Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Antivirus program failing to run. Malware suspected [Solved]


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes reboot and if Avast still fails to start run an otl quick scan
  • 0

Advertisements


#17
ctny1012

ctny1012

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
OTL logfile created on: 10/20/2012 2:17:28 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Courtney\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.60 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 68.96% Memory free
5.21 Gb Paging File | 4.33 Gb Available in Paging File | 83.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.36 Gb Total Space | 232.08 Gb Free Space | 83.07% Space Free | Partition Type: NTFS
Drive D: | 14.56 Gb Total Space | 1.62 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.38% Space Free | Partition Type: FAT32
Drive F: | 592.48 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: COURTNEY-HP | User Name: Courtney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/18 13:04:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
PRC - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2011/12/12 19:21:54 | 022,459,984 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2011/06/28 04:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/06/17 00:02:04 | 000,336,384 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
PRC - [2011/06/15 19:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/06/14 16:29:22 | 000,587,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/06/14 16:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/06/13 18:47:12 | 000,336,440 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/12/27 18:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/11/20 22:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/11/15 23:02:24 | 000,035,736 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/25 12:12:04 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/23 20:09:18 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/23 20:09:03 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/07/06 21:03:50 | 000,877,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/07/05 15:08:28 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/17 00:20:20 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/02/17 00:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 20:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/10 20:05:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/06/21 17:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/14 16:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/03/01 23:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/27 18:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/21 04:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/08/21 04:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/08/21 04:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/08/21 04:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/08/21 04:13:12 | 000,044,272 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2012/08/21 04:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/07/06 20:11:20 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/06 20:11:20 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/05 15:50:30 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/05 14:32:22 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/18 16:33:00 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/04/15 17:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/15 17:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/02/15 13:37:00 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/29 07:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/28 11:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 11:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{A9B30CC2-D3DF-4A78-A1B0-8AE6E9D55DFA}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CPNTDF
IE - HKLM\..\SearchScopes\{A9B30CC2-D3DF-4A78-A1B0-8AE6E9D55DFA}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2612669
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{17664E75-FD7F-484A-BE99-93419E6A8DC1}: "URL" = http://search.condui...&ctid=CT2612669
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CPNTDF
IE - HKCU\..\SearchScopes\{A9B30CC2-D3DF-4A78-A1B0-8AE6E9D55DFA}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{E5E76645-F8CB-44C5-BD33-E49641820633}: "URL" = http://websearch.ask...8A-BD00FE087103
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.geekstogo...1012&x=12&y=17"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/10/19 09:43:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/18 11:14:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/10/18 11:15:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Extensions
[2012/10/18 11:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/10 20:06:18 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/10 20:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/10 20:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/10/19 14:34:49 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - Startup: C:\Users\Courtney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = C:\Users\Courtney\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BFBE5E7-11A6-459B-8E9D-C890107B234B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA3F9ACF-1F38-4975-9CC2-27B74ED52919}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\avastSvc.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avastUI.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avastSvc.exe: Debugger - C:\Windows\SysWow64\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avastUI.exe: Debugger - C:\Windows\SysWow64\svchost.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/17 20:54:35 | 000,000,000 | ---D | M] - F:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2005/08/17 20:46:03 | 000,700,416 | R--- | M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/08/17 19:59:26 | 000,618,496 | R--- | M] (Electronic Arts Inc.) - F:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2005/08/17 20:53:47 | 000,000,151 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/20 14:16:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/20 11:00:08 | 000,044,272 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/10/19 21:14:47 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Courtney\Desktop\tdsskiller.exe
[2012/10/19 09:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/10/19 09:44:09 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/10/19 09:44:08 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/10/19 09:44:05 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/10/19 09:44:05 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/10/19 09:44:04 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/10/19 09:44:03 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/10/19 09:43:21 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/10/19 09:43:21 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/19 07:26:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/19 07:26:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/19 07:26:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/19 07:25:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/19 07:25:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/19 07:22:55 | 004,984,242 | R--- | C] (Swearware) -- C:\Users\Courtney\Desktop\ComboFix.exe
[2012/10/19 07:20:33 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Desktop\RK_Quarantine
[2012/10/18 18:09:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/18 13:04:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
[2012/10/18 12:53:01 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/10/18 11:26:05 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/10/18 11:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/10/18 11:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/10/18 11:20:01 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/10/18 11:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/10/18 11:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/10/18 11:15:07 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\Mozilla
[2012/10/18 11:15:07 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\Mozilla
[2012/10/18 11:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/10/18 11:14:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/10/18 11:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2012/10/20 14:23:42 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/20 14:23:42 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/20 14:23:42 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/20 14:17:12 | 000,000,923 | ---- | M] () -- C:\Users\Courtney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
[2012/10/20 14:16:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/20 14:16:16 | 2097,340,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/20 11:00:09 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/20 11:00:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/10/20 10:01:11 | 000,028,170 | ---- | M] () -- C:\Users\Courtney\Desktop\Error1053.jpg
[2012/10/20 09:56:21 | 000,000,506 | ---- | M] () -- C:\Users\Courtney\Desktop\avast.reg
[2012/10/20 08:19:25 | 004,984,242 | R--- | M] (Swearware) -- C:\Users\Courtney\Desktop\ComboFix.exe
[2012/10/19 21:14:50 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Courtney\Desktop\tdsskiller.exe
[2012/10/19 14:48:12 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/19 14:48:12 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/19 14:34:49 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/10/19 07:19:48 | 001,425,920 | ---- | M] () -- C:\Users\Courtney\Desktop\RogueKiller.exe
[2012/10/18 13:04:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
[2012/10/18 12:43:15 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/18 11:15:00 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2012/10/20 10:01:11 | 000,028,170 | ---- | C] () -- C:\Users\Courtney\Desktop\Error1053.jpg
[2012/10/20 09:56:20 | 000,000,506 | ---- | C] () -- C:\Users\Courtney\Desktop\avast.reg
[2012/10/19 09:44:10 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/19 07:26:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/19 07:26:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/19 07:26:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/19 07:26:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/19 07:26:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/19 07:19:47 | 001,425,920 | ---- | C] () -- C:\Users\Courtney\Desktop\RogueKiller.exe
[2012/10/18 11:20:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/10/18 11:15:00 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/18 11:14:58 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/27 10:51:20 | 000,001,276 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\result.db
[2012/02/28 17:31:58 | 000,000,134 | ---- | C] () -- C:\Windows\ka.ini
[2012/02/28 17:13:43 | 000,000,407 | ---- | C] () -- C:\Windows\HairStyl.ini
[2012/02/19 17:02:02 | 000,001,870 | ---- | C] () -- C:\Windows\eReg.dat
[2011/08/11 05:03:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/08/11 04:56:26 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/06/17 00:34:50 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/05/13 09:33:18 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/20 14:16:58 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\IMVU
[2012/05/26 10:39:33 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\IMVUClient
[2011/12/27 02:04:27 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\ooVoo Details
[2011/12/25 14:05:01 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Synaptics
[2012/02/28 19:26:06 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When you merged the registry fix did it take ?

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop ( it will be randomly named )

First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.
Posted Image
Posted Image

Do not close AVPTool or it will self uninstall, if it does uninstall - - then just rerun the setup file on your desktop

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then attach the zip file to your next post zip
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip

Posted Image
  • 0

#19
ctny1012

ctny1012

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I think the registry took. I didn't get a message to the contrary. The 4 lines in the reg file you gave me, were they supposed to remove items? If they were, then it didn't work because they are listed in the registry still.

Second thing, when I try to d/l the virus removal tool, it says "requested resource was not found".
  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you able to use another computer to burn a CD

Please download the following programmes to your desktop:

Dr Web Live CD

ImgBurn

Install IMGBurn
  • Double click Dr Web
  • IMGBurn will open
  • Burn the ISO to a cd
  • Reboot the infected computer with the CD in the drive
  • Ensure that the first boot device is CD - If you are not sure about that then see this page for instructions
  • As loading starts, a dialogue window will prompt you to choose between the standard and safe modes.

    Posted Image
  • Use arrow keys to select DrWeb-LiveCD (Default)
  • When the system is loaded, check the disks or folders you want to scan, and click on ?Start?.

    Posted Image
  • The programme will now scan for and cure/delete any malware that it finds. Allow it to do so
  • Once completed reboot to normal windows
  • No log is produced so once in normal windows run a fresh OTL scan and let me know if the problems persist

  • 0

#21
ctny1012

ctny1012

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Finally finished virus scan :)

OTL logfile created on: 10/21/2012 6:16:21 AM - Run 6
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Courtney\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.60 Gb Total Physical Memory | 1.76 Gb Available Physical Memory | 67.76% Memory free
5.21 Gb Paging File | 4.23 Gb Available in Paging File | 81.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 279.36 Gb Total Space | 231.61 Gb Free Space | 82.91% Space Free | Partition Type: NTFS
Drive D: | 14.56 Gb Total Space | 1.62 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive E: | 3.96 Gb Total Space | 1.08 Gb Free Space | 27.38% Space Free | Partition Type: FAT32
Drive F: | 592.48 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: COURTNEY-HP | User Name: Courtney | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/18 13:04:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
PRC - [2011/12/12 19:21:54 | 022,459,984 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe
PRC - [2011/06/28 04:41:08 | 000,168,504 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
PRC - [2011/06/15 19:58:28 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2011/06/14 16:29:22 | 000,587,320 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2011/06/14 16:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2011/06/13 18:47:12 | 000,336,440 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/12/27 18:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/11/20 22:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/25 12:12:04 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012/05/23 20:09:18 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/23 20:09:03 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/07/06 21:03:50 | 000,877,112 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/07/05 15:08:28 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/17 00:20:20 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/02/17 00:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/11/17 20:14:00 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/10 20:05:59 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/06/21 17:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/06/14 16:29:22 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2011/03/01 23:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 12:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/27 18:30:00 | 001,817,088 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/11/26 09:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/08/21 04:13:13 | 000,969,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/08/21 04:13:13 | 000,359,464 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/08/21 04:13:13 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/08/21 04:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/08/21 04:13:12 | 000,044,272 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2012/08/21 04:13:11 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/14 04:37:44 | 000,396,848 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/07/06 20:11:20 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/06 20:11:20 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/07/05 15:50:30 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/07/05 14:32:22 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/18 16:33:00 | 001,145,448 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011/04/15 17:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/15 17:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/02/15 13:37:00 | 000,335,464 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2010/11/29 07:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/28 11:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 11:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 15:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 15:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{A9B30CC2-D3DF-4A78-A1B0-8AE6E9D55DFA}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CPNTDF
IE - HKLM\..\SearchScopes\{A9B30CC2-D3DF-4A78-A1B0-8AE6E9D55DFA}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...&ctid=CT2612669
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{17664E75-FD7F-484A-BE99-93419E6A8DC1}: "URL" = http://search.condui...&ctid=CT2612669
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=CPNTDF
IE - HKCU\..\SearchScopes\{A9B30CC2-D3DF-4A78-A1B0-8AE6E9D55DFA}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=CPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{E5E76645-F8CB-44C5-BD33-E49641820633}: "URL" = http://websearch.ask...8A-BD00FE087103
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.geekstogo...1012&x=12&y=17"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/10/19 09:43:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/18 11:14:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/10/18 11:15:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Courtney\AppData\Roaming\Mozilla\Extensions
[2012/10/18 11:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/10 20:06:18 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/10 20:05:38 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/10 20:05:38 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/10/19 14:34:49 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (IMVU Inc Toolbar) - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (IMVU Inc Toolbar) - {90B49673-5506-483E-B92B-CA0265BD9CA8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMVU.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPQuickWebProxy] C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - Startup: C:\Users\Courtney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk = C:\Users\Courtney\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegedit = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BFBE5E7-11A6-459B-8E9D-C890107B234B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA3F9ACF-1F38-4975-9CC2-27B74ED52919}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\avastSvc.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27:64bit: - HKLM IFEO\avastUI.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avastSvc.exe: Debugger - C:\Windows\SysWow64\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\avastUI.exe: Debugger - C:\Windows\SysWow64\svchost.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/17 20:54:35 | 000,000,000 | ---D | M] - F:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2005/08/17 20:46:03 | 000,700,416 | R--- | M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2005/08/17 19:59:26 | 000,618,496 | R--- | M] (Electronic Arts Inc.) - F:\AutoRunGUI.dll -- [ CDFS ]
O32 - AutoRun File - [2005/08/17 20:53:47 | 000,000,151 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/20 14:16:34 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/20 11:00:08 | 000,044,272 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/10/19 21:14:47 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Courtney\Desktop\tdsskiller.exe
[2012/10/19 09:44:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/10/19 09:44:09 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/10/19 09:44:08 | 000,359,464 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/10/19 09:44:05 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/10/19 09:44:05 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/10/19 09:44:04 | 000,969,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/10/19 09:44:03 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/10/19 09:43:21 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/10/19 09:43:21 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/19 07:26:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/19 07:26:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/19 07:26:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/19 07:25:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/19 07:25:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/19 07:22:55 | 004,984,242 | R--- | C] (Swearware) -- C:\Users\Courtney\Desktop\ComboFix.exe
[2012/10/19 07:20:33 | 000,000,000 | ---D | C] -- C:\Users\Courtney\Desktop\RK_Quarantine
[2012/10/18 18:09:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/18 13:04:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
[2012/10/18 12:53:01 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/10/18 11:26:05 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/10/18 11:26:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/10/18 11:26:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/10/18 11:20:01 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/10/18 11:18:53 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/10/18 11:18:53 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/10/18 11:15:07 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Roaming\Mozilla
[2012/10/18 11:15:07 | 000,000,000 | ---D | C] -- C:\Users\Courtney\AppData\Local\Mozilla
[2012/10/18 11:14:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/10/18 11:14:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/10/18 11:14:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

========== Files - Modified Within 30 Days ==========

[2012/10/21 06:21:56 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/21 06:21:56 | 000,032,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/21 06:21:36 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/10/21 06:21:36 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/10/21 06:21:36 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/10/21 06:15:20 | 000,000,923 | ---- | M] () -- C:\Users\Courtney\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk
[2012/10/21 06:14:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/21 06:14:09 | 2097,340,416 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/20 15:03:41 | 000,000,345 | ---- | M] () -- C:\Users\Courtney\Desktop\setup_11.0.0.1245.x01_2012_10_19_15_15.exe.htm
[2012/10/20 11:00:09 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/20 11:00:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/10/20 10:50:06 | 524,288,000 | ---- | M] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2012/10/20 10:01:11 | 000,028,170 | ---- | M] () -- C:\Users\Courtney\Desktop\Error1053.jpg
[2012/10/20 09:56:21 | 000,000,506 | ---- | M] () -- C:\Users\Courtney\Desktop\avast.reg
[2012/10/20 08:19:25 | 004,984,242 | R--- | M] (Swearware) -- C:\Users\Courtney\Desktop\ComboFix.exe
[2012/10/19 21:14:50 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Courtney\Desktop\tdsskiller.exe
[2012/10/19 14:34:49 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/10/19 07:19:48 | 001,425,920 | ---- | M] () -- C:\Users\Courtney\Desktop\RogueKiller.exe
[2012/10/18 13:04:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Courtney\Desktop\OTL.exe
[2012/10/18 12:43:15 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/10/18 11:15:00 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2012/10/20 15:03:41 | 000,000,345 | ---- | C] () -- C:\Users\Courtney\Desktop\setup_11.0.0.1245.x01_2012_10_19_15_15.exe.htm
[2012/10/20 10:48:57 | 524,288,000 | ---- | C] () -- C:\REMOVE_THIS_FILE.livecd.swap
[2012/10/20 10:01:11 | 000,028,170 | ---- | C] () -- C:\Users\Courtney\Desktop\Error1053.jpg
[2012/10/20 09:56:20 | 000,000,506 | ---- | C] () -- C:\Users\Courtney\Desktop\avast.reg
[2012/10/19 09:44:10 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/19 07:26:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/19 07:26:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/19 07:26:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/19 07:26:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/19 07:26:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/19 07:19:47 | 001,425,920 | ---- | C] () -- C:\Users\Courtney\Desktop\RogueKiller.exe
[2012/10/18 11:20:02 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/10/18 11:15:00 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/18 11:14:58 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/05/27 10:51:20 | 000,001,276 | ---- | C] () -- C:\Users\Courtney\AppData\Roaming\result.db
[2012/02/28 17:31:58 | 000,000,134 | ---- | C] () -- C:\Windows\ka.ini
[2012/02/28 17:13:43 | 000,000,407 | ---- | C] () -- C:\Windows\HairStyl.ini
[2012/02/19 17:02:02 | 000,001,870 | ---- | C] () -- C:\Windows\eReg.dat
[2011/08/11 05:03:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/08/11 04:56:26 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011/06/17 00:34:50 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/05/13 09:33:18 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/03/17 16:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/10/21 06:14:55 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\IMVU
[2012/05/26 10:39:33 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\IMVUClient
[2011/12/27 02:04:27 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\ooVoo Details
[2011/12/25 14:05:01 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Synaptics
[2012/02/28 19:26:06 | 000,000,000 | ---D | M] -- C:\Users\Courtney\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Would you be happy to manually enter the registry to delete the relevant keys ?

These are the keys to delete

HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastSvc.exe

HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastUI.exe

HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\avastSvc.exe

HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\avastUI.exe


When you try to delete them let me know of any error generated
  • 0

#23
ctny1012

ctny1012

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I tried all 4 and it will not allow me to delete any of them. I receive the following message on each of them:

Posted Image
  • 0

#24
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets use a reg deletion tool

Please download MiniRegTool64.zip and save it to your desktop.
Unzip it and run MiniRegTool64.exe

Posted Image

Copy and paste the following in the edit box:

HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastSvc.exe
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastUI.exe
HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\avastSvc.exe
HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\avastUI.exe


Select the Delete Keys/Values including Locked/Null embedded:

Press Go

Accept the warning

Posted Image

Please post the content of the log (delete.txt) to your reply.
  • 0

#25
ctny1012

ctny1012

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I followed your directions exactly and here is the contents of the log:

MiniRegTool by Farbar
Ran by Courtney (administrator) on 2012-10-21 08:48:14

====================================
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastSvc.exe could not be deleted.
HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avastUI.exe could not be deleted.
HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\avastSvc.exe could not be deleted.
HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\avastUI.exe could not be deleted.
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
One further alternative.. Are you up to burning another CD ?

I will try to delete the key whilst we are working outside of windows

Please print these instruction out so that you know what you are doing

  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Run the OTL programme on the desktop
  • A log will be generated could you post that
    .

  • 0

#27
ctny1012

ctny1012

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I was able to burn the CD, boot the computer using the CD, and the computer started to boot. When it got to a Windows XP splash screen, 2 seconds later I got this BSOD:

Posted Image
  • 0

#28
ctny1012

ctny1012

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I should mention that I tried it twice, with the same results. BTW, thank you for the patience you are showing me to help solve my problem.
  • 0

#29
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This is a first here so I will use all that I have in my armoury

When you reboot your computer and select safe mode is there an option called "Repair my Computer" ?
Which should take you to the recovery console

If not we will use a USB this time as it is quicker


Download the following three programmes to your desktop :


1. WiNTBootIc
2. Windows 7 64bit RC
3. Farbar Recovery Scan Tool x64

Extract wintoboot to your desktop
Insert a USB drive of at least 1GB
Run Wintoboot

Posted Image

Drag and drop the Windows 7 ISO to the programme in the space indicated
Tick the Format box and accept the warnings
Press Do It

You will see it progressing

Posted Image

It will let you know when it is done
Then copy FRST to the same USB

Posted Image


Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here


When you reboot you will see this although yours will say windows 7.
Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Posted Image
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  • 0

#30
ctny1012

ctny1012

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-10-2012
Ran by SYSTEM at 22-10-2012 10:20:09
Running from I:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
HKLM\...\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [42808 2011-06-27] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-06-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [168504 2011-06-28] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [587320 2011-06-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [336440 2011-06-13] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1391272 2012-01-03] (Ask)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4282728 2012-08-21] (AVAST Software)
HKU\Courtney\...\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized [22459984 2011-12-12] (ooVoo LLC)
HKU\Courtney\...\Policies\system: [DisableRegedit] 0
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
IMEO\avastSvc.exe: [Debugger] svchost.exe
IMEO\avastUI.exe: [Debugger] svchost.exe
Startup: C:\Users\Courtney\Start Menu\Programs\Startup\IMVU.lnk
ShortcutTarget: IMVU.lnk -> (No File)

==================== Services (Whitelisted) ===================

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-08-21] (AVAST Software)
2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)

==================== Drivers (Whitelisted) =====================

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [44272 2012-08-21] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-22 09:45 - 2012-10-22 09:45 - 00000000 ____D C:\FRST
2012-10-22 06:37 - 2012-10-22 06:37 - 01459119 ____A (Farbar) C:\FRST64.exe
2012-10-21 05:47 - 2012-10-21 05:47 - 00000000 ____D C:\Users\Courtney\Desktop\MiniRegTool64
2012-10-21 05:46 - 2012-10-21 05:46 - 01254662 ____A C:\Users\Courtney\Desktop\MiniRegTool64.zip
2012-10-20 12:03 - 2012-10-20 12:03 - 00000345 ____A C:\Users\Courtney\Desktop\setup_11.0.0.1245.x01_2012_10_19_15_15.exe.htm
2012-10-20 08:00 - 2012-08-21 01:13 - 00044272 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2012-10-20 07:48 - 2012-10-20 07:50 - 524288000 ____A C:\REMOVE_THIS_FILE.livecd.swap
2012-10-20 06:56 - 2012-10-20 06:56 - 00000506 ____A C:\Users\Courtney\Desktop\avast.reg
2012-10-20 05:34 - 2012-10-20 05:34 - 00016944 ____A C:\ComboFix.txt
2012-10-19 18:14 - 2012-10-19 18:14 - 02213464 ____A (Kaspersky Lab ZAO) C:\Users\Courtney\Desktop\tdsskiller.exe
2012-10-19 06:44 - 2012-10-20 08:00 - 00001922 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-10-19 06:44 - 2012-08-21 01:13 - 00969200 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-10-19 06:44 - 2012-08-21 01:13 - 00359464 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-10-19 06:44 - 2012-08-21 01:13 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-10-19 06:44 - 2012-08-21 01:13 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-10-19 06:44 - 2012-08-21 01:13 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-10-19 06:44 - 2012-08-21 01:13 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-10-19 06:43 - 2012-08-21 01:12 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-10-19 06:43 - 2012-08-21 01:12 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-10-19 06:41 - 2012-10-19 06:41 - 93654616 ____A C:\Users\Courtney\Downloads\avast_free_antivirus_setup(1).exe
2012-10-19 04:26 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-10-19 04:26 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-10-19 04:26 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-10-19 04:26 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-10-19 04:26 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-10-19 04:26 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-10-19 04:26 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-10-19 04:25 - 2012-10-20 05:34 - 00000000 ____D C:\Qoobox
2012-10-19 04:25 - 2012-10-19 04:38 - 00000000 ____D C:\Windows\erdnt
2012-10-19 04:22 - 2012-10-20 05:19 - 04984242 ____R (Swearware) C:\Users\Courtney\Desktop\ComboFix.exe
2012-10-19 04:21 - 2012-10-19 04:21 - 00002071 ____A C:\Users\Courtney\Desktop\RKreport[1].txt
2012-10-19 04:20 - 2012-10-19 04:21 - 00000000 ____D C:\Users\Courtney\Desktop\RK_Quarantine
2012-10-19 04:19 - 2012-10-19 04:19 - 01425920 ____A C:\Users\Courtney\Desktop\RogueKiller.exe
2012-10-18 15:09 - 2012-10-18 15:09 - 00000000 ____D C:\_OTL
2012-10-18 10:27 - 2012-10-18 10:27 - 00061702 ____A C:\Users\Courtney\Desktop\Extras.Txt
2012-10-18 10:26 - 2012-10-21 03:28 - 00078652 ____A C:\Users\Courtney\Desktop\OTL.Txt
2012-10-18 10:04 - 2012-10-18 10:04 - 00602112 ____A (OldTimer Tools) C:\Users\Courtney\Desktop\OTL.exe
2012-10-18 09:53 - 2012-10-18 09:53 - 00000000 ____D C:\Windows\pss
2012-10-18 08:29 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-10-18 08:29 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-10-18 08:29 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-10-18 08:29 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-10-18 08:29 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-10-18 08:29 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-10-18 08:29 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-10-18 08:29 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-10-18 08:29 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-10-18 08:29 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-10-18 08:29 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-10-18 08:29 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-10-18 08:29 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-10-18 08:29 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-10-18 08:29 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-10-18 08:29 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-10-18 08:29 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-10-18 08:29 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-10-18 08:29 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-10-18 08:29 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-10-18 08:29 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-10-18 08:29 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-10-18 08:29 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-10-18 08:29 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-10-18 08:29 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-10-18 08:29 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-10-18 08:29 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-10-18 08:29 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-10-18 08:29 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-10-18 08:29 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-10-18 08:29 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-10-18 08:29 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-10-18 08:26 - 2012-10-18 08:26 - 00000000 ___RD C:\Program Files (x86)\Skype
2012-10-18 08:23 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2012-10-18 08:23 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2012-10-18 08:20 - 2012-10-20 08:00 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-10-18 08:20 - 2012-08-21 01:12 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-10-18 08:18 - 2012-10-19 06:43 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-10-18 08:18 - 2012-10-19 06:43 - 00000000 ____D C:\Program Files\AVAST Software
2012-10-18 08:18 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-10-18 08:18 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-10-18 08:18 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-10-18 08:18 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-10-18 08:18 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-10-18 08:18 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-10-18 08:18 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-10-18 08:18 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-10-18 08:18 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-10-18 08:18 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-10-18 08:18 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-10-18 08:18 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-10-18 08:18 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-10-18 08:18 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-10-18 08:18 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-10-18 08:18 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-10-18 08:18 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-10-18 08:18 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-10-18 08:18 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-10-18 08:18 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-18 08:18 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-18 08:18 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-10-18 08:18 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-10-18 08:18 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-10-18 08:18 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-10-18 08:18 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-10-18 08:18 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-10-18 08:18 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-10-18 08:18 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-10-18 08:18 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-10-18 08:17 - 2012-08-22 10:12 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-10-18 08:17 - 2012-08-22 10:12 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-10-18 08:17 - 2012-08-22 10:12 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-10-18 08:17 - 2012-08-22 10:12 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-10-18 08:17 - 2012-08-02 09:58 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-10-18 08:17 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2012-10-18 08:17 - 2012-07-04 12:26 - 00041472 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-10-18 08:17 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-10-18 08:17 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-10-18 08:17 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-10-18 08:17 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-10-18 08:17 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-10-18 08:17 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-10-18 08:17 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-10-18 08:17 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-10-18 08:17 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-10-18 08:17 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-10-18 08:17 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-10-18 08:17 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-10-18 08:16 - 2012-10-18 08:17 - 93654616 ____A C:\Users\Courtney\Downloads\avast_free_antivirus_setup.exe
2012-10-18 08:16 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-10-18 08:16 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-10-18 08:16 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-10-18 08:16 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-10-18 08:16 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-10-18 08:16 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-10-18 08:16 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-10-18 08:16 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-10-18 08:16 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-10-18 08:16 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-10-18 08:16 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2012-10-18 08:16 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2012-10-18 08:16 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-10-18 08:16 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-10-18 08:16 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2012-10-18 08:16 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-10-18 08:16 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-10-18 08:16 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-10-18 08:16 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-10-18 08:15 - 2012-10-18 08:15 - 00001147 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-10-18 08:15 - 2012-10-18 08:15 - 00000000 ____D C:\Users\Courtney\AppData\Roaming\Mozilla
2012-10-18 08:15 - 2012-10-18 08:15 - 00000000 ____D C:\Users\Courtney\AppData\Local\Mozilla
2012-10-18 08:15 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-10-18 08:15 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-10-18 08:15 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-10-18 08:15 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-10-18 08:15 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-10-18 08:15 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-10-18 08:15 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-10-18 08:15 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-10-18 08:15 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-10-18 08:15 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-10-18 08:15 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2012-10-18 08:15 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2012-10-18 08:14 - 2012-10-18 08:14 - 00000000 ____D C:\Users\All Users\Mozilla
2012-10-18 08:14 - 2012-10-18 08:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2012-10-18 08:14 - 2012-10-18 08:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-10-18 07:58 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-10-18 07:58 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-10-18 07:58 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-10-18 07:58 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-10-18 07:57 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-10-18 07:57 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-10-18 07:57 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-10-18 07:57 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-10-18 07:57 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

==================== 3 Months Modified Files ==================

2012-10-22 07:16 - 2011-08-11 01:53 - 01421782 ____A C:\Windows\WindowsUpdate.log
2012-10-22 07:16 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-22 07:16 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-22 07:10 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-22 07:10 - 2009-07-13 20:51 - 00046739 ____A C:\Windows\setupact.log
2012-10-22 06:37 - 2012-10-22 06:37 - 01459119 ____A (Farbar) C:\FRST64.exe
2012-10-22 06:34 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-21 05:46 - 2012-10-21 05:46 - 01254662 ____A C:\Users\Courtney\Desktop\MiniRegTool64.zip
2012-10-21 03:28 - 2012-10-18 10:26 - 00078652 ____A C:\Users\Courtney\Desktop\OTL.Txt
2012-10-20 12:03 - 2012-10-20 12:03 - 00000345 ____A C:\Users\Courtney\Desktop\setup_11.0.0.1245.x01_2012_10_19_15_15.exe.htm
2012-10-20 11:16 - 2010-11-20 19:47 - 00560242 ____A C:\Windows\PFRO.log
2012-10-20 08:00 - 2012-10-19 06:44 - 00001922 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-10-20 08:00 - 2012-10-18 08:20 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-10-20 07:50 - 2012-10-20 07:48 - 524288000 ____A C:\REMOVE_THIS_FILE.livecd.swap
2012-10-20 06:56 - 2012-10-20 06:56 - 00000506 ____A C:\Users\Courtney\Desktop\avast.reg
2012-10-20 05:34 - 2012-10-20 05:34 - 00016944 ____A C:\ComboFix.txt
2012-10-20 05:31 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-10-20 05:19 - 2012-10-19 04:22 - 04984242 ____R (Swearware) C:\Users\Courtney\Desktop\ComboFix.exe
2012-10-19 18:14 - 2012-10-19 18:14 - 02213464 ____A (Kaspersky Lab ZAO) C:\Users\Courtney\Desktop\tdsskiller.exe
2012-10-19 06:41 - 2012-10-19 06:41 - 93654616 ____A C:\Users\Courtney\Downloads\avast_free_antivirus_setup(1).exe
2012-10-19 04:21 - 2012-10-19 04:21 - 00002071 ____A C:\Users\Courtney\Desktop\RKreport[1].txt
2012-10-19 04:19 - 2012-10-19 04:19 - 01425920 ____A C:\Users\Courtney\Desktop\RogueKiller.exe
2012-10-18 10:27 - 2012-10-18 10:27 - 00061702 ____A C:\Users\Courtney\Desktop\Extras.Txt
2012-10-18 10:04 - 2012-10-18 10:04 - 00602112 ____A (OldTimer Tools) C:\Users\Courtney\Desktop\OTL.exe
2012-10-18 09:43 - 2009-07-13 20:45 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT
2012-10-18 08:17 - 2012-10-18 08:16 - 93654616 ____A C:\Users\Courtney\Downloads\avast_free_antivirus_setup.exe
2012-10-18 08:15 - 2012-10-18 08:15 - 00001147 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2012-09-27 21:18 - 2012-08-23 17:34 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-09-14 11:19 - 2012-10-18 08:16 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-09-14 10:28 - 2012-10-18 08:16 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-08-31 10:19 - 2012-10-18 08:18 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-08-30 10:03 - 2012-10-18 08:18 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-08-30 09:12 - 2012-10-18 08:18 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-08-30 09:12 - 2012-10-18 08:18 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-08-24 10:05 - 2012-10-18 08:16 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-08-24 08:57 - 2012-10-18 08:16 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-08-24 03:15 - 2012-10-18 08:29 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:39 - 2012-10-18 08:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 02:31 - 2012-10-18 08:29 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-10-18 08:29 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-10-18 08:29 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:20 - 2012-10-18 08:29 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 02:18 - 2012-10-18 08:29 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-10-18 08:29 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-10-18 08:29 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-10-18 08:29 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-10-18 08:29 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-10-18 08:29 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-10-18 08:29 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-10-18 08:29 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-10-18 08:29 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-10-18 08:29 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-10-18 08:29 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-10-18 08:29 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-10-18 08:29 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-10-18 08:29 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-10-18 08:29 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-10-18 08:29 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-10-18 08:29 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-10-18 08:29 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-10-18 08:29 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-10-18 08:29 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-10-18 08:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-10-18 08:29 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-10-18 08:29 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:44 - 2012-10-18 08:29 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:43 - 2012-10-18 08:29 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-10-18 08:29 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-22 10:12 - 2012-10-18 08:17 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-08-22 10:12 - 2012-10-18 08:17 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-08-22 10:12 - 2012-10-18 08:17 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-08-22 10:12 - 2012-10-18 08:17 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-08-21 13:01 - 2012-10-18 08:16 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-08-21 01:13 - 2012-10-20 08:00 - 00044272 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2012-08-21 01:13 - 2012-10-19 06:44 - 00969200 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-08-21 01:13 - 2012-10-19 06:44 - 00359464 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-08-21 01:13 - 2012-10-19 06:44 - 00071600 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-08-21 01:13 - 2012-10-19 06:44 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-08-21 01:13 - 2012-10-19 06:44 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-08-21 01:13 - 2012-10-19 06:44 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-08-21 01:12 - 2012-10-19 06:43 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-08-21 01:12 - 2012-10-19 06:43 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-08-21 01:12 - 2012-10-18 08:20 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-08-20 10:48 - 2012-10-18 08:18 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-08-20 10:48 - 2012-10-18 08:18 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-08-20 10:48 - 2012-10-18 08:18 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-08-20 10:48 - 2012-10-18 08:18 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-08-20 10:48 - 2012-10-18 08:18 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-08-20 10:48 - 2012-10-18 08:18 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-08-20 10:48 - 2012-10-18 08:18 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-08-20 10:46 - 2012-10-18 08:18 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-08-20 10:38 - 2012-10-18 08:18 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 10:38 - 2012-10-18 08:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-08-20 09:40 - 2012-10-18 08:18 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-08-20 09:38 - 2012-10-18 08:18 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-08-20 09:37 - 2012-10-18 08:18 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-08-20 09:37 - 2012-10-18 08:18 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-08-20 09:37 - 2012-10-18 08:18 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-08-20 09:32 - 2012-10-18 08:18 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-08-20 09:32 - 2012-10-18 08:18 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 09:32 - 2012-10-18 08:18 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 09:32 - 2012-10-18 08:18 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 09:32 - 2012-10-18 08:18 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 09:32 - 2012-10-18 08:18 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 09:32 - 2012-10-18 08:18 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 09:32 - 2012-10-18 08:18 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 09:32 - 2012-10-18 08:18 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 09:32 - 2012-10-18 08:18 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 09:32 - 2012-10-18 08:18 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 09:32 - 2012-10-18 08:18 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 09:32 - 2012-10-18 08:18 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 09:32 - 2012-10-18 08:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-08-20 09:32 - 2012-10-18 08:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 09:32 - 2012-10-18 08:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 09:32 - 2012-10-18 08:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-08-20 09:32 - 2012-10-18 08:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 09:32 - 2012-10-18 08:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 09:32 - 2012-10-18 08:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 09:32 - 2012-10-18 08:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 09:32 - 2012-10-18 08:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 09:32 - 2012-10-18 08:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 09:32 - 2012-10-18 08:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-08-20 07:38 - 2012-10-18 08:18 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-08-20 07:38 - 2012-10-18 08:18 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-08-20 07:33 - 2012-10-18 08:18 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 07:33 - 2012-10-18 08:18 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 07:33 - 2012-10-18 08:18 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 07:33 - 2012-10-18 08:18 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-08-10 16:56 - 2012-10-18 08:16 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-08-10 15:56 - 2012-10-18 08:16 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2012-08-02 09:58 - 2012-10-18 08:17 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-08-02 08:57 - 2012-10-18 08:17 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-05-24 19:26:33
Restore point made on: 2012-08-23 17:34:01
Restore point made on: 2012-10-18 06:43:58
Restore point made on: 2012-10-18 07:57:15
Restore point made on: 2012-10-18 08:18:39
Restore point made on: 2012-10-18 08:24:16
Restore point made on: 2012-10-18 10:06:27
Restore point made on: 2012-10-18 15:21:01
Restore point made on: 2012-10-18 15:35:11
Restore point made on: 2012-10-18 18:14:00
Restore point made on: 2012-10-18 18:18:40
Restore point made on: 2012-10-19 06:27:37
Restore point made on: 2012-10-19 06:35:17
Restore point made on: 2012-10-19 06:42:56
Restore point made on: 2012-10-19 11:35:25

==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 2666.91 MB
Available physical RAM: 2031.94 MB
Total Pagefile: 2665.05 MB
Available Pagefile: 2014.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:279.36 GB) (Free:231.53 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (Recovery) (Fixed) (Total:14.56 GB) (Free:1.62 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
4 Drive g: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
5 Drive h: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
6 Drive i: () (Removable) (Total:3.81 GB) (Free:0.29 GB) FAT32
7 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
8 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 Online 3913 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 279 GB 200 MB
Partition 3 Primary 14 GB 279 GB
Partition 4 Primary 4063 MB 294 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 279 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 E Recovery NTFS Partition 14 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 F HP_TOOLS FAT32 Partition 4063 MB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3898 MB 17 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 I FAT32 Removable 3898 MB Healthy

=========================================================

Last Boot: 2012-10-17 16:58

==================== End Of Log =============================
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP