Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

browser redirect?

Started by soonerskies , Feb 15 2013 10:25 PM

  • Please log in to reply

#31
RKinner
Posted 02 March 2013 - 06:43 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
We can check the files referenced by the blue screens plus wordpad and see if any of them look funny.


Copy the text in the code box:

/md5start
win32k.sys
ntoskrnl.exe
atikmdag.sys
HIDCLASS.SYS
Wordpad.exe
/md5stop

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

then Run Scan.

You should get 1 log. Please copy and paste it.


I don't expect to see much tho in the files mentioned by the Blue Screen. The Bug Check Code : 0x00000019 is sort of the equivalent of the drunk saying the bed was on fire when he laid down on it. It means the data was corrupted by a previous program. Perhaps Wordpad is corrupt. Not sure if sfc checks it since it's not normally used.

We can run sigverif and see if it finds any strange drivers and also check the hard drive for problems since the error is not new.


1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sigverif

Press Start in the new window. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started. Should not be many with 64 bit Windows 7)

(This next one tells SFC to check the wordpad.exe file. Not sure exactly where it is on your system suspect it's the first one but if that doesn't work try the second one.)

sfc /scanfile="c:\Program Files (x86)\windows nt\Accessories\wordpad.exe"

sfc /scanfile="c:\program files\windows nt\Accessories\wordpad.exe"

(If it works and doesn't find any errors then it will says: Windows Resource Protection did not find any integrity violations. Hopefully it will say it found and error and fixed it. Now that you have run the fixits let's see if the errors are gone: )

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron

PS how did wordpad get in the picture? OTL says notepad should be the program that would open text files. Were you calling it up?
  • 0

Advertisements

#32
soonerskies
Posted 02 March 2013 - 09:54 PM

soonerskies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
I deleted, or at least have tried to delete the list you provided. Amazon Browser Bar didn't show up in the Revo Uninstaller list. Also, had a problem with Java 7 ... said "network resource that is unavailable" and the product uninstaller failed, however, let Revo run and found and deleted stuff ... not sure if got rid of all of it.

Ran OTL with text from your last post for bluescreen. I'll post below. Got ahead of myself ... I'll run OTL with the text box from your 4:07pm post. Hope that doesn't confuse things.

Here's the bluescreen OTL report ....

OTL logfile created on: 3/2/2013 8:59:11 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gilbert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 2.92 Gb Available Physical Memory | 50.75% Memory free
11.50 Gb Paging File | 8.53 Gb Available in Paging File | 74.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.66 Gb Total Space | 250.80 Gb Free Space | 27.36% Space Free | Partition Type: NTFS

Computer Name: GILBERT-PC | User Name: Gilbert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/14 21:35:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gilbert\Desktop\OTL.exe
PRC - [2013/01/24 07:51:16 | 000,371,808 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\OnlineVault\OVTray.exe
PRC - [2013/01/24 07:51:12 | 003,394,144 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\OnlineVault\OV.exe
PRC - [2012/12/18 08:28:26 | 000,825,560 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2012/12/18 06:28:10 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/12/03 13:57:32 | 034,199,424 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
PRC - [2012/10/31 16:15:08 | 001,242,136 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/10/30 17:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/14 17:42:04 | 049,891,200 | ---- | M] (Slimware Utilities, Inc.) -- C:\Program Files (x86)\FixCleaner\FixCleaner.exe
PRC - [2012/10/09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Gilbert\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/08/21 13:48:28 | 003,110,808 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe
PRC - [2012/02/09 11:14:40 | 008,669,080 | ---- | M] (Systweak Inc) -- C:\Program Files (x86)\Advanced Driver Updater\adu.exe
PRC - [2012/02/01 10:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
PRC - [2011/11/25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/11/15 02:21:28 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2011/10/27 16:56:35 | 000,470,528 | ---- | M] (Livescribe) -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/07/07 16:14:02 | 000,150,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe
PRC - [2011/06/01 10:42:28 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 10:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 10:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2010/11/17 09:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2009/09/15 18:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2009/07/20 03:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\SetPoint\x86\SetPoint32.exe
PRC - [2006/04/18 03:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE


========== Modules (No Company Name) ==========

MOD - [2013/02/22 03:01:17 | 012,638,576 | ---- | M] () -- C:\Users\Gilbert\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
MOD - [2013/02/20 01:40:56 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\78967b28f748b8807eaa97c1cb454adc\WindowsFormsIntegration.ni.dll
MOD - [2013/02/17 00:49:46 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013/02/17 00:49:32 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll
MOD - [2013/02/17 00:49:25 | 001,658,368 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\eea7ca5afefdfb4ffc81143d425cee9a\PresentationUI.ni.dll
MOD - [2013/02/17 00:48:44 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013/02/17 00:48:36 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\4976e150a5d096db3981d4d56dda5a8e\System.Deployment.ni.dll
MOD - [2013/01/10 10:23:48 | 000,401,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\25cfdeaf091f16f3f3a7123a91a179ab\System.Xml.Linq.ni.dll
MOD - [2013/01/10 10:23:43 | 009,922,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\04be51ee3cc47fbd5cbdc8761879a145\System.Data.Entity.ni.dll
MOD - [2013/01/10 10:22:29 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\77dfcfed5fd5f67d0d3edc545935bb21\System.Core.ni.dll
MOD - [2013/01/10 10:21:22 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/10 09:51:13 | 002,347,008 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\2ad51da1b752b19c992fcefd56eb7c01\System.Runtime.Serialization.ni.dll
MOD - [2013/01/10 09:50:31 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/10 09:50:01 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 09:49:59 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\01c6cb58745f397c9b7ccf3ab7bfc9cd\System.EnterpriseServices.ni.dll
MOD - [2013/01/10 09:49:58 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\536d704e93ffec9b54e4a0312fb5b996\System.Transactions.ni.dll
MOD - [2013/01/10 09:49:54 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/10 09:49:48 | 001,117,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\abf5f0f6b5d995fb86b0529ac85e14ed\System.DirectoryServices.ni.dll
MOD - [2013/01/10 09:49:47 | 001,044,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Printing\dac9bb4d4745a4227e7ed701498a9469\System.Printing.ni.dll
MOD - [2013/01/10 09:49:42 | 002,157,056 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\284f81850cf194b71156025b06e74e06\ReachFramework.ni.dll
MOD - [2013/01/10 09:49:34 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013/01/10 09:49:14 | 000,039,424 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\2f32b665b25e874e0222f7be18b0161f\PresentationCFFRasterizer.ni.dll
MOD - [2013/01/10 09:49:02 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 09:48:57 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a7424b1be331f4b534ea24e0c21dbe47\UIAutomationTypes.ni.dll
MOD - [2013/01/10 09:48:57 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll
MOD - [2013/01/10 09:48:55 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll
MOD - [2013/01/10 09:48:53 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013/01/10 09:48:33 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013/01/10 09:45:41 | 000,684,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\3abd733e8fa28fafbfc99458fdf691da\System.Security.ni.dll
MOD - [2013/01/10 09:30:19 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 09:30:13 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013/01/10 09:30:11 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 09:30:05 | 000,015,872 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\9d2a9fc04e660079633eb74b37a1d77c\Microsoft.VisualC.ni.dll
MOD - [2013/01/10 09:29:53 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/10/31 16:15:05 | 000,460,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppgooglenaclpluginchrome.dll
MOD - [2012/10/31 16:15:02 | 004,007,448 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
MOD - [2012/10/31 16:13:47 | 000,587,288 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libglesv2.dll
MOD - [2012/10/31 16:13:46 | 000,123,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\libegl.dll
MOD - [2012/10/31 16:13:35 | 000,156,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avutil-51.dll
MOD - [2012/10/31 16:13:34 | 000,274,984 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avformat-54.dll
MOD - [2012/10/31 16:13:32 | 002,168,360 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll
MOD - [2012/02/01 10:50:58 | 000,968,048 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
MOD - [2012/02/01 10:44:34 | 008,151,040 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtGui4.dll
MOD - [2012/02/01 10:44:34 | 002,278,400 | ---- | M] () -- C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\QtCore4.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/07 16:14:06 | 000,891,688 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\System.Data.SQLite.dll
MOD - [2011/07/07 16:13:24 | 000,026,408 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\AdbDetect.dll
MOD - [2011/07/07 16:13:10 | 000,251,688 | ---- | M] () -- C:\Program Files (x86)\Nero\SyncUP\System.ComponentModel.Composition.dll
MOD - [2011/06/23 09:42:48 | 000,168,448 | ---- | M] () -- C:\Program Files (x86)\Advanced Driver Updater\unrar.dll
MOD - [2011/06/01 10:46:02 | 000,030,984 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/06/01 10:42:24 | 000,108,296 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/06/01 10:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2011/06/01 10:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2010/11/30 02:13:02 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\OnlineVault\ssleay32.dll
MOD - [2010/11/30 02:12:56 | 000,688,128 | ---- | M] () -- C:\Program Files (x86)\OnlineVault\libeay32.dll
MOD - [2010/11/24 21:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/20 21:24:08 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/17 09:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
MOD - [2009/07/20 03:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\SetPoint\x86\SetPoint32.exe
MOD - [2009/06/10 15:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/05/04 19:36:44 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/06 14:23:18 | 006,438,264 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/27 09:59:42 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/05 10:14:01 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/16 09:27:57 | 000,032,808 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2012/12/18 06:28:10 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/05 09:25:52 | 000,628,664 | ---- | M] (WinZip Computing, S.L. (WinZip Computing)) [Auto | Running] -- C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe -- (WINZIPSSDiskOptimizer)
SRV - [2012/05/23 08:53:08 | 000,024,576 | ---- | M] (Realtek Semiconductor.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe -- (SetupARService)
SRV - [2011/11/25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/11/15 02:21:28 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011/11/01 16:26:28 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2011/10/27 16:56:35 | 000,470,528 | ---- | M] (Livescribe) [Auto | Running] -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/06/01 10:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/11/25 04:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 04:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/08/25 19:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/04/18 03:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/02 16:40:53 | 000,015,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/25 18:17:58 | 000,095,744 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2012/10/15 10:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/10/12 10:54:54 | 000,015,776 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012/10/12 10:20:39 | 000,081,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012/10/12 10:20:39 | 000,013,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/17 15:26:48 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020200}_0)
DRV:64bit: - [2012/05/04 20:31:04 | 010,831,872 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/05/04 20:31:04 | 010,831,872 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/05/04 18:37:14 | 000,328,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/16 01:08:02 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/01/16 01:08:00 | 000,082,048 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/12/01 10:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011/12/01 10:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011/10/21 02:01:31 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/21 02:01:31 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/17 12:10:48 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2011/03/17 12:10:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/10/01 00:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/06 06:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/17 10:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/06/17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 12:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{1A89D2C7-D73F-DAA1-0E22-427446954AB5}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://slirsredirect...mrud=29-01-2013

IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{7DFBEC25-E1C6-7769-85DB-7EFF7E4B1D01}: "URL" = http://feed.helperba...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes,DefaultScope = {ACE8169B-2A79-4EDC-9229-51F2F3AEFAC5}
IE - HKCU\..\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}: "URL" = browseforchange/search/redirect/?type=default&user_id=be48eb40-8915-4872-8bf7-e4d09a10eb04&query={searchTerms}
IE - HKCU\..\SearchScopes\{ACE8169B-2A79-4EDC-9229-51F2F3AEFAC5}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?...usaolp00000011"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "http://www.aol.com/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: File not found
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{31F37877-0076-4d26-8FD4-D9A7223FFC06}: C:\Program Files (x86)\FacePaint\FacePaintFF\{31F37877-0076-4d26-8FD4-D9A7223FFC06} [2013/01/24 13:24:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/01/24 13:23:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/02/22 01:33:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/05 10:14:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/02 20:51:00 | 000,000,000 | ---D | M]

[2013/01/09 15:11:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gilbert\AppData\Roaming\Mozilla\Extensions
[2012/07/12 10:22:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\extensions
[2012/04/12 12:39:47 | 000,000,000 | ---D | M] (Serif DrawPlus Community Toolbar) -- C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\extensions\{b97ed18c-1a8a-4acc-884f-b4fe7415adf2}
[2012/07/12 10:23:04 | 000,000,000 | ---D | M] (Bandoo for Firefox) -- C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]
[2013/02/28 00:12:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\fil6wlr9.default\extensions
[2013/01/29 11:57:25 | 000,000,000 | ---D | M] (AOL Radio Toolbar) -- C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\fil6wlr9.default\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}
[2013/01/09 15:11:31 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\fil6wlr9.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2013/02/28 00:12:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions
[2012/12/18 13:59:15 | 000,000,000 | ---D | M] (CouponAmazing) -- C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack
[2013/02/20 07:35:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/09 15:32:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2013/01/13 14:47:56 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2013/02/22 01:33:51 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/02/05 10:14:01 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/04 21:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/04 21:45:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Gilbert\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: avast! WebRep = C:\Users\Gilbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

O1 HOSTS File: ([2013/02/17 21:53:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (AlxHelper Class) - {F443A627-5009-4323-9C1D-7FD598D0D712} - C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll (Amazon.com)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {8660E5B3-6C41-44DE-8503-98D99BBECD41} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {256DB8BC-7DA7-4248-97CD-44E07216B7F1} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [Online Vault] C:\Program Files (x86)\OnlineVault\OVTray.exe (Crawler.com)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Gilbert\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C222D50F-6DC4-4FDA-8104-A4ACE29CE364}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\570\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/02 16:01:54 | 000,000,000 | ---D | C] -- C:\Users\Gilbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2013/03/02 16:01:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2013/03/02 15:39:51 | 000,000,000 | ---D | C] -- C:\test log
[2013/02/27 11:11:58 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msmpeg2vdec.dll
[2013/02/27 11:11:57 | 002,776,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msmpeg2vdec.dll
[2013/02/27 11:11:57 | 000,221,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UIAnimation.dll
[2013/02/27 11:11:57 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UIAnimation.dll
[2013/02/27 11:11:52 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMPhoto.dll
[2013/02/27 11:11:51 | 000,465,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMPhoto.dll
[2013/02/27 11:11:45 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 11:11:45 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l1-1-0.dll
[2013/02/27 11:11:45 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 11:11:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 11:11:45 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-advapi32-l2-1-0.dll
[2013/02/27 11:11:44 | 000,194,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/02/27 11:11:44 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
[2013/02/27 11:11:44 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 11:11:44 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-normaliz-l1-1-0.dll
[2013/02/27 11:11:43 | 002,565,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/02/27 11:11:43 | 000,522,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2013/02/27 11:11:42 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2013/02/27 11:11:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 11:11:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
[2013/02/27 11:11:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 11:11:42 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-ole32-l1-1-0.dll
[2013/02/27 11:11:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 11:11:42 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-user32-l1-1-0.dll
[2013/02/27 11:11:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 11:11:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-version-l1-1-0.dll
[2013/02/27 11:11:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 11:11:42 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-downlevel-shell32-l1-1-0.dll
[2013/02/27 11:11:41 | 000,648,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/02/27 11:11:41 | 000,363,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxgi.dll
[2013/02/27 11:11:40 | 000,333,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/02/27 11:11:40 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/02/27 11:11:39 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013/02/27 11:11:39 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013/02/27 11:11:38 | 001,682,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2013/02/27 11:11:38 | 001,238,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/02/27 11:11:38 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2013/02/27 11:11:37 | 001,643,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/02/27 11:11:37 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecsExt.dll
[2013/02/27 11:11:35 | 003,928,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/02/27 11:11:35 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013/02/22 01:34:32 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/02/22 01:34:32 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/02/22 01:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/02/22 01:34:30 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/02/22 01:34:30 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/02/22 01:34:29 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/02/22 01:34:19 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/02/22 01:34:18 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/02/22 01:33:21 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/02/22 01:33:20 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2013/02/22 01:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/02/22 01:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/02/19 23:48:10 | 000,000,000 | ---D | C] -- C:\Users\Gilbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/02/19 23:48:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/02/19 23:23:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/17 22:39:19 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Gilbert\Desktop\tdsskiller.exe
[2013/02/17 21:55:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/02/17 21:38:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/17 21:38:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/17 21:38:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/17 21:38:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/17 21:37:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/17 00:33:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/02/17 00:33:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/02/17 00:33:46 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/02/17 00:33:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/02/17 00:33:46 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/02/17 00:33:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/02/17 00:33:45 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/02/17 00:33:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/02/17 00:33:44 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/02/17 00:33:44 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/02/17 00:33:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/02/17 00:33:44 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/02/17 00:33:42 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/02/17 00:33:41 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/02/17 00:33:41 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/02/16 21:36:21 | 005,553,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/02/16 21:36:20 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/02/16 21:36:20 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/02/16 21:35:55 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/02/16 21:35:55 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/02/16 21:35:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/02/16 21:35:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/02/16 21:35:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/02/16 21:35:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/02/16 21:35:47 | 000,288,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2013/02/15 23:44:17 | 000,353,305 | ---- | C] (Farbar) -- C:\Users\Gilbert\Desktop\FSS.exe
[2013/02/15 23:44:12 | 000,000,000 | ---D | C] -- C:\Users\Gilbert\Desktop\Fix PC Tools Feb2013
[2013/02/15 07:52:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gilbert\Desktop\OTL.exe
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/02 20:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/02 20:23:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/02 18:00:00 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/03/02 16:48:29 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/02 16:48:29 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/02 16:46:41 | 000,809,104 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/02 16:46:41 | 000,171,422 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/02 16:46:41 | 000,006,498 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/02 16:41:50 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\DriverUpdate Startup.job
[2013/03/02 16:41:08 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\FixCleaner Startup.job
[2013/03/02 16:40:53 | 000,015,712 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013/03/02 16:38:37 | 000,000,520 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/03/02 16:38:34 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/02 16:38:33 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2013/03/02 16:37:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/02 16:37:51 | 665,763,411 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/03/02 16:37:48 | 334,737,407 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/02 15:58:02 | 000,140,800 | ---- | M] () -- C:\Users\Gilbert\Desktop\bluescreenview_setup.exe
[2013/02/28 00:15:41 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\AdvancedDriverUpdater.job
[2013/02/28 00:12:37 | 000,000,113 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/28 00:05:17 | 000,594,019 | ---- | M] () -- C:\Users\Gilbert\Desktop\adwcleaner.exe
[2013/02/27 10:43:03 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\AdvancedDriverUpdater_UPDATES.job
[2013/02/27 09:59:42 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/02/27 09:59:42 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/02/22 01:34:32 | 000,001,920 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/02/22 01:34:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/02/19 23:48:10 | 000,001,266 | ---- | M] () -- C:\Users\Gilbert\Desktop\Revo Uninstaller.lnk
[2013/02/17 21:53:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/17 00:44:57 | 004,973,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/15 23:35:50 | 000,353,305 | ---- | M] (Farbar) -- C:\Users\Gilbert\Desktop\FSS.exe
[2013/02/15 23:35:08 | 000,061,440 | ---- | M] ( ) -- C:\Users\Gilbert\Documents\VEW.exe
[2013/02/15 23:35:08 | 000,061,440 | ---- | M] ( ) -- C:\Users\Gilbert\Desktop\VEW.exe
[2013/02/15 23:33:42 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Gilbert\Desktop\tdsskiller.exe
[2013/02/14 21:35:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gilbert\Desktop\OTL.exe
[2013/02/11 19:16:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
[2013/02/04 21:10:07 | 054,215,992 | ---- | M] () -- C:\Users\Gilbert\Desktop\epson13469.exe
[2013/02/04 21:06:04 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/02/01 13:09:01 | 000,730,238 | ---- | M] () -- C:\Users\Gilbert\Documents\2012-04-08 8x10 print on 11x14 matt copy-Recovered.psd
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/02 16:00:53 | 000,140,800 | ---- | C] () -- C:\Users\Gilbert\Desktop\bluescreenview_setup.exe
[2013/03/02 05:05:43 | 000,061,440 | ---- | C] ( ) -- C:\Users\Gilbert\Desktop\VEW.exe
[2013/02/28 00:12:13 | 000,000,113 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/28 00:10:23 | 000,594,019 | ---- | C] () -- C:\Users\Gilbert\Desktop\adwcleaner.exe
[2013/02/22 01:34:32 | 000,001,920 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/02/22 01:34:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/02/19 23:48:10 | 000,001,266 | ---- | C] () -- C:\Users\Gilbert\Desktop\Revo Uninstaller.lnk
[2013/02/17 21:38:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/17 21:38:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/17 21:38:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/17 21:38:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/17 21:38:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/15 23:44:17 | 000,061,440 | ---- | C] ( ) -- C:\Users\Gilbert\Documents\VEW.exe
[2013/02/11 19:16:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
[2013/02/04 21:09:24 | 054,215,992 | ---- | C] () -- C:\Users\Gilbert\Desktop\epson13469.exe
[2013/02/04 21:06:04 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/02/01 13:09:00 | 000,730,238 | ---- | C] () -- C:\Users\Gilbert\Documents\2012-04-08 8x10 print on 11x14 matt copy-Recovered.psd
[2013/01/22 17:36:04 | 000,000,132 | ---- | C] () -- C:\Users\Gilbert\AppData\Roaming\Adobe BMP Format CS6 Prefs
[2013/01/20 12:20:20 | 000,000,059 | ---- | C] () -- C:\Windows\SysWow64\status.ini
[2012/12/28 17:11:06 | 000,000,218 | ---- | C] () -- C:\Users\Gilbert\.recently-used.xbel
[2012/12/18 15:10:51 | 000,000,048 | ---- | C] () -- C:\Users\Gilbert\AppData\Roaming\mbam.context.scan
[2012/12/18 09:23:40 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/12/18 09:23:40 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/12/05 10:11:26 | 002,725,054 | ---- | C] () -- C:\Users\Gilbert\IMG.bmp
[2012/12/04 15:45:46 | 000,000,095 | ---- | C] () -- C:\Users\Gilbert\.accessibility.properties
[2012/10/12 15:54:46 | 001,115,808 | ---- | C] () -- C:\Users\Gilbert\2012-10-13 Saturday game day.jpg
[2012/09/14 14:47:05 | 001,511,333 | ---- | C] () -- C:\Users\Gilbert\2012-09-15 Saturday game day.jpg
[2012/09/01 11:34:43 | 001,085,595 | ---- | C] () -- C:\Users\Gilbert\2012-09-01 Saturday game day schedule.jpg
[2012/08/09 10:24:29 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/07/24 09:49:35 | 000,000,641 | ---- | C] () -- C:\Users\Gilbert\AppData\Roaming\Contact Sheet II.xml
[2012/06/21 13:08:11 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/04/27 13:16:37 | 000,007,168 | ---- | C] () -- C:\Users\Gilbert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/29 14:07:42 | 056,885,213 | ---- | C] () -- C:\Users\Gilbert\AdobePhotoshop12-4-mul-AdobeUpdate.zip
[2012/02/29 12:30:29 | 029,517,954 | ---- | C] () -- C:\Users\Gilbert\AdobeBridge_4.0.5_mul_AdobeUpdate.zip
[2012/02/21 16:52:34 | 000,000,426 | ---- | C] () -- C:\Users\Gilbert\content.inf
[2012/02/21 16:52:22 | 000,038,912 | ---- | C] () -- C:\Users\Gilbert\01183278.dot
[2012/01/21 16:03:48 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/12/31 14:35:36 | 000,000,132 | ---- | C] () -- C:\Users\Gilbert\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2011/12/07 12:42:39 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Analog Mono
[2011/12/07 12:42:39 | 000,000,268 | RH-- | C] () -- C:\Users\Gilbert\AppData\Roaming\Action Clauses
[2011/12/07 12:42:39 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/12/07 12:13:31 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/11/28 15:05:21 | 000,001,456 | ---- | C] () -- C:\Users\Gilbert\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/11/28 11:22:07 | 000,000,329 | -H-- | C] () -- C:\Users\Gilbert\.BridgeLabelsAndRatings
[2011/11/16 20:57:59 | 000,000,083 | ---- | C] () -- C:\Windows\EPSP1400.ini
[2011/11/09 14:46:34 | 000,000,132 | ---- | C] () -- C:\Users\Gilbert\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/11/02 17:54:42 | 000,123,090 | ---- | C] () -- C:\Windows\File Renamer - Basic Uninstaller.exe
[2011/10/28 10:22:35 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/10/28 10:22:35 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/10/28 10:22:35 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/10/28 10:22:35 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/10/28 10:22:35 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/10/28 10:22:35 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/10/28 10:22:35 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/10/28 10:22:35 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/10/28 10:22:35 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/10/28 10:22:35 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/10/28 10:22:35 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/10/28 10:22:35 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/10/28 10:22:35 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/10/28 10:22:35 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/10/28 10:22:35 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/10/28 10:22:35 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/10/21 02:06:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 04:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 02:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

< MD5 for: ATIKMDAG.SYS >
[2012/04/06 04:22:42 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) MD5=0B45C18B0F3EE996D25BAA4E74884B83 -- C:\Users\Gilbert\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20121011T141134452628\pci\ven_1002&dev_9710\atikmdag.sys
[2012/04/06 04:22:42 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) MD5=0B45C18B0F3EE996D25BAA4E74884B83 -- C:\Windows\SysNative\DriverStore\FileRepository\c7137224.inf_amd64_neutral_383c8c4936c61952\B136646\atikmdag.sys
[2009/07/13 15:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) MD5=3EFD964D52221360AF0673CD61C2F4F5 -- C:\Windows\SysNative\DriverStore\FileRepository\atiilhag.inf_amd64_neutral_0a660e899f5038a2\atikmdag.sys
[2009/07/13 15:59:33 | 005,020,672 | ---- | M] (ATI Technologies Inc.) MD5=3EFD964D52221360AF0673CD61C2F4F5 -- C:\Windows\winsxs\amd64_atiilhag.inf_31bf3856ad364e35_6.1.7601.17514_none_03c46b205be81dfd\atikmdag.sys
[2012/02/15 08:18:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) MD5=56D6631761EC37745F0DF16BCDC4CAF4 -- C:\Windows\SysNative\DriverStore\FileRepository\c7134393.inf_amd64_neutral_795ca19e79e4898b\B133359\atikmdag.sys
[2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) MD5=60216B0E704584DE6D5A9F59E9C34C47 -- C:\Users\Gilbert\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20120523T142011039809\pci\ven_1002&dev_9710\atikmdag.sys
[2011/04/20 01:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) MD5=60216B0E704584DE6D5A9F59E9C34C47 -- C:\Windows\SysNative\DriverStore\FileRepository\c7118908.inf_amd64_neutral_8dc4ff304e4afff6\B117547\atikmdag.sys
[2012/05/04 20:31:04 | 010,831,872 | ---- | M] (Advanced Micro Devices, Inc.) MD5=713FB06DE2E3A03587DE208D6B94509F -- C:\Windows\SysNative\drivers\atikmdag.sys
[2012/05/04 20:31:04 | 010,831,872 | ---- | M] (Advanced Micro Devices, Inc.) MD5=713FB06DE2E3A03587DE208D6B94509F -- C:\Windows\SysNative\DriverStore\FileRepository\c7141011.inf_amd64_neutral_9e3b9b390e0929fa\B138227\atikmdag.sys
[2009/07/15 02:23:30 | 006,096,896 | ---- | M] (ATI Technologies Inc.) MD5=ADF81052D94BCD3FF7DB2FE59E3ED6F4 -- C:\Windows\SysNative\DriverStore\FileRepository\c7_88429.inf_amd64_neutral_e3cc6611d4d0edef\B_85444\atikmdag.sys
[2009/07/15 02:23:30 | 006,096,896 | ---- | M] (ATI Technologies Inc.) MD5=ADF81052D94BCD3FF7DB2FE59E3ED6F4 -- C:\Windows\SysNative\DriverStore\FileRepository\ch_88429.inf_amd64_neutral_da6898e1f97d17a2\B_85444\atikmdag.sys

< MD5 for: HIDCLASS.SYS >
[2010/11/20 21:23:47 | 000,076,800 | ---- | M] (Microsoft Corporation) MD5=8B0E40E7E8BBF5ACF390465609D89FF1 -- C:\Users\Gilbert\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20120523T142011039809\generic_hid_device\hidclass.sys
[2010/11/20 21:23:47 | 000,076,800 | ---- | M] (Microsoft Corporation) MD5=8B0E40E7E8BBF5ACF390465609D89FF1 -- C:\Users\Gilbert\AppData\Local\SlimWare Utilities Inc\DriverUpdate\Backups\20121011T141134452628\generic_hid_device\hidclass.sys
[2010/11/20 21:23:47 | 000,076,800 | ---- | M] (Microsoft Corporation) MD5=8B0E40E7E8BBF5ACF390465609D89FF1 -- C:\Windows\SysNative\drivers\hidclass.sys
[2010/11/20 21:23:47 | 000,076,800 | ---- | M] (Microsoft Corporation) MD5=8B0E40E7E8BBF5ACF390465609D89FF1 -- C:\Windows\SysNative\DriverStore\FileRepository\input.inf_amd64_neutral_8693053514b10ee9\hidclass.sys
[2010/11/20 21:23:47 | 000,076,800 | ---- | M] (Microsoft Corporation) MD5=8B0E40E7E8BBF5ACF390465609D89FF1 -- C:\Windows\winsxs\amd64_input.inf_31bf3856ad364e35_6.1.7601.17514_none_7e959f3636bd3a1c\hidclass.sys

< MD5 for: NTOSKRNL.EXE >
[2011/11/19 05:11:28 | 003,916,656 | ---- | M] (Microsoft Corporation) MD5=00B12EA93ED392FBD09F07B63E926647 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntoskrnl.exe
[2012/03/31 00:05:57 | 005,559,664 | ---- | M] (Microsoft Corporation) MD5=03B5C6DBA5A770CEEFD1615E380C6BC3 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_ca603c63cabb5ed6\ntoskrnl.exe
[2011/11/19 09:20:37 | 005,559,152 | ---- | M] (Microsoft Corporation) MD5=1AFFF8D5352AECEF2ECD47FFA02D7F7D -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_ca4e9bcdcac7feed\ntoskrnl.exe
[2010/11/20 21:23:51 | 003,911,040 | ---- | M] (Microsoft Corporation) MD5=2088D9994332583EDB3C561DE31EA5AD -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe
[2012/05/04 05:06:22 | 005,559,664 | ---- | M] (Microsoft Corporation) MD5=2819BB6417B85D38169A4F151463A815 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_ca41cd33cad1e557\ntoskrnl.exe
[2012/03/30 22:39:37 | 003,913,072 | ---- | M] (Microsoft Corporation) MD5=28F44480E411C3DDF04B63F6560E6EF4 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntoskrnl.exe
[2012/03/30 22:37:33 | 003,916,656 | ---- | M] (Microsoft Corporation) MD5=2E02A17E8965AD671E4987E503AD38B1 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntoskrnl.exe
[2013/01/04 22:49:01 | 003,916,648 | ---- | M] (Microsoft Corporation) MD5=2E083C7D9CA98B63FA8F8062874E9327 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22210_none_6ebd48cf2b868ae6\ntoskrnl.exe
[2012/05/04 04:03:50 | 003,913,072 | ---- | M] (Microsoft Corporation) MD5=53483A0B2DE3617E832F1DBAF9620F39 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17835_none_6e2331b012747421\ntoskrnl.exe
[2012/08/30 11:06:07 | 003,917,168 | ---- | M] (Microsoft Corporation) MD5=5355A85D26EECFA3A68B1F55B0C59A20 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_6ecb17b32b7bbdd3\ntoskrnl.exe
[2012/03/05 23:59:41 | 003,913,072 | ---- | M] (Microsoft Corporation) MD5=53B4BDEA12A032EEC71E60B6BFF42F37 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntoskrnl.exe
[2011/10/21 02:01:30 | 005,561,216 | ---- | M] (Microsoft Corporation) MD5=577841951E8BAD6EA8288106693CD39F -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_ca31f809cade8847\ntoskrnl.exe
[2012/03/05 23:41:34 | 003,916,656 | ---- | M] (Microsoft Corporation) MD5=57B7DE30C4E65AD19CA13AC3065EE60B -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntoskrnl.exe
[2012/05/04 04:51:47 | 005,561,200 | ---- | M] (Microsoft Corporation) MD5=6A692DB27A943B463E97B749DD34F3DA -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_ca975af6e4164384\ntoskrnl.exe
[2013/01/04 23:53:43 | 005,553,512 | ---- | M] (Microsoft Corporation) MD5=6B0D9CF92C08D42533C12FC1A0B5403F -- C:\Windows\erdnt\cache64\ntoskrnl.exe
[2013/01/04 23:53:43 | 005,553,512 | ---- | M] (Microsoft Corporation) MD5=6B0D9CF92C08D42533C12FC1A0B5403F -- C:\Windows\SysNative\ntoskrnl.exe
[2013/01/04 23:53:43 | 005,553,512 | ---- | M] (Microsoft Corporation) MD5=6B0D9CF92C08D42533C12FC1A0B5403F -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_ca35d705cadb185a\ntoskrnl.exe
[2012/03/30 23:39:18 | 005,561,200 | ---- | M] (Microsoft Corporation) MD5=708A4C721CEE6B3845B5A54477D873CF -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_cab5ca26e3ffbd03\ntoskrnl.exe
[2011/11/19 06:04:17 | 005,561,200 | ---- | M] (Microsoft Corporation) MD5=70A2D18E0B2A1ADBAE90008684E030AC -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_caa8f7c0e409a91f\ntoskrnl.exe
[2013/01/04 23:00:11 | 003,913,064 | ---- | M] (Microsoft Corporation) MD5=82FF919E9236B0137B5C7455B0E1418A -- C:\Windows\erdnt\cache86\ntoskrnl.exe
[2013/01/04 23:00:11 | 003,913,064 | ---- | M] (Microsoft Corporation) MD5=82FF919E9236B0137B5C7455B0E1418A -- C:\Windows\SysWOW64\ntoskrnl.exe
[2013/01/04 23:00:11 | 003,913,064 | ---- | M] (Microsoft Corporation) MD5=82FF919E9236B0137B5C7455B0E1418A -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_6e173b82127da724\ntoskrnl.exe
[2011/10/21 02:01:30 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=90EFDB506F6140EEA9DEE398D9449D86 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntoskrnl.exe
[2012/08/30 11:12:02 | 003,914,096 | ---- | M] (Microsoft Corporation) MD5=948F0B444CB6CC35FE5F9DE52420CB95 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_6e176360127d73e2\ntoskrnl.exe
[2012/08/30 12:02:58 | 005,562,736 | ---- | M] (Microsoft Corporation) MD5=A0D1C0E813A7C6E17C029375AC2ACE18 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22103_none_cae9b336e3d92f09\ntoskrnl.exe
[2013/01/04 23:42:37 | 005,554,536 | ---- | M] (Microsoft Corporation) MD5=A0F9F36C3F670053F9A2E9B9577CD1AB -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22210_none_cadbe452e3e3fc1c\ntoskrnl.exe
[2012/05/04 04:03:53 | 003,916,656 | ---- | M] (Microsoft Corporation) MD5=A37A39568C8EC9A17D1B7471445B81A8 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21987_none_6e78bf732bb8d24e\ntoskrnl.exe
[2012/03/06 00:53:37 | 005,559,152 | ---- | M] (Microsoft Corporation) MD5=BAA66E360105F79B5948A2FDAF3AA8FE -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_c9fbea53cb071123\ntoskrnl.exe
[2010/11/20 21:24:26 | 005,563,776 | ---- | M] (Microsoft Corporation) MD5=C6CEC3E6CC9842B73501C70AA64C00FE -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe
[2011/10/21 02:01:30 | 005,561,728 | ---- | M] (Microsoft Corporation) MD5=CE6AF5EC2DB1567B6297ADCB56B39B5D -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_cab5c65ae3ffc2b5\ntoskrnl.exe
[2011/11/19 08:50:02 | 003,913,584 | ---- | M] (Microsoft Corporation) MD5=F0F0E99A65F598A1A7720F5111C4DA8F -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntoskrnl.exe
[2011/10/21 02:01:30 | 003,912,576 | ---- | M] (Microsoft Corporation) MD5=FB58ABD5E1F75A2CF713C9DFF0EC0804 -- C:\Windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntoskrnl.exe
[2012/03/06 00:30:57 | 005,561,200 | ---- | M] (Microsoft Corporation) MD5=FCAB208AC0F7263A84EB627B1517E5AC -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_cacc6a48e3ee9e78\ntoskrnl.exe
[2012/08/30 12:03:45 | 005,559,664 | ---- | M] (Microsoft Corporation) MD5=FE905D59663E86BFE51623947B7425FD -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17944_none_ca35fee3cadae518\ntoskrnl.exe

< MD5 for: WIN32K.SYS >
[2012/01/13 22:00:52 | 003,148,288 | ---- | M] (Microsoft Corporation) MD5=0777AD78CEF3B17D12C3A1988282952B -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21898_none_1750a188ca8132fd\win32k.sys
[2012/07/18 11:22:09 | 003,151,360 | ---- | M] (Microsoft Corporation) MD5=0BEA3EEDF5DA0C2160EB8C4EAC18AAD2 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22060_none_1768e904ca7044db\win32k.sys
[2012/05/14 19:25:43 | 003,148,800 | ---- | M] (Microsoft Corporation) MD5=1D7EDEAD6891810BCF8566B2319A8B11 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21995_none_174da290ca83e41f\win32k.sys
[2012/01/13 22:06:27 | 003,145,728 | ---- | M] (Microsoft Corporation) MD5=275D3946B0EC22BA13FE299E97ABF606 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17762_none_16e172c5b150a756\win32k.sys
[2013/01/03 21:19:37 | 003,155,968 | ---- | M] (Microsoft Corporation) MD5=2E54977CED249DEBFBBFB205DD27C89C -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22209_none_17b2cef2ca377b92\win32k.sys
[2011/11/23 22:45:10 | 003,146,752 | ---- | M] (Microsoft Corporation) MD5=338E48AB7810E1B223DFECD82C44F5A3 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21866_none_176f10b8ca6aac7c\win32k.sys
[2012/10/18 12:25:58 | 003,149,824 | ---- | M] (Microsoft Corporation) MD5=34B419EDEAC6F12B34908DE3758F98C9 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17977_none_16dba817b1543c48\win32k.sys
[2012/11/21 21:28:17 | 003,151,872 | ---- | M] (Microsoft Corporation) MD5=3BB7D9504A6BAB5E49DD503F005955E6 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22171_none_175f1b48ca77774a\win32k.sys
[2011/09/28 22:03:32 | 003,144,704 | ---- | M] (Microsoft Corporation) MD5=3C8CD264F784BD3BBA3F3A815BEBDE48 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17697_none_16c6028db1647cb5\win32k.sys
[2012/06/11 21:08:36 | 003,148,800 | ---- | M] (Microsoft Corporation) MD5=511166D3F5D7EBA36DE48C4F5E195886 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17860_none_16df7417b15271cf\win32k.sys
[2012/11/22 21:26:31 | 003,149,824 | ---- | M] (Microsoft Corporation) MD5=523B9B64F2B6C630A2E0A87116C05F12 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18010_none_17155dbbb12a1683\win32k.sys
[2013/01/03 21:26:48 | 003,153,408 | ---- | M] (Microsoft Corporation) MD5=59E21156113E438D1D91AF4FC0C3B19F -- C:\Windows\SysNative\win32k.sys
[2013/01/03 21:26:48 | 003,153,408 | ---- | M] (Microsoft Corporation) MD5=59E21156113E438D1D91AF4FC0C3B19F -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18043_none_16f7eed5b13fb65b\win32k.sys
[2011/09/05 21:03:17 | 003,138,048 | ---- | M] (Microsoft Corporation) MD5=671FE77C7083C752AB414EC331F24DCB -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17685_none_16ced1e5b15e2e16\win32k.sys
[2011/11/23 22:52:09 | 003,145,216 | ---- | M] (Microsoft Corporation) MD5=6E810D7C1E3881289733924CE9763B92 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17730_none_16ffe1f5b13a20d5\win32k.sys
[2011/10/21 02:01:33 | 003,137,536 | ---- | M] (Microsoft Corporation) MD5=7A1BCE8E431CE1083E6807D43C1B0661 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17630_none_16ffe00fb13a23ae\win32k.sys
[2012/03/30 20:56:14 | 003,148,800 | ---- | M] (Microsoft Corporation) MD5=88592AB8F8AE4F7264A936AEE682BBE5 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21955_none_1778e240ca63745b\win32k.sys
[2011/09/28 22:47:30 | 003,146,752 | ---- | M] (Microsoft Corporation) MD5=9A490D3113AD482914F98F0AA9254DB4 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21828_none_179c50fcca486f66\win32k.sys
[2011/09/05 21:45:20 | 003,140,096 | ---- | M] (Microsoft Corporation) MD5=9C7D0FD37532F0CE69C2F01B35364355 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21811_none_17a01ee2ca46a214\win32k.sys
[2012/10/18 12:14:46 | 003,151,872 | ---- | M] (Microsoft Corporation) MD5=9FE34DE5E7E97DA1AB228F71687BDB88 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22137_none_17905cb4ca519f90\win32k.sys
[2012/05/14 19:32:33 | 003,146,752 | ---- | M] (Microsoft Corporation) MD5=A0360F2DEFCBC40497A4F3D0599FE71A -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17842_none_16f71483b1406c9b\win32k.sys
[2012/02/02 22:34:34 | 003,145,728 | ---- | M] (Microsoft Corporation) MD5=A3A7E9D10745A7CAC5F346370B81D08B -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17772_none_16d6a2d9b158c347\win32k.sys
[2010/11/20 21:24:16 | 003,126,272 | ---- | M] (Microsoft Corporation) MD5=A89392A32BA98468710FD7E38318934B -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17514_none_17197f29b1265401\win32k.sys
[2012/06/11 20:58:04 | 003,151,872 | ---- | M] (Microsoft Corporation) MD5=BC91C50C20709D85A2137E689DC3ED19 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22016_none_17a4fa5cca425130\win32k.sys
[2012/11/21 21:26:40 | 003,149,824 | ---- | M] (Microsoft Corporation) MD5=C58923115CDE6071C3BF2FF063546E9F -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.18009_none_17293041b119dea1\win32k.sys
[2012/11/22 21:28:21 | 003,152,384 | ---- | M] (Microsoft Corporation) MD5=C672AE7957256A51E4F4A0B16CFB8CDC -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.22172_none_17601b92ca7690a1\win32k.sys
[2012/02/02 22:15:32 | 003,148,288 | ---- | M] (Microsoft Corporation) MD5=D743EB3F1917EE3D2861064D8A53E07F -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21914_none_17a321a6ca43eb40\win32k.sys
[2011/10/21 02:01:33 | 003,140,096 | ---- | M] (Microsoft Corporation) MD5=D9DC465D72719EB413FDD056B0F25EED -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21744_none_1782ae16ca5c44c5\win32k.sys
[2012/07/18 12:15:06 | 003,148,800 | ---- | M] (Microsoft Corporation) MD5=F0D6864A7D52CE137E0A9D24795C3F0E -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17904_none_172456adb11e2cac\win32k.sys
[2012/03/30 21:10:03 | 003,146,240 | ---- | M] (Microsoft Corporation) MD5=F4C456F9235ED440B81107E951555411 -- C:\Windows\winsxs\amd64_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17803_none_1723547db11f162e\win32k.sys

< MD5 for: WORDPAD.EXE >
[2010/11/20 21:24:34 | 004,583,424 | ---- | M] (Microsoft Corporation) MD5=715BFF236158F61C042928A53C0D5AA8 -- C:\Program Files\Windows NT\Accessories\wordpad.exe
[2010/11/20 21:24:34 | 004,583,424 | ---- | M] (Microsoft Corporation) MD5=715BFF236158F61C042928A53C0D5AA8 -- C:\Windows\winsxs\amd64_microsoft-windows-wordpad_31bf3856ad364e35_6.1.7601.17514_none_8be07ea283850f02\wordpad.exe
[2010/11/20 21:24:51 | 004,247,040 | ---- | M] (Microsoft Corporation) MD5=B3DD214F23037E3D3C27D6C9447B40B5 -- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
[2010/11/20 21:24:51 | 004,247,040 | ---- | M] (Microsoft Corporation) MD5=B3DD214F23037E3D3C27D6C9447B40B5 -- C:\Windows\winsxs\wow64_microsoft-windows-wordpad_31bf3856ad364e35_6.1.7601.17514_none_963528f4b7e5d0fd\wordpad.exe

< End of report >
  • 0

#33
soonerskies
Posted 02 March 2013 - 10:37 PM

soonerskies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
This is from the OTL - Fix run

========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1A89D2C7-D73F-DAA1-0E22-427446954AB5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1A89D2C7-D73F-DAA1-0E22-427446954AB5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7DFBEC25-E1C6-7769-85DB-7EFF7E4B1D01}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DFBEC25-E1C6-7769-85DB-7EFF7E4B1D01}\ not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91607fa7-3c2f-4f90-93e3-d5337a6b0ac2}\ not found.
Prefs.js: "http://www.aol.com/" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2\ deleted successfully.
C:\Windows\SysWOW64\npDeployJava1.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\extensions\{b97ed18c-1a8a-4acc-884f-b4fe7415adf2}\searchplugin folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\extensions\{b97ed18c-1a8a-4acc-884f-b4fe7415adf2}\modules folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\extensions\{b97ed18c-1a8a-4acc-884f-b4fe7415adf2}\META-INF folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\extensions\{b97ed18c-1a8a-4acc-884f-b4fe7415adf2}\defaults folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\extensions\{b97ed18c-1a8a-4acc-884f-b4fe7415adf2}\components folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\extensions\{b97ed18c-1a8a-4acc-884f-b4fe7415adf2}\chrome folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\extensions\{b97ed18c-1a8a-4acc-884f-b4fe7415adf2} folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]\content\creatives folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]\content folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\extensions\[email protected]\components folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\extensions\[email protected] folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\fil6wlr9.default\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}\META-INF folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\fil6wlr9.default\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}\components folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\fil6wlr9.default\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d}\chrome folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\fil6wlr9.default\extensions\{6ad56361-628f-471b-8f9d-4c338973a87d} folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\fil6wlr9.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\META-INF folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\fil6wlr9.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\fil6wlr9.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\chrome folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\fil6wlr9.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\resources\couponamazing\tests folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\resources\couponamazing\lib folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\resources\couponamazing\data folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\resources\couponamazing folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\resources\api-utils\lib\windows folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\resources\api-utils\lib\window folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\resources\api-utils\lib\utils folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\resources\api-utils\lib\traits folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\resources\api-utils\lib\tabs folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\resources\api-utils\lib\system folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\resources\api-utils\lib\private-browsing folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\resources\api-utils\lib\l10n folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\resources\api-utils\lib\events folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\resources\api-utils\lib\event folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\resources\api-utils\lib\dom folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\resources\api-utils\lib\content folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\resources\api-utils\lib\addon folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\resources\api-utils\lib folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\resources\api-utils\data folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\resources\api-utils folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\resources\addon-kit\lib folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\resources\addon-kit\data folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\resources\addon-kit folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\resources folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\locale folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\defaults\preferences folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack\defaults folder moved successfully.
C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions\couponamazing@jetpack folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\META-INF folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F443A627-5009-4323-9C1D-7FD598D0D712}\ deleted successfully.
C:\Program Files (x86)\Amazon Browser Bar\AmazonBrowserBar.3.0.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\!{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8660E5B3-6C41-44DE-8503-98D99BBECD41} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8660E5B3-6C41-44DE-8503-98D99BBECD41}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{256DB8BC-7DA7-4248-97CD-44E07216B7F1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{256DB8BC-7DA7-4248-97CD-44E07216B7F1}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
File C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeCS5.5ServiceManager deleted successfully.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Gilbert\Desktop\cmd.bat deleted successfully.
C:\Users\Gilbert\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Gilbert\Desktop\cmd.bat deleted successfully.
C:\Users\Gilbert\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Gilbert\Desktop\cmd.bat deleted successfully.
C:\Users\Gilbert\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Users\Gilbert\Desktop\cmd.bat deleted successfully.
C:\Users\Gilbert\Desktop\cmd.txt deleted successfully.
< at /c >
There are no entries in the list.
C:\Users\Gilbert\Desktop\cmd.bat deleted successfully.
C:\Users\Gilbert\Desktop\cmd.txt deleted successfully.
File\Folder C:\Windows\tasks\At*.job not found.
< type C:\ProgramData\Avast Software\Avast\report\aswboot.txt /c >
C:\Users\Gilbert\Desktop\cmd.bat deleted successfully.
C:\Users\Gilbert\Desktop\cmd.txt deleted successfully.
< reg query "HKEY_CLASSES_ROOT\.log" /s /c >
HKEY_CLASSES_ROOT\.log
(Default) REG_SZ txtfile
C:\Users\Gilbert\Desktop\cmd.bat deleted successfully.
C:\Users\Gilbert\Desktop\cmd.txt deleted successfully.
< reg query "HKEY_CLASSES_ROOT\.txt" /s /c >
HKEY_CLASSES_ROOT\.txt
PerceivedType REG_SZ text
(Default) REG_SZ txtfile
Content Type REG_SZ text/plain
HKEY_CLASSES_ROOT\.txt\PersistentHandler
(Default) REG_SZ {5e941d80-bf96-11cd-b579-08002b30bfeb}
HKEY_CLASSES_ROOT\.txt\ShellNew
ItemName REG_EXPAND_SZ @%SystemRoot%\system32\notepad.exe,-470
NullFile REG_SZ
C:\Users\Gilbert\Desktop\cmd.bat deleted successfully.
C:\Users\Gilbert\Desktop\cmd.txt deleted successfully.
< reg query "HKEY_CURRENT_USER\Software\Classes\.log" /s /c >
C:\Users\Gilbert\Desktop\cmd.bat deleted successfully.
C:\Users\Gilbert\Desktop\cmd.txt deleted successfully.
< reg query "HKEY_CURRENT_USER\Software\Classes\.txt" /s /c >
C:\Users\Gilbert\Desktop\cmd.bat deleted successfully.
C:\Users\Gilbert\Desktop\cmd.txt deleted successfully.
< reg query "HKEY_CLASSES_ROOT\CLSID\{5e941d80-bf96-11cd-b579-08002b30bfeb}" /s /c >
HKEY_CLASSES_ROOT\CLSID\{5e941d80-bf96-11cd-b579-08002b30bfeb}
(Default) REG_SZ Plain Text persistent handler
HKEY_CLASSES_ROOT\CLSID\{5e941d80-bf96-11cd-b579-08002b30bfeb}\PersistentAddinsRegistered
HKEY_CLASSES_ROOT\CLSID\{5e941d80-bf96-11cd-b579-08002b30bfeb}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}
(Default) REG_SZ {c1243ca0-bf96-11cd-b579-08002b30bfeb}
C:\Users\Gilbert\Desktop\cmd.bat deleted successfully.
C:\Users\Gilbert\Desktop\cmd.txt deleted successfully.
< reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.log" /s /c >
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.log
(Default) REG_SZ txtfile
C:\Users\Gilbert\Desktop\cmd.bat deleted successfully.
C:\Users\Gilbert\Desktop\cmd.txt deleted successfully.
< reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.txt" /s /c >
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.txt
PerceivedType REG_SZ text
(Default) REG_SZ txtfile
Content Type REG_SZ text/plain
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.txt\PersistentHandler
(Default) REG_SZ {5e941d80-bf96-11cd-b579-08002b30bfeb}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\.txt\ShellNew
ItemName REG_EXPAND_SZ @%SystemRoot%\system32\notepad.exe,-470
NullFile REG_SZ
C:\Users\Gilbert\Desktop\cmd.bat deleted successfully.
C:\Users\Gilbert\Desktop\cmd.txt deleted successfully.
< reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e941d80-bf96-11cd-b579-08002b30bfeb}" /s /c >
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e941d80-bf96-11cd-b579-08002b30bfeb}
(Default) REG_SZ Plain Text persistent handler
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e941d80-bf96-11cd-b579-08002b30bfeb}\PersistentAddinsRegistered
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5e941d80-bf96-11cd-b579-08002b30bfeb}\PersistentAddinsRegistered\{89BCB740-6119-101A-BCB7-00DD010655AF}
(Default) REG_SZ {c1243ca0-bf96-11cd-b579-08002b30bfeb}
C:\Users\Gilbert\Desktop\cmd.bat deleted successfully.
C:\Users\Gilbert\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56504 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Gilbert
->Flash cache emptied: 662 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Gilbert
->Java cache emptied: 5498281 bytes

User: Public

Total Java Files Cleaned = 5.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 03022013_222700
  • 0

#34
RKinner
Posted 02 March 2013 - 11:38 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
OK. Can I see an OTL quickscan once you finish the other stuff?
  • 0

#35
soonerskies
Posted 03 March 2013 - 10:19 AM

soonerskies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Ok … I cleared the system and app logs. Ran the disk check. Was taking a really long time to run, let it complete sometime overnight.

You asked … “PS how did wordpad get in the picture? OTL says notepad should be the program that would open text files. Were you calling it up?” … I don’t have an explanation for that. I didn’t knowingly call it up …. I just recall doubleclicking on a file and it coming up that way and crashing … when investigating, I looked at the properties of that file (I don’t recall which one now, was one of the report files that were generated) and it said wordpad. I clicked “change” and set it to notepad. Would that have reset all .txt files back to notepad if they were all wordpad before? … I thought it would just change that one file’s properties. I did a spotcheck, and all the .txt files I checked were indeed notepad. ???

BTW … I was in Firefox looking in Tools, and the machine crashed again with the page fault error.

Ran sigverif. It responded with “Your files have been scanned and verified as digitally sound”

Ran … sfc /scanfile="c:\Program Files (x86)\windows nt\Accessories\wordpad.exe"
Came back with … Windows Resource Protection did not find any integrity violations.

Also ran … sfc /scanfile="c:\program files\windows nt\Accessories\wordpad.exe"
Came back with same response … Windows Resource Protection did not find any integrity violations

I looked and there are two wordpad.exe … the “date modified are the same … but the sizes are different 4148k vs 4476k. ???

Ran Event Viewer Tool by Vino Rosso for sys and app … will post reports below.

In your last post you mentioned “OTL quickscan once you finish the other stuff” … I think I’m caught up. Running OTL quick scan now, will post results when done.

Recall … I didn’t find the amazon toolbar anywhere to delete/uninstall. Was poking around on web and found a tool … Toolbar Cleaner by Visicom… I didn’t want to downloaded or use it before asking you, know anything about it? Could it be useful? Will await your advice on that one.

Thanks again! … Mike
  • 0

#36
soonerskies
Posted 03 March 2013 - 10:23 AM

soonerskies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 03/03/2013 9:29:34 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/03/2013 9:48:06 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 03/03/2013 9:48:06 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (120000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Log: 'System' Date/Time: 03/03/2013 9:45:06 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Sendoriv1 service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/03/2013 2:45:58 PM
Type: Warning Category: 0
Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.ok.cox.net timed out after none of the configured DNS servers responded.

Log: 'System' Date/Time: 03/03/2013 9:46:20 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626420&10#.

Log: 'System' Date/Time: 03/03/2013 9:43:35 AM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\usbccgp failed to load for the device USB\VID_046D&PID_C52F\5&12896404&0&1.
  • 0

#37
soonerskies
Posted 03 March 2013 - 10:23 AM

soonerskies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 03/03/2013 9:33:33 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/03/2013 9:45:30 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Log: 'Application' Date/Time: 03/03/2013 9:44:55 AM
Type: Error Category: 0
Event: 0 Source: SetupARService
Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object. at SetupAfterRebootService.SetupARService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 03/03/2013 3:03:55 PM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{10eb901f-4449-11e1-b2ed-d067e5072c39}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
Removing auto-release shadow copies
Loading provider

Context:
Execution Context: System Provider

Log: 'Application' Date/Time: 03/03/2013 12:22:53 PM
Type: Warning Category: 0
Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{10eb901f-4449-11e1-b2ed-d067e5072c39}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.

Operation:
Removing auto-release shadow copies
Loading provider

Context:
Execution Context: System Provider

Log: 'Application' Date/Time: 03/03/2013 9:56:02 AM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. CurrentSoftGridPrereq: Click2Run installation (version = 14.0.4763.1000) is found on the machine; skipping installation...

Log: 'Application' Date/Time: 03/03/2013 9:56:02 AM
Type: Warning Category: 1
Event: 100 Source: CVHSVC
Information only. C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE is trusted.

Log: 'Application' Date/Time: 03/03/2013 9:45:12 AM
Type: Warning Category: 6
Event: 3057 Source: Application Virtualization Client
{tid=B10}
The Application Virtualization Client Core initialized correctly. Installed Product: Version: 4.6.1.10263 Install Path: C:\Program Files (x86)\Microsoft Application Virtualization Client Global Data Directory: C:\ProgramData\Microsoft\Application Virtualization Client\ Machine Name: GILBERT-PC Operating System: Windows 7 64-bit Service Pack 1.0 Build 7601 OSD Command:

Log: 'Application' Date/Time: 03/03/2013 9:45:10 AM
Type: Warning Category: 3
Event: 3191 Source: Application Virtualization Client
{tid=B10}
-------------------------------------------------------- Initialized client log (C:\ProgramData\Microsoft\Application Virtualization Client\sftlog.txt)
  • 0

#38
soonerskies
Posted 03 March 2013 - 10:24 AM

soonerskies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
OTL logfile created on: 3/3/2013 9:38:18 AM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Gilbert\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.58 Gb Available Physical Memory | 79.59% Memory free
11.50 Gb Paging File | 9.62 Gb Available in Paging File | 83.67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916.66 Gb Total Space | 249.85 Gb Free Space | 27.26% Space Free | Partition Type: NTFS

Computer Name: GILBERT-PC | User Name: Gilbert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/14 21:35:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gilbert\Desktop\OTL.exe
PRC - [2012/12/18 06:28:10 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/10/30 17:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/14 17:42:04 | 049,891,200 | ---- | M] (Slimware Utilities, Inc.) -- C:\Program Files (x86)\FixCleaner\FixCleaner.exe
PRC - [2012/09/20 07:44:16 | 000,296,392 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2011/11/25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/11/15 02:21:28 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\nlssrv32.exe
PRC - [2011/10/27 16:56:35 | 000,470,528 | ---- | M] (Livescribe) -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/06/01 10:42:28 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2009/09/15 18:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2009/07/20 03:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\SetPoint\x86\SetPoint32.exe
PRC - [2006/04/18 03:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE


========== Modules (No Company Name) ==========

MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009/07/20 03:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\SetPoint\x86\SetPoint32.exe


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/05/04 19:36:44 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/06 14:23:18 | 006,438,264 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/02/27 09:59:42 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/05 10:14:01 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/16 09:27:57 | 000,032,808 | ---- | M] (Just Develop It) [Auto | Running] -- C:\Program Files (x86)\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2012/12/18 06:28:10 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/05 09:25:52 | 000,628,664 | ---- | M] (WinZip Computing, S.L. (WinZip Computing)) [Auto | Running] -- C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe -- (WINZIPSSDiskOptimizer)
SRV - [2012/05/23 08:53:08 | 000,024,576 | ---- | M] (Realtek Semiconductor.) [Auto | Stopped] -- C:\Program Files (x86)\Realtek\Audio\SetupAfterRebootService.exe -- (SetupARService)
SRV - [2011/11/25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011/11/15 02:21:28 | 000,066,560 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\nlssrv32.exe -- (nlsX86cc)
SRV - [2011/11/01 16:26:28 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2011/10/27 16:56:35 | 000,470,528 | ---- | M] (Livescribe) [Auto | Running] -- C:\Program Files (x86)\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/06/01 10:42:28 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2010/11/25 04:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 04:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/08/25 19:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/04/18 03:00:00 | 000,102,400 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE -- (EPSON_PM_RPCV4_01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/10/25 18:17:58 | 000,095,744 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2012/10/15 10:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/10/12 10:54:54 | 000,015,776 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012/10/12 10:20:39 | 000,081,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012/10/12 10:20:39 | 000,013,728 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/17 15:26:48 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Running] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020200}_0)
DRV:64bit: - [2012/05/04 20:31:04 | 010,831,872 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/05/04 20:31:04 | 010,831,872 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/05/04 18:37:14 | 000,328,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/16 01:08:02 | 000,042,624 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2012/01/16 01:08:00 | 000,082,048 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/12/01 10:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011/12/01 10:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011/10/21 02:01:31 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/10/21 02:01:31 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/03/17 12:10:48 | 000,013,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2011/03/17 12:10:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/03/19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/10/01 00:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/08/06 06:43:58 | 000,320,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/17 10:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2009/06/17 10:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009/06/17 10:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 12:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2006/11/01 11:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{ACE8169B-2A79-4EDC-9229-51F2F3AEFAC5}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com/?...usaolp00000011"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.3: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{31F37877-0076-4d26-8FD4-D9A7223FFC06}: C:\Program Files (x86)\FacePaint\FacePaintFF\{31F37877-0076-4d26-8FD4-D9A7223FFC06} [2013/01/24 13:24:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/01/24 13:23:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/02/22 01:33:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/05 10:14:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/03/02 20:51:00 | 000,000,000 | ---D | M]

[2013/01/09 15:11:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gilbert\AppData\Roaming\Mozilla\Extensions
[2013/03/02 22:27:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\extensions
[2013/03/02 22:27:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\fil6wlr9.default\extensions
[2013/03/02 22:27:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gilbert\AppData\Roaming\Mozilla\Firefox\Profiles\profile\extensions
[2013/02/20 07:35:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/03/02 22:27:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2013/02/22 01:33:51 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/02/05 10:14:01 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/04 21:45:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/04 21:45:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Gilbert\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Nero Kwik Media Helper (Enabled) = C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: avast! WebRep = C:\Users\Gilbert\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\

O1 HOSTS File: ([2013/02/17 21:53:41 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.aka...vex-2.2.6.0.cab (DLM Control)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C222D50F-6DC4-4FDA-8104-A4ACE29CE364}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\belarc - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll) - C:\Program Files (x86)\Citrix\GoToAssist\570\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/02 22:27:00 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/02 22:13:29 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/03/02 16:01:54 | 000,000,000 | ---D | C] -- C:\Users\Gilbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
[2013/03/02 16:01:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2013/03/02 15:39:51 | 000,000,000 | ---D | C] -- C:\test log
[2013/02/22 01:34:32 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/02/22 01:34:32 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/02/22 01:34:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/02/22 01:34:30 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/02/22 01:34:30 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/02/22 01:34:29 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/02/22 01:34:19 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/02/22 01:34:18 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/02/22 01:33:21 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/02/22 01:33:20 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2013/02/22 01:33:09 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/02/22 01:33:09 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/02/19 23:48:10 | 000,000,000 | ---D | C] -- C:\Users\Gilbert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2013/02/19 23:48:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VS Revo Group
[2013/02/19 23:23:20 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/02/17 22:39:19 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Gilbert\Desktop\tdsskiller.exe
[2013/02/17 21:55:25 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/02/17 21:38:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/02/17 21:38:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/02/17 21:38:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/02/17 21:38:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/02/17 21:37:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/02/15 23:44:17 | 000,353,305 | ---- | C] (Farbar) -- C:\Users\Gilbert\Desktop\FSS.exe
[2013/02/15 23:44:12 | 000,000,000 | ---D | C] -- C:\Users\Gilbert\Desktop\Fix PC Tools Feb2013
[2013/02/15 07:52:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gilbert\Desktop\OTL.exe
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/03 09:23:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/03 08:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/03 08:46:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/03 03:53:15 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/03 03:53:15 | 000,021,296 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/03 03:45:41 | 000,000,406 | ---- | M] () -- C:\Windows\tasks\FixCleaner Startup.job
[2013/03/03 03:44:03 | 000,000,520 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job
[2013/03/03 03:44:01 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/03 03:43:59 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\PC Optimizer Pro64 startups.job
[2013/03/03 03:43:36 | 334,737,407 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/02 22:28:24 | 000,000,278 | ---- | M] () -- C:\Windows\tasks\AdvancedDriverUpdater.job
[2013/03/02 22:05:48 | 000,821,486 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/02 22:05:48 | 000,175,608 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/02 22:05:48 | 000,006,498 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/02 21:57:58 | 803,102,995 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/03/02 18:00:00 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job
[2013/03/02 15:58:02 | 000,140,800 | ---- | M] () -- C:\Users\Gilbert\Desktop\bluescreenview_setup.exe
[2013/02/28 00:12:37 | 000,000,113 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/28 00:05:17 | 000,594,019 | ---- | M] () -- C:\Users\Gilbert\Desktop\adwcleaner.exe
[2013/02/27 10:43:03 | 000,000,294 | ---- | M] () -- C:\Windows\tasks\AdvancedDriverUpdater_UPDATES.job
[2013/02/22 01:34:32 | 000,001,920 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/02/22 01:34:19 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/02/19 23:48:10 | 000,001,266 | ---- | M] () -- C:\Users\Gilbert\Desktop\Revo Uninstaller.lnk
[2013/02/17 21:53:41 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/02/17 00:44:57 | 004,973,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/15 23:35:50 | 000,353,305 | ---- | M] (Farbar) -- C:\Users\Gilbert\Desktop\FSS.exe
[2013/02/15 23:35:08 | 000,061,440 | ---- | M] ( ) -- C:\Users\Gilbert\Documents\VEW.exe
[2013/02/15 23:35:08 | 000,061,440 | ---- | M] ( ) -- C:\Users\Gilbert\Desktop\VEW.exe
[2013/02/15 23:33:42 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Gilbert\Desktop\tdsskiller.exe
[2013/02/14 21:35:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gilbert\Desktop\OTL.exe
[2013/02/11 19:16:38 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
[2013/02/04 21:10:07 | 054,215,992 | ---- | M] () -- C:\Users\Gilbert\Desktop\epson13469.exe
[2013/02/04 21:06:04 | 000,000,932 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/02/01 13:09:01 | 000,730,238 | ---- | M] () -- C:\Users\Gilbert\Documents\2012-04-08 8x10 print on 11x14 matt copy-Recovered.psd
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/02 16:00:53 | 000,140,800 | ---- | C] () -- C:\Users\Gilbert\Desktop\bluescreenview_setup.exe
[2013/03/02 05:05:43 | 000,061,440 | ---- | C] ( ) -- C:\Users\Gilbert\Desktop\VEW.exe
[2013/02/28 00:12:13 | 000,000,113 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/02/28 00:10:23 | 000,594,019 | ---- | C] () -- C:\Users\Gilbert\Desktop\adwcleaner.exe
[2013/02/22 01:34:32 | 000,001,920 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/02/22 01:34:18 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/02/19 23:48:10 | 000,001,266 | ---- | C] () -- C:\Users\Gilbert\Desktop\Revo Uninstaller.lnk
[2013/02/17 21:38:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/02/17 21:38:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/02/17 21:38:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/02/17 21:38:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/02/17 21:38:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/02/15 23:44:17 | 000,061,440 | ---- | C] ( ) -- C:\Users\Gilbert\Documents\VEW.exe
[2013/02/11 19:16:38 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
[2013/02/04 21:09:24 | 054,215,992 | ---- | C] () -- C:\Users\Gilbert\Desktop\epson13469.exe
[2013/02/04 21:06:04 | 000,000,932 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2013/02/01 13:09:00 | 000,730,238 | ---- | C] () -- C:\Users\Gilbert\Documents\2012-04-08 8x10 print on 11x14 matt copy-Recovered.psd
[2013/01/22 17:36:04 | 000,000,132 | ---- | C] () -- C:\Users\Gilbert\AppData\Roaming\Adobe BMP Format CS6 Prefs
[2013/01/20 12:20:20 | 000,000,059 | ---- | C] () -- C:\Windows\SysWow64\status.ini
[2012/12/28 17:11:06 | 000,000,218 | ---- | C] () -- C:\Users\Gilbert\.recently-used.xbel
[2012/12/18 15:10:51 | 000,000,048 | ---- | C] () -- C:\Users\Gilbert\AppData\Roaming\mbam.context.scan
[2012/12/18 09:23:40 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/12/18 09:23:40 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/12/05 10:11:26 | 002,725,054 | ---- | C] () -- C:\Users\Gilbert\IMG.bmp
[2012/12/04 15:45:46 | 000,000,095 | ---- | C] () -- C:\Users\Gilbert\.accessibility.properties
[2012/10/12 15:54:46 | 001,115,808 | ---- | C] () -- C:\Users\Gilbert\2012-10-13 Saturday game day.jpg
[2012/09/14 14:47:05 | 001,511,333 | ---- | C] () -- C:\Users\Gilbert\2012-09-15 Saturday game day.jpg
[2012/09/01 11:34:43 | 001,085,595 | ---- | C] () -- C:\Users\Gilbert\2012-09-01 Saturday game day schedule.jpg
[2012/08/09 10:24:29 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll
[2012/07/24 09:49:35 | 000,000,641 | ---- | C] () -- C:\Users\Gilbert\AppData\Roaming\Contact Sheet II.xml
[2012/06/21 13:08:11 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/04/27 13:16:37 | 000,007,168 | ---- | C] () -- C:\Users\Gilbert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/29 14:07:42 | 056,885,213 | ---- | C] () -- C:\Users\Gilbert\AdobePhotoshop12-4-mul-AdobeUpdate.zip
[2012/02/29 12:30:29 | 029,517,954 | ---- | C] () -- C:\Users\Gilbert\AdobeBridge_4.0.5_mul_AdobeUpdate.zip
[2012/02/21 16:52:34 | 000,000,426 | ---- | C] () -- C:\Users\Gilbert\content.inf
[2012/02/21 16:52:22 | 000,038,912 | ---- | C] () -- C:\Users\Gilbert\01183278.dot
[2012/01/21 16:03:48 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2011/12/31 14:35:36 | 000,000,132 | ---- | C] () -- C:\Users\Gilbert\AppData\Roaming\Adobe Targa Format CS5 Prefs
[2011/12/07 12:42:39 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Analog Mono
[2011/12/07 12:42:39 | 000,000,268 | RH-- | C] () -- C:\Users\Gilbert\AppData\Roaming\Action Clauses
[2011/12/07 12:42:39 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2011/12/07 12:13:31 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011/11/28 15:05:21 | 000,001,456 | ---- | C] () -- C:\Users\Gilbert\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/11/28 11:22:07 | 000,000,329 | -H-- | C] () -- C:\Users\Gilbert\.BridgeLabelsAndRatings
[2011/11/16 20:57:59 | 000,000,083 | ---- | C] () -- C:\Windows\EPSP1400.ini
[2011/11/09 14:46:34 | 000,000,132 | ---- | C] () -- C:\Users\Gilbert\AppData\Roaming\Adobe BMP Format CS5 Prefs
[2011/11/02 17:54:42 | 000,123,090 | ---- | C] () -- C:\Windows\File Renamer - Basic Uninstaller.exe
[2011/10/28 10:22:35 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/10/28 10:22:35 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/10/28 10:22:35 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/10/28 10:22:35 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/10/28 10:22:35 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/10/28 10:22:35 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/10/28 10:22:35 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/10/28 10:22:35 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/10/28 10:22:35 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/10/28 10:22:35 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/10/28 10:22:35 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/10/28 10:22:35 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/10/28 10:22:35 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/10/28 10:22:35 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/10/28 10:22:35 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/10/28 10:22:35 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/10/21 02:06:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/01/04 04:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/01/04 02:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/04/06 12:26:23 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\Anthropics
[2012/01/26 13:22:48 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\Blio
[2011/11/01 09:28:04 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/11/09 15:20:30 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\com.adobe.DC3Module.AdobeADC
[2013/03/02 17:48:40 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/08/21 11:19:35 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\com.livescribe.LivescribeConnect
[2011/11/15 09:21:33 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\DriverCure
[2011/11/02 06:37:32 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\Epson
[2012/02/23 13:12:38 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\Fingertapps
[2012/11/27 12:17:17 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\FixCleaner
[2012/09/09 12:22:04 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\FreeCDRipper
[2012/09/09 15:43:48 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\FreeFLVConverter
[2012/12/28 16:35:07 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\inkscape
[2011/10/30 17:58:20 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\Leadertech
[2012/03/29 12:23:33 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\licenses
[2011/11/01 16:31:41 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\Memeo
[2012/11/15 18:56:55 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\MusicNet
[2011/12/07 12:54:48 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\Nikon
[2013/01/24 13:25:09 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\OnlineVault
[2012/03/02 13:52:32 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\onOne Software
[2012/08/03 12:41:34 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\ParetoLogic
[2011/10/28 14:03:00 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\PCDr
[2012/03/24 11:09:12 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\PCMM2009
[2012/03/24 11:07:11 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\PCMM2011
[2012/04/09 12:13:32 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\PDAppFlex
[2013/02/20 20:00:14 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\RegCleanProFreeDownloadPackages
[2012/01/09 15:02:35 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\RegistryKeys
[2012/05/31 11:18:33 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\Sammsoft
[2011/11/01 16:04:30 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\Seagate
[2012/04/12 14:40:55 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\Serif
[2013/02/11 20:02:54 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\SoftGrid Client
[2011/11/15 09:21:33 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\SpeedyPC Software
[2012/09/20 10:30:23 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\Spyware Terminator
[2011/11/07 06:59:02 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012/05/29 14:39:27 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\SumatraPDF
[2012/05/08 11:30:05 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\SupportSoft
[2013/02/20 01:22:22 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\Systweak
[2012/01/21 13:05:11 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\TP
[2011/12/10 11:37:20 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\Windows Live Writer
[2012/11/02 14:46:04 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\WinZip
[2011/10/28 17:50:02 | 000,000,000 | ---D | M] -- C:\Users\Gilbert\AppData\Roaming\ZinioReader4

========== Purity Check ==========



< End of report >
  • 0

#39
soonerskies
Posted 03 March 2013 - 12:28 PM

soonerskies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Also ... I've deleted a lot of crapware that had been loaded on this machine ... some (maybe a lot) that my dad paid for. For the time being, I've retain some that appeared to have (at least) some positive reviews. One is FixCleaner. I noticed on the OTL scan, it's listed in the OTL "safe list". Is it considered to be a useful product? Especially for someone like my dad who has a tendency to click on things?

I came up to check on the machine and noticed it just ran a scan ... under "System Cleaner" it showed 138 results ... "Junk Cleaner" 409 results .... and "Privacy Cleaner" 688 results.

It also showed "Scan Results: Low" ... whatever that means.

Under "System Cleaner" ...
---"Add/Remove Programs"... it found 8 "Invalid uninstaller entry" ... "this entry is missing a reference to an uninstalling program"
---"ActiveX, OLE, and COM" found 18 entries. AppID ref an invalid app id, refs invalid Window service, refs missing file, etc
---"System Services" ... catchme & sendoriv 1 ... refs program missing or not exists
---"File Associations" ... 75 entries. looks like a lot of cleanup in the registry? See references to a lot of things I had uninstalled.
--- "User Settings" ... 8 entries.
--- "History/MRU Lists" ... 8 entries. the entry title for a couple of these is "Microsoft WorkPad", but the "HKEY..." shows "wordpad" ... and says "... references a program that is missing or doesn't exist"
--- Invalid Shortcuts, 19 entries.

Anyway ... I'll let it sit for now ... not going to "repair" any of these until I hear guidance from you.

Thanks again
  • 0

#40
RKinner
Posted 03 March 2013 - 12:55 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Ok … I cleared the system and app logs. Ran the disk check. Was taking a really long time to run, let it complete sometime overnight.


Drive C: | 916.66 Gb Total Space so it's a large TB drive so it's probably normal to take so long.

You asked … “PS how did wordpad get in the picture? OTL says notepad should be the program that would open text files. Were you calling it up?” … I don’t have an explanation for that. I didn’t knowingly call it up …. I just recall doubleclicking on a file and it coming up that way and crashing … when investigating, I looked at the properties of that file (I don’t recall which one now, was one of the report files that were generated) and it said wordpad. I clicked “change” and set it to notepad. Would that have reset all .txt files back to notepad if they were all wordpad before? … I thought it would just change that one file’s properties. I did a spotcheck, and all the .txt files I checked were indeed notepad. ???


You probably did reset all .txt files to use notepad.

BTW … I was in Firefox looking in Tools, and the machine crashed again with the page fault error.


Run blues screen view again and post the log. Let's see if it says anything different.



Ran … sfc /scanfile="c:\Program Files (x86)\windows nt\Accessories\wordpad.exe"
Came back with … Windows Resource Protection did not find any integrity violations.

Also ran … sfc /scanfile="c:\program files\windows nt\Accessories\wordpad.exe"
Came back with same response … Windows Resource Protection did not find any integrity violations

I looked and there are two wordpad.exe … the “date modified are the same … but the sizes are different 4148k vs 4476k. ???


One is 32 bit and the other is 64 bit. Don't understand why they are crashing tho.

Recall … I didn’t find the amazon toolbar anywhere to delete/uninstall. Was poking around on web and found a tool … Toolbar Cleaner by Visicom… I didn’t want to downloaded or use it before asking you, know anything about it? Could it be useful? Will await your advice on that one.


The last OTL scan took out the amazon toolbar so don't worry about it.

Looking at your VEW logs you have some odd errors. We can fix some of them with OTL but first go to:

http://support.microsoft.com/kb/929852

and run the first Fixit: Disable IPv6

That should hopefully clear up this error:

Event: 1014 Source: Microsoft-Windows-DNS-Client
Name resolution for the name isatap.ok.cox.net timed out after none of the configured DNS servers responded.


Now open Control Panel and find the System icon (easier if you change View By: from Categories to Large Icons in the top left drop down box. On the left side click on System Protection. In the section on Protection settings, look for drives other than C: which say ON. (My suspicion is it will be drive Q:\ which is a virtual drive created by Microsoft Office Click-to-Run 2010. Since it's not a real drive System Restore can't really operate on it. Highlight the drive then Configure. Turn Off System Protection. OK. Repeat for any other drives that are ON (but not C:)

That should clear up:

Event: 12348 Source: VSS
Volume Shadow Copy Service warning: VSS was denied access to the root of volume \\?\Volume{10eb901f-4449-11e1-b2ed-d067e5072c39}\. Denying administrators from accessing volume roots can cause many unexpected failures, and will prevent VSS from functioning properly. Check security on the volume, and try the operation again.



Now let's see what OTL can do for us:

Copy the text in the code box by highlighting and Ctrl + c

:files
sc delete gupdate /c
sc delete Sendoriv1 /c
sc stop SetupARService /c
sc config SetupARService start= disabled 
[Reboot]


then Rightclick on OTL and select Run As Administrator to start. Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the RUN FIX button (NOT THE QUICK SCAN button!) at the top
Let the program run unhindered, OTL may not need to reboot the PC when it is done. Save the log and copy and paste it into a reply.
It appears that Old Timer is now hiding the log in c:\_OTL\MovedFiles\03032013-some number.log so look there if you don't see it.

If this works it will fix these errors:

Log: 'System' Date/Time: 03/03/2013 9:48:06 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

Log: 'System' Date/Time: 03/03/2013 9:48:06 AM
Type: Error Category: 0
Event: 7009 Source: Service Control Manager
A timeout was reached (120000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.

Log: 'System' Date/Time: 03/03/2013 9:45:06 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Sendoriv1 service failed to start due to the following error: The system cannot find the file specified.

Log: 'Application' Date/Time: 03/03/2013 9:44:55 AM
Type: Error Category: 0
Event: 0 Source: SetupARService
Service cannot be started. System.NullReferenceException: Object reference not set to an instance of an object. at SetupAfterRebootService.SetupARService.OnStart(String[] args) at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)


This last one is actual part of the audio so you might want to check to see if the audio is working. If not we will need to reinstall the audio from the PC maker's website.

Once you have done all of the above let's see how we did:


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

Advertisements

#41
RKinner
Posted 03 March 2013 - 01:00 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Looks like our posts crossed. FixCleaner is not on the Safe List. Otl is just saying it is using a Safe List so you will not see all processes/services/drivers just the ones that are not on the safe list.

FixCleaner appears to be a registry cleaner. We don't recommend them. They cause more trouble than they are worth. I would uninstall it.
  • 0

#42
soonerskies
Posted 03 March 2013 - 02:26 PM

soonerskies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Ran bluescreen … will post results.

Clicked the disable ipv6 FixIt … the window blanked and came back to the same place. Not obvious (no feedback) it did anything …. Guess will assume it did for now. ???

Went to System Protection … and only two drives showed up. C: (protection=ON) and RECOVERY (protection=OFF)
However, when I go to “Computer” … I see the c: drive and “Microsoft Office Click-to-run 2010 (protected) (Q:) … and it shows 0bytes. ???

Also under “Computer” see a bunch of “Removable Storage” E:, F:, G:, H: … that I have never understood why they persisted.

Ran the OTL fix … looks like some stuff failed. Didn’t reboot. Will post log

I can’t seem to get any sound out. The Realtek audio manager shows HDMI Output … which I believe he has an hdmi cable running to his screen with built in speakers. I would just be using built in speakers of the pc?? I don’t have any external speakers attached to this machine now. Hmmm.

Cleared logs. Rebooted.

Regarding … “Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).” … were these instructions suppose to be here? Or did some commands left out?

Ran VEW for System. Looks better, will post results.
Ran VEW for Apps. Will post results.

I will uninstall FixCleaner
  • 0

#43
soonerskies
Posted 03 March 2013 - 02:28 PM

soonerskies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
==================================================
Dump File : 030313-21106-01.dmp
Crash Time : 3/3/2013 10:29:30 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff900`c29e3000
Parameter 2 : 00000000`00000001
Parameter 3 : fffff960`000d2354
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18044 (win7sp1_gdr.130104-1431)
Processor : x64
Crash Address : ntoskrnl.exe+75c40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\030313-21106-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,672
==================================================

==================================================
Dump File : 030213-41012-01.dmp
Crash Time : 3/2/2013 9:58:34 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff900`c32a9000
Parameter 2 : 00000000`00000001
Parameter 3 : fffff960`00022354
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18044 (win7sp1_gdr.130104-1431)
Processor : x64
Crash Address : ntoskrnl.exe+75c40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\030213-41012-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,672
==================================================

==================================================
Dump File : 030213-20935-01.dmp
Crash Time : 3/2/2013 4:38:13 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff900`c33a8000
Parameter 2 : 00000000`00000001
Parameter 3 : fffff960`00092354
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18044 (win7sp1_gdr.130104-1431)
Processor : x64
Crash Address : ntoskrnl.exe+75c40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\030213-20935-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,672
==================================================

==================================================
Dump File : 030213-22027-01.dmp
Crash Time : 3/2/2013 3:42:53 PM
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 00000000`00000021
Parameter 2 : fffff900`c440b000
Parameter 3 : 00000000`00003130
Parameter 4 : 000000a8`00000169
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+19411
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+75c40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\030213-22027-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 315,256
==================================================

==================================================
Dump File : 030213-21543-01.dmp
Crash Time : 3/2/2013 1:09:10 PM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff900`c436c000
Parameter 2 : 00000000`00000001
Parameter 3 : fffff960`00032354
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18044 (win7sp1_gdr.130104-1431)
Processor : x64
Crash Address : ntoskrnl.exe+75c40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\030213-21543-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,672
==================================================

==================================================
Dump File : 030213-20404-01.dmp
Crash Time : 3/2/2013 11:04:16 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff900`c3c4b000
Parameter 2 : 00000000`00000001
Parameter 3 : fffff960`00062354
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18044 (win7sp1_gdr.130104-1431)
Processor : x64
Crash Address : ntoskrnl.exe+75c40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\030213-20404-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,672
==================================================

==================================================
Dump File : 030213-24289-01.dmp
Crash Time : 3/2/2013 10:36:00 AM
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 00000000`00000021
Parameter 2 : fffff900`c2eac000
Parameter 3 : 00000000`00003130
Parameter 4 : 000000a8`00000169
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+19411
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+75c40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\030213-24289-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,672
==================================================

==================================================
Dump File : 030213-21762-01.dmp
Crash Time : 3/2/2013 6:02:55 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff900`c5c43000
Parameter 2 : 00000000`00000001
Parameter 3 : fffff960`00092354
Parameter 4 : 00000000`00000000
Caused By Driver : atikmdag.sys
Caused By Address : atikmdag.sys+10356c
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+75c40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\030213-21762-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,672
==================================================

==================================================
Dump File : 030213-23634-01.dmp
Crash Time : 3/2/2013 5:50:42 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff900`c066a000
Parameter 2 : 00000000`00000001
Parameter 3 : fffff960`000a2354
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18044 (win7sp1_gdr.130104-1431)
Processor : x64
Crash Address : ntoskrnl.exe+75c40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\030213-23634-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,672
==================================================

==================================================
Dump File : 030213-28657-01.dmp
Crash Time : 3/2/2013 5:41:11 AM
Bug Check String : PAGE_FAULT_IN_NONPAGED_AREA
Bug Check Code : 0x00000050
Parameter 1 : fffff900`c4bdb000
Parameter 2 : 00000000`00000001
Parameter 3 : fffff960`00022354
Parameter 4 : 00000000`00000000
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75c40
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18044 (win7sp1_gdr.130104-1431)
Processor : x64
Crash Address : ntoskrnl.exe+75c40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\030213-28657-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,672
==================================================

==================================================
Dump File : 030213-22542-01.dmp
Crash Time : 3/2/2013 5:32:01 AM
Bug Check String : BAD_POOL_HEADER
Bug Check Code : 0x00000019
Parameter 1 : 00000000`00000021
Parameter 2 : fffff900`c3015000
Parameter 3 : 00000000`00003130
Parameter 4 : 000000a8`00000169
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+19411
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+75c40
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\030213-22542-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,672
==================================================

==================================================
Dump File : 021713-30576-01.dmp
Crash Time : 2/17/2013 12:07:46 AM
Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x0000001e
Parameter 1 : 00000000`00000000
Parameter 2 : 00000000`00000000
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000000
Caused By Driver : HIDCLASS.SYS
Caused By Address : HIDCLASS.SYS+2622
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7ef90
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\021713-30576-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,672
==================================================

==================================================
Dump File : 012613-35334-01.dmp
Crash Time : 1/26/2013 11:21:58 AM
Bug Check String : SYSTEM_SERVICE_EXCEPTION
Bug Check Code : 0x0000003b
Parameter 1 : 00000000`c0000005
Parameter 2 : fffff960`000f2e2f
Parameter 3 : fffff880`02a56010
Parameter 4 : 00000000`00000000
Caused By Driver : win32k.sys
Caused By Address : win32k.sys+f2e2f
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+7efc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\012613-35334-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,672
==================================================

==================================================
Dump File : 012413-28844-01.dmp
Crash Time : 1/24/2013 1:28:54 PM
Bug Check String : CRITICAL_OBJECT_TERMINATION
Bug Check Code : 0x000000f4
Parameter 1 : 00000000`00000003
Parameter 2 : fffffa80`0731fb30
Parameter 3 : fffffa80`0731fe10
Parameter 4 : fffff800`03593460
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+7efc0
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18044 (win7sp1_gdr.130104-1431)
Processor : x64
Crash Address : ntoskrnl.exe+7efc0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\012413-28844-01.dmp
Processors Count : 4
Major Version : 15
Minor Version : 7601
Dump File Size : 274,616
==================================================
  • 0

#44
soonerskies
Posted 03 March 2013 - 02:29 PM

soonerskies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
========== FILES ==========
< sc delete gupdate /c >
[SC] DeleteService SUCCESS
C:\Users\Gilbert\Desktop\cmd.bat deleted successfully.
C:\Users\Gilbert\Desktop\cmd.txt deleted successfully.
< sc delete Sendoriv1 /c >
[SC] DeleteService SUCCESS
C:\Users\Gilbert\Desktop\cmd.bat deleted successfully.
C:\Users\Gilbert\Desktop\cmd.txt deleted successfully.
< sc stop SetupARService /c >
[SC] ControlService FAILED 1062:
The service has not been started.
C:\Users\Gilbert\Desktop\cmd.bat deleted successfully.
C:\Users\Gilbert\Desktop\cmd.txt deleted successfully.
File\Folder sc config SetupARService start= disabled not found.
File\Folder [Reboot] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 03032013_140152
  • 0

#45
soonerskies
Posted 03 March 2013 - 02:29 PM

soonerskies

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 03/03/2013 2:20:13 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 03/03/2013 8:17:19 PM
Type: Warning Category: 212
Event: 219 Source: Microsoft-Windows-Kernel-PnP
The driver \Driver\WUDFRd failed to load for the device WpdBusEnumRoot\UMB\2&37c186b&0&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.01#058F63626420&10#.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP