Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

AVG and other problems

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics
View previous topic :: View next topic  
Author Message
wile_koyote
Warrior


Joined: 22 Jan 2005
Last Visit: 26 Jun 2013
Posts: 96
Location: New Jersey

PostPosted: Thu Nov 10, 2011 8:03 am    Post subject: AVG and other problems Reply with quote

I had decided to d/l install the AVG free trial to better help my computer. Ever since anytime I played a youtube video the video would freeze half way through and not play. I decided to uninstall the trial, which to my surpise the uninstall program did not work. Had to look up on web how to. Anyway I have done so, but I run WinPatrol and i keep getting an error message avgssie.dll is an add-on.

I do use WinPatrol and Scotty Watchdog and usually not approve of files that pop up, as I usually don't know what they are.


How do I completley remove avg. Also my computer sometimes takes a while to boot up. And any other reasons I would be having trouble with youtube. Still seems to be freezing.


Thanks for the help as always you guys are great.

here are my logs

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Tim at 10:52:56 on 2011-11-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3767.1676 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Ant.com\IE add-on\antmaintainer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n915l04g4z105a4492y24r
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n915l04g4z105a4492y24r
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n915l04g4z105a4492y24r
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Ant.com browser helper (video detector): {346fde31-dff9-418a-90c8-ba31dc9ff2ef} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
TB: Ant.com Video Downloader toolbar: {2e924f4f-67f0-4bd8-9560-49f468e843d2} - C:\Program Files (x86)\Ant.com\IE add-on\anttoolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://www.shockwave.com/content/burgershop/sis/GoBitGamesPlayer_v5.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CF79823C-E338-4FCB-AD89-F2024E306D53} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CF79823C-E338-4FCB-AD89-F2024E306D53}\26279616E6 : DhcpNameServer = 167.206.245.130 167.206.245.129
TCP: Interfaces\{CF79823C-E338-4FCB-AD89-F2024E306D53}\A45616E6C41625F6363616 : DhcpNameServer = 192.168.1.1
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Ant.com browser helper (video detector): {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\download.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\coIEPlg.dll
TB-X64: Ant.com Video Downloader toolbar: {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\anttoolbar.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [VideoWebCamera] "C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe" -a
mRun-x64: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun-x64: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun-x64: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe -expressboot
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE-X64: {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1008030.006\SYMEFA64.SYS [?]
R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\system32\Drivers\NISx64\1008030.006\BHDrvx64.sys --> C:\Windows\system32\Drivers\NISx64\1008030.006\BHDrvx64.sys [?]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\Drivers\NISx64\1008030.006\ccHPx64.sys --> C:\Windows\system32\Drivers\NISx64\1008030.006\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100604.004\IDSviA64.sys [2010-6-8 463408]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AntUpdaterService;Ant Toolbar updater service;C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe [2011-6-29 520216]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-12-17 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2010-10-13 151552]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-8-18 2152152]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-4-18 366152]
R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe [2011-10-10 117648]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-10-29 255744]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2010-9-29 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2010-9-29 185640]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-1-13 2320920]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-12-17 240160]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-5-27 132656]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-9-2 17152]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-18 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-18 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-12-17 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-11-10 15:37:00 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AE7CEBD0-FA8E-4181-817D-5DC7BC101982}\offreg.dll
2011-11-10 15:24:37 -------- d-----w- C:\Users\Tim\AppData\Roaming\AVG2012
2011-11-09 19:58:55 -------- d-----w- C:\ProgramData\1912 Titanic Mystery
2011-11-09 19:58:42 -------- d-----w- C:\Users\Tim\AppData\Roaming\TitanicMystery
2011-11-09 16:06:02 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 16:06:02 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 16:06:02 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-09 16:06:01 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-08 20:30:09 -------- d-----w- C:\Users\Tim\AppData\Roaming\VampireSagaHL
2011-11-08 19:23:11 -------- d-----w- C:\ProgramData\The Mirror Mysteries
2011-11-08 01:37:02 -------- d-----w- C:\Users\Tim\AppData\Local\Deadtime Stories
2011-11-08 01:33:54 -------- d-----w- C:\ProgramData\Particles
2011-11-08 01:33:38 -------- d-----w- C:\ProgramData\Far Mills
2011-11-07 20:50:24 -------- d-----w- C:\Users\Tim\AppData\Roaming\Total Eclipse
2011-11-07 04:08:29 -------- d-----w- C:\Users\Tim\AppData\Roaming\Big Finish
2011-11-07 04:08:29 -------- d-----w- C:\ProgramData\Big Finish
2011-11-06 22:28:25 -------- d-----w- C:\Users\Tim\AppData\Roaming\Sleepwalker Games
2011-11-05 21:38:19 500 ----a-w- C:\Program Files (x86)\1105201117381944.bat
2011-11-05 21:10:02 -------- d-----w- C:\ProgramData\GameHouse
2011-11-05 20:53:20 -------- d-----w- C:\ProgramData\Deadtime Stories
2011-11-05 15:51:54 -------- d-----w- C:\Users\Tim\AppData\Roaming\Vogat Interactive
2011-11-05 14:50:56 -------- d-----w- C:\Users\Tim\AppData\Roaming\SpinTop Games
2011-11-05 13:46:45 -------- d-----w- C:\ProgramData\Oberonv1005
2011-11-05 13:39:11 -------- d-----w- C:\ProgramData\Oberon Media
2011-11-05 04:25:12 -------- d-----w- C:\Users\Tim\AppData\Roaming\Alawar
2011-11-04 19:02:51 -------- d-----w- C:\ProgramData\Playrix Entertainment
2011-11-03 19:26:04 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-02 20:16:40 -------- d-----w- C:\Users\Tim\AppData\Roaming\GameMill Entertainment
2011-11-02 02:35:42 479 ----a-w- C:\Program Files (x86)\1101201122354200.bat
2011-11-02 01:31:34 -------- d-----w- C:\Users\Tim\AppData\Roaming\DragonsEye Studios
2011-11-02 01:31:34 -------- d-----w- C:\ProgramData\DragonsEye Studios
2011-10-30 19:06:41 -------- d-----w- C:\Users\Tim\AppData\Roaming\AVG
2011-10-30 18:00:41 -------- d-----w- C:\Program Files (x86)\AVG
2011-10-30 17:57:54 -------- d--h--w- C:\ProgramData\Common Files
2011-10-30 17:57:46 -------- d-----w- C:\ProgramData\MFAData
2011-10-29 19:29:49 -------- d-----w- C:\Users\Tim\AppData\Roaming\HitPoint Studios
2011-10-29 19:29:29 -------- d-----w- C:\Users\Tim\AppData\Roaming\Oberon Media
2011-10-28 14:45:40 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AE7CEBD0-FA8E-4181-817D-5DC7BC101982}\mpengine.dll
2011-10-26 14:50:08 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-10-26 14:50:08 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-10-24 02:15:33 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2011-10-13 17:42:02 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-13 17:42:02 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-13 17:42:02 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-13 17:42:01 861696 ----a-w- C:\Windows\System32\oleaut32.dll
.
==================== Find3M ====================
.
2011-10-11 02:20:26 561800 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\cchpx64.sys
2011-10-03 09:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-01 03:25:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-10-01 02:42:56 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-22 00:35:58 56952 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\symndisv.sys
2011-09-22 00:35:58 44152 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\symndis.sys
2011-09-22 00:35:58 43640 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\symids.sys
2011-09-22 00:35:58 279160 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\symtdi.sys
2011-09-22 00:35:58 120952 ----a-w- C:\Windows\System32\drivers\NISx64\1008030.006\symfw.sys
2011-09-03 00:37:57 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-08-31 22:00:50 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-20 05:37:58 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-08-20 04:31:05 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-08-18 19:25:12 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
.
============= FINISH: 10:53:42.66 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/18/2010 4:04:10 AM
System Uptime: 11/10/2011 10:33:43 AM (0 hours ago)
.
Motherboard: Gateway | | NV79
Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz | CPU | 1178/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 305.426 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP210: 10/27/2011 12:26:37 PM - Scheduled Checkpoint
RP211: 10/30/2011 2:00:19 PM - Installed AVG 2012
RP212: 10/30/2011 2:00:49 PM - Installed AVG 2012
RP213: 11/10/2011 9:46:47 AM - Windows Update
RP214: 11/10/2011 10:02:23 AM - Removed AVG 2012
RP215: 11/10/2011 10:04:41 AM - Removed AVG 2012
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office Suite Service Pack 2 (SP2)
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Reader 9.1 MUI
AIM 7
Akamai NetSession Interface
Ant.com IE add-on
Apple Application Support
Apple Software Update
AviSynth 2.5
Backup Manager Basic
Best Buy Software Installer
Burger Shop 2 (remove only)
Compatibility Pack for the 2007 Office system
CyberLink PowerDVD 8
D3DX10
Download Updater (AOL LLC)
Dream Day Wedding
Gateway InfoCentre
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Updater
Google Toolbar for Internet Explorer
Google Update Helper
Hidden in Time 2
Identity Card
IHA_MessageCenter
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
Launch Manager
Mahjongg Dimensions Deluxe - Tiles in Time
Malwarebytes' Anti-Malware version 1.51.2.1300
McAfee Security Scan Plus
Microsoft Choice Guard
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MSVCRT
Norton Internet Security
PokerStars
PokerStars.net
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Roads of Rome 3
Roxio Burn
Roxio Update Manager
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Turbo Subs FREE
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Vampire Saga 2
Verizon Download Manager
Verizon Help and Support Tool
Video Web Camera
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2008 x64 Redistributables
Vz In Home Agent
Welcome Center
Windows Live Communications Platform
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live Upload Tool
Windows Live UX Platform
Windows Live Writer
WinPatrol 2009
WinRAR archiver
Yahoo! Software Update
.
==== Event Viewer Messages From Past Week ========
.
11/7/2011 12:38:37 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
11/3/2011 3:18:21 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user COMP1\Tim SID (S-1-5-21-2887552674-1617972426-1872323382-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
11/10/2011 10:29:02 AM, Error: Service Control Manager [7003] - The AVGIDSAgent service depends the following service: AVGIDSDriver. This service might not be installed.
.
==== End Of File ===========================
Back to top
View user's profile Send private message AIM Address
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 17 Aug 2014
Posts: 9979
Location: Yorkshire

PostPosted: Thu Nov 10, 2011 9:01 am    Post subject: Reply with quote

Looking over your logs, back soon.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 17 Aug 2014
Posts: 9979
Location: Yorkshire

PostPosted: Thu Nov 10, 2011 9:09 am    Post subject: Reply with quote

Quote:
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Help with spyware removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi wile_koyote

I'm Gary R.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

I'd also recommend that you create a System Restore Point that we can restore to if necessary.


  • Click Start, and type Create a restore point into the Search programs and files box.
  • Now click on the Create a restore point icon at the top of the find list.
  • This will open a System Properties box, with the System Protection tab open ...

    • Click on the Create button in the lower part of the window.
    • Type Pre Malware Cleanup into the description box, then click Create.
    • Windows will now create a Restore Point and notify you when finished.
    • Exit any open windows.



Please observe these rules while we work:

  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.

If you can do these things, everything should go smoothly.

  • As you're using Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator


Quote:
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


To remove AVG more fully ..... download and run THIS tool.

Next

Please download SystemLook from one of the links below and save it to your Desktop.

For 64 bit Systems
Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:

Code:
:filefind
AVG
avgssie.dll

:folderfind
AVG

:regfind
AVG


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Next

Download OTL by OldTimer to your Desktop.

If you already have a copy of OTL delete it and use this version.


  • Double click OTL.exe to launch the programme.
  • Check the following.

    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.

  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.

    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)

  • Please post me both logs.


Summary of the logs I need from you in your next post:

  • SystemLook.txt
  • OTL.txt
  • Extras.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
wile_koyote
Warrior


Joined: 22 Jan 2005
Last Visit: 26 Jun 2013
Posts: 96
Location: New Jersey

PostPosted: Thu Nov 10, 2011 11:03 am    Post subject: Reply with quote

Hey Gary Posting the logs one at a time.

.ySystemLook 30.07.11 by jpshortstuff
Log created at 13:56 on 10/11/2011 by Tim
Administrator - Elevation successful

========== filefind ==========

Searching for "AVG "
No files found.

Searching for "avgssie.dll "
No files found.

========== folderfind ==========

Searching for "AVG "
C:\Program Files (x86)\AVG d------ [18:00 30/10/2011]
C:\Users\Tim\AppData\Roaming\AVG d------ [19:06 30/10/2011]

========== regfind ==========

Searching for "AVG "
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\IEHelpers]
"AVG Internet Security"="900"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Services]
"AVG Firewall"="700"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Services]
"AVG WatchDog"="700"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Tim\Desktop\avg_free_stb_all_2012_1831_cnet.exe"="AVG Setup Self-Extractor based on 7-Zip"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe"="PC Tuneup 2011"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Tim\Desktop\avg_remover_stf_x64_2012_1796.exe"="AVG Remover Utility"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG Shell Extension]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG Shell Extension]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG Shell Extension]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
@="AVG Safe Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\06AEBDCF0F97EAF4BB8A552AC606A994\InstallProperties]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processo
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
@="AVG Safe Search"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGFWFD\0000]
"DeviceDesc"="AVG network filter service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG TDI Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9F395A91-34CE-45C7-9BA2-957247FAD468}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A58D20F1-8171-4A77-A21B-ADCFD3EA8894}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C40BF4E9-2032-4198-88AA-D2F25929642D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe|Name=AVG Diagnostics 2012|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FBA16BA3-BA1F-4AA3-BC9E-1854AEA8327B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe|Name=AVG Diagnostics 2012|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGFWFD\0000]
"DeviceDesc"="AVG network filter service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG TDI Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9F395A91-34CE-45C7-9BA2-957247FAD468}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A58D20F1-8171-4A77-A21B-ADCFD3EA8894}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C40BF4E9-2032-4198-88AA-D2F25929642D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe|Name=AVG Diagnostics 2012|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FBA16BA3-BA1F-4AA3-BC9E-1854AEA8327B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe|Name=AVG Diagnostics 2012|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGFWFD\0000]
"DeviceDesc"="AVG network filter service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG TDI Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9F395A91-34CE-45C7-9BA2-957247FAD468}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A58D20F1-8171-4A77-A21B-ADCFD3EA8894}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C40BF4E9-2032-4198-88AA-D2F25929642D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe|Name=AVG Diagnostics 2012|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FBA16BA3-BA1F-4AA3-BC9E-1854AEA8327B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe|Name=AVG Diagnostics 2012|"
[HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\BillP Studios\WinPatrol\IEHelpers]
"AVG Internet Security"="900"
[HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\BillP Studios\WinPatrol\Services]
"AVG Firewall"="700"
[HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\BillP Studios\WinPatrol\Services]
"AVG WatchDog"="700"
[HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Tim\Desktop\avg_free_stb_all_2012_1831_cnet.exe"="AVG Setup Self-Extractor based on 7-Zip"
[HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe"="PC Tuneup 2011"
[HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Tim\Desktop\avg_remover_stf_x64_2012_1796.exe"="AVG Remover Utility"
[HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Tim\Desktop\avg_free_stb_all_2012_1831_cnet.exe"="AVG Setup Self-Extractor based on 7-Zip"
[HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe"="PC Tuneup 2011"
[HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Tim\Desktop\avg_remover_stf_x64_2012_1796.exe"="AVG Remover Utility"

-= EOF =-
Back to top
View user's profile Send private message AIM Address
wile_koyote
Warrior


Joined: 22 Jan 2005
Last Visit: 26 Jun 2013
Posts: 96
Location: New Jersey

PostPosted: Thu Nov 10, 2011 11:05 am    Post subject: Reply with quote

Hey Gary Posting the logs one at a time.

.ySystemLook 30.07.11 by jpshortstuff
Log created at 13:56 on 10/11/2011 by Tim
Administrator - Elevation successful

========== filefind ==========

Searching for "AVG "
No files found.

Searching for "avgssie.dll "
No files found.

========== folderfind ==========

Searching for "AVG "
C:\Program Files (x86)\AVG d------ [18:00 30/10/2011]
C:\Users\Tim\AppData\Roaming\AVG d------ [19:06 30/10/2011]

========== regfind ==========

Searching for "AVG "
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\IEHelpers]
"AVG Internet Security"="900"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Services]
"AVG Firewall"="700"
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Services]
"AVG WatchDog"="700"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Tim\Desktop\avg_free_stb_all_2012_1831_cnet.exe"="AVG Setup Self-Extractor based on 7-Zip"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe"="PC Tuneup 2011"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Tim\Desktop\avg_remover_stf_x64_2012_1796.exe"="AVG Remover Utility"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG Shell Extension]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG Shell Extension]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG Shell Extension]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
@="AVG Safe Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\06AEBDCF0F97EAF4BB8A552AC606A994\InstallProperties]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync Data Maps/s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}]
"Publisher"="AVG Technologies"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps/sec 90 Sync
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idl
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Counter"="1 1847 2 System 4 Memory 6 % Processor Time 10 File Read Operations/sec 12 File Write Operations/sec 14 File Control Operations/sec 16 File Read Bytes/sec 18 File Write Bytes/sec 20 File Control Bytes/sec 24 Available Bytes 26 Committed Bytes 28 Page Faults/sec 30 Commit Limit 32 Write Copies/sec 34 Transition Faults/sec 36 Cache Faults/sec 38 Demand Zero Faults/sec 40 Pages/sec 42 Page Reads/sec 44 Processor Queue Length 46 Thread State 48 Pages Output/sec 50 Page Writes/sec 52 Browser 54 Announcements Server/sec 56 Pool Paged Bytes 58 Pool Nonpaged Bytes 60 Pool Paged Allocs 64 Pool Nonpaged Allocs 66 Pool Paged Resident Bytes 68 System Code Total Bytes 70 System Code Resident Bytes 72 System Driver Total Bytes 74 System Driver Resident Bytes 76 System Cache Resident Bytes 78 Announcements Domain/sec 80 Election Packets/sec 82 Mailslot Writes/sec 84 Server List Requests/sec 86 Cache 88 Data Maps
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Perflib\CurrentLanguage]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processo
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
@="AVG Safe Search"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGFWFD\0000]
"DeviceDesc"="AVG network filter service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG TDI Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9F395A91-34CE-45C7-9BA2-957247FAD468}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A58D20F1-8171-4A77-A21B-ADCFD3EA8894}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C40BF4E9-2032-4198-88AA-D2F25929642D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe|Name=AVG Diagnostics 2012|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FBA16BA3-BA1F-4AA3-BC9E-1854AEA8327B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe|Name=AVG Diagnostics 2012|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGFWFD\0000]
"DeviceDesc"="AVG network filter service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG TDI Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9F395A91-34CE-45C7-9BA2-957247FAD468}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A58D20F1-8171-4A77-A21B-ADCFD3EA8894}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C40BF4E9-2032-4198-88AA-D2F25929642D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe|Name=AVG Diagnostics 2012|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FBA16BA3-BA1F-4AA3-BC9E-1854AEA8327B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe|Name=AVG Diagnostics 2012|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGFWFD\0000]
"DeviceDesc"="AVG network filter service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64\0000]
"DeviceDesc"="AVG Anti-Rootkit Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA\0000]
"DeviceDesc"="AVG TDI Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9F395A91-34CE-45C7-9BA2-957247FAD468}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A58D20F1-8171-4A77-A21B-ADCFD3EA8894}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgmfapx.exe|Name=AVG Installer|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{C40BF4E9-2032-4198-88AA-D2F25929642D}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe|Name=AVG Diagnostics 2012|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{FBA16BA3-BA1F-4AA3-BC9E-1854AEA8327B}"="v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C:\Program Files (x86)\AVG\AVG2012\avgdiagex.exe|Name=AVG Diagnostics 2012|"
[HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\BillP Studios\WinPatrol\IEHelpers]
"AVG Internet Security"="900"
[HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\BillP Studios\WinPatrol\Services]
"AVG Firewall"="700"
[HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\BillP Studios\WinPatrol\Services]
"AVG WatchDog"="700"
[HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Tim\Desktop\avg_free_stb_all_2012_1831_cnet.exe"="AVG Setup Self-Extractor based on 7-Zip"
[HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe"="PC Tuneup 2011"
[HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Tim\Desktop\avg_remover_stf_x64_2012_1796.exe"="AVG Remover Utility"
[HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Tim\Desktop\avg_free_stb_all_2012_1831_cnet.exe"="AVG Setup Self-Extractor based on 7-Zip"
[HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe"="PC Tuneup 2011"
[HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Tim\Desktop\avg_remover_stf_x64_2012_1796.exe"="AVG Remover Utility"

-= EOF =-
Back to top
View user's profile Send private message AIM Address
wile_koyote
Warrior


Joined: 22 Jan 2005
Last Visit: 26 Jun 2013
Posts: 96
Location: New Jersey

PostPosted: Thu Nov 10, 2011 11:06 am    Post subject: Reply with quote

Second log


OTL logfile created on: 11/10/2011 2:01:32 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tim\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 41.36% Memory free
7.36 Gb Paging File | 5.17 Gb Available in Paging File | 70.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.66 Gb Total Space | 308.07 Gb Free Space | 67.91% Space Free | Partition Type: NTFS

Computer Name: COMP1 | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/10 13:59:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
PRC - [2011/11/08 20:25:36 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
PRC - [2011/10/28 09:43:34 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/28 09:43:33 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/09/21 19:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
PRC - [2011/09/02 01:08:55 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/29 12:26:06 | 000,520,216 | ---- | M] (Ant.com) -- C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe
PRC - [2011/06/29 12:25:00 | 003,179,544 | ---- | M] (Ant.com) -- C:\Program Files (x86)\Ant.com\IE add-on\AntMaintainer.exe
PRC - [2010/09/29 06:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2010/09/29 06:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2010/09/29 05:59:56 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
PRC - [2009/10/29 15:31:16 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/10/29 15:31:00 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/10/13 14:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 14:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/10/10 16:07:08 | 000,320,832 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/09/30 07:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 07:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/09/17 01:50:14 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/08/03 11:05:48 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/07/28 16:29:40 | 001,507,448 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/04/16 02:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/14 10:09:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/14 10:09:50 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/14 10:09:44 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/09/14 17:36:08 | 000,506,711 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2009/08/03 11:05:48 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/07/08 16:46:08 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Utility.dll
MOD - [2009/07/06 17:44:34 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Image.dll
MOD - [2009/02/02 20:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/02 15:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/10/29 14:10:02 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2011/10/28 09:43:33 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/09/21 19:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/01 14:01:18 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/06/29 12:26:06 | 000,520,216 | ---- | M] (Ant.com) [Auto | Running] -- C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe -- (AntUpdaterService)
SRV - [2010/09/29 06:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2010/09/29 06:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/29 15:31:00 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/10/13 14:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/09/30 07:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 07:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/28 22:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/10 21:20:26 | 000,561,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/09/21 19:35:58 | 000,279,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/18 14:25:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/12 13:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/04/18 03:12:03 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/01/20 16:18:24 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/12/17 05:53:41 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/12/17 05:53:41 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2009/12/17 05:53:41 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/12/17 05:53:41 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2009/11/05 23:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/02 15:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/29 17:56:34 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/10/25 23:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/23 00:27:12 | 000,307,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/13 14:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/08/05 15:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/24 05:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/28 22:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/12 09:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/12 09:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/12 09:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/17 17:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2011/09/02 19:37:58 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2010/05/28 14:33:18 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100604.004\IDSviA64.sys -- (IDSVia64)
DRV - [2010/05/27 03:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/05/27 03:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/13 01:04:52 | 001,773,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100616.004\EX64.SYS -- (NAVEX15)
DRV - [2010/05/13 01:04:52 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100616.004\ENG64.SYS -- (NAVENG)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/01 20:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/25 22:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n915l04g4z105a4492y24r
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n915l04g4z105a4492y24r
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n915l04g4z105a4492y24r
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n915l04g4z105a4492y24r


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2887552674-1617972426-1872323382-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n915l04g4z105a4492y24r
IE - HKU\S-1-5-21-2887552674-1617972426-1872323382-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2887552674-1617972426-1872323382-1001\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKU\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/10 23:07:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\


O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKU\S-1-5-21-2887552674-1617972426-1872323382-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2887552674-1617972426-1872323382-1001\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKU\S-1-5-21-2887552674-1617972426-1872323382-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [OOTag] C:\Windows\OOBEOffer\OOBEOffer\OOTag.exe (Microsoft)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://www.shockwave.com/content/burgershop/sis/GoBitGamesPlayer_v5.cab (GoBit Games Player)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF79823C-E338-4FCB-AD89-F2024E306D53}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/10 13:59:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2011/11/10 12:48:15 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Realore_Whiterra Roads Of Rome 3
[2011/11/10 11:47:03 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\zork1
[2011/11/10 10:48:22 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Tim\Desktop\dds.scr
[2011/11/10 10:34:56 | 000,000,000 | R--D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2011/11/10 10:31:48 | 002,540,688 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Tim\Desktop\avg_remover_stf_x64_2012_1796.exe
[2011/11/10 10:24:37 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\AVG2012
[2011/11/09 14:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\1912 Titanic Mystery
[2011/11/09 14:58:42 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\TitanicMystery
[2011/11/08 15:30:09 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\VampireSagaHL
[2011/11/08 14:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\The Mirror Mysteries
[2011/11/08 14:23:07 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/11/07 20:37:02 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\Deadtime Stories
[2011/11/07 20:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Particles
[2011/11/07 20:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Far Mills
[2011/11/07 15:50:24 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Total Eclipse
[2011/11/06 23:08:29 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Big Finish
[2011/11/06 23:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Finish
[2011/11/06 17:28:25 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Sleepwalker Games
[2011/11/06 17:03:35 | 000,000,000 | ---D | C] -- C:\Users\Tim\Documents\Dracula 3 Part 1
[2011/11/05 16:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\GameHouse
[2011/11/05 15:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Deadtime Stories
[2011/11/05 15:51:29 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\animal instincts 2
[2011/11/05 15:48:09 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\Animal Instincts 3
[2011/11/05 15:46:16 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\Animal Instincts KLAXXON
[2011/11/05 10:51:54 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Vogat Interactive
[2011/11/05 09:50:56 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\SpinTop Games
[2011/11/05 08:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberonv1005
[2011/11/05 08:39:18 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yahoo! Games
[2011/11/05 08:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Media
[2011/11/04 23:25:12 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Alawar
[2011/11/04 14:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment
[2011/11/03 22:08:40 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\rose_tattoo_1982_scarred_for_life
[2011/11/03 14:26:04 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/03 14:24:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/02 21:27:55 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\deep_purple_-_Burn
[2011/11/02 15:16:40 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\GameMill Entertainment
[2011/11/01 20:31:34 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\DragonsEye Studios
[2011/11/01 20:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\DragonsEye Studios
[2011/10/30 14:06:41 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\AVG
[2011/10/30 13:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/10/30 12:57:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/10/30 12:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/10/29 19:10:29 | 003,900,592 | ---- | C] (AVG Technologies) -- C:\Users\Tim\Desktop\avg_free_stb_all_2012_1831_cnet.exe
[2011/10/29 15:44:37 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\fugitive
[2011/10/29 14:29:49 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\HitPoint Studios
[2011/10/29 14:29:29 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Oberon Media
[2011/10/29 10:18:25 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\{www.scenetime.com}Chained Heat Trilogy
[2011/10/27 13:52:16 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\hjsplit
[2011/10/27 13:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AsfTools
[2011/10/27 12:15:42 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\women_in_prison_clips_vol1
[2011/10/26 19:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/10/26 19:44:56 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/10/26 19:44:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/10/26 19:44:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/10/23 21:15:34 | 000,000,000 | RH-D | C] -- C:\Users\Tim\AppData\Roaming\SecuROM
[2011/10/23 21:15:33 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011/10/17 20:53:11 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\powder116_win
[2011/10/16 19:07:28 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\homebrew
[2011/10/13 16:45:43 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\roms
[2011/10/13 12:43:46 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/13 12:43:46 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/13 12:43:46 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/13 12:43:46 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/13 12:43:30 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/10/13 12:43:30 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/13 12:43:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/13 12:43:30 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/13 12:43:30 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/13 12:43:30 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/13 12:43:30 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/13 12:42:02 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/13 12:42:01 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll

========== Files - Modified Within 30 Days ==========

[2011/11/10 13:59:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2011/11/10 13:55:40 | 000,165,376 | ---- | M] () -- C:\Users\Tim\Desktop\SystemLook_x64.exe
[2011/11/10 13:41:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/10 11:35:01 | 000,077,155 | ---- | M] () -- C:\Users\Tim\Desktop\zork3.zip
[2011/11/10 11:34:53 | 000,085,755 | ---- | M] () -- C:\Users\Tim\Desktop\zork2.zip
[2011/11/10 10:48:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Tim\Desktop\dds.scr
[2011/11/10 10:41:55 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 10:41:55 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 10:34:19 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/10 10:34:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/10 10:34:06 | 2962,309,120 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/10 10:31:49 | 002,540,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Tim\Desktop\avg_remover_stf_x64_2012_1796.exe
[2011/11/10 09:52:54 | 000,343,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/09 22:28:00 | 000,002,367 | ---- | M] () -- C:\Users\Tim\Desktop\Mahjongg Dimensions Deluxe - Tiles in Time.lnk
[2011/11/09 22:28:00 | 000,001,150 | ---- | M] () -- C:\Users\Tim\Desktop\Yahoo! Games - Games And Online Games.lnk
[2011/11/09 22:26:35 | 000,002,181 | ---- | M] () -- C:\Users\Tim\Desktop\Hidden in Time 2.lnk
[2011/11/09 11:32:53 | 000,002,140 | ---- | M] () -- C:\Users\Tim\Desktop\Roads of Rome 3.lnk
[2011/11/08 20:25:36 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/08 14:19:12 | 000,002,115 | ---- | M] () -- C:\Users\Tim\Desktop\Vampire Saga 2.lnk
[2011/11/08 10:22:40 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/08 10:22:40 | 000,624,200 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/08 10:22:40 | 000,106,544 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/07 20:40:06 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/11/07 20:40:06 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/11/07 18:30:10 | 000,272,674 | ---- | M] () -- C:\Users\Tim\Desktop\canabalt.jpg
[2011/11/07 18:28:21 | 000,004,346 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\wklnhst.dat
[2011/11/05 21:41:30 | 009,357,312 | ---- | M] () -- C:\Users\Tim\Desktop\Blind_Guardian_-_Sacred_Worlds.mp3
[2011/11/05 21:38:55 | 005,458,779 | ---- | M] () -- C:\Users\Tim\Desktop\Hammerfall_-_Child_of_The_Damned.mp3
[2011/11/05 16:38:19 | 000,000,500 | ---- | M] () -- C:\Program Files (x86)\1105201117381944.bat
[2011/11/05 11:56:16 | 758,937,600 | ---- | M] () -- C:\Users\Tim\Desktop\Red Heat.Xvid.VHSRip.DJ-Poney.avi
[2011/11/03 14:50:34 | 733,961,162 | ---- | M] () -- C:\Users\Tim\Desktop\Chloe.18.XXX.DVDrip.XviD by Pornostube.to.rar
[2011/11/02 21:38:53 | 085,289,659 | ---- | M] () -- C:\Users\Tim\Desktop\rose_tattoo_1982_scarred_for_life.zip
[2011/11/02 21:38:42 | 004,855,872 | ---- | M] () -- C:\Users\Tim\Desktop\ROSE_TATTOO_-_ROCK_N_ROLL_OUTLAW.mp3
[2011/11/01 21:35:42 | 000,000,479 | ---- | M] () -- C:\Program Files (x86)\1101201122354200.bat
[2011/10/29 19:10:36 | 003,900,592 | ---- | M] (AVG Technologies) -- C:\Users\Tim\Desktop\avg_free_stb_all_2012_1831_cnet.exe
[2011/10/29 19:07:33 | 059,854,808 | ---- | M] () -- C:\Users\Tim\Desktop\setup_av_free_cnet.exe
[2011/10/29 19:07:01 | 227,073,794 | ---- | M] () -- C:\Users\Tim\Desktop\LibO_3.3.4_Win_x86_install_multi.exe
[2011/10/23 21:15:33 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011/10/18 12:02:24 | 001,142,505 | ---- | M] () -- C:\Users\Tim\Desktop\Jones_In_The_Fast_Lane.zip
[2011/10/13 14:37:28 | 000,625,551 | ---- | M] () -- C:\Users\Tim\Desktop\Rings_of_Power_(U)_[!].zip

========== Files Created - No Company Name ==========

[2011/11/10 13:55:39 | 000,165,376 | ---- | C] () -- C:\Users\Tim\Desktop\SystemLook_x64.exe
[2011/11/10 11:35:01 | 000,077,155 | ---- | C] () -- C:\Users\Tim\Desktop\zork3.zip
[2011/11/10 11:34:53 | 000,085,755 | ---- | C] () -- C:\Users\Tim\Desktop\zork2.zip
[2011/11/09 22:28:00 | 000,002,367 | ---- | C] () -- C:\Users\Tim\Desktop\Mahjongg Dimensions Deluxe - Tiles in Time.lnk
[2011/11/09 22:26:35 | 000,002,181 | ---- | C] () -- C:\Users\Tim\Desktop\Hidden in Time 2.lnk
[2011/11/09 11:32:53 | 000,002,140 | ---- | C] () -- C:\Users\Tim\Desktop\Roads of Rome 3.lnk
[2011/11/08 14:19:12 | 000,002,115 | ---- | C] () -- C:\Users\Tim\Desktop\Vampire Saga 2.lnk
[2011/11/07 18:30:10 | 000,272,674 | ---- | C] () -- C:\Users\Tim\Desktop\canabalt.jpg
[2011/11/05 21:41:22 | 009,357,312 | ---- | C] () -- C:\Users\Tim\Desktop\Blind_Guardian_-_Sacred_Worlds.mp3
[2011/11/05 21:38:51 | 005,458,779 | ---- | C] () -- C:\Users\Tim\Desktop\Hammerfall_-_Child_of_The_Damned.mp3
[2011/11/05 16:38:19 | 000,000,500 | ---- | C] () -- C:\Program Files (x86)\1105201117381944.bat
[2011/11/03 14:37:21 | 733,961,162 | ---- | C] () -- C:\Users\Tim\Desktop\Chloe.18.XXX.DVDrip.XviD by Pornostube.to.rar
[2011/11/02 21:38:53 | 085,289,659 | ---- | C] () -- C:\Users\Tim\Desktop\rose_tattoo_1982_scarred_for_life.zip
[2011/11/02 21:38:40 | 004,855,872 | ---- | C] () -- C:\Users\Tim\Desktop\ROSE_TATTOO_-_ROCK_N_ROLL_OUTLAW.mp3
[2011/11/01 21:35:42 | 000,000,479 | ---- | C] () -- C:\Program Files (x86)\1101201122354200.bat
[2011/10/29 19:07:31 | 059,854,808 | ---- | C] () -- C:\Users\Tim\Desktop\setup_av_free_cnet.exe
[2011/10/29 19:07:00 | 227,073,794 | ---- | C] () -- C:\Users\Tim\Desktop\LibO_3.3.4_Win_x86_install_multi.exe
[2011/10/29 14:29:20 | 000,001,150 | ---- | C] () -- C:\Users\Tim\Desktop\Yahoo! Games - Games And Online Games.lnk
[2011/10/29 13:26:44 | 758,937,600 | ---- | C] () -- C:\Users\Tim\Desktop\Red Heat.Xvid.VHSRip.DJ-Poney.avi
[2011/10/18 12:02:17 | 001,142,505 | ---- | C] () -- C:\Users\Tim\Desktop\Jones_In_The_Fast_Lane.zip
[2011/10/13 14:37:27 | 000,625,551 | ---- | C] () -- C:\Users\Tim\Desktop\Rings_of_Power_(U)_[!].zip
[2011/09/16 06:47:47 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/05/03 20:47:53 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/03 20:47:53 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2010/12/19 15:19:40 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/11/30 18:10:28 | 000,004,346 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\wklnhst.dat
[2010/08/25 19:34:30 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/08/25 19:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 19:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2009/12/17 05:27:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/12/17 05:24:10 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2009/12/17 05:24:10 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/11/03 21:32:27 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\.minecraft
[2010/06/14 21:00:32 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\acccore
[2011/11/04 23:25:12 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Alawar
[2011/10/30 14:06:45 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\AVG
[2011/11/10 10:24:37 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\AVG2012
[2011/11/06 23:08:29 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Big Finish
[2011/11/01 20:31:34 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\DragonsEye Studios
[2011/11/02 15:16:40 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\GameMill Entertainment
[2011/10/29 14:29:49 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\HitPoint Studios
[2011/10/02 11:45:07 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Kuma Games
[2010/04/18 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Oberon Games
[2011/10/29 14:29:29 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Oberon Media
[2011/11/06 17:28:25 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Sleepwalker Games
[2011/11/05 09:50:56 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\SpinTop Games
[2010/12/18 12:15:47 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\TechWizard
[2010/11/30 18:10:30 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Template
[2011/11/09 14:59:24 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\TitanicMystery
[2011/11/07 15:50:24 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Total Eclipse
[2011/11/08 15:30:09 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\VampireSagaHL
[2011/11/05 10:51:54 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Vogat Interactive
[2011/10/08 21:39:01 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Windows Live Writer
[2010/04/18 04:06:47 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\WinPatrol
[2011/11/05 00:27:58 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:B0255E22
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:A9E8066F
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:DA9D42A5
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:F01E7F17
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:1A792FDD
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:EF996047
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:A95E5E89
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:CE07D0EE
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:3B3A35EC
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:4300D829
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E8AB98F0
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:8BBD1F9A
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:38ADF092
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:D305706A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:2ADC9FB3
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:122B3902
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0FEED4C3
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:FFD9E05D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:64AEDD72
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:1357E15F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:373C6DC2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:5925E400
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:5D6C9FB1

< End of report >
Back to top
View user's profile Send private message AIM Address
wile_koyote
Warrior


Joined: 22 Jan 2005
Last Visit: 26 Jun 2013
Posts: 96
Location: New Jersey

PostPosted: Thu Nov 10, 2011 11:06 am    Post subject: Reply with quote

Second log


OTL logfile created on: 11/10/2011 2:01:32 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tim\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 41.36% Memory free
7.36 Gb Paging File | 5.17 Gb Available in Paging File | 70.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.66 Gb Total Space | 308.07 Gb Free Space | 67.91% Space Free | Partition Type: NTFS

Computer Name: COMP1 | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/10 13:59:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
PRC - [2011/11/08 20:25:36 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
PRC - [2011/10/28 09:43:34 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/28 09:43:33 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/09/21 19:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
PRC - [2011/09/02 01:08:55 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/29 12:26:06 | 000,520,216 | ---- | M] (Ant.com) -- C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe
PRC - [2011/06/29 12:25:00 | 003,179,544 | ---- | M] (Ant.com) -- C:\Program Files (x86)\Ant.com\IE add-on\AntMaintainer.exe
PRC - [2010/09/29 06:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2010/09/29 06:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2010/09/29 05:59:56 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
PRC - [2009/10/29 15:31:16 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/10/29 15:31:00 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/10/13 14:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 14:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/10/10 16:07:08 | 000,320,832 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/09/30 07:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 07:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/09/17 01:50:14 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/08/03 11:05:48 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/07/28 16:29:40 | 001,507,448 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/04/16 02:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/14 10:09:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/14 10:09:50 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/14 10:09:44 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/09/14 17:36:08 | 000,506,711 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2009/08/03 11:05:48 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/07/08 16:46:08 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Utility.dll
MOD - [2009/07/06 17:44:34 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Image.dll
MOD - [2009/02/02 20:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/02 15:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/10/29 14:10:02 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2011/10/28 09:43:33 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/09/21 19:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/01 14:01:18 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/06/29 12:26:06 | 000,520,216 | ---- | M] (Ant.com) [Auto | Running] -- C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe -- (AntUpdaterService)
SRV - [2010/09/29 06:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2010/09/29 06:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/29 15:31:00 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/10/13 14:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/09/30 07:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 07:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/28 22:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/10 21:20:26 | 000,561,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/09/21 19:35:58 | 000,279,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/18 14:25:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/12 13:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/04/18 03:12:03 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/01/20 16:18:24 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/12/17 05:53:41 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/12/17 05:53:41 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2009/12/17 05:53:41 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/12/17 05:53:41 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2009/11/05 23:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/02 15:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/29 17:56:34 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/10/25 23:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/23 00:27:12 | 000,307,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/13 14:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/08/05 15:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/24 05:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/28 22:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/12 09:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/12 09:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/12 09:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/17 17:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2011/09/02 19:37:58 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2010/05/28 14:33:18 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100604.004\IDSviA64.sys -- (IDSVia64)
DRV - [2010/05/27 03:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/05/27 03:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/13 01:04:52 | 001,773,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100616.004\EX64.SYS -- (NAVEX15)
DRV - [2010/05/13 01:04:52 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100616.004\ENG64.SYS -- (NAVENG)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/01 20:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/25 22:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n915l04g4z105a4492y24r
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n915l04g4z105a4492y24r
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n915l04g4z105a4492y24r
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n915l04g4z105a4492y24r


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2887552674-1617972426-1872323382-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n915l04g4z105a4492y24r
IE - HKU\S-1-5-21-2887552674-1617972426-1872323382-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2887552674-1617972426-1872323382-1001\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKU\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/10 23:07:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\


O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKU\S-1-5-21-2887552674-1617972426-1872323382-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2887552674-1617972426-1872323382-1001\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKU\S-1-5-21-2887552674-1617972426-1872323382-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [OOTag] C:\Windows\OOBEOffer\OOBEOffer\OOTag.exe (Microsoft)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://www.shockwave.com/content/burgershop/sis/GoBitGamesPlayer_v5.cab (GoBit Games Player)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF79823C-E338-4FCB-AD89-F2024E306D53}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/10 13:59:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2011/11/10 12:48:15 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Realore_Whiterra Roads Of Rome 3
[2011/11/10 11:47:03 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\zork1
[2011/11/10 10:48:22 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Tim\Desktop\dds.scr
[2011/11/10 10:34:56 | 000,000,000 | R--D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2011/11/10 10:31:48 | 002,540,688 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Tim\Desktop\avg_remover_stf_x64_2012_1796.exe
[2011/11/10 10:24:37 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\AVG2012
[2011/11/09 14:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\1912 Titanic Mystery
[2011/11/09 14:58:42 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\TitanicMystery
[2011/11/08 15:30:09 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\VampireSagaHL
[2011/11/08 14:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\The Mirror Mysteries
[2011/11/08 14:23:07 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/11/07 20:37:02 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\Deadtime Stories
[2011/11/07 20:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Particles
[2011/11/07 20:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Far Mills
[2011/11/07 15:50:24 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Total Eclipse
[2011/11/06 23:08:29 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Big Finish
[2011/11/06 23:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Finish
[2011/11/06 17:28:25 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Sleepwalker Games
[2011/11/06 17:03:35 | 000,000,000 | ---D | C] -- C:\Users\Tim\Documents\Dracula 3 Part 1
[2011/11/05 16:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\GameHouse
[2011/11/05 15:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Deadtime Stories
[2011/11/05 15:51:29 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\animal instincts 2
[2011/11/05 15:48:09 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\Animal Instincts 3
[2011/11/05 15:46:16 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\Animal Instincts KLAXXON
[2011/11/05 10:51:54 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Vogat Interactive
[2011/11/05 09:50:56 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\SpinTop Games
[2011/11/05 08:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberonv1005
[2011/11/05 08:39:18 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yahoo! Games
[2011/11/05 08:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Media
[2011/11/04 23:25:12 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Alawar
[2011/11/04 14:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment
[2011/11/03 22:08:40 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\rose_tattoo_1982_scarred_for_life
[2011/11/03 14:26:04 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/03 14:24:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/02 21:27:55 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\deep_purple_-_Burn
[2011/11/02 15:16:40 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\GameMill Entertainment
[2011/11/01 20:31:34 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\DragonsEye Studios
[2011/11/01 20:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\DragonsEye Studios
[2011/10/30 14:06:41 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\AVG
[2011/10/30 13:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/10/30 12:57:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/10/30 12:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/10/29 19:10:29 | 003,900,592 | ---- | C] (AVG Technologies) -- C:\Users\Tim\Desktop\avg_free_stb_all_2012_1831_cnet.exe
[2011/10/29 15:44:37 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\fugitive
[2011/10/29 14:29:49 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\HitPoint Studios
[2011/10/29 14:29:29 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Oberon Media
[2011/10/29 10:18:25 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\{www.scenetime.com}Chained Heat Trilogy
[2011/10/27 13:52:16 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\hjsplit
[2011/10/27 13:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AsfTools
[2011/10/27 12:15:42 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\women_in_prison_clips_vol1
[2011/10/26 19:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/10/26 19:44:56 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/10/26 19:44:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/10/26 19:44:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/10/23 21:15:34 | 000,000,000 | RH-D | C] -- C:\Users\Tim\AppData\Roaming\SecuROM
[2011/10/23 21:15:33 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011/10/17 20:53:11 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\powder116_win
[2011/10/16 19:07:28 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\homebrew
[2011/10/13 16:45:43 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\roms
[2011/10/13 12:43:46 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/13 12:43:46 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/13 12:43:46 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/13 12:43:46 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/13 12:43:30 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/10/13 12:43:30 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/13 12:43:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/13 12:43:30 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/13 12:43:30 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/13 12:43:30 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/13 12:43:30 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/13 12:42:02 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/13 12:42:01 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll

========== Files - Modified Within 30 Days ==========

[2011/11/10 13:59:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2011/11/10 13:55:40 | 000,165,376 | ---- | M] () -- C:\Users\Tim\Desktop\SystemLook_x64.exe
[2011/11/10 13:41:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/10 11:35:01 | 000,077,155 | ---- | M] () -- C:\Users\Tim\Desktop\zork3.zip
[2011/11/10 11:34:53 | 000,085,755 | ---- | M] () -- C:\Users\Tim\Desktop\zork2.zip
[2011/11/10 10:48:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Tim\Desktop\dds.scr
[2011/11/10 10:41:55 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 10:41:55 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 10:34:19 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/10 10:34:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/10 10:34:06 | 2962,309,120 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/10 10:31:49 | 002,540,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Tim\Desktop\avg_remover_stf_x64_2012_1796.exe
[2011/11/10 09:52:54 | 000,343,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/09 22:28:00 | 000,002,367 | ---- | M] () -- C:\Users\Tim\Desktop\Mahjongg Dimensions Deluxe - Tiles in Time.lnk
[2011/11/09 22:28:00 | 000,001,150 | ---- | M] () -- C:\Users\Tim\Desktop\Yahoo! Games - Games And Online Games.lnk
[2011/11/09 22:26:35 | 000,002,181 | ---- | M] () -- C:\Users\Tim\Desktop\Hidden in Time 2.lnk
[2011/11/09 11:32:53 | 000,002,140 | ---- | M] () -- C:\Users\Tim\Desktop\Roads of Rome 3.lnk
[2011/11/08 20:25:36 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/08 14:19:12 | 000,002,115 | ---- | M] () -- C:\Users\Tim\Desktop\Vampire Saga 2.lnk
[2011/11/08 10:22:40 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/08 10:22:40 | 000,624,200 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/08 10:22:40 | 000,106,544 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/07 20:40:06 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/11/07 20:40:06 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/11/07 18:30:10 | 000,272,674 | ---- | M] () -- C:\Users\Tim\Desktop\canabalt.jpg
[2011/11/07 18:28:21 | 000,004,346 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\wklnhst.dat
[2011/11/05 21:41:30 | 009,357,312 | ---- | M] () -- C:\Users\Tim\Desktop\Blind_Guardian_-_Sacred_Worlds.mp3
[2011/11/05 21:38:55 | 005,458,779 | ---- | M] () -- C:\Users\Tim\Desktop\Hammerfall_-_Child_of_The_Damned.mp3
[2011/11/05 16:38:19 | 000,000,500 | ---- | M] () -- C:\Program Files (x86)\1105201117381944.bat
[2011/11/05 11:56:16 | 758,937,600 | ---- | M] () -- C:\Users\Tim\Desktop\Red Heat.Xvid.VHSRip.DJ-Poney.avi
[2011/11/03 14:50:34 | 733,961,162 | ---- | M] () -- C:\Users\Tim\Desktop\Chloe.18.XXX.DVDrip.XviD by Pornostube.to.rar
[2011/11/02 21:38:53 | 085,289,659 | ---- | M] () -- C:\Users\Tim\Desktop\rose_tattoo_1982_scarred_for_life.zip
[2011/11/02 21:38:42 | 004,855,872 | ---- | M] () -- C:\Users\Tim\Desktop\ROSE_TATTOO_-_ROCK_N_ROLL_OUTLAW.mp3
[2011/11/01 21:35:42 | 000,000,479 | ---- | M] () -- C:\Program Files (x86)\1101201122354200.bat
[2011/10/29 19:10:36 | 003,900,592 | ---- | M] (AVG Technologies) -- C:\Users\Tim\Desktop\avg_free_stb_all_2012_1831_cnet.exe
[2011/10/29 19:07:33 | 059,854,808 | ---- | M] () -- C:\Users\Tim\Desktop\setup_av_free_cnet.exe
[2011/10/29 19:07:01 | 227,073,794 | ---- | M] () -- C:\Users\Tim\Desktop\LibO_3.3.4_Win_x86_install_multi.exe
[2011/10/23 21:15:33 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011/10/18 12:02:24 | 001,142,505 | ---- | M] () -- C:\Users\Tim\Desktop\Jones_In_The_Fast_Lane.zip
[2011/10/13 14:37:28 | 000,625,551 | ---- | M] () -- C:\Users\Tim\Desktop\Rings_of_Power_(U)_[!].zip

========== Files Created - No Company Name ==========

[2011/11/10 13:55:39 | 000,165,376 | ---- | C] () -- C:\Users\Tim\Desktop\SystemLook_x64.exe
[2011/11/10 11:35:01 | 000,077,155 | ---- | C] () -- C:\Users\Tim\Desktop\zork3.zip
[2011/11/10 11:34:53 | 000,085,755 | ---- | C] () -- C:\Users\Tim\Desktop\zork2.zip
[2011/11/09 22:28:00 | 000,002,367 | ---- | C] () -- C:\Users\Tim\Desktop\Mahjongg Dimensions Deluxe - Tiles in Time.lnk
[2011/11/09 22:26:35 | 000,002,181 | ---- | C] () -- C:\Users\Tim\Desktop\Hidden in Time 2.lnk
[2011/11/09 11:32:53 | 000,002,140 | ---- | C] () -- C:\Users\Tim\Desktop\Roads of Rome 3.lnk
[2011/11/08 14:19:12 | 000,002,115 | ---- | C] () -- C:\Users\Tim\Desktop\Vampire Saga 2.lnk
[2011/11/07 18:30:10 | 000,272,674 | ---- | C] () -- C:\Users\Tim\Desktop\canabalt.jpg
[2011/11/05 21:41:22 | 009,357,312 | ---- | C] () -- C:\Users\Tim\Desktop\Blind_Guardian_-_Sacred_Worlds.mp3
[2011/11/05 21:38:51 | 005,458,779 | ---- | C] () -- C:\Users\Tim\Desktop\Hammerfall_-_Child_of_The_Damned.mp3
[2011/11/05 16:38:19 | 000,000,500 | ---- | C] () -- C:\Program Files (x86)\1105201117381944.bat
[2011/11/03 14:37:21 | 733,961,162 | ---- | C] () -- C:\Users\Tim\Desktop\Chloe.18.XXX.DVDrip.XviD by Pornostube.to.rar
[2011/11/02 21:38:53 | 085,289,659 | ---- | C] () -- C:\Users\Tim\Desktop\rose_tattoo_1982_scarred_for_life.zip
[2011/11/02 21:38:40 | 004,855,872 | ---- | C] () -- C:\Users\Tim\Desktop\ROSE_TATTOO_-_ROCK_N_ROLL_OUTLAW.mp3
[2011/11/01 21:35:42 | 000,000,479 | ---- | C] () -- C:\Program Files (x86)\1101201122354200.bat
[2011/10/29 19:07:31 | 059,854,808 | ---- | C] () -- C:\Users\Tim\Desktop\setup_av_free_cnet.exe
[2011/10/29 19:07:00 | 227,073,794 | ---- | C] () -- C:\Users\Tim\Desktop\LibO_3.3.4_Win_x86_install_multi.exe
[2011/10/29 14:29:20 | 000,001,150 | ---- | C] () -- C:\Users\Tim\Desktop\Yahoo! Games - Games And Online Games.lnk
[2011/10/29 13:26:44 | 758,937,600 | ---- | C] () -- C:\Users\Tim\Desktop\Red Heat.Xvid.VHSRip.DJ-Poney.avi
[2011/10/18 12:02:17 | 001,142,505 | ---- | C] () -- C:\Users\Tim\Desktop\Jones_In_The_Fast_Lane.zip
[2011/10/13 14:37:27 | 000,625,551 | ---- | C] () -- C:\Users\Tim\Desktop\Rings_of_Power_(U)_[!].zip
[2011/09/16 06:47:47 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/05/03 20:47:53 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/03 20:47:53 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2010/12/19 15:19:40 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/11/30 18:10:28 | 000,004,346 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\wklnhst.dat
[2010/08/25 19:34:30 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/08/25 19:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 19:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2009/12/17 05:27:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/12/17 05:24:10 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2009/12/17 05:24:10 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/11/03 21:32:27 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\.minecraft
[2010/06/14 21:00:32 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\acccore
[2011/11/04 23:25:12 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Alawar
[2011/10/30 14:06:45 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\AVG
[2011/11/10 10:24:37 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\AVG2012
[2011/11/06 23:08:29 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Big Finish
[2011/11/01 20:31:34 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\DragonsEye Studios
[2011/11/02 15:16:40 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\GameMill Entertainment
[2011/10/29 14:29:49 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\HitPoint Studios
[2011/10/02 11:45:07 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Kuma Games
[2010/04/18 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Oberon Games
[2011/10/29 14:29:29 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Oberon Media
[2011/11/06 17:28:25 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Sleepwalker Games
[2011/11/05 09:50:56 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\SpinTop Games
[2010/12/18 12:15:47 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\TechWizard
[2010/11/30 18:10:30 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Template
[2011/11/09 14:59:24 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\TitanicMystery
[2011/11/07 15:50:24 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Total Eclipse
[2011/11/08 15:30:09 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\VampireSagaHL
[2011/11/05 10:51:54 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Vogat Interactive
[2011/10/08 21:39:01 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Windows Live Writer
[2010/04/18 04:06:47 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\WinPatrol
[2011/11/05 00:27:58 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:B0255E22
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:A9E8066F
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:DA9D42A5
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:F01E7F17
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:1A792FDD
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:EF996047
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:A95E5E89
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:CE07D0EE
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:3B3A35EC
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:4300D829
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E8AB98F0
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:8BBD1F9A
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:38ADF092
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:D305706A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:2ADC9FB3
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:122B3902
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0FEED4C3
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:FFD9E05D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:64AEDD72
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:1357E15F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:373C6DC2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:5925E400
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:5D6C9FB1

< End of report >
Back to top
View user's profile Send private message AIM Address
wile_koyote
Warrior


Joined: 22 Jan 2005
Last Visit: 26 Jun 2013
Posts: 96
Location: New Jersey

PostPosted: Thu Nov 10, 2011 11:07 am    Post subject: Reply with quote

Second log


OTL logfile created on: 11/10/2011 2:01:32 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tim\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 41.36% Memory free
7.36 Gb Paging File | 5.17 Gb Available in Paging File | 70.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.66 Gb Total Space | 308.07 Gb Free Space | 67.91% Space Free | Partition Type: NTFS

Computer Name: COMP1 | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/10 13:59:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
PRC - [2011/11/08 20:25:36 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
PRC - [2011/10/28 09:43:34 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/28 09:43:33 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/09/21 19:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
PRC - [2011/09/02 01:08:55 | 000,307,376 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/06/29 12:26:06 | 000,520,216 | ---- | M] (Ant.com) -- C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe
PRC - [2011/06/29 12:25:00 | 003,179,544 | ---- | M] (Ant.com) -- C:\Program Files (x86)\Ant.com\IE add-on\AntMaintainer.exe
PRC - [2010/09/29 06:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
PRC - [2010/09/29 06:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
PRC - [2010/09/29 05:59:56 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
PRC - [2009/10/29 15:31:16 | 000,244,480 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
PRC - [2009/10/29 15:31:00 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
PRC - [2009/10/13 14:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/10/13 14:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/10/10 16:07:08 | 000,320,832 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/09/30 07:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/09/30 07:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/09/17 01:50:14 | 001,157,640 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
PRC - [2009/08/03 11:05:48 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/07/28 16:29:40 | 001,507,448 | ---- | M] (Suyin) -- C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe
PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
PRC - [2009/04/16 02:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/14 10:09:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/14 10:09:50 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/14 10:09:44 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/09/14 17:36:08 | 000,506,711 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2009/08/03 11:05:48 | 000,498,160 | ---- | M] () -- C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/07/08 16:46:08 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Utility.dll
MOD - [2009/07/06 17:44:34 | 000,626,688 | ---- | M] () -- C:\Program Files (x86)\VideoWebCamera\Image.dll
MOD - [2009/02/02 20:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/11/02 15:48:18 | 000,126,352 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009/10/29 14:10:02 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe -- (Updater Service)
SRV - [2011/10/28 09:43:33 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/09/21 19:35:57 | 000,117,648 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/07/01 14:01:18 | 000,151,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter)
SRV - [2011/06/29 12:26:06 | 000,520,216 | ---- | M] (Ant.com) [Auto | Running] -- C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe -- (AntUpdaterService)
SRV - [2010/09/29 06:00:24 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm)
SRV - [2010/09/29 06:00:16 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/29 15:31:00 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009/10/13 14:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2009/09/30 07:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/09/30 07:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/28 22:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)
SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/10/10 21:20:26 | 000,561,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\cchpx64.sys -- (ccHP)
DRV:64bit: - [2011/09/21 19:35:58 | 000,279,160 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\symtdi.sys -- (SYMTDI)
DRV:64bit: - [2011/08/31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/08/18 14:25:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/08/25 19:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/07/12 13:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/04/18 03:12:03 | 000,172,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/01/20 16:18:24 | 000,334,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\BHDrvx64.sys -- (BHDrvx64)
DRV:64bit: - [2009/12/17 05:53:41 | 000,476,720 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2009/12/17 05:53:41 | 000,402,992 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2009/12/17 05:53:41 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1008030.006\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2009/12/17 05:53:41 | 000,031,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2009/11/05 23:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/02 15:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/10/29 17:56:34 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/10/25 23:39:44 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/10/23 00:27:12 | 000,307,760 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/10/13 14:16:40 | 000,409,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/08/05 15:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/24 05:23:24 | 000,205,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/05 19:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/05 19:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009/04/28 22:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)
DRV:64bit: - [2009/02/12 09:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)
DRV:64bit: - [2009/02/12 09:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)
DRV:64bit: - [2009/02/12 09:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)
DRV:64bit: - [2006/06/17 17:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)
DRV - [2011/09/02 19:37:58 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2010/05/28 14:33:18 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100604.004\IDSviA64.sys -- (IDSVia64)
DRV - [2010/05/27 03:00:00 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/05/27 03:00:00 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/13 01:04:52 | 001,773,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100616.004\EX64.SYS -- (NAVEX15)
DRV - [2010/05/13 01:04:52 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100616.004\ENG64.SYS -- (NAVENG)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/09/01 20:58:08 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/03/25 22:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n915l04g4z105a4492y24r
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n915l04g4z105a4492y24r
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n915l04g4z105a4492y24r
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n915l04g4z105a4492y24r


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2887552674-1617972426-1872323382-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv79&r=27360410n915l04g4z105a4492y24r
IE - HKU\S-1-5-21-2887552674-1617972426-1872323382-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2887552674-1617972426-1872323382-1001\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKU\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2011/10/10 23:07:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\


O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKU\S-1-5-21-2887552674-1617972426-1872323382-1001\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-2887552674-1617972426-1872323382-1001\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKU\S-1-5-21-2887552674-1617972426-1872323382-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [OOTag] C:\Windows\OOBEOffer\OOBEOffer\OOTag.exe (Microsoft)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VERIZONDM] C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [VideoWebCamera] C:\Program Files (x86)\VideoWebCamera\VideoWebCamera.exe (Suyin)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://www.shockwave.com/content/burgershop/sis/GoBitGamesPlayer_v5.cab (GoBit Games Player)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://l.yimg.com/jh/games/web_games/popcap/bejeweled2/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CF79823C-E338-4FCB-AD89-F2024E306D53}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\symres - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.3.6\CoIEPlg.dll (Symantec Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/10 13:59:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2011/11/10 12:48:15 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Realore_Whiterra Roads Of Rome 3
[2011/11/10 11:47:03 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\zork1
[2011/11/10 10:48:22 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Tim\Desktop\dds.scr
[2011/11/10 10:34:56 | 000,000,000 | R--D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2011/11/10 10:31:48 | 002,540,688 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Users\Tim\Desktop\avg_remover_stf_x64_2012_1796.exe
[2011/11/10 10:24:37 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\AVG2012
[2011/11/09 14:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\1912 Titanic Mystery
[2011/11/09 14:58:42 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\TitanicMystery
[2011/11/08 15:30:09 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\VampireSagaHL
[2011/11/08 14:23:11 | 000,000,000 | ---D | C] -- C:\ProgramData\The Mirror Mysteries
[2011/11/08 14:23:07 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011/11/07 20:37:02 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\Deadtime Stories
[2011/11/07 20:33:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Particles
[2011/11/07 20:33:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Far Mills
[2011/11/07 15:50:24 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Total Eclipse
[2011/11/06 23:08:29 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Big Finish
[2011/11/06 23:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Finish
[2011/11/06 17:28:25 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Sleepwalker Games
[2011/11/06 17:03:35 | 000,000,000 | ---D | C] -- C:\Users\Tim\Documents\Dracula 3 Part 1
[2011/11/05 16:10:02 | 000,000,000 | ---D | C] -- C:\ProgramData\GameHouse
[2011/11/05 15:53:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Deadtime Stories
[2011/11/05 15:51:29 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\animal instincts 2
[2011/11/05 15:48:09 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\Animal Instincts 3
[2011/11/05 15:46:16 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\Animal Instincts KLAXXON
[2011/11/05 10:51:54 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Vogat Interactive
[2011/11/05 09:50:56 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\SpinTop Games
[2011/11/05 08:46:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberonv1005
[2011/11/05 08:39:18 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yahoo! Games
[2011/11/05 08:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Oberon Media
[2011/11/04 23:25:12 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Alawar
[2011/11/04 14:02:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Playrix Entertainment
[2011/11/03 22:08:40 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\rose_tattoo_1982_scarred_for_life
[2011/11/03 14:26:04 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/03 14:24:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011/11/02 21:27:55 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\deep_purple_-_Burn
[2011/11/02 15:16:40 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\GameMill Entertainment
[2011/11/01 20:31:34 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\DragonsEye Studios
[2011/11/01 20:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\DragonsEye Studios
[2011/10/30 14:06:41 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\AVG
[2011/10/30 13:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2011/10/30 12:57:54 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2011/10/30 12:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2011/10/29 19:10:29 | 003,900,592 | ---- | C] (AVG Technologies) -- C:\Users\Tim\Desktop\avg_free_stb_all_2012_1831_cnet.exe
[2011/10/29 15:44:37 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\fugitive
[2011/10/29 14:29:49 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\HitPoint Studios
[2011/10/29 14:29:29 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Oberon Media
[2011/10/29 10:18:25 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\{www.scenetime.com}Chained Heat Trilogy
[2011/10/27 13:52:16 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\hjsplit
[2011/10/27 13:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AsfTools
[2011/10/27 12:15:42 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\women_in_prison_clips_vol1
[2011/10/26 19:45:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/10/26 19:44:56 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011/10/26 19:44:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011/10/26 19:44:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011/10/23 21:15:34 | 000,000,000 | RH-D | C] -- C:\Users\Tim\AppData\Roaming\SecuROM
[2011/10/23 21:15:33 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011/10/17 20:53:11 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\powder116_win
[2011/10/16 19:07:28 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\homebrew
[2011/10/13 16:45:43 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\roms
[2011/10/13 12:43:46 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/10/13 12:43:46 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/10/13 12:43:46 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/10/13 12:43:46 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/10/13 12:43:30 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/10/13 12:43:30 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/10/13 12:43:30 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/10/13 12:43:30 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/10/13 12:43:30 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/10/13 12:43:30 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/10/13 12:43:30 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/10/13 12:42:02 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/10/13 12:42:01 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll

========== Files - Modified Within 30 Days ==========

[2011/11/10 13:59:59 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe
[2011/11/10 13:55:40 | 000,165,376 | ---- | M] () -- C:\Users\Tim\Desktop\SystemLook_x64.exe
[2011/11/10 13:41:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/11/10 11:35:01 | 000,077,155 | ---- | M] () -- C:\Users\Tim\Desktop\zork3.zip
[2011/11/10 11:34:53 | 000,085,755 | ---- | M] () -- C:\Users\Tim\Desktop\zork2.zip
[2011/11/10 10:48:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Tim\Desktop\dds.scr
[2011/11/10 10:41:55 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 10:41:55 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/11/10 10:34:19 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/11/10 10:34:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/11/10 10:34:06 | 2962,309,120 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/10 10:31:49 | 002,540,688 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Users\Tim\Desktop\avg_remover_stf_x64_2012_1796.exe
[2011/11/10 09:52:54 | 000,343,552 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/11/09 22:28:00 | 000,002,367 | ---- | M] () -- C:\Users\Tim\Desktop\Mahjongg Dimensions Deluxe - Tiles in Time.lnk
[2011/11/09 22:28:00 | 000,001,150 | ---- | M] () -- C:\Users\Tim\Desktop\Yahoo! Games - Games And Online Games.lnk
[2011/11/09 22:26:35 | 000,002,181 | ---- | M] () -- C:\Users\Tim\Desktop\Hidden in Time 2.lnk
[2011/11/09 11:32:53 | 000,002,140 | ---- | M] () -- C:\Users\Tim\Desktop\Roads of Rome 3.lnk
[2011/11/08 20:25:36 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/11/08 14:19:12 | 000,002,115 | ---- | M] () -- C:\Users\Tim\Desktop\Vampire Saga 2.lnk
[2011/11/08 10:22:40 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/11/08 10:22:40 | 000,624,200 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/11/08 10:22:40 | 000,106,544 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/11/07 20:40:06 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/11/07 20:40:06 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/11/07 18:30:10 | 000,272,674 | ---- | M] () -- C:\Users\Tim\Desktop\canabalt.jpg
[2011/11/07 18:28:21 | 000,004,346 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\wklnhst.dat
[2011/11/05 21:41:30 | 009,357,312 | ---- | M] () -- C:\Users\Tim\Desktop\Blind_Guardian_-_Sacred_Worlds.mp3
[2011/11/05 21:38:55 | 005,458,779 | ---- | M] () -- C:\Users\Tim\Desktop\Hammerfall_-_Child_of_The_Damned.mp3
[2011/11/05 16:38:19 | 000,000,500 | ---- | M] () -- C:\Program Files (x86)\1105201117381944.bat
[2011/11/05 11:56:16 | 758,937,600 | ---- | M] () -- C:\Users\Tim\Desktop\Red Heat.Xvid.VHSRip.DJ-Poney.avi
[2011/11/03 14:50:34 | 733,961,162 | ---- | M] () -- C:\Users\Tim\Desktop\Chloe.18.XXX.DVDrip.XviD by Pornostube.to.rar
[2011/11/02 21:38:53 | 085,289,659 | ---- | M] () -- C:\Users\Tim\Desktop\rose_tattoo_1982_scarred_for_life.zip
[2011/11/02 21:38:42 | 004,855,872 | ---- | M] () -- C:\Users\Tim\Desktop\ROSE_TATTOO_-_ROCK_N_ROLL_OUTLAW.mp3
[2011/11/01 21:35:42 | 000,000,479 | ---- | M] () -- C:\Program Files (x86)\1101201122354200.bat
[2011/10/29 19:10:36 | 003,900,592 | ---- | M] (AVG Technologies) -- C:\Users\Tim\Desktop\avg_free_stb_all_2012_1831_cnet.exe
[2011/10/29 19:07:33 | 059,854,808 | ---- | M] () -- C:\Users\Tim\Desktop\setup_av_free_cnet.exe
[2011/10/29 19:07:01 | 227,073,794 | ---- | M] () -- C:\Users\Tim\Desktop\LibO_3.3.4_Win_x86_install_multi.exe
[2011/10/23 21:15:33 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011/10/18 12:02:24 | 001,142,505 | ---- | M] () -- C:\Users\Tim\Desktop\Jones_In_The_Fast_Lane.zip
[2011/10/13 14:37:28 | 000,625,551 | ---- | M] () -- C:\Users\Tim\Desktop\Rings_of_Power_(U)_[!].zip

========== Files Created - No Company Name ==========

[2011/11/10 13:55:39 | 000,165,376 | ---- | C] () -- C:\Users\Tim\Desktop\SystemLook_x64.exe
[2011/11/10 11:35:01 | 000,077,155 | ---- | C] () -- C:\Users\Tim\Desktop\zork3.zip
[2011/11/10 11:34:53 | 000,085,755 | ---- | C] () -- C:\Users\Tim\Desktop\zork2.zip
[2011/11/09 22:28:00 | 000,002,367 | ---- | C] () -- C:\Users\Tim\Desktop\Mahjongg Dimensions Deluxe - Tiles in Time.lnk
[2011/11/09 22:26:35 | 000,002,181 | ---- | C] () -- C:\Users\Tim\Desktop\Hidden in Time 2.lnk
[2011/11/09 11:32:53 | 000,002,140 | ---- | C] () -- C:\Users\Tim\Desktop\Roads of Rome 3.lnk
[2011/11/08 14:19:12 | 000,002,115 | ---- | C] () -- C:\Users\Tim\Desktop\Vampire Saga 2.lnk
[2011/11/07 18:30:10 | 000,272,674 | ---- | C] () -- C:\Users\Tim\Desktop\canabalt.jpg
[2011/11/05 21:41:22 | 009,357,312 | ---- | C] () -- C:\Users\Tim\Desktop\Blind_Guardian_-_Sacred_Worlds.mp3
[2011/11/05 21:38:51 | 005,458,779 | ---- | C] () -- C:\Users\Tim\Desktop\Hammerfall_-_Child_of_The_Damned.mp3
[2011/11/05 16:38:19 | 000,000,500 | ---- | C] () -- C:\Program Files (x86)\1105201117381944.bat
[2011/11/03 14:37:21 | 733,961,162 | ---- | C] () -- C:\Users\Tim\Desktop\Chloe.18.XXX.DVDrip.XviD by Pornostube.to.rar
[2011/11/02 21:38:53 | 085,289,659 | ---- | C] () -- C:\Users\Tim\Desktop\rose_tattoo_1982_scarred_for_life.zip
[2011/11/02 21:38:40 | 004,855,872 | ---- | C] () -- C:\Users\Tim\Desktop\ROSE_TATTOO_-_ROCK_N_ROLL_OUTLAW.mp3
[2011/11/01 21:35:42 | 000,000,479 | ---- | C] () -- C:\Program Files (x86)\1101201122354200.bat
[2011/10/29 19:07:31 | 059,854,808 | ---- | C] () -- C:\Users\Tim\Desktop\setup_av_free_cnet.exe
[2011/10/29 19:07:00 | 227,073,794 | ---- | C] () -- C:\Users\Tim\Desktop\LibO_3.3.4_Win_x86_install_multi.exe
[2011/10/29 14:29:20 | 000,001,150 | ---- | C] () -- C:\Users\Tim\Desktop\Yahoo! Games - Games And Online Games.lnk
[2011/10/29 13:26:44 | 758,937,600 | ---- | C] () -- C:\Users\Tim\Desktop\Red Heat.Xvid.VHSRip.DJ-Poney.avi
[2011/10/18 12:02:17 | 001,142,505 | ---- | C] () -- C:\Users\Tim\Desktop\Jones_In_The_Fast_Lane.zip
[2011/10/13 14:37:27 | 000,625,551 | ---- | C] () -- C:\Users\Tim\Desktop\Rings_of_Power_(U)_[!].zip
[2011/09/16 06:47:47 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/05/03 20:47:53 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/03 20:47:53 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2010/12/19 15:19:40 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/11/30 18:10:28 | 000,004,346 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\wklnhst.dat
[2010/08/25 19:34:30 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/08/25 19:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/08/25 19:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2009/12/17 05:27:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/12/17 05:24:10 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2009/12/17 05:24:10 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2010/11/03 21:32:27 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\.minecraft
[2010/06/14 21:00:32 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\acccore
[2011/11/04 23:25:12 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Alawar
[2011/10/30 14:06:45 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\AVG
[2011/11/10 10:24:37 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\AVG2012
[2011/11/06 23:08:29 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Big Finish
[2011/11/01 20:31:34 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\DragonsEye Studios
[2011/11/02 15:16:40 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\GameMill Entertainment
[2011/10/29 14:29:49 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\HitPoint Studios
[2011/10/02 11:45:07 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Kuma Games
[2010/04/18 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Oberon Games
[2011/10/29 14:29:29 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Oberon Media
[2011/11/06 17:28:25 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Sleepwalker Games
[2011/11/05 09:50:56 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\SpinTop Games
[2010/12/18 12:15:47 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\TechWizard
[2010/11/30 18:10:30 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Template
[2011/11/09 14:59:24 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\TitanicMystery
[2011/11/07 15:50:24 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Total Eclipse
[2011/11/08 15:30:09 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\VampireSagaHL
[2011/11/05 10:51:54 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Vogat Interactive
[2011/10/08 21:39:01 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Windows Live Writer
[2010/04/18 04:06:47 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\WinPatrol
[2011/11/05 00:27:58 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\ProgramData\Temp:B0255E22
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:A9E8066F
@Alternate Data Stream - 147 bytes -> C:\ProgramData\Temp:DA9D42A5
@Alternate Data Stream - 145 bytes -> C:\ProgramData\Temp:F01E7F17
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:1A792FDD
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:EF996047
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:A95E5E89
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:CE07D0EE
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:3B3A35EC
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:4300D829
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:E8AB98F0
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:8BBD1F9A
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:38ADF092
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:D305706A
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:2ADC9FB3
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:122B3902
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:0FEED4C3
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:FFD9E05D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:64AEDD72
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:1357E15F
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:373C6DC2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:5925E400
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:5D6C9FB1

< End of report >
Back to top
View user's profile Send private message AIM Address
wile_koyote
Warrior


Joined: 22 Jan 2005
Last Visit: 26 Jun 2013
Posts: 96
Location: New Jersey

PostPosted: Thu Nov 10, 2011 11:08 am    Post subject: Reply with quote

and third log



OTL Extras logfile created on: 11/10/2011 2:01:32 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tim\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.68 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 41.36% Memory free
7.36 Gb Paging File | 5.17 Gb Available in Paging File | 70.25% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453.66 Gb Total Space | 308.07 Gb Free Space | 67.91% Space Free | Partition Type: NTFS

Computer Name: COMP1 | User Name: Tim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5F02C14D-A630-4771-8409-0BA89FCCA8D6}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FBBC4667-2521-4E78-B1BD-8706F774549B}" = Best Buy Software Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2B78F6F9-5C63-45AB-ABFD-DDB7946E4C39}" = Ant.com IE add-on
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{385DD1DD-65AA-408D-8E70-74601C2DB7E6}" = Ad-Aware
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Gateway Power Management
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5DFC26EF-8316-41D5-BCCD-E562A79EC3B2}" = Vz In Home Agent
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{6D9021DC-CF1B-4148-8C80-6D8E8A8A33EB}" = Video Web Camera
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Gateway Recovery Management
"{80813829-BE27-4799-8BC7-2F75A7B6CB50}" = IHA_MessageCenter
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116668760}" = Dream Day Wedding
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116953487}" = Turbo Subs FREE
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005334}" = Vampire Saga 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005426}" = Roads of Rome 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005452}" = Hidden in Time 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005507}" = Mahjongg Dimensions Deluxe - Tiles in Time
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0B406B-DF08-49EF-8702-FA45752C135F}" = Verizon Download Manager
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}" = Roxio Burn
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Gateway Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"AIM_7" = AIM 7
"Akamai" = Akamai NetSession Interface
"Ant.com IE add-on" = Ant.com IE add-on
"AviSynth" = AviSynth 2.5
"Best Buy Software Installer" = Best Buy Software Installer
"Burger Shop 2" = Burger Shop 2 (remove only)
"Gateway InfoCentre" = Gateway InfoCentre
"Gateway Registration" = Gateway Registration
"Gateway Screensaver" = Gateway ScreenSaver
"Gateway Welcome Center" = Welcome Center
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Identity Card" = Identity Card
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Gateway MyBackup
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"NIS" = Norton Internet Security
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Verizon Help and Support" = Verizon Help and Support Tool
"WinPatrol" = WinPatrol 2009
"WinRAR archiver" = WinRAR archiver
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >



thanks Gary


PS thankfully its been a long time since i needed help, no more hijack this??
Back to top
View user's profile Send private message AIM Address
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 17 Aug 2014
Posts: 9979
Location: Yorkshire

PostPosted: Thu Nov 10, 2011 1:47 pm    Post subject: Reply with quote


  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.

Code:
:Processes
KillAllProcesses

:Files
C:\Program Files (x86)\AVG
C:\Users\Tim\AppData\Roaming\AVG
C:\Users\Tim\AppData\Roaming\AVG2012
C:\Users\Tim\Desktop\avg_free_stb_all_2012_1831_cnet.exe
@C:\ProgramData\Temp:B0255E22
@C:\ProgramData\Temp:A9E8066F
@C:\ProgramData\Temp:DA9D42A5
@C:\ProgramData\Temp:F01E7F17
@C:\ProgramData\Temp:1A792FDD
@C:\ProgramData\Temp:EF996047
@C:\ProgramData\Temp:A95E5E89
@C:\ProgramData\Temp:0B4227B4
@C:\ProgramData\Temp:CE07D0EE
@C:\ProgramData\Temp:4300D829
@C:\ProgramData\Temp:E8AB98F0
@C:\ProgramData\Temp:8BBD1F9A
@C:\ProgramData\Temp:38ADF092
@C:\ProgramData\Temp:D305706A
@C:\ProgramData\Temp:2ADC9FB3
@C:\ProgramData\Temp:122B3902
@C:\ProgramData\Temp:0FEED4C3
@C:\ProgramData\Temp:FFD9E05D
@C:\ProgramData\Temp:64AEDD72
@C:\ProgramData\Temp:1357E15F
@C:\ProgramData\Temp:373C6DC2
@C:\ProgramData\Temp:5925E400
@C:\ProgramData\Temp:5D6C9FB1

:Reg
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\IEHelpers]
"AVG Internet Security"=-
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Services]
"AVG Firewall"=-
[HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Services]
"AVG WatchDog"=-
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG Shell Extension]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG Shell Extension]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG Shell Extension]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2012\"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\06AEBDCF0F97EAF4BB8A552AC606A994\InstallProperties]
"Publisher"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGFWFD\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{9F395A91-34CE-45C7-9BA2-957247FAD468}"=-
"{A58D20F1-8171-4A77-A21B-ADCFD3EA8894}"=-
"{C40BF4E9-2032-4198-88AA-D2F25929642D}"=-
"{FBA16BA3-BA1F-4AA3-BC9E-1854AEA8327B}"=-
[HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\BillP Studios\WinPatrol\IEHelpers]
"AVG Internet Security"=-
[HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\BillP Studios\WinPatrol\Services]
"AVG Firewall"=-
[HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\BillP Studios\WinPatrol\Services]
"AVG WatchDog"=-
[HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe"=-
[HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe"=-

:OTL
SRV - [2011/06/29 12:26:06 | 000,520,216 | ---- | M] (Ant.com) [Auto | Running] -- C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe -- (AntUpdaterService)
IE - HKU\S-1-5-21-2887552674-1617972426-1872323382-1001\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\
O2:64bit: - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Ant.com browser helper (video detector)) - {346FDE31-DFF9-418A-90C8-BA31DC9FF2EF} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O3 - HKU\S-1-5-21-2887552674-1617972426-1872323382-1001\..\Toolbar\WebBrowser: (Ant.com Video Downloader toolbar) - {2E924F4F-67F0-4BD8-9560-49F468E843D2} - C:\Program Files (x86)\Ant.com\IE add-on\AntToolbar.dll (Ant.com)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk = File not found
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Download videos by Ant.com - {70AF6C9F-0818-4cf7-924A-BBDBB24211D3} - C:\Program Files (x86)\Ant.com\IE add-on\Download.dll (Ant.com)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

:Commands
[CreateRestorePoint]
[EmptyTemp]
[Reboot]



  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.


Note:OTL will re-boot your computer. A log will be produced upon re-boot.

Next

I see you have Malwarebytes Anti-Malware installed ....


  • Click on the Malwarebytes' Anti-Malware icon to launch the programme.

    • Click the Updates tab.

      • Click Check for Updates and allow the programme to download the latest definitions.

    • Click the Scanner tab.

      • Check Perform Quick Scan.
      • Click Scan and wait for the scan to complete.
      • When the scan is complete, click OK, then Show Results.
      • Check all items except items in the C:\System Volume Information folder and click on Remove Selected.

        • A box will pop-up telling you that files have been quarantined.
        • A log will pop-up.

      • Post the log in your next reply please.




You can also access the log by doing the following

  • Click on the Logs tab.

    • Click on the log at the bottom of those listed to highlight it.
    • Click Open



Summary of the logs I need from you in your next post:

  • OTL fix log
  • MBAM log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.



PS. In answer to your question about HJT.

HJT is no longer a reliable indicator of infection. It doesn't report accurately on 64 bit systems, and it's too limited in the areas of the registry that it looks at, which is why we now use DDS as our triage scan and usually follow up with other scans where necessary.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
wile_koyote
Warrior


Joined: 22 Jan 2005
Last Visit: 26 Jun 2013
Posts: 96
Location: New Jersey

PostPosted: Thu Nov 10, 2011 2:57 pm    Post subject: Reply with quote

OTC log

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\Program Files (x86)\AVG\AVG2012\awacs\pct\component folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\awacs\pct folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\awacs\obx\component folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\awacs\obx folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\awacs\fas\component folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\awacs\fas folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\awacs\dav\component folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\awacs\dav folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012\awacs folder moved successfully.
C:\Program Files (x86)\AVG\AVG2012 folder moved successfully.
C:\Program Files (x86)\AVG folder moved successfully.
C:\Users\Tim\AppData\Roaming\AVG\Rescue\PC Tuneup 2011 folder moved successfully.
C:\Users\Tim\AppData\Roaming\AVG\Rescue folder moved successfully.
C:\Users\Tim\AppData\Roaming\AVG\PC Tuneup 2011\User Reports folder moved successfully.
C:\Users\Tim\AppData\Roaming\AVG\PC Tuneup 2011\Logs folder moved successfully.
C:\Users\Tim\AppData\Roaming\AVG\PC Tuneup 2011 folder moved successfully.
C:\Users\Tim\AppData\Roaming\AVG folder moved successfully.
C:\Users\Tim\AppData\Roaming\AVG2012\cfgall folder moved successfully.
C:\Users\Tim\AppData\Roaming\AVG2012 folder moved successfully.
C:\Users\Tim\Desktop\avg_free_stb_all_2012_1831_cnet.exe moved successfully.
ADS C:\ProgramData\Temp:B0255E22 deleted successfully.
ADS C:\ProgramData\Temp:A9E8066F deleted successfully.
ADS C:\ProgramData\Temp:DA9D42A5 deleted successfully.
ADS C:\ProgramData\Temp:F01E7F17 deleted successfully.
ADS C:\ProgramData\Temp:1A792FDD deleted successfully.
ADS C:\ProgramData\Temp:EF996047 deleted successfully.
ADS C:\ProgramData\Temp:A95E5E89 deleted successfully.
ADS C:\ProgramData\Temp:0B4227B4 deleted successfully.
ADS C:\ProgramData\Temp:CE07D0EE deleted successfully.
ADS C:\ProgramData\Temp:4300D829 deleted successfully.
ADS C:\ProgramData\Temp:E8AB98F0 deleted successfully.
ADS C:\ProgramData\Temp:8BBD1F9A deleted successfully.
ADS C:\ProgramData\Temp:38ADF092 deleted successfully.
ADS C:\ProgramData\Temp:D305706A deleted successfully.
ADS C:\ProgramData\Temp:2ADC9FB3 deleted successfully.
ADS C:\ProgramData\Temp:122B3902 deleted successfully.
ADS C:\ProgramData\Temp:0FEED4C3 deleted successfully.
ADS C:\ProgramData\Temp:FFD9E05D deleted successfully.
ADS C:\ProgramData\Temp:64AEDD72 deleted successfully.
ADS C:\ProgramData\Temp:1357E15F deleted successfully.
ADS C:\ProgramData\Temp:373C6DC2 deleted successfully.
ADS C:\ProgramData\Temp:5925E400 deleted successfully.
ADS C:\ProgramData\Temp:5D6C9FB1 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\IEHelpers\\AVG Internet Security deleted successfully.
Registry value HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Services\\AVG Firewall deleted successfully.
Registry value HKEY_CURRENT_USER\Software\BillP Studios\WinPatrol\Services\\AVG WatchDog deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\AVG Shell Extension\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\AVG Shell Extension\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\AVG Shell Extension\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\06AEBDCF0F97EAF4BB8A552AC606A994\InstallProperties not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGFWFD\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA\0000\ scheduled to be deleted on reboot.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9F395A91-34CE-45C7-9BA2-957247FAD468} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F395A91-34CE-45C7-9BA2-957247FAD468}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A58D20F1-8171-4A77-A21B-ADCFD3EA8894} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A58D20F1-8171-4A77-A21B-ADCFD3EA8894}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C40BF4E9-2032-4198-88AA-D2F25929642D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C40BF4E9-2032-4198-88AA-D2F25929642D}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FBA16BA3-BA1F-4AA3-BC9E-1854AEA8327B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FBA16BA3-BA1F-4AA3-BC9E-1854AEA8327B}\ not found.
Registry value HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\BillP Studios\WinPatrol\IEHelpers\\AVG Internet Security not found.
Registry value HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\BillP Studios\WinPatrol\Services\\AVG Firewall not found.
Registry value HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\BillP Studios\WinPatrol\Services\\AVG WatchDog not found.
Registry value HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe not found.
Registry value HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe not found.
========== OTL ==========
Service AntUpdaterService stopped successfully!
Service AntUpdaterService deleted successfully!
C:\Program Files (x86)\Ant.com\IE add-on\AntUpdaterService.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{88c7f2aa-f93f-432c-8f0e-b7d85967a527} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}\ not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4 not found.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{346FDE31-DFF9-418A-90C8-BA31DC9FF2EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{346FDE31-DFF9-418A-90C8-BA31DC9FF2EF}\ deleted successfully.
C:\Program Files (x86)\Ant.com\IE add-on\Download.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2E924F4F-67F0-4BD8-9560-49F468E843D2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E924F4F-67F0-4BD8-9560-49F468E843D2}\ deleted successfully.
File on\AntToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2E924F4F-67F0-4BD8-9560-49F468E843D2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E924F4F-67F0-4BD8-9560-49F468E843D2}\ not found.
File on\AntToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2E924F4F-67F0-4BD8-9560-49F468E843D2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E924F4F-67F0-4BD8-9560-49F468E843D2}\ not found.
File on\AntToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-2887552674-1617972426-1872323382-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2E924F4F-67F0-4BD8-9560-49F468E843D2} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2E924F4F-67F0-4BD8-9560-49F468E843D2}\ not found.
File on\AntToolbar.dll not found.
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk moved successfully.
File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk scheduled to be moved on reboot.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ not found.
C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{70AF6C9F-0818-4cf7-924A-BBDBB24211D3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70AF6C9F-0818-4cf7-924A-BBDBB24211D3}\ deleted successfully.
File C:\Program Files (x86)\Ant.com\IE add-on\Download.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}\ not found.
C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2039804 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Tim
->Temp folder emptied: 86460245 bytes
->Temporary Internet Files folder emptied: 3391906598 bytes
->Java cache emptied: 407830 bytes
->Flash cache emptied: 470 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2905906 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 84793 bytes
RecycleBin emptied: 4977998619 bytes

Total Files Cleaned = 8,070.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 11102011_173937

Files\Folders moved on Reboot...
File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Best Buy Software Installer.lnk not found!
C:\Users\Tim\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\JETDDDF.tmp not found!
File\Folder C:\Windows\temp\TMP000006F4D91C481496A6E04A not found!

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGFWFD\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGRKX64\0000\ scheduled to be deleted on reboot.
Registry delete failed. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AVGTDIA\0000\ scheduled to be deleted on reboot.
Back to top
View user's profile Send private message AIM Address
wile_koyote
Warrior


Joined: 22 Jan 2005
Last Visit: 26 Jun 2013
Posts: 96
Location: New Jersey

PostPosted: Thu Nov 10, 2011 2:59 pm    Post subject: Reply with quote

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8135

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

11/10/2011 5:55:11 PM
mbam-log-2011-11-10 (17-55-11).txt

Scan type: Quick scan
Objects scanned: 170104
Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



interesting on the hijack this


ill be running out for while i look forward to seeing your reply tonight or tomorrow.

as always thanx!!
Back to top
View user's profile Send private message AIM Address
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 17 Aug 2014
Posts: 9979
Location: Yorkshire

PostPosted: Fri Nov 11, 2011 1:26 am    Post subject: Reply with quote

Looks like things have been removed successfully .....

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go HERE then click on:

Quote:
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.


  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:



    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: (Selecting Uninstall application on close if you so wish)


How is your computer behaving now ?
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
wile_koyote
Warrior


Joined: 22 Jan 2005
Last Visit: 26 Jun 2013
Posts: 96
Location: New Jersey

PostPosted: Fri Nov 11, 2011 8:04 am    Post subject: Reply with quote

Here is the log I got

C:\_OTL\MovedFiles\11102011_173937\C_Users\Tim\AppData\Roaming\AVG\Rescue\PC Tuneup 2011\111030150647480.rsc multiple threats



Yes the computer seems to be running ok. Watchdog is no longer popping up regarding AVG dll's.

I'd love to one day to figure out how to do this on my own, you guys are great.


Are there any other good programs I should download for protection.
Back to top
View user's profile Send private message AIM Address
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 17 Aug 2014
Posts: 9979
Location: Yorkshire

PostPosted: Fri Nov 11, 2011 12:50 pm    Post subject: Reply with quote

OK the file found by e-set is one we quarantined with OTL. We'll be removing it when we remove OTL.

Looks like you're clean.

Let's clear out OTL and the files and folders it created. This will also remove SystemLook.

  • Double click OTL.exe to launch the programme.
  • Click on the CleanUp! button.
  • OTL will download a list from the Internet, if your firewall or other defensive programmes alerts you, allow it access.
  • You will be prompted to allow the clean up procedure, click Yes
  • When finished exit out of OTL
  • Now delete OTL.exe (if still present).


As far as I can see, your computer looks clear of infection now.

Are you still noticing any problems ?

  • If you are let me know about them.
  • If not it's time to make your computer more secure.


Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.


If your computer is running slowly after your clean up, please read.



As for learning how to do this, if you check on the Malware Removal University link in my signature below, we run a training course there that teaches people how to help people safely remove Malware.
_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
wile_koyote
Warrior


Joined: 22 Jan 2005
Last Visit: 26 Jun 2013
Posts: 96
Location: New Jersey

PostPosted: Fri Nov 11, 2011 6:29 pm    Post subject: Reply with quote

thanks Gary,

everything seems good.

I'm definetly gonna check out the University!!
Back to top
View user's profile Send private message AIM Address
Gary R
Moderator


Joined: 03 May 2005
Last Visit: 17 Aug 2014
Posts: 9979
Location: Yorkshire

PostPosted: Fri Nov 11, 2011 10:20 pm    Post subject: Reply with quote

You're welcome, glad we were able to help.

Keep safe.

Gary

Quote:
This topic is now closed.

If you are the originator of this topic, and you need it re-opened please pm a moderator, including a link to this topic.


If you have been helped and wish to donate to help with the costs of this volunteer site, please read Spyware Warrior Donations

Gary R

_________________
Gary R Administrator at Malware Removal University



If you've been helped, please donate to help with the costs of this volunteer site .... Spyware Warrior Donations
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Archived Spyware Removal Help Topics All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group