Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Windows Installer (Virus?) [Solved]

Started by G_Woods , Aug 07 2012 07:35 PM

  • This topic is locked This topic is locked

#16
G_Woods
Posted 14 August 2012 - 10:26 AM

G_Woods

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
OTL logfile created on: 8/14/2012 12:16:23 PM - Run 3
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\GAWoods\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 61.45% Memory free
6.00 Gb Paging File | 4.81 Gb Available in Paging File | 80.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.04 Gb Total Space | 211.71 Gb Free Space | 74.27% Space Free | Partition Type: NTFS
Drive D: | 13.05 Gb Total Space | 2.40 Gb Free Space | 18.41% Space Free | Partition Type: NTFS
Drive E: | 3.09 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive K: | 7.46 Gb Total Space | 0.10 Gb Free Space | 1.32% Space Free | Partition Type: FAT32

Computer Name: WHITEY-PC | User Name: GAWoods | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/07 08:57:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\GAWoods\Desktop\OTL.exe
PRC - [2012/07/03 12:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/02/20 10:18:28 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.EXE
PRC - [2012/02/20 10:18:28 | 000,193,816 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.EXE


========== Modules (No Company Name) ==========

MOD - [2012/07/31 01:36:14 | 000,442,392 | ---- | M] () -- C:\Users\GAWoods\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppgooglenaclpluginchrome.dll
MOD - [2012/07/31 01:36:12 | 003,997,720 | ---- | M] () -- C:\Users\GAWoods\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
MOD - [2012/07/31 01:34:45 | 000,144,424 | ---- | M] () -- C:\Users\GAWoods\AppData\Local\Google\Chrome\Application\21.0.1180.60\avutil-51.dll
MOD - [2012/07/31 01:34:43 | 000,266,792 | ---- | M] () -- C:\Users\GAWoods\AppData\Local\Google\Chrome\Application\21.0.1180.60\avformat-54.dll
MOD - [2012/07/31 01:34:42 | 002,480,680 | ---- | M] () -- C:\Users\GAWoods\AppData\Local\Google\Chrome\Application\21.0.1180.60\avcodec-54.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 12:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/01/17 20:20:04 | 000,301,720 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Macrium\Reflect\ReflectService.exe -- (ReflectService)
SRV:64bit: - [2010/04/09 16:16:14 | 002,060,152 | ---- | M] (RealVNC Ltd.) [Disabled | Stopped] -- C:\Program Files\RealVNC\VNC4\winvnc4.exe -- (WinVNC4)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:41:19 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC)
SRV - [2012/07/24 21:47:44 | 000,808,408 | ---- | M] (Mister Group) [Disabled | Stopped] -- C:\Program Files (x86)\System Explorer\service\SystemExplorerService64.exe -- (SystemExplorerHelpService)
SRV - [2012/07/16 11:28:42 | 002,416,040 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2012/07/12 17:49:13 | 000,147,368 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/07/12 17:49:02 | 000,375,208 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/02/20 10:18:28 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/20 10:18:28 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/01/23 00:43:08 | 000,092,592 | ---- | M] (TomTom) [Disabled | Stopped] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2012/01/03 09:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2010/12/09 08:42:01 | 000,234,784 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\AirPrint\airprint.exe -- (AirPrint)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/11/20 08:19:20 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010/11/20 08:18:03 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010/11/20 08:17:22 | 000,073,216 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
SRV - [2010/11/08 13:04:20 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/12 17:49:03 | 000,087,488 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/03 12:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 12:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 12:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 12:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 12:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 12:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/05/10 08:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 05:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/09/23 00:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/09/17 16:40:06 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2010/09/17 16:39:58 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2010/07/21 17:59:28 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/07/21 17:59:28 | 000,023,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2010/07/01 18:52:18 | 000,051,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2010/06/02 12:49:29 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010/05/25 08:14:34 | 000,031,280 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OXUDIDRV_x64.sys -- (OXUDIDRV)
DRV:64bit: - [2010/04/09 16:04:26 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)
DRV:64bit: - [2010/03/23 13:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/10/26 16:36:22 | 001,202,688 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\smserial.sys -- (smserial)
DRV:64bit: - [2009/09/28 09:55:42 | 000,051,760 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\OXSDIDRV_x64.sys -- (OXSDIDRV_x64)
DRV:64bit: - [2009/09/02 04:45:38 | 000,254,464 | R--- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\windrvr6.sys -- (WinDriver6)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 20:10:49 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV:64bit: - [2009/06/29 15:28:40 | 000,112,224 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\slabser.sys -- (slabser)
DRV:64bit: - [2009/06/29 15:28:38 | 000,088,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\slabbus.sys -- (slabbus)
DRV:64bit: - [2009/06/10 16:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 15:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007/10/24 03:00:00 | 000,053,488 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007/07/11 03:30:34 | 000,009,088 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV:64bit: - [2007/04/09 11:09:46 | 000,012,288 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (UsbFltr)
DRV:64bit: - [2007/03/12 15:26:00 | 000,106,496 | ---- | M] (Syntek Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\STK02NW2.sys -- (DCamUSBSTK02N)
DRV:64bit: - [2006/11/18 14:07:48 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2006/11/17 18:49:52 | 000,052,224 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2006/11/16 02:59:52 | 000,053,760 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV - [2010/09/17 16:40:06 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/03/12 15:25:00 | 000,101,520 | ---- | M] (Syntek Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\STK02NW2.sys -- (DCamUSBSTK02N)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1112156953-3265006850-1558540168-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1112156953-3265006850-1558540168-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-1112156953-3265006850-1558540168-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3A 1C 31 32 3B 74 CD 01 [binary data]
IE - HKU\S-1-5-21-1112156953-3265006850-1558540168-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1112156953-3265006850-1558540168-1004\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1112156953-3265006850-1558540168-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\GAWoods\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\GAWoods\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll File not found


[2012/07/26 14:45:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/08/19 05:29:04 | 000,000,000 | ---D | M] (BarQuery) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{D5493C6A-FD62-4255-AA85-AB7E7D0F0001}
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/10/11 18:41:05 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml.old
[2011/11/02 16:44:48 | 000,001,456 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\WebSearchober244950897.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\GAWoods\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\GAWoods\AppData\Local\Google\Chrome\Application\21.0.1180.60\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\GAWoods\AppData\Local\Google\Chrome\Application\21.0.1180.60\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\GAWoods\AppData\Local\Google\Chrome\Application\21.0.1180.60\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Oberon com adapter (Enabled) = C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: File Converter = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\alblmaecejifbilchdofkdanifpmnmfk\1.0.0.0_0\
CHR - Extension: Google Drive = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.1_0\
CHR - Extension: YouTube = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: WGT Golf Challenge = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcilimldmomiaihcfkmaldanopfejefg\32.1.0_0\
CHR - Extension: Full Screen Weather = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg\1.3_0\
CHR - Extension: Quickrr Google Maps Search = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnlfppnpmoiemhelglbefkojhlnahejd\1.1_0\
CHR - Extension: AdBlock = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\
CHR - Extension: Tabs to the front! = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaooagfdhdhmbfchnkhggjmacjlacla\0.2.4_0\
CHR - Extension: avast! WebRep = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: The Weather Channel for Chrome = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop\1.0.0.4_0\
CHR - Extension: Numerics Calculator & Converter = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe\4.3.4_0\
CHR - Extension: Gmail = C:\Users\GAWoods\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/06 10:43:14 | 000,000,855 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (no name) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.364.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Whitey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Calendar 2000.lnk = C:\Program Files (x86)\Software by Design\Calendar.exe (Gregory Braun -- Software Design)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1112156953-3265006850-1558540168-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {707ABFC2-1D27-4A10-A6E4-6BE6BDF9FB11} http://192.168.1.35/UltraMJCamX.cab (UltraMJCamX Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D7208880-9B7A-43E1-AABB-8C888A5704F9} http://mycam148.myli...yerWeb11gv2.cab (NetCamPlayerWeb11gv2 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} http://taxbillupload...lV2/XUpload.ocx (Persits Software XUpload)
O16 - DPF: {E99D3E39-5D92-4360-BA86-2C563B3CFFEB} https://cms.franklin...ort/nrdhtml.cab (Microsoft CMS HTML Editor Toolbar)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{105285D1-3B44-4812-B91E-50670EE1401B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{427306D3-3D06-4601-BEE4-B1C068DDA5B1}: DhcpNameServer = 172.26.38.1 172.26.38.2
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | --S- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2011/04/12 05:38:58 | 000,000,122 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/08/14 11:21:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\catroot2
[2012/08/13 20:12:00 | 000,000,000 | ---D | C] -- C:\acd2f617de03a7be490c9c9fea
[2012/08/08 20:30:14 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Roaming\vlc
[2012/08/08 17:29:29 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\Desktop\RK_Quarantine
[2012/08/07 08:57:05 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\GAWoods\Desktop\OTL.exe
[2012/08/07 01:17:55 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Local\ElevatedDiagnostics
[2012/08/07 01:14:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/08/07 00:06:22 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Local\VirtualStore
[2012/08/06 23:09:31 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Local\Paint.NET
[2012/08/06 22:56:38 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/06 22:55:49 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Local\Google
[2012/08/06 22:55:29 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Local\Deployment
[2012/08/06 22:55:29 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Local\Apps
[2012/08/06 21:23:08 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Roaming\Macromedia
[2012/08/06 21:21:45 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Roaming\Sony Corporation
[2012/08/06 21:21:34 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Roaming\Adobe
[2012/08/06 21:21:29 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Local\LogMeIn
[2012/08/06 21:21:13 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/08/06 21:21:13 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\Searches
[2012/08/06 21:21:13 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/08/06 21:21:13 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/08/06 21:21:02 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Roaming\Identities
[2012/08/06 21:20:59 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\Contacts
[2012/08/06 21:20:46 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/08/06 21:20:46 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\AppData\Local\Temporary Internet Files
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\Templates
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\Start Menu
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\SendTo
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\Recent
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\PrintHood
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\NetHood
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\Documents\My Videos
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\Documents\My Pictures
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\Documents\My Music
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\My Documents
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\Local Settings
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\AppData\Local\History
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\Cookies
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\Application Data
[2012/08/06 21:20:46 | 000,000,000 | -HSD | C] -- C:\Users\GAWoods\AppData\Local\Application Data
[2012/08/06 21:20:46 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Local\Temp
[2012/08/06 21:20:46 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Local\Microsoft Help
[2012/08/06 21:20:46 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Local\Microsoft
[2012/08/06 21:20:46 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData\Roaming\Media Center Programs
[2012/08/06 21:20:45 | 000,000,000 | --SD | C] -- C:\Users\GAWoods\AppData\Roaming\Microsoft
[2012/08/06 21:20:45 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\Videos
[2012/08/06 21:20:45 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\Saved Games
[2012/08/06 21:20:45 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\Pictures
[2012/08/06 21:20:45 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\Music
[2012/08/06 21:20:45 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\Links
[2012/08/06 21:20:45 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\Favorites
[2012/08/06 21:20:45 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\Downloads
[2012/08/06 21:20:45 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\Documents
[2012/08/06 21:20:45 | 000,000,000 | R--D | C] -- C:\Users\GAWoods\Desktop
[2012/08/06 21:20:45 | 000,000,000 | ---D | C] -- C:\Users\GAWoods\AppData
[2012/08/06 10:45:39 | 000,000,000 | ---D | C] -- C:\Windows\softwaredistribution.old
[2012/08/06 10:23:14 | 000,181,064 | ---- | C] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/08/06 10:21:38 | 000,000,000 | ---D | C] -- C:\RegBackup
[2012/08/06 10:18:46 | 000,000,000 | ---D | C] -- C:\Tweaking.com_Windows_Repair_Logs
[2012/08/06 10:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
[2012/08/06 10:18:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tweaking.com
[2012/08/06 10:08:06 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/06 10:08:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/06 10:08:05 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/06 10:08:00 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/06 10:07:58 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/06 10:07:57 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/06 10:07:54 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/06 10:07:53 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/06 10:07:24 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/06 10:07:24 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/06 10:07:10 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/08/06 10:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/06 08:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
[2012/08/06 08:41:12 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2012/07/29 11:21:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\hpmonitor
[2012/07/29 11:19:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2012/07/27 17:19:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glarysoft
[2012/07/26 17:03:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/07/26 16:30:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2012/07/25 19:03:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012/07/25 18:08:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Reference Assemblies
[2012/07/25 18:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2012/07/25 18:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2012/07/25 17:46:02 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/07/22 16:53:24 | 004,274,488 | ---- | C] (PC Cleaners) -- C:\Windows\uninst.exe
[2012/07/22 16:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\PC1Data
[2012/07/22 14:48:48 | 000,000,000 | ---D | C] -- C:\821db997c338c6f53ce736
[2012/07/19 14:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemExplorer
[2012/07/19 14:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Explorer
[2012/07/19 14:17:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\System Explorer
[2012/07/19 07:18:38 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012/07/15 18:57:08 | 000,000,000 | ---D | C] -- C:\FI50809
[2012/07/15 18:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
[2012/07/15 18:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/14 12:08:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1112156953-3265006850-1558540168-1001UA.job
[2012/08/14 12:05:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1112156953-3265006850-1558540168-1004UA.job
[2012/08/14 12:00:54 | 000,024,880 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 12:00:54 | 000,024,880 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/14 12:00:41 | 000,858,532 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/14 12:00:41 | 000,718,094 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/14 12:00:41 | 000,141,046 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/14 12:00:14 | 001,558,528 | ---- | M] () -- C:\Users\GAWoods\Desktop\RogueKiller.exe
[2012/08/14 12:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\tasks\FixCleaner Scan.job
[2012/08/14 11:56:18 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/14 11:56:17 | 000,000,404 | ---- | M] () -- C:\Windows\tasks\FixCleaner Startup.job
[2012/08/14 11:55:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/14 11:55:21 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/14 11:44:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/14 08:27:15 | 675,907,429 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/08/14 08:17:29 | 000,000,512 | ---- | M] () -- C:\Users\GAWoods\Desktop\MBR.dat
[2012/08/13 23:05:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1112156953-3265006850-1558540168-1004Core.job
[2012/08/08 16:08:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1112156953-3265006850-1558540168-1001Core.job
[2012/08/07 08:57:00 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\GAWoods\Desktop\OTL.exe
[2012/08/06 22:56:41 | 000,002,379 | ---- | M] () -- C:\Users\GAWoods\Desktop\Google Chrome.lnk
[2012/08/06 22:32:16 | 000,003,456 | ---- | M] () -- C:\Users\GAWoods\Desktop\fix.reg
[2012/08/06 21:23:00 | 000,001,441 | ---- | M] () -- C:\Users\GAWoods\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/06 10:48:35 | 000,424,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/06 10:46:21 | 000,181,064 | ---- | M] (Sysinternals) -- C:\Windows\PSEXESVC.EXE
[2012/08/06 10:43:14 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/06 10:41:56 | 000,858,532 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/08/06 10:22:16 | 000,000,207 | ---- | M] () -- C:\Windows\tweaking.com-regbackup-WHITEY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/08/06 10:18:36 | 000,002,291 | ---- | M] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/08/06 10:08:07 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/06 10:07:54 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/06 10:00:47 | 000,016,112 | ---- | M] () -- C:\FixitRegBackup.reg
[2012/08/06 09:23:00 | 000,002,121 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/06 08:41:32 | 000,000,796 | ---- | M] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/08/02 09:33:18 | 000,001,090 | ---- | M] () -- C:\Users\Public\Desktop\System Explorer.lnk
[2012/07/26 20:43:39 | 000,443,881 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts_bak_710
[2012/07/22 16:52:39 | 004,274,488 | ---- | M] (PC Cleaners) -- C:\Windows\uninst.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/14 08:27:15 | 675,907,429 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/08/14 08:17:29 | 000,000,512 | ---- | C] () -- C:\Users\GAWoods\Desktop\MBR.dat
[2012/08/08 17:29:09 | 001,558,528 | ---- | C] () -- C:\Users\GAWoods\Desktop\RogueKiller.exe
[2012/08/06 22:56:41 | 000,002,379 | ---- | C] () -- C:\Users\GAWoods\Desktop\Google Chrome.lnk
[2012/08/06 22:55:51 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1112156953-3265006850-1558540168-1004UA.job
[2012/08/06 22:55:50 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1112156953-3265006850-1558540168-1004Core.job
[2012/08/06 22:32:55 | 000,003,456 | ---- | C] () -- C:\Users\GAWoods\Desktop\fix.reg
[2012/08/06 21:23:00 | 000,001,441 | ---- | C] () -- C:\Users\GAWoods\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/06 21:21:21 | 000,001,413 | ---- | C] () -- C:\Users\GAWoods\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/08/06 21:21:14 | 000,001,447 | ---- | C] () -- C:\Users\GAWoods\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/08/06 21:20:46 | 000,000,290 | ---- | C] () -- C:\Users\GAWoods\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/08/06 21:20:46 | 000,000,272 | ---- | C] () -- C:\Users\GAWoods\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/08/06 10:39:25 | 000,303,616 | ---- | C] ( ) -- C:\SetACL.exe
[2012/08/06 10:22:16 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-WHITEY-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
[2012/08/06 10:18:36 | 000,002,291 | ---- | C] () -- C:\Users\Public\Desktop\Tweaking.com - Windows Repair (All in One).lnk
[2012/08/06 10:08:07 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/06 10:07:54 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/08/06 10:00:45 | 000,016,112 | ---- | C] () -- C:\FixitRegBackup.reg
[2012/08/06 08:41:32 | 000,000,796 | ---- | C] () -- C:\Users\Public\Desktop\Speccy.lnk
[2012/07/29 11:32:26 | 000,000,464 | ---- | C] () -- C:\Windows\tasks\FixCleaner Scan.job
[2012/07/29 11:32:24 | 000,000,404 | ---- | C] () -- C:\Windows\tasks\FixCleaner Startup.job
[2012/07/19 14:17:18 | 000,001,090 | ---- | C] () -- C:\Users\Public\Desktop\System Explorer.lnk
[2012/07/14 18:20:21 | 000,001,093 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/04 10:21:52 | 000,190,124 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/11/02 16:44:35 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/05/28 15:24:03 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\KmRemove.exe
[2011/04/20 22:43:27 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\msiexec.exe
[2011/03/25 07:40:29 | 000,002,411 | ---- | C] () -- C:\Windows\esdrawsa.ini
[2011/03/25 07:40:29 | 000,000,053 | ---- | C] () -- C:\Windows\esdrawkey.ini
[2011/03/25 07:40:10 | 000,002,450 | ---- | C] () -- C:\Windows\esdraw.ini

========== LOP Check ==========

[2010/09/05 08:45:14 | 000,000,000 | ---D | M] -- C:\Users\Telitha\AppData\Roaming\Canon
[2011/08/28 19:39:23 | 000,000,000 | ---D | M] -- C:\Users\Telitha\AppData\Roaming\Foxit Software
[2011/04/17 17:26:12 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\Canon
[2011/04/27 20:51:30 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\CTdeveloping
[2011/01/24 20:24:51 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\CustomBrushesMini
[2012/07/25 17:46:14 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\DriverCure
[2012/08/01 07:50:52 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\FixCleaner
[2012/07/18 09:38:38 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\Foxit Software
[2011/08/23 17:28:42 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\GetRightToGo
[2012/07/27 17:20:49 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\GlarySoft
[2010/02/08 16:33:56 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\Gmail Backup
[2012/02/09 10:47:05 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\gtk-2.0
[2010/07/19 10:23:58 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\HandBrake
[2011/03/11 18:02:13 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\inkscape
[2011/08/28 09:41:06 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\ObviousIdea
[2012/07/22 16:53:38 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\PC Cleaners
[2012/07/22 16:53:44 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\PCPro
[2010/02/09 19:46:19 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\PDF Writer
[2012/07/25 17:46:14 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\SpeedyPC Software
[2011/11/17 20:44:10 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\TeamViewer
[2011/12/24 10:34:32 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\Thunderbird
[2010/07/19 13:29:01 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\Titanium Gears
[2010/05/21 15:29:04 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\TomTom
[2011/10/26 20:22:56 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\Unity
[2011/06/07 08:00:53 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\Vso
[2010/11/01 13:20:30 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\Windows Live Writer
[2012/07/22 17:07:17 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\YouSendIt
[2012/07/22 17:07:17 | 000,000,000 | ---D | M] -- C:\Users\Whitey\AppData\Roaming\ZumoDrive
[2012/08/14 12:00:00 | 000,000,464 | ---- | M] () -- C:\Windows\Tasks\FixCleaner Scan.job
[2012/08/14 11:56:17 | 000,000,404 | ---- | M] () -- C:\Windows\Tasks\FixCleaner Startup.job
[2012/07/27 17:24:53 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >
[2008/05/08 01:03:22 | 000,303,616 | ---- | M] ( ) -- C:\SetACL.exe
[2004/06/11 19:33:28 | 000,290,304 | ---- | M] (Microsoft Corporation) -- C:\subinacl.exe

< C:\acd2f617de03a7be490c9c9fea\* /s >

< C:\821db997c338c6f53ce736\* /s >

< C:\FI50809\* /s >
[2012/07/15 18:57:39 | 000,003,587 | ---- | M] () -- C:\FI50809\Msirepair.reg

< End of report >
  • 0

Advertisements

#17
CompCav
Posted 14 August 2012 - 11:47 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.

We have hard drive issues.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.



Step 2.

When it finishes:
1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Please post the second output log as well.
  • 0

#18
G_Woods
Posted 14 August 2012 - 07:41 PM

G_Woods

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 14/08/2012 9:40:07 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 15/08/2012 1:37:38 AM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 15/08/2012 1:37:37 AM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 15/08/2012 1:37:37 AM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 15/08/2012 1:37:36 AM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 15/08/2012 1:37:36 AM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk1\DR1.

Log: 'System' Date/Time: 15/08/2012 1:36:32 AM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: ASPI32

Log: 'System' Date/Time: 15/08/2012 1:36:19 AM
Type: Error Category: 0
Event: 7001 Source: Service Control Manager
The Net.Tcp Listener Adapter service depends on the Net.Tcp Port Sharing Service service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 15/08/2012 1:36:19 AM
Type: Error Category: 0
Event: 7003 Source: Service Control Manager
The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

Log: 'System' Date/Time: 15/08/2012 1:36:03 AM
Type: Error Category: 0
Event: 7023 Source: Service Control Manager
The Microsoft Antimalware Service service terminated with the following error: %%-2147024894

Log: 'System' Date/Time: 15/08/2012 1:35:45 AM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\SystemRoot\SysWow64\Drivers\ASPI32.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 14/08/2012 11:25:52 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.
  • 0

#19
CompCav
Posted 14 August 2012 - 07:57 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
You may have a bad connection to and from one of your hard disks. If you open up Start Menu -> Computer -> Right click on the C: drive -> Click Properties -> Click the Hardware tab -> And see which device has location 1, that will indicate where the problem lies. Post a screenshot of the hardware with location 1.
  • 0

#20
G_Woods
Posted 14 August 2012 - 08:26 PM

G_Woods

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
I don't see any devices with "Location 1".[attachment=59743:Device Properties.png]
  • 0

#21
CompCav
Posted 14 August 2012 - 08:54 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
OK then do you have a USB external drive that you use regularly?


We also need to run a deep scan.

Download AVPTool from Here to your desktop

Run the program you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image


Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

Posted Image

Allow AVP to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threats report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun AVP and select the Manual Disinfection tab and press Start Gathering System Information

Posted Image

On completion click the link to locate the zip file to upload and attach to your next post

Posted Image
  • 0

#22
G_Woods
Posted 14 August 2012 - 09:06 PM

G_Woods

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
I have an 8gb thumb drive that I use as extra ram. "ReadyBoost" FAT32. But it stays plugged in all the time.

I also have a network attached storage drive that is in another room connected to my router.

Edited by G_Woods, 14 August 2012 - 09:13 PM.

  • 0

#23
CompCav
Posted 14 August 2012 - 09:19 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
OK that explains it. I need you to shutdown the computer and remove the USB drive then start it again and run the tool.

Now run the tool the two ways described and post the log from the first run and attach the log from the second run :thumbsup:


CompCav
  • 0

#24
CompCav
Posted 14 August 2012 - 09:20 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Please shutdown the computer and remove the USB drive then start the computer again to run the tool.
  • 0

#25
G_Woods
Posted 14 August 2012 - 09:52 PM

G_Woods

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Re-run the AVPTool. Correct?
  • 0

Advertisements

#26
CompCav
Posted 15 August 2012 - 01:19 AM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
yes
  • 0

#27
G_Woods
Posted 15 August 2012 - 01:13 PM

G_Woods

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
I had to compress the "Application Event Log" it was 20mb
  • 0

#28
CompCav
Posted 15 August 2012 - 01:27 PM

CompCav

    Member 5k

  • Expert
  • 12,454 posts
Step 1.



  • Please open MalwareBytes' Anti-Malwware.
  • Make sure to Update Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.


Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


Step 2.

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 3.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 4.

Please post:


mbam log
eset log
security check log

Please give me an update on how your computer is doing!
  • 0

#29
G_Woods
Posted 15 August 2012 - 01:54 PM

G_Woods

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.15.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
GAWoods :: WHITEY-PC [administrator]

Protection: Disabled

8/15/2012 3:46:26 PM
mbam-log-2012-08-15 (15-46-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 267072
Time elapsed: 5 minute(s), 31 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\$Recycle.Bin\S-1-5-21-1112156953-3265006850-1558540168-1004\$RQ46NJV.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

(end)
  • 0

#30
G_Woods
Posted 15 August 2012 - 06:16 PM

G_Woods

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts
ESET Online Scanner report:

C:\Program Files (x86)\Mozilla Firefox\extensions\{D5493C6A-FD62-4255-AA85-AB7E7D0F0001}\chrome\barquery.jar Win32/Adware.OneStep application deleted - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\WiIQfraud11.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Users\Whitey\Downloads\musicoasis.exe probably a variant of Win32/InstallIQ application cleaned by deleting - quarantined
C:\Users\Whitey\Downloads\OfficeKeyRemover1.0.0.4-Setup.zip Win32/OpenCandy application deleted - quarantined
C:\Users\Whitey\Downloads\speedupmypc3plc.exe Win32/SpeedUpMyPC application cleaned by deleting - quarantined
C:\Users\Whitey\Downloads\YouTubeDownloaderSetup35.exe Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\Whitey\Downloads\OfficeKeyRemover1.0.0.4-Setup\Office Key Remover 1.0.0.4 - Setup.exe Win32/OpenCandy application cleaned by deleting - quarantined
C:\Windows\Installer\18e36fda.msi probably a variant of Win32/Toolbar.Widgi application deleted - quarantined


Results of screen317's Security Check version 0.99.44
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
Java version out of Date!
Adobe Reader X 10.1.3 Adobe Reader out of Date!
Google Chrome 21.0.1180.60
Google Chrome VisualElementsManifest.xml..
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP