users\norm\Desktop\Kaspersky Security Scan.lnk
[2012/10/04 15:10:59 | 000,180,000 | ---- | M] (Kaspersky Lab) -- C:\Users\norm\Desktop\kss12.0.1.117EN_RU_DE_FR_2926.exe
[2012/10/04 09:18:38 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_598
[2012/10/04 08:58:27 | 000,002,293 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/10/04 08:27:52 | 000,000,698 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_433
[2012/10/03 18:21:58 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/03 09:19:49 | 040,968,128 | ---- | M] () -- C:\Users\norm\Documents\R268991.exe
[2012/10/03 08:59:19 | 000,368,337 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012/10/03 08:59:00 | 000,000,422 | ---- | M] () -- C:\Windows\SysWow64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2012/10/03 05:54:17 | 000,001,071 | ---- | M] () -- C:\Users\norm\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/10/03 05:54:14 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2012/10/03 05:54:14 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2012/10/02 16:44:42 | 000,001,975 | ---- | M] () -- C:\Users\norm\Desktop\Update Checker.lnk
[2012/10/02 16:43:34 | 000,264,271 | ---- | M] () -- C:\Users\norm\Desktop\FHSetup.exe
[2012/10/01 21:03:50 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2012/10/01 20:54:52 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/10/01 20:53:15 | 008,864,168 | ---- | M] (SurfRight B.V.) -- C:\Users\norm\Desktop\HitmanPro36_x64.exe
[2012/10/01 17:14:23 | 000,129,576 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/10/01 06:54:52 | 369,773,976 | ---- | M] () -- C:\Users\norm\Desktop\Windows6.1-KB947821-v24-x64.msu
[2012/09/30 21:03:58 | 100,029,288 | ---- | M] (Emsi Software GmbH ) -- C:\Users\norm\Desktop\EmsisoftAntiMalwareSetup.exe
[2012/09/29 21:47:21 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-MININT-DHACEK5-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/09/29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/09/29 11:16:24 | 207,128,168 | ---- | M] (Emsisoft GmbH ) -- C:\Users\norm\Desktop\EmsisoftAntiMalwareSetup_softpedia.exe
[2012/09/29 09:45:22 | 017,483,288 | ---- | M] (Microsoft Corporation) -- C:\Users\norm\Desktop\Windows-KB890830-x64-V4.12.exe
[2012/09/28 11:43:13 | 000,513,501 | ---- | M] () -- C:\Users\norm\Desktop\adwcleaner.exe
[2012/09/27 16:17:56 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll
[2012/09/27 16:17:56 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/09/27 16:17:56 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/09/27 16:17:56 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/09/27 16:17:56 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/09/27 16:17:56 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012/09/27 06:59:57 | 000,000,163 | ---- | M] () -- C:\Users\norm\Report to moderator.url
[2012/09/25 21:27:40 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/09/25 20:32:45 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/09/24 10:06:45 | 000,002,971 | ---- | M] () -- C:\Users\norm\Desktop\HiJackThis.lnk
[2012/09/24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/09/23 08:04:32 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_193
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/10/22 21:10:06 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012/10/22 20:55:52 | 005,345,318 | ---- | C] () -- C:\Users\norm\Desktop\tweaking.com_windows_repair_aio_setup.exe
[2012/10/22 15:32:05 | 000,021,255 | ---- | C] () -- C:\Users\norm\Desktop\Capture.PNG
[2012/10/22 08:18:57 | 000,106,475 | ---- | C] () -- C:\Users\norm\Desktop\GetSystemInfo_MININT-DHACEK5_norm_2012_10_22_08_18_25.zip
[2012/10/22 07:22:51 | 000,106,558 | ---- | C] () -- C:\Users\norm\Desktop\GetSystemInfo_MININT-DHACEK5_norm_2012_10_22_07_22_24.zip
[2012/10/15 15:55:59 | 000,000,512 | ---- | C] () -- C:\Users\norm\Documents\MBR.dat
[2012/10/11 08:33:10 | 000,002,279 | ---- | C] () -- C:\Users\norm\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/10/10 12:29:51 | 000,002,669 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scrybe.lnk
[2012/10/10 12:27:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2012/10/10 12:09:47 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/10/09 11:35:16 | 000,001,270 | ---- | C] () -- C:\Users\norm\Desktop\Revo Uninstaller.lnk
[2012/10/08 08:56:38 | 000,001,072 | ---- | C] () -- C:\Users\norm\Desktop\Glary Utilities.lnk
[2012/10/04 19:34:26 | 022,063,616 | ---- | C] () -- C:\Users\norm\Desktop\Win7-2008R2-admx.msi
[2012/10/04 15:15:36 | 000,001,079 | ---- | C] () -- C:\Users\norm\Desktop\Kaspersky Security Scan.lnk
[2012/10/03 09:17:28 | 040,968,128 | ---- | C] () -- C:\Users\norm\Documents\R268991.exe
[2012/10/03 08:59:00 | 000,000,422 | ---- | C] () -- C:\Windows\SysWow64\{7995330B-E01F-4645-B702-53481E7CB778}.cmdfile
[2012/10/03 05:55:31 | 000,368,337 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012/10/03 05:54:17 | 000,001,071 | ---- | C] () -- C:\Users\norm\Application Data\Microsoft\Internet Explorer\Quick Launch\COMODO GeekBuddy.lnk
[2012/10/02 16:44:41 | 000,001,975 | ---- | C] () -- C:\Users\norm\Desktop\Update Checker.lnk
[2012/10/02 16:43:33 | 000,264,271 | ---- | C] () -- C:\Users\norm\Desktop\FHSetup.exe
[2012/10/01 20:54:52 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2012/10/01 06:16:53 | 369,773,976 | ---- | C] () -- C:\Users\norm\Desktop\Windows6.1-KB947821-v24-x64.msu
[2012/09/29 21:59:58 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
[2012/09/29 21:47:21 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-MININT-DHACEK5-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/09/29 21:14:36 | 000,002,293 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/09/29 13:24:38 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2012/09/29 13:24:29 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2012/09/29 13:24:15 | 000,001,460 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2012/09/29 13:24:02 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/09/28 11:43:13 | 000,513,501 | ---- | C] () -- C:\Users\norm\Desktop\adwcleaner.exe
[2012/09/27 06:59:57 | 000,000,163 | ---- | C] () -- C:\Users\norm\Report to moderator.url
[2012/09/25 20:15:27 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/09/23 13:49:40 | 000,002,971 | ---- | C] () -- C:\Users\norm\Desktop\HiJackThis.lnk
[2012/09/23 11:16:10 | 000,000,672 | ---- | C] () -- C:\Users\norm\Desktop\HijackThis.exe - Shortcut.lnk
[2012/09/22 21:01:11 | 000,726,316 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/09/02 21:04:59 | 000,159,876 | ---- | C] () -- C:\Users\norm\AppData\Local\census.cache
[2012/09/02 21:04:56 | 000,090,707 | ---- | C] () -- C:\Users\norm\AppData\Local\ars.cache
[2012/09/02 20:50:54 | 000,000,036 | ---- | C] () -- C:\Users\norm\AppData\Local\housecall.guid.cache
[2012/09/02 05:46:05 | 000,000,296 | ---- | C] () -- C:\Users\norm\AppData\Roaming\burnaware.ini
[2012/07/24 09:09:37 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/01/20 18:41:42 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/01/20 18:41:42 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2011/01/20 18:41:42 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2011/01/20 18:41:35 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/01/20 18:41:25 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/01/20 17:18:26 | 000,000,051 | ---- | C] () -- C:\Windows\smsts.ini

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | ---- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 22:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 21:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\Windows\sysWOW64\wbem\fastprox.dll -- [2009/07/13 18:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 967 bytes -> C:\Users\norm\Documents\[Heathkit] Tubes.eml:OECustomProperty
@Alternate Data Stream - 877 bytes -> C:\Users\norm\Documents\Receipt for Your Payment to www_pandawill_com.eml:OECustomProperty
@Alternate Data Stream - 684 bytes -> C:\Users\norm\Documents\Zen Vision M complaint.eml:OECustomProperty

< End of report >

This laptop quit recognizing Avira again.

Thanks, Norm

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:27 PM

Posted 23 October 2012 - 12:10 PM

Hi Norm,

Thanks again for the extra work. As I expected, in addition to the entries we needed to put back, entries we don't want were put back as well. We are going to run a modified OTL fix which this time will hopefully not impact your emails like before. It looks like we need to readdress the AVG uninstall too.

Please do this for me.


===================================================


Run OTL Fix

--------------------

  • Double click on the Posted Image icon on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
    IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=4.0.0.1588
    64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
    O2:64bit: - BHO: (no name) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No CLSID value found.
    O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O3 - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O18:64bit: - Protocol\Handler\ipp - No CLSID value found
    O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    @Alternate Data Stream - 967 bytes -> C:\Users\norm\Documents\[Heathkit] Tubes.eml:OECustomProperty
    @Alternate Data Stream - 877 bytes -> C:\Users\norm\Documents\Receipt for Your Payment to www_pandawill_com.eml:OECustomProperty
    @Alternate Data Stream - 684 bytes -> C:\Users\norm\Documents\Zen Vision M complaint.eml:OECustomProperty
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.

===================================================


Please refer to this link to download an AVG Uninstall Tool


===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • OTL.txt
  • Did AVG uninstall?
  • Do you now see Avira?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Phydron

Phydron
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Socal
  • Local time:01:27 PM

Posted 23 October 2012 - 01:30 PM

Gary, AVG is gone, the removal tool you gave me removed it. Avira is shown in the task bar pop up, but the little
message box says I still need an antivirus.
Email messages are gone again. The encoding is western european. It was unicode (UTF-8) and when I try to change it,
it goes back to western european. I don't know if that's the problem or not.
Here's the OTL fix log:




========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-4040365602-1674829592-1211785086-1003\Software\Microsoft\Internet Explorer\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_USERS\S-1-5-21-4040365602-1674829592-1211785086-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\0x00000001\ not found.
File Protocol\Handler\ipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\0x00000001\ not found.
File Protocol\Handler\msdaipp\0x00000001 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\oledb\ not found.
File Protocol\Handler\msdaipp\oledb - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
ADS C:\Users\norm\Documents\[Heathkit] Tubes.eml:OECustomProperty deleted successfully.
ADS C:\Users\norm\Documents\Receipt for Your Payment to www_pandawill_com.eml:OECustomProperty deleted successfully.
ADS C:\Users\norm\Documents\Zen Vision M complaint.eml:OECustomProperty deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 10232012_111326

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:27 PM

Posted 23 October 2012 - 02:20 PM

Hi Norm,

Forgive me please. I was perplexed the email issue returned. As it turns out I am the cause of the perplexing! I failed to address the main entries we are targeting. :whistle:

Unfortunately we need to do a system restore again, run the AVG cleaner and then run the below OTL script. What I am doing is trying to put back (and not delete again!) the "ADS" entries to see if that is our issue. I also want to have you export a registry key just in case our email issue is not resolved. That registry key is related to the "Protocol\Handler" entries we are deleting. I do not think they are the cause of the email issue but it is the issue next in line.

If you would be so kind as to indulge me one more time..... Here is the OTL script we need to run after the System Restore. Following that are the instructions for exporting the registry key.

:OTL
IE - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\..\SearchScopes\{88FB16D2-04EA-4ffe-8079-CFF68F1B9CE6}: "URL" = http://www.search-results.com/web?q={searchTerms}&o=15868&l=dis&prt=BDIE&chn=retail&geo=US&ver=4.0.0.1588
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
O2:64bit: - BHO: (no name) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - No CLSID value found.
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O3 - HKU\S-1-5-21-4040365602-1674829592-1211785086-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

===================================================


Running a Registry Key Export Batch (.bat) File

--------------------

  • Press windows key Posted Image + r on your keyboard at the same time
  • Type Notepad and press Enter
  • Copy/paste the following text inside the code box into a new notepad document. Make sure that under Format menu Word Wrap is unchecked.


    REGEDIT /E "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS" >C:\Export.txt
    start c:\Export.txt
    
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input export.bat.
  • Click Save.
  • Close the Notepad.
  • Locate and double-click export.bat on the desktop.
  • Export.txt will open on your desktop. Copy and paste the contents in your next reply.

===================================================


Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:

  • Everything go OK and is your email up and running?
  • Registry Key export

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users