Hey thanks for the reply
Heres the logs you asked for
OTL logfile created on: 23/09/2012 10:47:01 - Run 1
OTL by OldTimer - Version 3.2.66.0 Folder = c:\Users\Corey\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.75 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 55.38% Memory free
5.70 Gb Paging File | 4.24 Gb Available in Paging File | 74.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.70 Gb Total Space | 75.59 Gb Free Space | 54.11% Space Free | Partition Type: NTFS
Drive D: | 9.35 Gb Total Space | 1.64 Gb Free Space | 17.51% Space Free | Partition Type: NTFS
Drive E: | 6.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: COREY-PC | User Name: Corey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/09/23 10:31:49 | 000,601,600 | ---- | M] (OldTimer Tools) -- c:\Users\Corey\Downloads\OTL.exe
PRC - [2012/09/22 20:51:52 | 000,722,528 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe
PRC - [2012/09/22 20:51:48 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
PRC - [2012/09/14 05:35:58 | 003,039,352 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgui.exe
PRC - [2012/09/12 05:41:24 | 000,713,848 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgrsx.exe
PRC - [2012/08/28 11:11:34 | 000,690,888 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
PRC - [2012/08/27 02:27:10 | 001,108,088 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgnsx.exe
PRC - [2012/08/20 04:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe
PRC - [2012/08/20 04:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgidsagent.exe
PRC - [2012/08/20 04:52:34 | 000,783,992 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgemcx.exe
PRC - [2012/08/20 04:52:26 | 000,450,168 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2013\avgcsrvx.exe
PRC - [2012/07/18 18:05:10 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/07/18 18:05:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/07/18 18:04:59 | 000,086,992 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\ipmgui.exe
PRC - [2012/07/18 18:04:50 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/07/18 18:04:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/07/02 16:02:28 | 004,473,728 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMF.exe
PRC - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/26 09:15:26 | 000,361,808 | ---- | M] () -- C:\WINDOWS\SMINST\BLService.exe
PRC - [2008/02/22 12:25:21 | 000,144,784 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
========== Modules (No Company Name) ========== MOD - [2012/09/22 20:51:59 | 000,564,832 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll
MOD - [2012/09/22 20:51:54 | 000,132,704 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll
MOD - [2012/09/22 20:51:48 | 000,947,808 | ---- | M] () -- C:\Program Files\AVG Secure Search\vprot.exe
MOD - [2012/09/05 18:29:21 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012/08/30 20:36:12 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\1b337cf9a031145849bc48c11b2cfe58\Accessibility.ni.dll
MOD - [2012/08/30 20:36:09 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/08/30 20:35:49 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\663112d3002034cf5126be253efff60d\System.Web.Services.ni.dll
MOD - [2012/08/30 20:34:50 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012/08/30 20:34:33 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012/08/30 20:33:07 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/08/30 20:31:25 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/08/30 14:38:33 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2008/06/12 06:18:38 | 000,120,216 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
MOD - [2008/06/12 06:18:36 | 000,259,480 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
MOD - [2008/06/12 06:18:34 | 000,345,384 | ---- | M] () -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
MOD - [2007/08/14 20:59:54 | 006,365,184 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll
MOD - [2007/07/12 20:55:52 | 000,131,072 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2007/07/12 20:55:28 | 001,581,056 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll
========== Services (SafeList) ========== SRV - [2012/09/22 20:51:52 | 000,722,528 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe -- (vToolbarUpdater12.2.6)
SRV - [2012/08/20 04:53:34 | 000,184,304 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012/08/20 04:52:42 | 005,751,928 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/07/18 18:05:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/07/18 18:04:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/09 20:17:44 | 000,821,592 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe -- (IMFservice)
SRV - [2011/11/16 17:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2008/04/26 09:15:26 | 000,361,808 | ---- | M] () [Auto | Running] -- C:\WINDOWS\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/02/03 20:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\WINDOWS\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012/09/22 20:51:56 | 000,027,496 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtpx86.sys -- (avgtp)
DRV - [2012/09/17 18:58:56 | 000,051,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012/09/14 05:34:34 | 000,089,440 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012/09/12 11:47:22 | 000,164,704 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012/09/12 11:47:04 | 000,151,648 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012/09/02 21:04:28 | 000,010,536 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\hmonitor45.sys -- (Hmonitor45)
DRV - [2012/08/13 16:40:54 | 000,176,096 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012/08/10 04:52:28 | 000,019,808 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012/08/10 04:52:18 | 000,035,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/08/09 13:56:44 | 000,178,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012/07/18 18:05:10 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/07/18 18:05:10 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/07/18 18:05:10 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/07/05 13:53:52 | 000,019,832 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\UrlFilter.sys -- (UrlFilter)
DRV - [2012/07/05 13:53:50 | 000,030,640 | ---- | M] (IObit.com) [Kernel | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\RegFilter.sys -- (RegFilter)
DRV - [2012/01/05 18:07:28 | 000,020,336 | ---- | M] (IObit) [File_System | On_Demand | Running] -- C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys -- (FileMonitor)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/07/23 21:01:00 | 009,791,072 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/06/05 17:58:42 | 000,222,208 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/05/09 20:17:32 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/04/27 19:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/24 23:51:46 | 000,014,848 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2008/01/29 14:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/10/18 00:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/19 01:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...resario&pf=cnnbIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://ie.redirect.h...resario&pf=cnnbIE - HKLM\..\URLSearchHook: {3bbd3c14-4c16-4989-8366-95bc9179779d} - SOFTWARE\Classes\CLSID\{3bbd3c14-4c16-4989-8366-95bc9179779d}\InprocServer32 File not found
IE - HKLM\..\SearchScopes,DefaultScope = {24D7C095-6F20-4F20-863D-E518F34F550B}
IE - HKLM\..\SearchScopes\{24D7C095-6F20-4F20-863D-E518F34F550B}: "URL" =
http://slirsredirect...hpcnnbie7-en-gbIE - HKLM\..\SearchScopes\{46BF7163-5FFC-42B8-B8D3-93663F3407D9}: "URL" =
http://uk.kelkoopart...tnerId=96913936IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" =
http://search.condui...&ctid=CT3196716IE - HKLM\..\SearchScopes\{F89D75F6-187F-4801-825D-564ADB84CBAB}: "URL" =
http://uk.kelkoopart...tnerId=96913936 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://ie.redirect.h...resario&pf=cnnbIE - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/IE - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\..\URLSearchHook: {3bbd3c14-4c16-4989-8366-95bc9179779d} - SOFTWARE\Classes\CLSID\{3bbd3c14-4c16-4989-8366-95bc9179779d}\InprocServer32 File not found
IE - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\..\URLSearchHook: {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No CLSID value found
IE - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\..\SearchScopes,DefaultScope = {24D7C095-6F20-4F20-863D-E518F34F550B}
IE - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\..\SearchScopes\{24D7C095-6F20-4F20-863D-E518F34F550B}: "URL" =
http://slirsredirect...hpcnnbie7-en-gbIE - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\..\SearchScopes\{46BF7163-5FFC-42B8-B8D3-93663F3407D9}: "URL" =
http://uk.kelkoopart...tnerId=96913936IE - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" =
https://isearch.avg....fr&d=2012-09-22 20:52:01&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\..\SearchScopes\{EE047DB1-406D-456E-ADE5-73A69E372005}: "URL" =
http://search.condui...&ctid=CT3201318IE - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\..\SearchScopes\{F89D75F6-187F-4801-825D-564ADB84CBAB}: "URL" =
http://uk.kelkoopart...tnerId=96913936IE - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Corey\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Corey\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.34\ [2012/09/22 20:52:50 | 000,000,000 | ---D | M]
========== Chrome ========== CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Corey\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Corey\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Corey\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Corey\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Corey\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: AVG Secure Search = C:\Users\Corey\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.34_0\
O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (FLV Runner Toolbar) - {3bbd3c14-4c16-4989-8366-95bc9179779d} - C:\Program Files\FLV_Runner\prxtbFLV_.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (FLV Runner Toolbar) - {3bbd3c14-4c16-4989-8366-95bc9179779d} - C:\Program Files\FLV_Runner\prxtbFLV_.dll File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O3 - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\..\Toolbar\WebBrowser: (FLV Runner Toolbar) - {3BBD3C14-4C16-4989-8366-95BC9179779D} - C:\Program Files\FLV_Runner\prxtbFLV_.dll File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-203628022-2586996127-1559333331-1000..\Run: [ShowBatteryBar] C:\Program Files\BatteryBar\ShowBatteryBar.exe ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-203628022-2586996127-1559333331-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E63A2E35-9158-48A9-A29D-EE9688C3CBA8}: DhcpNameServer = 192.168.1.254 192.168.1.254
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Dots.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Dots.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/04 18:37:14 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/07/16 03:07:53 | 000,000,044 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{52541701-f01a-11e1-9fbf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{52541701-f01a-11e1-9fbf-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Launch.exe -- [2007/12/18 12:29:19 | 004,657,152 | R--- | M] (Macrovision Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: ezSharedSvc - C:\WINDOWS\System32\ezsvc7.dll (EasyBits Sofware AS)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2012/09/22 20:54:39 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\AVG2013
[2012/09/22 20:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/09/22 20:53:00 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\TuneUp Software
[2012/09/22 20:52:51 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\AVG Secure Search
[2012/09/22 20:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012/09/22 20:51:56 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/09/22 20:51:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVG Secure Search
[2012/09/22 20:51:47 | 000,000,000 | ---D | C] -- C:\Program Files\AVG Secure Search
[2012/09/22 20:48:01 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/09/22 20:48:01 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012/09/22 20:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012/09/22 20:37:03 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012/09/22 20:37:02 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\MFAData
[2012/09/22 20:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012/09/22 20:37:02 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\Avg2013
[2012/09/20 18:38:02 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/09/18 19:01:01 | 000,000,000 | ---D | C] -- C:\Users\Corey\Documents\Slender_v0_9_5
[2012/09/17 18:58:56 | 000,051,936 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[2012/09/15 11:45:23 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\BatteryBar
[2012/09/15 11:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\BatteryBar
[2012/09/14 05:34:34 | 000,089,440 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2012/09/12 17:21:28 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Warcraft III
[2012/09/12 17:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Warcraft III
[2012/09/12 17:21:27 | 000,126,976 | ---- | C] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe
[2012/09/12 17:16:14 | 000,000,000 | ---D | C] -- C:\Program Files\Warcraft III
[2012/09/12 11:47:22 | 000,164,704 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/09/12 11:47:04 | 000,151,648 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2012/09/10 20:35:30 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\Adobe
[2012/09/05 21:33:54 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\CyberLink
[2012/09/05 21:33:43 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
[2012/09/05 21:33:43 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2012/09/05 21:33:43 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\MPV.exe
[2012/09/05 21:33:43 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\Karaoke.exe
[2012/09/05 21:33:42 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\Users\Public\Documents\Games.exe
[2012/09/05 21:33:42 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\ENU
[2012/09/05 21:33:40 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\QuickPlay
[2012/09/05 21:16:26 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2012/09/05 21:14:02 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\uTorrent
[2012/09/04 22:59:32 | 000,000,000 | ---D | C] -- C:\Users\Corey\Documents\Eternal Lands
[2012/09/04 22:58:37 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Eternal Lands
[2012/09/04 22:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eternal Lands
[2012/09/04 22:57:50 | 000,000,000 | ---D | C] -- C:\Program Files\Eternal Lands
[2012/09/02 21:04:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hmonitor
[2012/09/02 21:04:27 | 000,000,000 | ---D | C] -- C:\Program Files\Hmonitor
[2012/09/02 20:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL OCP
[2012/09/02 20:57:26 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\AOL OCP
[2012/09/02 20:57:25 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL
[2012/08/30 21:02:05 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\ApplicationHistory
[2012/08/30 20:56:41 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2012/08/30 20:55:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
[2012/08/30 20:40:20 | 000,000,000 | ---D | C] -- C:\Program Files\SEGA
[2012/08/30 20:37:46 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\InstallShield
[2012/08/30 14:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2012/08/30 13:37:14 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2012/08/30 00:44:46 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/30 00:43:12 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\Google
[2012/08/30 00:42:50 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\Deployment
[2012/08/30 00:42:50 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\Apps
[2012/08/27 20:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2012/08/27 20:28:07 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\Conduit
[2012/08/27 18:40:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2012/08/27 18:40:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2012/08/27 18:40:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2012/08/27 18:14:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2012/08/27 17:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total War
[2012/08/27 16:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\The Creative Assembly
[2012/08/27 15:09:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/08/27 13:36:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2012/08/27 12:32:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2012/08/27 12:25:29 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2012/08/27 12:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2012/08/27 12:23:40 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012/08/27 12:23:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2012/08/27 12:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
[2012/08/27 12:16:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2012/08/27 12:14:09 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\Microsoft Help
[2012/08/27 12:10:32 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012/08/27 12:02:12 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\Seven Zip
[2012/08/27 11:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2012/08/27 11:44:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2012/08/27 11:44:32 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\IObit
[2012/08/27 11:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2012/08/27 11:35:03 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\Avira
[2012/08/27 11:32:02 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012/08/27 11:32:01 | 000,137,928 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012/08/27 11:32:01 | 000,083,392 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012/08/27 11:32:01 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012/08/27 11:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/08/27 11:32:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012/08/27 11:27:02 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\Macromedia
[2012/08/27 09:09:00 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2012/08/27 08:36:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/27 08:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012/08/27 08:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012/08/27 08:32:27 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012/08/27 08:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LightScribe
[2012/08/27 08:28:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetWaiting
[2012/08/27 08:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\NetWaiting
[2012/08/27 08:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2012/08/27 08:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012/08/27 08:20:34 | 000,909,824 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys
[2012/08/27 08:20:33 | 000,393,216 | ---- | C] (Atheros) -- C:\Windows\System32\athihvs.dll
[2012/08/27 08:20:33 | 000,376,832 | ---- | C] (Atheros) -- C:\Windows\System32\S64CPA.exe
[2012/08/27 08:20:33 | 000,053,248 | ---- | C] (Atheros) -- C:\Windows\System32\athihvui.dll
[2012/08/27 08:20:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\nn-NO
[2012/08/27 08:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros
[2012/08/27 08:20:18 | 000,000,000 | ---D | C] -- C:\Program Files\Cisco
[2012/08/27 08:20:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2012/08/27 08:16:21 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/08/27 08:11:33 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/08/27 00:53:18 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\Symantec
[2012/08/27 00:52:49 | 000,000,000 | R--D | C] -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/08/27 00:52:49 | 000,000,000 | R--D | C] -- C:\Users\Corey\Searches
[2012/08/27 00:52:49 | 000,000,000 | R--D | C] -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/08/27 00:52:40 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\Identities
[2012/08/27 00:52:37 | 000,000,000 | R--D | C] -- C:\Users\Corey\Contacts
[2012/08/27 00:52:11 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\Adobe
[2012/08/27 00:51:30 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\Hewlett-Packard
[2012/08/27 00:51:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Viewpoint
[2012/08/27 00:51:24 | 000,000,000 | ---D | C] -- C:\Program Files\Viewpoint
[2012/08/27 00:51:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIM
[2012/08/27 00:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AOL
[2012/08/27 00:50:56 | 000,000,000 | ---D | C] -- C:\Program Files\AIM6
[2012/08/27 00:50:42 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
[2012/08/27 00:47:44 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\VirtualStore
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\AppData\Local\Temporary Internet Files
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\Templates
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\Start Menu
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\SendTo
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\Recent
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\PrintHood
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\NetHood
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\Documents\My Videos
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\Documents\My Pictures
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\Documents\My Music
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\My Documents
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\Local Settings
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\AppData\Local\History
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\Cookies
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\Application Data
[2012/08/27 00:47:41 | 000,000,000 | -HSD | C] -- C:\Users\Corey\AppData\Local\Application Data
[2012/08/27 00:47:40 | 000,000,000 | --SD | C] -- C:\Users\Corey\AppData\Roaming\Microsoft
[2012/08/27 00:47:40 | 000,000,000 | R--D | C] -- C:\Users\Corey\Videos
[2012/08/27 00:47:40 | 000,000,000 | R--D | C] -- C:\Users\Corey\Saved Games
[2012/08/27 00:47:40 | 000,000,000 | R--D | C] -- C:\Users\Corey\Pictures
[2012/08/27 00:47:40 | 000,000,000 | R--D | C] -- C:\Users\Corey\Music
[2012/08/27 00:47:40 | 000,000,000 | R--D | C] -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/08/27 00:47:40 | 000,000,000 | R--D | C] -- C:\Users\Corey\Links
[2012/08/27 00:47:40 | 000,000,000 | R--D | C] -- C:\Users\Corey\Favorites
[2012/08/27 00:47:40 | 000,000,000 | R--D | C] -- C:\Users\Corey\Downloads
[2012/08/27 00:47:40 | 000,000,000 | R--D | C] -- C:\Users\Corey\Documents
[2012/08/27 00:47:40 | 000,000,000 | R--D | C] -- C:\Users\Corey\Desktop
[2012/08/27 00:47:40 | 000,000,000 | R--D | C] -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/08/27 00:47:40 | 000,000,000 | -H-D | C] -- C:\Users\Corey\AppData
[2012/08/27 00:47:40 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\Temp
[2012/08/27 00:47:40 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Local\Microsoft
[2012/08/27 00:47:40 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\Media Center Programs
[2012/08/27 00:47:40 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
[2012/08/27 00:47:40 | 000,000,000 | ---D | C] -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
========== Files - Modified Within 30 Days ========== [2012/09/23 10:53:15 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-203628022-2586996127-1559333331-1000UA.job
[2012/09/23 10:43:41 | 000,000,248 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/09/23 10:42:39 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/09/23 10:42:38 | 000,031,871 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/09/23 10:41:20 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/23 10:41:20 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/23 10:41:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/22 20:53:02 | 000,000,842 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/09/22 20:51:56 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys
[2012/09/22 16:48:34 | 000,004,608 | ---- | M] () -- C:\Users\Corey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/22 14:53:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-203628022-2586996127-1559333331-1000Core.job
[2012/09/20 18:37:52 | 325,789,759 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/09/17 18:58:56 | 000,051,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\avgidshx.sys
[2012/09/14 16:24:42 | 000,617,964 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/09/14 16:24:42 | 000,112,698 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/09/14 05:34:34 | 000,089,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2012/09/12 17:21:31 | 000,018,037 | ---- | M] () -- C:\Windows\War3Unin.dat
[2012/09/12 17:21:31 | 000,001,734 | ---- | M] () -- C:\Users\Corey\Desktop\Warcraft III.lnk
[2012/09/12 17:21:28 | 000,002,829 | ---- | M] () -- C:\Windows\War3Unin.pif
[2012/09/12 17:21:27 | 000,126,976 | ---- | M] (Blizzard Entertainment) -- C:\Windows\War3Unin.exe
[2012/09/12 11:47:22 | 000,164,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2012/09/12 11:47:04 | 000,151,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2012/09/05 21:33:45 | 003,063,561 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MobileTV.exe
[2012/09/05 21:33:43 | 002,989,660 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\DVD.exe
[2012/09/05 21:33:43 | 002,864,396 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\MPV.exe
[2012/09/05 21:33:43 | 002,331,174 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\Karaoke.exe
[2012/09/05 21:33:42 | 002,231,606 | ---- | M] (Macromedia, Inc.) -- C:\Users\Public\Documents\Games.exe
[2012/09/05 21:16:27 | 000,000,776 | ---- | M] () -- C:\Users\Corey\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/09/05 21:16:27 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/09/05 17:21:10 | 000,001,677 | ---- | M] () -- C:\Users\Corey\Desktop\test.lnk
[2012/09/04 22:58:37 | 000,001,667 | ---- | M] () -- C:\Users\Corey\Desktop\Eternal Lands.lnk
[2012/09/04 21:54:45 | 000,002,042 | ---- | M] () -- C:\Users\Corey\Desktop\Google Chrome.lnk
[2012/09/04 21:54:45 | 000,002,004 | ---- | M] () -- C:\Users\Corey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/09/03 15:15:35 | 000,000,056 | -H-- | M] () -- C:\Windows\System32\ezsidmv.dat
[2012/09/02 21:04:28 | 000,010,536 | ---- | M] () -- C:\Windows\System32\drivers\hmonitor45.sys
[2012/09/02 21:04:27 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\Hmonitor.lnk
[2012/08/30 20:55:50 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Medieval II Total War.lnk
[2012/08/30 14:31:51 | 000,389,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/30 14:14:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/08/29 23:41:06 | 000,000,943 | ---- | M] () -- C:\Users\Corey\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/29 23:19:03 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/08/29 23:19:03 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/08/29 23:18:45 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/08/27 20:01:28 | 000,000,938 | ---- | M] () -- C:\Users\Corey\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/08/27 17:05:58 | 000,002,011 | ---- | M] () -- C:\Users\Public\Desktop\Barbarian Invasion.lnk
[2012/08/27 17:05:58 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Rome - Total War.lnk
[2012/08/27 15:09:01 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/08/27 11:59:02 | 000,001,589 | ---- | M] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2012/08/27 11:56:45 | 000,588,472 | ---- | M] (EasyBits Software AS) -- C:\Windows\System32\ezsvc7x.dll
[2012/08/27 11:44:37 | 000,000,966 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/08/27 08:40:38 | 000,047,092 | ---- | M] () -- C:\Windows\System32\license.rtf
[2012/08/27 08:27:06 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2012/08/27 08:16:37 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012/08/27 00:52:27 | 000,000,044 | ---- | M] () -- C:\Windows\System\hpsysdrv.dat
[2012/08/27 00:51:27 | 000,000,373 | -H-- | M] () -- C:\IPH.PH
[2012/08/27 00:51:24 | 000,001,820 | ---- | M] () -- C:\Users\Corey\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM 6.1.lnk
[2012/08/27 00:48:49 | 000,000,000 | RHS- | M] () -- C:\Windows\System32\drivers\103C_HP_cNB_Presario CQ60 Notebook PC_Y5335KV_0U_Q2CE840FCZF_E480060-033_4A_I303C_SWistron_V08.40_F.24_T080903_WV3-1_L409_M2814_J160_7AMD_8F31_92.00_#120827_N168C002A;10DE0760_(FV855EA#ABU)_XMOBILE_CN10_Z_2F.24.MRK
========== Files Created - No Company Name ========== [2012/09/22 20:53:01 | 000,000,842 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012/09/22 16:48:32 | 000,004,608 | ---- | C] () -- C:\Users\Corey\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/20 18:37:52 | 325,789,759 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/09/12 17:21:31 | 000,001,734 | ---- | C] () -- C:\Users\Corey\Desktop\Warcraft III.lnk
[2012/09/12 17:21:29 | 000,018,037 | ---- | C] () -- C:\Windows\War3Unin.dat
[2012/09/12 17:21:28 | 000,002,829 | ---- | C] () -- C:\Windows\War3Unin.pif
[2012/09/05 21:16:27 | 000,000,776 | ---- | C] () -- C:\Users\Corey\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2012/09/05 21:16:27 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2012/09/05 17:20:45 | 000,001,677 | ---- | C] () -- C:\Users\Corey\Desktop\test.lnk
[2012/09/04 22:58:37 | 000,001,667 | ---- | C] () -- C:\Users\Corey\Desktop\Eternal Lands.lnk
[2012/09/03 15:15:35 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2012/09/02 21:04:28 | 000,010,536 | ---- | C] () -- C:\Windows\System32\drivers\hmonitor45.sys
[2012/09/02 21:04:27 | 000,000,804 | ---- | C] () -- C:\Users\Public\Desktop\Hmonitor.lnk
[2012/08/30 20:55:50 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Medieval II Total War.lnk
[2012/08/30 14:14:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2012/08/30 00:44:53 | 000,002,042 | ---- | C] () -- C:\Users\Corey\Desktop\Google Chrome.lnk
[2012/08/30 00:44:53 | 000,002,004 | ---- | C] () -- C:\Users\Corey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/30 00:43:47 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-203628022-2586996127-1559333331-1000UA.job
[2012/08/30 00:43:47 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-203628022-2586996127-1559333331-1000Core.job
[2012/08/29 23:18:45 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/08/27 20:01:27 | 000,000,938 | ---- | C] () -- C:\Users\Corey\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2012/08/27 18:05:56 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2012/08/27 18:05:55 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2012/08/27 18:05:49 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2012/08/27 18:05:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2012/08/27 18:05:48 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2012/08/27 18:05:45 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2012/08/27 18:05:43 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2012/08/27 18:05:25 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2012/08/27 18:05:22 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2012/08/27 18:04:36 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2012/08/27 17:05:58 | 000,002,011 | ---- | C] () -- C:\Users\Public\Desktop\Barbarian Invasion.lnk
[2012/08/27 17:05:58 | 000,001,988 | ---- | C] () -- C:\Users\Public\Desktop\Rome - Total War.lnk
[2012/08/27 14:00:16 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012/08/27 13:59:44 | 000,031,871 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012/08/27 13:34:43 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2012/08/27 13:34:43 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2012/08/27 13:34:43 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2012/08/27 12:25:03 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2012/08/27 11:59:02 | 000,001,589 | ---- | C] () -- C:\Users\Public\Desktop\Browser Choice.lnk
[2012/08/27 11:52:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2012/08/27 11:52:01 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2012/08/27 11:44:37 | 000,000,966 | ---- | C] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2012/08/27 11:32:22 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/08/27 11:26:31 | 000,000,943 | ---- | C] () -- C:\Users\Corey\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/08/27 08:36:05 | 000,000,248 | ---- | C] () -- C:\Users\Public\Documents\hpqp.ini
[2012/08/27 08:36:03 | 000,001,736 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Play.lnk
[2012/08/27 08:28:19 | 006,416,928 | ---- | C] () -- C:\Windows\System\DriveIcon.dll
[2012/08/27 08:27:06 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01000.Wdf
[2012/08/27 08:23:19 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2012/08/27 08:23:00 | 000,002,016 | ---- | C] () -- C:\Windows\System32\nvsmb.nvu
[2012/08/27 08:16:37 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2012/08/27 00:52:50 | 000,000,949 | ---- | C] () -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/08/27 00:52:48 | 000,000,944 | ---- | C] () -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012/08/27 00:52:36 | 000,000,915 | ---- | C] () -- C:\Users\Corey\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012/08/27 00:52:27 | 000,000,044 | ---- | C] () -- C:\Windows\System\hpsysdrv.dat
[2012/08/27 00:51:24 | 000,001,820 | ---- | C] () -- C:\Users\Corey\Application Data\Microsoft\Internet Explorer\Quick Launch\AIM 6.1.lnk
[2012/08/27 00:50:53 | 000,000,373 | -H-- | C] () -- C:\IPH.PH
[2012/08/27 00:50:45 | 000,002,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visit eBay.co.uk.lnk
[2012/08/27 00:50:45 | 000,002,073 | ---- | C] () -- C:\Users\Public\Desktop\Visit eBay.co.uk.lnk
[2012/08/27 00:50:45 | 000,001,932 | ---- | C] () -- C:\Users\Public\Desktop\For Kids.lnk
[2012/08/27 00:50:45 | 000,001,932 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\For Kids.lnk
[2012/08/27 00:50:45 | 000,001,849 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/27 00:50:37 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\HP Total Care Advisor.lnk
[2012/08/27 00:50:37 | 000,001,859 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Total Care Advisor.lnk
[2012/08/27 00:48:49 | 000,000,000 | RHS- | C] () -- C:\Windows\System32\drivers\103C_HP_cNB_Presario CQ60 Notebook PC_Y5335KV_0U_Q2CE840FCZF_E480060-033_4A_I303C_SWistron_V08.40_F.24_T080903_WV3-1_L409_M2814_J160_7AMD_8F31_92.00_#120827_N168C002A;10DE0760_(FV855EA#ABU)_XMOBILE_CN10_Z_2F.24.MRK
[2012/08/27 00:47:41 | 000,000,258 | ---- | C] () -- C:\Users\Corey\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/08/27 00:47:41 | 000,000,240 | ---- | C] () -- C:\Users\Corey\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
========== ZeroAccess Check ========== [2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ========== [2012/09/22 20:54:39 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\AVG2013
[2012/09/15 13:23:14 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\BatteryBar
[2012/08/27 11:44:33 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\IObit
[2012/09/22 20:53:00 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\TuneUp Software
[2012/09/22 16:50:29 | 000,000,000 | ---D | M] -- C:\Users\Corey\AppData\Roaming\uTorrent
========== Purity Check ========== ========== Custom Scans ========== ========== Base Services ==========SRV - [2006/11/02 10:46:02 | 000,024,576 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\aelupsvc.dll -- (AeLookupSvc)
SRV - [2008/01/21 03:24:17 | 000,033,280 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\appinfo.dll -- (Appinfo)
SRV - [2008/01/21 03:24:14 | 000,059,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\alg.exe -- (ALG)
SRV - [2009/04/11 07:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\qmgr.dll -- (BITS)
SRV - [2009/04/11 07:28:18 | 000,334,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\BFE.DLL -- (BFE)
SRV - [2011/11/16 15:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\lsass.exe -- (KeyIso)
SRV - [2009/04/11 07:28:19 | 000,268,800 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\es.dll -- (EventSystem)
SRV - [2008/01/21 03:24:36 | 000,081,920 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\System32\browser.dll -- (Browser)
SRV - [2012/04/23 17:00:53 | 000,133,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\cryptsvc.dll -- (CryptSvc)
SRV - [2009/04/11 07:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\rpcss.dll -- (DcomLaunch)
SRV - [2009/04/11 07:28:18 | 000,204,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\dhcpcsvc.dll -- (Dhcp)
SRV - [2011/03/02 16:44:27 | 000,086,528 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\dnsrslvr.dll -- (Dnscache)
SRV - [2008/01/21 03:25:01 | 000,057,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\eapsvc.dll -- (EapHost)
SRV - [2009/04/11 07:28:19 | 000,026,112 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (hidserv)
SRV - [2008/01/21 03:24:09 | 000,288,256 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\System32\ipnathlp.dll -- (SharedAccess)
SRV - [2009/04/11 07:28:20 | 000,364,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\IPSECSVC.DLL -- (PolicyAgent)
No service found with a name of MsMpSvc
No service found with a name of NisSrv
SRV - [2009/04/11 07:28:24 | 000,311,808 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\swprv.dll -- (swprv)
SRV - [2008/01/21 03:24:54 | 000,045,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\mmcss.dll -- (MMCSS)
SRV - [2008/01/21 03:24:11 | 000,274,432 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\netman.dll -- (Netman)
SRV - [2008/01/21 03:24:23 | 000,237,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\netprofm.dll -- (netprofm)
SRV - [2008/01/21 03:23:44 | 000,168,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\nlasvc.dll -- (NlaSvc)
SRV - [2008/01/21 03:24:47 | 000,018,432 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\nsisvc.dll -- (nsi)
SRV - [2009/04/11 07:28:25 | 000,222,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\umpnpmgr.dll -- (PlugPlay)
SRV - [2010/08/17 15:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\spoolsv.exe -- (Spooler)
SRV - [2011/11/16 15:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\lsass.exe -- (ProtectedStorage)
SRV - [2009/04/11 07:28:19 | 000,564,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\emdmgmt.dll -- (EMDMgmt)
SRV - [2008/01/21 03:24:19 | 000,090,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\rasauto.dll -- (RasAuto)
SRV - [2009/04/11 07:28:24 | 000,262,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\rasmans.dll -- (RasMan)
SRV - [2009/04/11 07:28:24 | 000,550,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\rpcss.dll -- (RpcSs)
SRV - [2008/01/21 03:24:35 | 000,019,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\seclogon.dll -- (seclogon)
SRV - [2011/11/16 15:12:25 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\lsass.exe -- (SamSs)
SRV - [2009/04/11 07:28:26 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wscsvc.dll -- (wscsvc)
SRV - [2010/09/06 17:20:29 | 000,125,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\srvsvc.dll -- (LanmanServer)
SRV - [2009/07/10 12:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\shsvcs.dll -- (ShellHWDetection)
SRV - [2009/04/11 07:27:49 | 003,408,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\SLsvc.exe -- (slsvc)
SRV - [2010/11/04 19:55:12 | 000,601,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\schedsvc.dll -- (Schedule)
SRV - [2009/04/11 07:28:24 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\tapisrv.dll -- (TapiSrv)
SRV - [2009/07/10 12:47:42 | 000,247,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\shsvcs.dll -- (Themes)
SRV - [2009/04/11 07:28:23 | 000,153,088 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\profsvc.dll -- (ProfSvc)
SRV - [2009/04/11 07:28:10 | 001,055,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\VSSVC.exe -- (VSS)
SRV - [2009/04/11 07:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\audiosrv.dll -- (Audiosrv)
SRV - [2009/04/11 07:28:18 | 000,315,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\audiosrv.dll -- (AudioEndpointBuilder)
SRV - [2008/01/21 03:23:27 | 000,104,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\sdrsvc.dll -- (SDRSVC)
SRV - [2008/01/21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/11 07:28:25 | 001,017,856 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wevtsvc.dll -- (Eventlog)
SRV - [2009/04/11 07:28:20 | 000,407,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\MPSSVC.dll -- (MpsSvc)
SRV - [2009/04/11 07:28:25 | 000,453,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wiaservc.dll -- (stisvc)
SRV - [2009/04/11 07:27:45 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\msiexec.exe -- (msiserver)
SRV - [2009/04/11 07:28:25 | 000,162,304 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wbem\WMIsvc.dll -- (Winmgmt)
SRV - [2012/06/02 23:19:17 | 001,933,848 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wuaueng.dll -- (wuauserv)
SRV - [2009/04/11 07:28:18 | 000,175,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\dot3svc.dll -- (dot3svc)
SRV - [2009/07/11 20:01:42 | 000,513,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wlansvc.dll -- (Wlansvc)
SRV - [2009/06/10 12:42:23 | 000,160,256 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\wkssvc.dll -- (LanmanWorkstation)
< %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\WINDOWS\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: QMGR.DLL >[2008/01/21 03:25:00 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\WINDOWS\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2009/04/11 07:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\WINDOWS\System32\qmgr.dll
[2009/04/11 07:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\WINDOWS\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll
< MD5 for: SERVICES >[2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\WINDOWS\System32\drivers\etc\services
[2006/09/18 22:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\WINDOWS\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services
< MD5 for: SERVICES.EXE >[2008/01/21 03:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\WINDOWS\System32\services.exe
[2009/04/11 07:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
< MD5 for: SERVICES.EXE.MUI >[2006/11/02 13:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\WINDOWS\System32\en-US\services.exe.mui
[2006/11/02 13:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
< MD5 for: SERVICES.LNK >[2008/01/21 03:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/21 03:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
< MD5 for: SERVICES.MOF >[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\System32\wbem\services.mof
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 22:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof
< MD5 for: SERVICES.MSC >[2006/11/02 13:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\System32\en-US\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\System32\services.msc
[2006/11/02 13:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 22:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\WINDOWS\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
< MD5 for: SVCHOST.EXE >[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\System32\svchost.exe
[2008/01/21 03:23:43 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\WINDOWS\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
< MD5 for: USERINIT.EXE >[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\System32\userinit.exe
[2008/01/21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\WINDOWS\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
< MD5 for: WINLOGON.EXE >[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\WINDOWS\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< End of report >
OTL Extras logfile created on: 23/09/2012 10:47:01 - Run 1
OTL by OldTimer - Version 3.2.66.0 Folder = c:\Users\Corey\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.75 Gb Total Physical Memory | 1.52 Gb Available Physical Memory | 55.38% Memory free
5.70 Gb Paging File | 4.24 Gb Available in Paging File | 74.29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.70 Gb Total Space | 75.59 Gb Free Space | 54.11% Space Free | Partition Type: NTFS
Drive D: | 9.35 Gb Total Space | 1.64 Gb Free Space | 17.51% Space Free | Partition Type: NTFS
Drive E: | 6.62 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Computer Name: COREY-PC | User Name: Corey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{A5513A72-BCFF-4636-A3E3-FA30ACBB9EE2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5AE183-09E0-4079-BA07-B2571F6B438F}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{0F5A6865-95CC-4357-BF9E-7BF914827090}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{2291170A-8CC3-4D2D-8768-59484CEDF44E}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{2E6F17DF-0ED5-42C2-99C3-46AC8140AA82}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{33264CA0-4332-4F0C-8136-212F8B7450B3}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe |
"{4CD656B1-7378-416C-8BE5-6685D7577C67}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{7A281165-90E3-422F-8844-226C64433932}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{7AAF321A-5BAB-48CB-9FB1-56516FB47A25}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe |
"{85F341C9-4392-43F7-9ADB-E2FEBBF8A5B4}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{AD8FC98F-4EFB-4A87-874D-BBB832E1E1EF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BA037152-14A9-4752-9640-94BC96D942ED}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{BC1B80C9-D79A-4EBC-8039-CCAA9F517581}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{BDBB060A-669A-47A1-AC3B-0C262422FCC2}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{E10D80D3-5BF0-4BCA-874E-55E838984786}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe |
"{F35B0144-3FF9-416D-A982-33FC11429189}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe |
"{F9C0CE60-2C74-4CBE-BA2A-DA07A6904E93}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{FCD1675E-C901-4B67-B636-BF93733FFC46}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{67678C68-AD1B-4EAE-81E1-420B8A539D1A}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{7D062BE3-CD09-40EB-A33D-0864E70F48A2}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{CAA4D9EA-962D-4160-8B15-81219566BDFE}C:\program files\the creative assembly\rome - total war\rometw.exe" = protocol=6 | dir=in | app=c:\program files\the creative assembly\rome - total war\rometw.exe |
"UDP Query User{42617EA5-7F52-49B7-AB59-7F30A1C5DDC4}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{ADB4CC27-2E05-422E-B265-5EB300741D57}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{AFC6DB11-17CB-4D4E-B771-F2B397825821}C:\program files\the creative assembly\rome - total war\rometw.exe" = protocol=17 | dir=in | app=c:\program files\the creative assembly\rome - total war\rometw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D3
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP DVD Play 3.7
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6F8C35F6-AD7E-4DCF-8FAC-5CB10BC5BC00}" = AVG 2013
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module
"{8DF92D68-F8EE-4F9C-89A2-26254C1C4B6B}" = HP Help and Support
"{8E503D23-7969-45EE-B488-F80B8AE28D39}" = AVG 2013
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B6D0B141-B2BE-4DD0-B08F-B9186F3E36B3}" = HP User Guides 0118
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AIM_6" = AIM 6
"AVG" = AVG 2013
"Avira AntiVir Desktop" = Avira Free Antivirus
"BatteryBar" = BatteryBar (remove only)
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FLV_Runner Toolbar" = FLV Runner Toolbar
"Hardware sensors monitor 4.5_is1" = Hardware sensors monitor 4.5
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"IObit Malware Fighter_is1" = IObit Malware Fighter
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Shogun Total War - Battle Trainer Test" = Shogun Total War - Battle Trainer Test
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"Warcraft III" = Warcraft III
"WildTangent hp Master Uninstall" = My HP Games
========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-203628022-2586996127-1559333331-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 20 Event Log Errors ========== [ Application Events ]
Error - 20/09/2012 14:22:37 | Computer Name = Corey-PC | Source = IMFservice | ID = 0
Description =
Error - 21/09/2012 11:20:37 | Computer Name = Corey-PC | Source = WinMgmt | ID = 10
Description =
Error - 22/09/2012 09:14:02 | Computer Name = Corey-PC | Source = WinMgmt | ID = 10
Description =
Error - 22/09/2012 11:50:36 | Computer Name = Corey-PC | Source = IMFservice | ID = 0
Description =
Error - 22/09/2012 11:50:36 | Computer Name = Corey-PC | Source = IMFservice | ID = 0
Description =
Error - 22/09/2012 11:59:44 | Computer Name = Corey-PC | Source = WinMgmt | ID = 10
Description =
Error - 22/09/2012 13:00:24 | Computer Name = Corey-PC | Source = WinMgmt | ID = 10
Description =
Error - 22/09/2012 14:34:09 | Computer Name = Corey-PC | Source = WinMgmt | ID = 10
Description =
Error - 22/09/2012 15:48:59 | Computer Name = Corey-PC | Source = VSS | ID = 12310
Description =
Error - 22/09/2012 15:48:59 | Computer Name = Corey-PC | Source = VSS | ID = 12298
Description =
[ System Events ]
Error - 29/08/2012 17:22:46 | Computer Name = Corey-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 29/08/2012 17:22:46 | Computer Name = Corey-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 29/08/2012 17:22:46 | Computer Name = Corey-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 29/08/2012 17:22:46 | Computer Name = Corey-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 29/08/2012 17:22:46 | Computer Name = Corey-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 29/08/2012 17:22:46 | Computer Name = Corey-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 29/08/2012 17:22:46 | Computer Name = Corey-PC | Source = Microsoft-Windows-Servicing | ID = 4385
Description =
Error - 29/08/2012 18:39:46 | Computer Name = Corey-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 29/08/2012 19:41:07 | Computer Name = Corey-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 30/08/2012 08:07:36 | Computer Name = Corey-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-23 11:20:03
-----------------------------
11:20:03.242 OS Version: Windows 6.0.6002 Service Pack 2
11:20:03.242 Number of processors: 2 586 0x301
11:20:03.258 ComputerName: COREY-PC UserName: Corey
11:20:04.771 Initialize success
11:20:44.327 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-5
11:20:44.343 Disk 0 Vendor: TOSHIBA_MK1652GSX LV011C Size: 152627MB BusType: 3
11:20:44.390 Disk 0 MBR read successfully
11:20:44.405 Disk 0 MBR scan
11:20:44.421 Disk 0 unknown MBR code
11:20:44.436 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 143048 MB offset 63
11:20:44.468 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9575 MB offset 292964352
11:20:44.499 Disk 0 scanning sectors +312573952
11:20:44.577 Disk 0 scanning C:\Windows\system32\drivers
11:20:52.065 Service scanning
11:21:27.390 Modules scanning
11:22:16.889 Disk 0 trace - called modules:
11:22:16.936 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS pciide.sys PCIIDEX.SYS atapi.sys
11:22:16.951 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85dcd418]
11:22:16.983 3 CLASSPNP.SYS[807a98b3] -> nt!IofCallDriver -> [0x85567690]
11:22:16.998 5 acpi.sys[806166bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-5[0x847c7148]
11:22:17.014 Scan finished successfully
11:34:15.987 Disk 0 MBR has been saved successfully to "C:\Users\Corey\Documents\MBR.dat"
11:34:15.987 The log file has been saved successfully to "C:\Users\Corey\Documents\aswMBR.txt"