Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Multiple wmpnscfg.exe in safemode - Crash when HPTouchSmartSyncCalRemi


  • This topic is locked This topic is locked

#1
NLucied

NLucied

    Member

  • Member
  • PipPip
  • 13 posts
Multiple wmpnscfg.exe in Safe Mode - Crash when HPTouchSmartSyncCalReminderApp.exe runs in Normal Mode. <-Full Title

Yeah I could REALLY appreciate some help here, (Running Windows 7 64bit - 1 Active Use, 1 Inactive) things started to go wrong on the 10th of April when I tried to log-on to PlanetSide 2 through Steam (as per usual) which pulls up the Sony Online Entertainment Launcher, get almost into the game (about 88% loaded) and it crashed. Seeing as they were doing a server update at the time I assumed it was on my end and ended up going to bed. 12 Hours later I try again and the same thing happens, so I forget about Planetside 2 for the time being and go about my day.

Now its the Evening of the 11th and I go through Sony Online Entertainment's Help and they suggest to Validate the files through their Game Launcher... I do so and I get bad CRC file spam which follows up with the screen cutting out and it restarting. At this point I'm getting a bit unnerved and try uninstalling and then re-downloading the game files thinking that since there was bad files something was corrupted. I run a validation again through their launcher and it happens again with another restart.

Once this happened I gave up and played Warcraft 3 until I went to bed. It's now the morning of the 12th and now things are starting to go wrong, I tried to get on Warcraft 3 and its giving me a error message about a file preventing it from opening. This is when warning sirens started going off for me because the map file in question I know has nothing to do with Warcraft 3 not opening. I ran my Kaspersky anti-virus (out of date 4 months) and it failed to turn up any results... It promptly had the screen glitch almost the second it finished then force a restart.

At this point I panic and call my Sister's husband (more knowledgeable about computer) to bring a copy of Malwarebytes over on a flash drive and run that and it finds some custom files for 'Age of Wonders: Shadow Magic' and I delete the files with Malwarebytes and then delete the game... unfortunately this didn't fix the problem. Managed to get online using Safe Mode with Network and downloaded Spybot2 and ran THAT, pulled up some coupon6 registry thing and nuked that. Still the problem persisted and I ended up opening Task Manager while running the scans- This is where I hit paydirt.

When I was checking registry with one of the programs; I had Task Manager up on Processes and Noted that on Regular Windows that when 'HPTouchSmartSyncCalReminderApp.exe' poped up on the Processes list the computers Task Bar at the bottom would disappear and even trying Ctrl Alt Delete would produce a error and left long enough would go into a fast BSOD into a restart *managed to write down the Gist of the Popup error here -Software Exception (0xe0434352) in Application at 0x754cc41f-* (I had uninstalled Kaspersky around this time and installed AVG Internet Security and scanned with it- At around 60% complete the Task Bar disappeared and then forced me to wait for the crash or Force Shutdown). I ALSO noticed that when in Safe Mode when I IMMEDIATELY pull up Task Manager upon logging in that there are Multiple Copies of 'wmpnscfg.exe' running which disappear after 30 seconds to a Minute.

At this point I could not see a way around it so I Reset to Factory Conditions PRAYING that it would get rid of it... downloaded Malwarebytes, Spybot2, and AVG Int. Sec. running them all in that order. When I ran the AVG scan at around 60% it did its usual thing- taking the Task Bar and restart. Now... we come to the present where I'm at the end of my rope. Please, ANYBODY... HELP! I can pretty much only use my Internet while on Safe Mode with Networking right now. Any help at all would be appreciated.


In case I wasn't clear in the above; Every Scan I have done has FAILED to pull up the cause. I ONLY know what APPEARS to be the problem though watching Task Manager while running Scans.

________________________________________________



OTL logfile created on: 4/13/2013 8:57:41 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Darren\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

9.77 Gb Total Physical Memory | 8.97 Gb Available Physical Memory | 91.76% Memory free
19.54 Gb Paging File | 18.77 Gb Available in Paging File | 96.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.11 Gb Total Space | 872.15 Gb Free Space | 95.41% Space Free | Partition Type: NTFS
Drive D: | 17.12 Gb Total Space | 2.14 Gb Free Space | 12.50% Space Free | Partition Type: NTFS

Computer Name: DARREN-HP | User Name: Darren | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/13 20:51:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darren\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/02/11 14:54:02 | 000,235,520 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/12/23 03:14:33 | 000,308,736 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/12/23 03:12:26 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/03/25 17:19:08 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/02/16 22:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/13 19:00:15 | 000,990,896 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe -- (vToolbarUpdater15.0.0)
SRV - [2013/04/09 23:58:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/02/27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/02/19 04:02:02 | 001,418,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/02/19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2011/12/14 12:02:14 | 000,131,320 | ---- | M] (AMD) [Auto | Stopped] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/16 14:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2011/08/12 09:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/08/10 05:52:54 | 000,138,760 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\ccSvcHst.exe -- (NIS)
SRV - [2011/08/01 14:43:36 | 000,195,320 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/07/20 11:16:56 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 15:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/13 19:00:15 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/26 23:40:46 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/02/14 03:52:46 | 000,239,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/02/08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/02/08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/02/08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/02/08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/02/08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012/05/16 16:08:38 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/05/16 15:36:49 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/05/16 15:36:49 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/07 19:20:30 | 000,291,624 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2012/02/11 16:00:00 | 010,819,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/02/11 13:43:38 | 000,328,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/12/28 19:14:00 | 000,409,408 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/12/28 19:13:57 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011/12/23 03:15:09 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/12/06 04:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/11/30 02:19:59 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/16 03:25:56 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/08/08 08:38:06 | 000,167,048 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\ccSetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011/08/02 11:22:10 | 000,729,720 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011/08/02 11:22:10 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2011/07/28 12:20:02 | 001,084,536 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2011/07/25 11:18:40 | 000,401,016 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\symnets.sys -- (SymNetS)
DRV:64bit: - [2011/07/25 11:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\SymDS64.sys -- (SymDS)
DRV:64bit: - [2011/07/25 11:15:52 | 000,189,560 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1301000.01C\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2011/03/25 19:21:10 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/03/25 19:21:06 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/03/25 19:21:06 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/03/25 19:21:06 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/03/25 19:21:06 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/03/22 20:39:20 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/08/19 01:00:00 | 001,151,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20110819.004\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011/08/09 18:00:00 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\EX64.SYS -- (NAVEX15)
DRV - [2011/08/09 18:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20110810.019\ENG64.SYS -- (NAVENG)
DRV - [2011/07/20 10:43:24 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20110726.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{7C16C081-9961-477A-B7CF-441E2746A6EA}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{7C16C081-9961-477A-B7CF-441E2746A6EA}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{7C16C081-9961-477A-B7CF-441E2746A6EA}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg....pr&d=2013-04-13 19:00:18&v=15.0.0.2&pid=safeguard&sg=1&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.0.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2013/04/13 18:45:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013/04/13 19:06:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/13 20:02:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/04/13 20:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darren\AppData\Roaming\Mozilla\Extensions
[2013/04/13 20:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/09 23:58:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/04/09 23:57:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/04/09 23:57:54 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.0.0.2\AVG SafeGuard toolbar_toolbar.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.0.0.2\AVG SafeGuard toolbar_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.1.0.28\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [SymSilent] C:\Program Files (x86)\SymSilent\SymSilent.exe (Symantec Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15EF9454-C9E9-4DF0-BAF1-689ACDA3F3E9}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7F2395E-3769-46D0-BFBF-AAF4EA8A850D}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.0.0\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/13 20:51:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Darren\Desktop\OTL.exe
[2013/04/13 20:02:28 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Mozilla
[2013/04/13 20:02:28 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\Mozilla
[2013/04/13 20:02:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/04/13 20:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/04/13 20:02:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/04/13 19:52:41 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Malwarebytes
[2013/04/13 19:52:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/04/13 19:52:33 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/04/13 19:52:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/04/13 19:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/13 19:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2013/04/13 19:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/04/13 19:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/04/13 19:16:48 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/04/13 19:16:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/04/13 19:16:24 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\Programs
[2013/04/13 19:00:50 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\AVG2013
[2013/04/13 19:00:24 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\AVG SafeGuard toolbar
[2013/04/13 19:00:20 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\TuneUp Software
[2013/04/13 19:00:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/04/13 19:00:17 | 000,039,768 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/04/13 19:00:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013/04/13 19:00:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG SafeGuard toolbar
[2013/04/13 18:59:57 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/04/13 18:59:57 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/04/13 18:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/04/13 18:57:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/04/13 18:57:52 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\MFAData
[2013/04/13 18:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/04/13 18:57:52 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\Avg2013
[2013/04/13 18:57:08 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Adobe
[2013/04/13 18:50:13 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\Broadcom
[2013/04/13 18:50:13 | 000,000,000 | ---D | C] -- C:\Users\Darren\Documents\Bluetooth Exchange Folder
[2013/04/13 18:49:32 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\ATI
[2013/04/13 18:49:32 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\ATI
[2013/04/13 18:49:31 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\PDFC
[2013/04/13 18:49:16 | 000,000,000 | R--D | C] -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/04/13 18:49:16 | 000,000,000 | R--D | C] -- C:\Users\Darren\Searches
[2013/04/13 18:49:16 | 000,000,000 | R--D | C] -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/04/13 18:49:16 | 000,000,000 | -H-D | C] -- C:\Users\Darren\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/04/13 18:49:09 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Identities
[2013/04/13 18:49:07 | 000,000,000 | R--D | C] -- C:\Users\Darren\Contacts
[2013/04/13 18:49:05 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\VirtualStore
[2013/04/13 18:48:56 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Hewlett-Packard
[2013/04/13 18:45:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2013/04/13 18:45:32 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\TouchSmartData
[2013/04/13 18:45:29 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\RemEngine
[2013/04/13 18:45:26 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\Hewlett-Packard_Company
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\AppData\Local\Temporary Internet Files
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\Templates
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\Start Menu
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\SendTo
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\Recent
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\PrintHood
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\NetHood
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\Documents\My Videos
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\Documents\My Pictures
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\Documents\My Music
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\My Documents
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\Local Settings
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\AppData\Local\History
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\Cookies
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\Application Data
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\AppData\Local\Application Data
[2013/04/13 18:45:04 | 000,000,000 | --SD | C] -- C:\Users\Darren\AppData\Roaming\Microsoft
[2013/04/13 18:45:04 | 000,000,000 | R--D | C] -- C:\Users\Darren\Videos
[2013/04/13 18:45:04 | 000,000,000 | R--D | C] -- C:\Users\Darren\Saved Games
[2013/04/13 18:45:04 | 000,000,000 | R--D | C] -- C:\Users\Darren\Pictures
[2013/04/13 18:45:04 | 000,000,000 | R--D | C] -- C:\Users\Darren\Music
[2013/04/13 18:45:04 | 000,000,000 | R--D | C] -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/04/13 18:45:04 | 000,000,000 | R--D | C] -- C:\Users\Darren\Links
[2013/04/13 18:45:04 | 000,000,000 | R--D | C] -- C:\Users\Darren\Favorites
[2013/04/13 18:45:04 | 000,000,000 | R--D | C] -- C:\Users\Darren\Downloads
[2013/04/13 18:45:04 | 000,000,000 | R--D | C] -- C:\Users\Darren\Documents
[2013/04/13 18:45:04 | 000,000,000 | R--D | C] -- C:\Users\Darren\Desktop
[2013/04/13 18:45:04 | 000,000,000 | R--D | C] -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/04/13 18:45:04 | 000,000,000 | -H-D | C] -- C:\Users\Darren\AppData
[2013/04/13 18:45:04 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\Temp
[2013/04/13 18:45:04 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\Microsoft
[2013/04/13 18:45:04 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Media Center Programs
[2013/04/13 18:45:04 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Macromedia
[2013/04/13 18:45:04 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\Hewlett-Packard
[2013/04/13 18:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mathematics
[2013/04/13 18:45:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Mathematics
[2013/04/13 18:44:46 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/04/13 18:37:59 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2013/04/13 20:51:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darren\Desktop\OTL.exe
[2013/04/13 20:04:50 | 000,775,032 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/13 20:04:50 | 000,657,732 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/13 20:04:50 | 000,119,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/13 20:02:24 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/13 20:00:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/13 20:00:17 | 3573,628,927 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/13 19:52:34 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/13 19:16:54 | 000,000,632 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/04/13 19:16:54 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/04/13 19:16:54 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/04/13 19:16:52 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/04/13 19:02:11 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/13 19:02:11 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/13 19:00:20 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/04/13 19:00:15 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/04/13 18:56:42 | 000,001,439 | ---- | M] () -- C:\Users\Darren\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/13 18:45:11 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cPC_h8-1234_Y53316J_0U_Q4CE22206HL_E12NA1MRW608_4A_I2AC8_SGigabyte_V1.2_BAn2 705_T120417_W73-1_L409_M10006_J1000_7AMD_8F12_93.50_#120714_N10EC8168;14E44357_Z_G1002677B_Ohp DVD-RAM GH80N SCSI CdRom Device.MRK
[2013/04/13 18:45:11 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cPC_h8-1234_Y53316J_0U_Q4CE22206HL_E12NA1MRW608_4A_I2AC8_SGigabyte_V1.2_BAn2 705_T120417_W73-1_L409_M10006_J1000_7AMD_8F12_93.50_#120714_N10EC8168;14E44357_Z_G1002677B_Ohp DVD-RAM GH80N SCSI CdRom Device.MRK
[2013/04/13 18:44:13 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/04/13 18:44:13 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/04/13 18:38:27 | 000,272,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2013/04/13 20:02:24 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/04/13 20:02:24 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/13 19:52:34 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/04/13 19:16:54 | 000,000,632 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/04/13 19:16:54 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/04/13 19:16:54 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/04/13 19:16:52 | 000,002,187 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/04/13 19:16:52 | 000,002,175 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/04/13 19:00:20 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/04/13 18:56:42 | 000,001,439 | ---- | C] () -- C:\Users\Darren\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/13 18:49:27 | 000,001,411 | ---- | C] () -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/04/13 18:49:23 | 000,001,445 | ---- | C] () -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/04/13 18:45:33 | 000,002,321 | ---- | C] () -- C:\Users\Public\Desktop\HP Download Store.lnk
[2013/04/13 18:45:32 | 000,002,327 | ---- | C] () -- C:\Users\Public\Desktop\Try HP MyRoom Free.lnk
[2013/04/13 18:45:32 | 000,002,317 | ---- | C] () -- C:\Users\Public\Desktop\Zya Music...FREE!.lnk
[2013/04/13 18:45:32 | 000,002,263 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2013/04/13 18:45:32 | 000,002,223 | ---- | C] () -- C:\Users\Public\Desktop\RaRa Music.lnk
[2013/04/13 18:45:32 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\Snapfish.lnk
[2013/04/13 18:45:12 | 3573,628,927 | -HS- | C] () -- C:\hiberfil.sys
[2013/04/13 18:45:04 | 000,000,290 | ---- | C] () -- C:\Users\Darren\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/04/13 18:45:04 | 000,000,272 | ---- | C] () -- C:\Users\Darren\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/04/13 18:40:38 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cPC_h8-1234_Y53316J_0U_Q4CE22206HL_E12NA1MRW608_4A_I2AC8_SGigabyte_V1.2_BAn2 705_T120417_W73-1_L409_M10006_J1000_7AMD_8F12_93.50_#120714_N10EC8168;14E44357_Z_G1002677B_Ohp DVD-RAM GH80N SCSI CdRom Device.MRK
[2013/04/13 18:40:38 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cPC_h8-1234_Y53316J_0U_Q4CE22206HL_E12NA1MRW608_4A_I2AC8_SGigabyte_V1.2_BAn2 705_T120417_W73-1_L409_M10006_J1000_7AMD_8F12_93.50_#120714_N10EC8168;14E44357_Z_G1002677B_Ohp DVD-RAM GH80N SCSI CdRom Device.MRK
[2012/05/16 15:48:50 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\BeepApp.exe
[2012/05/16 15:41:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/16 15:37:30 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/05/16 15:37:30 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/05/16 15:37:30 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/02/11 01:18:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/12/13 21:44:10 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/10/12 15:33:22 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/05/16 15:35:17 | 014,173,184 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/05/16 15:35:17 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/13 19:00:50 | 000,000,000 | ---D | M] -- C:\Users\Darren\AppData\Roaming\AVG2013
[2013/04/13 19:00:20 | 000,000,000 | ---D | M] -- C:\Users\Darren\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >

Edited by NLucied, 13 April 2013 - 08:03 PM.

  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello NLucied,

Welcome to Geeks To Go.

Unless I am mistaken you are running two anti-virus programs

Running two or more real-time anti-virus, anti-spyware and firewall monitors at the same time can cause a conflict. That conflict can result in slow computer performance, error messages, crashes of the programs or other types of failure. You will very likely end up with little or no protection.

Please uninstall either of Norton Symantec/Norton Internet Security or AVG.

You also have Spybot Search & Destroy and Malwarebytes running in real time. There may well be conflict there too. If it were me I would uninstall them at least while we are working on your computers problem. It will also stop them interfering with the tools we are using. They can be reinstalled later.

After that

Download and run Junkware removal Tool by thisisu

When the scan completes a log will be produced please post it back here.

Finally in this post

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.
Note: If the log doesn't appear where you saved OTL when you downloaded it, then a copy of the OTL log is saved in a text file at

C:\_OTL\MovedFiles

So when you return please post
  • Junkware log
  • OTL.txt

  • 0

#3
NLucied

NLucied

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Right, 1st off sorry for taking so long to get back to you; My father INSISTED on me installing Kaspersky Anti-Virus so I had to install that- and had problems with it. Uninstalled AVG and Norton AV, and Spybot and Malwarebytes as directed.

Only problem is one of the steps they gave me required uninstalling and when I was reinstalling after completing the step it got caught in the virus freeze/crash/reboot and now I can't pull its main screen up and I can't uninstall it- a error 1711 I think it was before it did its freeze/crash/reboot.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.8 (04.21.2013:2)
OS: Windows 7 Home Premium x64
Ran by Darren on Mon 04/22/2013 at 13:16:01.13
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{7C16C081-9961-477A-B7CF-441E2746A6EA}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{7C16C081-9961-477A-B7CF-441E2746A6EA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 04/22/2013 at 13:17:23.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



OTL logfile created on: 4/22/2013 1:18:53 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Darren\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

9.77 Gb Total Physical Memory | 8.94 Gb Available Physical Memory | 91.55% Memory free
19.54 Gb Paging File | 18.75 Gb Available in Paging File | 95.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 914.11 Gb Total Space | 866.28 Gb Free Space | 94.77% Space Free | Partition Type: NTFS
Drive D: | 17.12 Gb Total Space | 2.14 Gb Free Space | 12.50% Space Free | Partition Type: NTFS

Computer Name: DARREN-HP | User Name: Darren | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/13 20:51:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darren\Desktop\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/02/11 14:54:02 | 000,235,520 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/12/23 03:14:33 | 000,308,736 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/12/23 03:12:26 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/03/25 17:19:08 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2011/02/16 22:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/09 23:58:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/17 21:43:06 | 000,218,880 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)
SRV - [2011/12/14 12:02:14 | 000,131,320 | ---- | M] (AMD) [Auto | Stopped] -- C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe -- (AMD_RAIDXpert)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/16 14:03:16 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2011/08/12 09:54:32 | 001,128,952 | ---- | M] (PDF Complete Inc) [Auto | Stopped] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2011/08/01 14:43:36 | 000,195,320 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/07/20 11:16:56 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/03/28 17:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 15:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/13 19:00:15 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/08/13 18:24:20 | 000,611,160 | ---- | M] (Kaspersky Lab) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/08/13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/07/25 14:53:54 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/06/08 11:38:10 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012/05/25 19:38:48 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/05/16 15:36:49 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/05/16 15:36:49 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/07 19:20:30 | 000,291,624 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s)
DRV:64bit: - [2012/02/11 16:00:00 | 010,819,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/02/11 13:43:38 | 000,328,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/12/28 19:14:00 | 000,409,408 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tixhci.sys -- (tixhci)
DRV:64bit: - [2011/12/28 19:13:57 | 000,136,000 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tihub3.sys -- (tihub3)
DRV:64bit: - [2011/12/23 03:15:09 | 000,535,040 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/12/06 04:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/11/30 02:19:59 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/16 03:25:56 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2011/03/25 19:21:10 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)
DRV:64bit: - [2011/03/25 19:21:06 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2011/03/25 19:21:06 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2011/03/25 19:21:06 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2011/03/25 19:21:06 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/03/22 20:39:20 | 003,060,800 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013/04/18 00:01:19 | 000,007,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\utiyoti3.sys -- (utiyoti3)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{7C16C081-9961-477A-B7CF-441E2746A6EA}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/04/18 19:04:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/04/18 19:04:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\[email protected] [2013/04/18 19:04:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/04/13 20:02:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/04/13 20:02:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darren\AppData\Roaming\Mozilla\Extensions
[2013/04/13 20:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/04/09 23:58:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/04/09 23:57:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/04/09 23:57:54 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15EF9454-C9E9-4DF0-BAF1-689ACDA3F3E9}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7F2395E-3769-46D0-BFBF-AAF4EA8A850D}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/22 13:15:59 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/04/22 13:15:42 | 000,000,000 | ---D | C] -- C:\JRT
[2013/04/22 13:14:18 | 000,535,747 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Darren\Desktop\JRT.exe
[2013/04/18 19:08:56 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\Microsoft Games
[2013/04/18 19:04:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013
[2013/04/18 19:04:31 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013/04/18 19:04:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013/04/18 19:03:50 | 000,611,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013/04/18 19:03:50 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/04/17 23:03:34 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013/04/17 23:03:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/04/17 23:03:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/04/17 23:02:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2013/04/17 22:39:26 | 000,000,000 | ---D | C] -- C:\fa3752b0eefbeefb1c0770
[2013/04/17 22:33:30 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jv16 PowerTools 2013
[2013/04/17 22:33:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\jv16 PowerTools 2013
[2013/04/17 21:38:29 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\WinBatch
[2013/04/17 21:15:07 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\HP Support Assistant
[2013/04/17 20:33:20 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2013/04/17 20:33:16 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2013/04/17 20:33:12 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2013/04/17 20:33:11 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2013/04/17 20:33:09 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013/04/17 20:33:09 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013/04/17 20:33:09 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2013/04/17 20:33:07 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/04/17 20:33:06 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/04/17 20:23:27 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\HpUpdate
[2013/04/17 19:43:32 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\Avg2013
[2013/04/13 20:51:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Darren\Desktop\OTL.exe
[2013/04/13 20:02:28 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Mozilla
[2013/04/13 20:02:28 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\Mozilla
[2013/04/13 20:02:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/04/13 20:02:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/04/13 20:02:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/04/13 19:52:41 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Malwarebytes
[2013/04/13 19:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/13 19:36:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2013/04/13 19:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/04/13 19:16:24 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\Programs
[2013/04/13 19:00:20 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\TuneUp Software
[2013/04/13 19:00:17 | 000,039,768 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/04/13 18:57:52 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/04/13 18:57:52 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\MFAData
[2013/04/13 18:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/04/13 18:57:08 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Adobe
[2013/04/13 18:53:32 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2013/04/13 18:53:32 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2013/04/13 18:50:20 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2013/04/13 18:50:20 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2013/04/13 18:50:20 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2013/04/13 18:50:18 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2013/04/13 18:50:18 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2013/04/13 18:50:18 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2013/04/13 18:50:15 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2013/04/13 18:50:15 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2013/04/13 18:50:13 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\Broadcom
[2013/04/13 18:50:13 | 000,000,000 | ---D | C] -- C:\Users\Darren\Documents\Bluetooth Exchange Folder
[2013/04/13 18:49:32 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\ATI
[2013/04/13 18:49:32 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\ATI
[2013/04/13 18:49:31 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\PDFC
[2013/04/13 18:49:16 | 000,000,000 | R--D | C] -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/04/13 18:49:16 | 000,000,000 | R--D | C] -- C:\Users\Darren\Searches
[2013/04/13 18:49:16 | 000,000,000 | R--D | C] -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/04/13 18:49:16 | 000,000,000 | -H-D | C] -- C:\Users\Darren\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/04/13 18:49:09 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Identities
[2013/04/13 18:49:07 | 000,000,000 | R--D | C] -- C:\Users\Darren\Contacts
[2013/04/13 18:49:05 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\VirtualStore
[2013/04/13 18:48:56 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Hewlett-Packard
[2013/04/13 18:45:32 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
[2013/04/13 18:45:32 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\TouchSmartData
[2013/04/13 18:45:29 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\RemEngine
[2013/04/13 18:45:26 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\Hewlett-Packard_Company
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\AppData\Local\Temporary Internet Files
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\Templates
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\Start Menu
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\SendTo
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\Recent
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\PrintHood
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\NetHood
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\Documents\My Videos
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\Documents\My Pictures
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\Documents\My Music
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\My Documents
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\Local Settings
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\AppData\Local\History
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\Cookies
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\Application Data
[2013/04/13 18:45:05 | 000,000,000 | -HSD | C] -- C:\Users\Darren\AppData\Local\Application Data
[2013/04/13 18:45:04 | 000,000,000 | --SD | C] -- C:\Users\Darren\AppData\Roaming\Microsoft
[2013/04/13 18:45:04 | 000,000,000 | R--D | C] -- C:\Users\Darren\Videos
[2013/04/13 18:45:04 | 000,000,000 | R--D | C] -- C:\Users\Darren\Saved Games
[2013/04/13 18:45:04 | 000,000,000 | R--D | C] -- C:\Users\Darren\Pictures
[2013/04/13 18:45:04 | 000,000,000 | R--D | C] -- C:\Users\Darren\Music
[2013/04/13 18:45:04 | 000,000,000 | R--D | C] -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/04/13 18:45:04 | 000,000,000 | R--D | C] -- C:\Users\Darren\Links
[2013/04/13 18:45:04 | 000,000,000 | R--D | C] -- C:\Users\Darren\Favorites
[2013/04/13 18:45:04 | 000,000,000 | R--D | C] -- C:\Users\Darren\Downloads
[2013/04/13 18:45:04 | 000,000,000 | R--D | C] -- C:\Users\Darren\Documents
[2013/04/13 18:45:04 | 000,000,000 | R--D | C] -- C:\Users\Darren\Desktop
[2013/04/13 18:45:04 | 000,000,000 | R--D | C] -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/04/13 18:45:04 | 000,000,000 | -H-D | C] -- C:\Users\Darren\AppData
[2013/04/13 18:45:04 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\Temp
[2013/04/13 18:45:04 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\Microsoft
[2013/04/13 18:45:04 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Media Center Programs
[2013/04/13 18:45:04 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Roaming\Macromedia
[2013/04/13 18:45:04 | 000,000,000 | ---D | C] -- C:\Users\Darren\AppData\Local\Hewlett-Packard
[2013/04/13 18:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mathematics
[2013/04/13 18:45:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Mathematics
[2013/04/13 18:44:46 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/04/13 18:37:59 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2013/04/22 13:14:24 | 000,535,747 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Darren\Desktop\JRT.exe
[2013/04/22 13:04:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/22 13:04:10 | 3573,628,927 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/19 22:34:46 | 000,775,032 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/19 22:34:46 | 000,657,732 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/19 22:34:46 | 000,119,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/18 19:46:14 | 000,092,237 | ---- | M] () -- C:\Users\Darren\Desktop\GetSystemInfo_DARREN-HP_Darren_2013_04_18_19_45_18.zip
[2013/04/18 19:04:31 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013/04/18 16:53:08 | 000,080,174 | ---- | M] () -- C:\Users\Darren\Desktop\GetSystemInfo_DARREN-HP_Darren_2013_04_18_16_52_25.zip
[2013/04/18 00:01:19 | 000,007,168 | ---- | M] () -- C:\Windows\SysWow64\drivers\utiyoti3.sys
[2013/04/17 23:54:58 | 000,003,328 | ---- | M] () -- C:\bootsqm.dat
[2013/04/17 23:41:54 | 000,076,518 | ---- | M] () -- C:\Users\Darren\Desktop\GetSystemInfo_DARREN-HP_Darren_2013_04_17_23_41_09.zip
[2013/04/17 23:38:33 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/17 23:38:33 | 000,024,400 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/17 23:13:36 | 000,074,814 | ---- | M] () -- C:\Users\Darren\Desktop\GetSystemInfo_DARREN-HP_Darren_2013_04_17_23_12_59.zip
[2013/04/17 22:56:44 | 000,272,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/17 22:33:32 | 000,000,022 | -HS- | M] () -- C:\Users\Darren\AppData\Roaming\Win3944_ConfigDB.dlx
[2013/04/17 22:33:32 | 000,000,022 | -HS- | M] () -- C:\Users\Darren\AppData\Roaming\System8638Conf Collection
[2013/04/17 22:33:25 | 000,001,891 | ---- | M] () -- C:\Users\Darren\Desktop\jv16 PowerTools 2013.lnk
[2013/04/17 20:16:26 | 000,072,672 | ---- | M] () -- C:\Users\Darren\Desktop\GetSystemInfo_DARREN-HP_Darren_2013_04_17_20_15_43.zip
[2013/04/13 20:51:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darren\Desktop\OTL.exe
[2013/04/13 20:02:24 | 000,001,149 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/13 19:16:54 | 000,000,632 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/04/13 19:16:54 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/04/13 19:16:54 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/04/13 19:00:15 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013/04/13 18:56:42 | 000,001,439 | ---- | M] () -- C:\Users\Darren\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/13 18:45:11 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cPC_h8-1234_Y53316J_0U_Q4CE22206HL_E12NA1MRW608_4A_I2AC8_SGigabyte_V1.2_BAn2 705_T120417_W73-1_L409_M10006_J1000_7AMD_8F12_93.50_#120714_N10EC8168;14E44357_Z_G1002677B_Ohp DVD-RAM GH80N SCSI CdRom Device.MRK
[2013/04/13 18:45:11 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cPC_h8-1234_Y53316J_0U_Q4CE22206HL_E12NA1MRW608_4A_I2AC8_SGigabyte_V1.2_BAn2 705_T120417_W73-1_L409_M10006_J1000_7AMD_8F12_93.50_#120714_N10EC8168;14E44357_Z_G1002677B_Ohp DVD-RAM GH80N SCSI CdRom Device.MRK
[2013/04/13 18:44:13 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/04/13 18:44:13 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2013/04/18 19:45:44 | 000,092,237 | ---- | C] () -- C:\Users\Darren\Desktop\GetSystemInfo_DARREN-HP_Darren_2013_04_18_19_45_18.zip
[2013/04/18 19:04:38 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
[2013/04/18 16:52:42 | 000,080,174 | ---- | C] () -- C:\Users\Darren\Desktop\GetSystemInfo_DARREN-HP_Darren_2013_04_18_16_52_25.zip
[2013/04/17 23:54:58 | 000,003,328 | ---- | C] () -- C:\bootsqm.dat
[2013/04/17 23:41:22 | 000,076,518 | ---- | C] () -- C:\Users\Darren\Desktop\GetSystemInfo_DARREN-HP_Darren_2013_04_17_23_41_09.zip
[2013/04/17 23:13:17 | 000,074,814 | ---- | C] () -- C:\Users\Darren\Desktop\GetSystemInfo_DARREN-HP_Darren_2013_04_17_23_12_59.zip
[2013/04/17 22:33:32 | 000,000,022 | -HS- | C] () -- C:\Users\Darren\AppData\Roaming\Win3944_ConfigDB.dlx
[2013/04/17 22:33:32 | 000,000,022 | -HS- | C] () -- C:\Users\Darren\AppData\Roaming\System8638Conf Collection
[2013/04/17 22:33:25 | 000,001,891 | ---- | C] () -- C:\Users\Darren\Desktop\jv16 PowerTools 2013.lnk
[2013/04/17 21:03:07 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\utiyoti3.sys
[2013/04/17 20:16:02 | 000,072,672 | ---- | C] () -- C:\Users\Darren\Desktop\GetSystemInfo_DARREN-HP_Darren_2013_04_17_20_15_43.zip
[2013/04/13 20:02:24 | 000,001,161 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/04/13 20:02:24 | 000,001,149 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/04/13 19:16:54 | 000,000,632 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/04/13 19:16:54 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/04/13 19:16:54 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/04/13 18:56:42 | 000,001,439 | ---- | C] () -- C:\Users\Darren\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/04/13 18:49:27 | 000,001,411 | ---- | C] () -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/04/13 18:49:23 | 000,001,445 | ---- | C] () -- C:\Users\Darren\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/04/13 18:45:33 | 000,002,321 | ---- | C] () -- C:\Users\Public\Desktop\HP Download Store.lnk
[2013/04/13 18:45:32 | 000,002,327 | ---- | C] () -- C:\Users\Public\Desktop\Try HP MyRoom Free.lnk
[2013/04/13 18:45:32 | 000,002,317 | ---- | C] () -- C:\Users\Public\Desktop\Zya Music...FREE!.lnk
[2013/04/13 18:45:32 | 000,002,263 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2013/04/13 18:45:32 | 000,002,223 | ---- | C] () -- C:\Users\Public\Desktop\RaRa Music.lnk
[2013/04/13 18:45:32 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\Snapfish.lnk
[2013/04/13 18:45:12 | 3573,628,927 | -HS- | C] () -- C:\hiberfil.sys
[2013/04/13 18:45:04 | 000,000,290 | ---- | C] () -- C:\Users\Darren\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/04/13 18:45:04 | 000,000,272 | ---- | C] () -- C:\Users\Darren\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/04/13 18:40:38 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cPC_h8-1234_Y53316J_0U_Q4CE22206HL_E12NA1MRW608_4A_I2AC8_SGigabyte_V1.2_BAn2 705_T120417_W73-1_L409_M10006_J1000_7AMD_8F12_93.50_#120714_N10EC8168;14E44357_Z_G1002677B_Ohp DVD-RAM GH80N SCSI CdRom Device.MRK
[2013/04/13 18:40:38 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cPC_h8-1234_Y53316J_0U_Q4CE22206HL_E12NA1MRW608_4A_I2AC8_SGigabyte_V1.2_BAn2 705_T120417_W73-1_L409_M10006_J1000_7AMD_8F12_93.50_#120714_N10EC8168;14E44357_Z_G1002677B_Ohp DVD-RAM GH80N SCSI CdRom Device.MRK
[2012/05/16 15:48:50 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\BeepApp.exe
[2012/05/16 15:41:44 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/05/16 15:37:30 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/05/16 15:37:30 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/05/16 15:37:30 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/02/11 01:18:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/12/13 21:44:10 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/10/12 15:33:22 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/05/16 15:35:17 | 014,173,184 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/05/16 15:35:17 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Edited by NLucied, 22 April 2013 - 02:42 PM.

  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello NLucied,

My father INSISTED on me installing Kaspersky Anti-Virus so I had to install that- and had problems with it.


Kaspersky is a good Anti-Virus program.

Only problem is one of the steps they gave me required uninstalling and when I was reinstalling after completing the step it got caught in the virus freeze/crash/reboot and now I can't pull its main screen up and I can't uninstall it- a error 1711 I think it was before it did its freeze/crash/reboot.


Try going to the link below and use Mr Fixit for problems with programs that can't be installed or uninstalled

http://support.micro...l_and_Uninstall

After that

There are some residues of AVG and Norton showing.

For AVG

Please download and run the AVG removal tool - 64bit.

For Norton

Download the Norton Removal Tool to remove left over bits of the Norton AntiVirus Program. Choose the link for the version you had and then download and run the removal progam. If you don't know the version just proceed, it should still work.

Finally in this post

Please download Security Check by screen317 from here .

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
So when you return please post
  • checkup.txt
  • and tell how you went with the Kaspersky uninstall

  • 0

#5
NLucied

NLucied

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Right, ran the Mr Fixit and it made it so when I tried to uninstall it said it wasn't installed. Maybe I can try downloading a AV from their website seeing as I can't really do much outside of Safe Mode.

Speaking of- Tried running SecurityCheck outside of safemode and it would Freeze then reboot before it finished so what I'm giving you is a scan in SafeMode with Networking.
Also, I noticed that I got a file after running the AVG remover... did you want that?

Results of screen317's Security Check version 0.99.62
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Mozilla Firefox (20.0.1)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

Maybe I can try downloading a AV from their website seeing as I can't really do much outside of Safe Mode.


Please don't do anything without first referring back here. There is a strange driver and suspicious files showing on your machine (likely malware) and we need to run through a process to get things fixed. Doing other things can result in problems. :)

I noticed that I got a file after running the AVG remover... did you want that?


Probably don't need it but if we do I will ask you.

For now

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. For your system it will be the 64 - Bit version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. If you run into difficulties tell me.

  • 0

#7
NLucied

NLucied

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
It ran fine (I'm in Safe Mode with Networking unless otherwise stated)
...and here are the files.


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-04-2013 01
Ran by Darren (administrator) on 22-04-2013 16:05:08
Running from C:\Users\Darren\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Network
==================== Processes (Whitelisted) =================

(Microsoft Corporation) [1172] C:\Windows\system32\ctfmon.exe
(Farbar) [644] C:\Users\Darren\Desktop\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-12-23] (IDT, Inc.)
HKLM\...\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe [37888 2011-12-23] (Hewlett-Packard )
HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKCU\...\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [393216 2012-02-11] (AMD)
MountPoints2: E - E:\autorun.exe
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [630912 2012-02-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation)
HKLM-x32\...\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM - {7C16C081-9961-477A-B7CF-441E2746A6EA} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll No File
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll No File
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll No File
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll No File
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - No File
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
Handler-x32: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
Handler-x32: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Winsock: Catalog5 09 %SystemRoot%\system32\wshbth.dll [36352] (Microsoft Corporation)
Winsock: Catalog5-x64 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
Winsock: Catalog5-x64 09 %SystemRoot%\system32\wshbth.dll [47104] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

FireFox:
========
FF ProfilePath: C:\Users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\k1jvfqtg.default
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

==================== Services (Whitelisted) =================

S2 HPAuto; C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe [682040 2011-02-16] (Hewlett-Packard)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation)
S2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
S2 AVP; "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" -r [x]

==================== Drivers (Whitelisted) ====================

R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [39768 2013-04-13] (AVG Technologies)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
S1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [611160 2012-08-13] (Kaspersky Lab)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-05-25] (Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29016 2012-07-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54104 2012-06-08] (Kaspersky Lab)
S1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178008 2012-08-13] (Kaspersky Lab)
S3 utiyoti3; \??\C:\Windows\system32\Drivers\utiyoti3.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-04-22 16:05 - 2013-04-22 16:05 - 00000000 ____D C:\FRST
2013-04-22 16:03 - 2013-04-22 16:04 - 01707098 ____A (Farbar) C:\Users\Darren\Desktop\FRST64.exe
2013-04-22 15:14 - 2013-04-22 15:14 - 00000772 ____A C:\Users\Darren\Desktop\checkup.txt
2013-04-22 15:02 - 2013-04-22 15:10 - 00000000 ____D C:\Users\Darren\AppData\Local\CrashDumps
2013-04-22 14:57 - 2013-04-22 14:57 - 00890815 ____A C:\Users\Darren\Desktop\SecurityCheck.exe
2013-04-22 14:51 - 2013-04-22 14:51 - 00866592 ____A C:\Users\Darren\Desktop\Norton_Removal_Tool.exe
2013-04-22 14:42 - 2013-04-22 14:42 - 01316632 ____A (AVG Technologies CZ, s.r.o.) C:\Users\Darren\Downloads\avgremoverx64.exe
2013-04-22 14:39 - 2013-04-22 14:39 - 00000000 ____D C:\MATS
2013-04-22 14:37 - 2013-04-22 14:37 - 00347424 ____A (Microsoft Corporation) C:\Users\Darren\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.20290097443250652.1.1.Run.exe
2013-04-22 13:21 - 2013-04-22 13:21 - 00092900 ____A C:\Users\Darren\Desktop\OTL.Txt
2013-04-22 13:17 - 2013-04-22 13:17 - 00001947 ____A C:\Users\Darren\Desktop\JRT.txt
2013-04-22 13:15 - 2013-04-22 13:15 - 00000000 ____D C:\Windows\ERUNT
2013-04-22 13:15 - 2013-04-22 13:15 - 00000000 ____D C:\JRT
2013-04-22 13:14 - 2013-04-22 13:14 - 00535747 ____A (Oleg N. Scherbakov) C:\Users\Darren\Desktop\JRT.exe
2013-04-18 19:45 - 2013-04-18 19:46 - 00092237 ____A C:\Users\Darren\Desktop\GetSystemInfo_DARREN-HP_Darren_2013_04_18_19_45_18.zip
2013-04-18 19:30 - 2013-04-18 19:30 - 00180000 ____A (Kaspersky Lab) C:\Users\Darren\Downloads\kss12.0.1.117EN_RU_DE_FR_2926.exe
2013-04-18 19:08 - 2013-04-18 19:08 - 00000000 ____D C:\Users\Darren\AppData\Local\Microsoft Games
2013-04-18 19:04 - 2012-07-11 17:09 - 00064856 ____A (Kaspersky Lab) C:\Windows\System32\klfphc.dll
2013-04-18 19:03 - 2012-08-13 18:24 - 00611160 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klif.sys
2013-04-18 19:03 - 2012-08-13 18:24 - 00089432 ____A (Kaspersky Lab) C:\Windows\System32\Drivers\klflt.sys
2013-04-18 16:52 - 2013-04-18 16:53 - 00080174 ____A C:\Users\Darren\Desktop\GetSystemInfo_DARREN-HP_Darren_2013_04_18_16_52_25.zip
2013-04-18 00:00 - 2013-04-18 00:00 - 00000000 ____D C:\Users\Darren\Downloads\avz4
2013-04-17 23:54 - 2013-04-17 23:54 - 00003328 ____N C:\bootsqm.dat
2013-04-17 23:49 - 2013-04-17 23:49 - 00000000 ____A C:\Users\Darren\Desktop\Kaspersky Error.txt
2013-04-17 23:41 - 2013-04-17 23:41 - 00076518 ____A C:\Users\Darren\Desktop\GetSystemInfo_DARREN-HP_Darren_2013_04_17_23_41_09.zip
2013-04-17 23:13 - 2013-04-17 23:13 - 00074814 ____A C:\Users\Darren\Desktop\GetSystemInfo_DARREN-HP_Darren_2013_04_17_23_12_59.zip
2013-04-17 23:12 - 2013-04-17 23:12 - 00231044 ____A C:\Users\Darren\Downloads\getsysteminfo4.zip
2013-04-17 23:03 - 2013-04-17 23:03 - 00000000 ____D C:\Windows\ELAMBKUP
2013-04-17 22:39 - 2013-04-17 22:39 - 00000000 ____D C:\fa3752b0eefbeefb1c0770
2013-04-17 22:36 - 2013-04-22 14:42 - 00325780 ____A C:\Users\Darren\Desktop\avgremover.log
2013-04-17 22:33 - 2013-04-17 22:33 - 00001891 ____A C:\Users\Darren\Desktop\jv16 PowerTools 2013.lnk
2013-04-17 22:33 - 2013-04-17 22:33 - 00000022 __ASH C:\Users\Darren\AppData\Roaming\Win3944_ConfigDB.dlx
2013-04-17 22:33 - 2013-04-17 22:33 - 00000022 __ASH C:\Users\Darren\AppData\Roaming\System8638Conf Collection
2013-04-17 22:33 - 2013-04-17 22:33 - 00000000 ____D C:\Program Files (x86)\jv16 PowerTools 2013
2013-04-17 22:32 - 2013-04-17 22:32 - 13194728 ____A C:\Users\Darren\Downloads\jv16pt_setup.exe
2013-04-17 22:31 - 2013-04-17 22:31 - 02540688 ____A (AVG Technologies CZ, s.r.o.) C:\Users\Darren\Downloads\avg_remover_stf_x64_2012_1796.exe
2013-04-17 21:38 - 2013-04-17 21:38 - 00000000 ____D C:\Users\Darren\AppData\Roaming\WinBatch
2013-04-17 21:17 - 2013-04-17 21:17 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-04-17 21:15 - 2013-04-17 21:15 - 00000000 ____D C:\Users\Darren\AppData\Roaming\HP Support Assistant
2013-04-17 21:03 - 2013-04-18 00:01 - 00007168 ____A C:\Windows\SysWOW64\Drivers\utiyoti3.sys
2013-04-17 20:33 - 2012-06-05 23:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2013-04-17 20:33 - 2012-06-05 22:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2013-04-17 20:33 - 2012-06-01 22:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-04-17 20:33 - 2012-06-01 22:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-04-17 20:33 - 2012-06-01 22:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-04-17 20:33 - 2012-06-01 21:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-04-17 20:33 - 2012-06-01 21:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-04-17 20:33 - 2012-06-01 21:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-04-17 20:33 - 2012-05-13 22:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2013-04-17 20:33 - 2012-02-10 23:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-04-17 20:33 - 2012-02-10 23:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2013-04-17 20:33 - 2012-02-10 23:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe
2013-04-17 20:33 - 2012-02-10 22:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-04-17 20:33 - 2011-12-16 01:46 - 00634880 ____A (Microsoft Corporation) C:\Windows\System32\msvcrt.dll
2013-04-17 20:33 - 2011-12-16 00:52 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2013-04-17 20:33 - 2011-02-22 21:55 - 00090624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\bowser.sys
2013-04-17 20:23 - 2013-04-17 21:15 - 00000000 ____D C:\Users\Darren\AppData\Roaming\HpUpdate
2013-04-17 20:22 - 2013-04-17 20:23 - 08121555 ____A C:\Users\Darren\Downloads\avz4.zip
2013-04-17 20:16 - 2013-04-17 20:16 - 00072672 ____A C:\Users\Darren\Desktop\GetSystemInfo_DARREN-HP_Darren_2013_04_17_20_15_43.zip
2013-04-17 19:43 - 2013-04-17 19:43 - 00000000 ____D C:\Users\Darren\AppData\Local\Avg2013
2013-04-17 19:32 - 2013-04-22 15:09 - 00002352 ____A C:\Windows\setupact.log
2013-04-13 20:51 - 2013-04-13 20:51 - 00602112 ____A (OldTimer Tools) C:\Users\Darren\Desktop\OTL.exe
2013-04-13 20:02 - 2013-04-13 20:02 - 21036128 ____A (Mozilla) C:\Users\Darren\Downloads\Firefox Setup 20.0.1.exe
2013-04-13 20:02 - 2013-04-13 20:02 - 00001149 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-04-13 20:02 - 2013-04-13 20:02 - 00000000 ____D C:\Users\Darren\AppData\Roaming\Mozilla
2013-04-13 20:02 - 2013-04-13 20:02 - 00000000 ____D C:\Users\Darren\AppData\Local\Mozilla
2013-04-13 20:02 - 2013-04-13 20:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-13 20:02 - 2013-04-13 20:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-13 19:52 - 2013-04-13 19:52 - 00000000 ____D C:\Users\Darren\AppData\Roaming\Malwarebytes
2013-04-13 19:16 - 2013-04-13 19:16 - 00000632 ____A C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-04-13 19:16 - 2013-04-13 19:16 - 00000628 ____A C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-04-13 19:16 - 2013-04-13 19:16 - 00000458 ____A C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-04-13 19:00 - 2013-04-13 19:00 - 00039768 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-04-13 19:00 - 2013-04-13 19:00 - 00000000 ____D C:\Users\Darren\AppData\Roaming\TuneUp Software
2013-04-13 18:57 - 2013-04-13 18:57 - 00000000 ____D C:\Users\Darren\AppData\Roaming\Adobe
2013-04-13 18:57 - 2013-04-13 18:57 - 00000000 ____D C:\Users\Darren\AppData\Local\MFAData
2013-04-13 18:53 - 2012-02-16 23:38 - 01031680 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2013-04-13 18:53 - 2012-02-16 22:34 - 00826880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2013-04-13 18:53 - 2012-02-16 21:58 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2013-04-13 18:53 - 2012-02-16 21:57 - 00023552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2013-04-13 18:50 - 2013-04-13 18:50 - 00059792 ____A C:\Users\Darren\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-13 18:50 - 2013-04-13 18:50 - 00000000 ____D C:\Users\Darren\Documents\Bluetooth Exchange Folder
2013-04-13 18:50 - 2013-04-13 18:50 - 00000000 ____D C:\Users\Darren\AppData\Local\Broadcom
2013-04-13 18:50 - 2012-06-02 15:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-04-13 18:50 - 2012-06-02 15:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2013-04-13 18:50 - 2012-06-02 15:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-04-13 18:50 - 2012-06-02 15:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-04-13 18:50 - 2012-06-02 15:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2013-04-13 18:50 - 2012-06-02 15:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2013-04-13 18:50 - 2012-06-02 15:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-04-13 18:50 - 2012-06-02 15:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2013-04-13 18:50 - 2012-06-02 15:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-04-13 18:49 - 2013-04-13 18:49 - 00000000 ____D C:\Users\Darren\AppData\Roaming\ATI
2013-04-13 18:49 - 2013-04-13 18:49 - 00000000 ____D C:\Users\Darren\AppData\Local\VirtualStore
2013-04-13 18:49 - 2013-04-13 18:49 - 00000000 ____D C:\Users\Darren\AppData\Local\PDFC
2013-04-13 18:49 - 2013-04-13 18:49 - 00000000 ____D C:\Users\Darren\AppData\Local\ATI
2013-04-13 18:48 - 2013-04-17 21:37 - 00000000 ____D C:\Users\Darren\AppData\Roaming\Hewlett-Packard
2013-04-13 18:45 - 2013-04-17 19:41 - 00000000 ____D C:\users\Darren
2013-04-13 18:45 - 2013-04-13 18:49 - 00000000 ____D C:\Users\Darren\AppData\Local\Hewlett-Packard_Company
2013-04-13 18:45 - 2013-04-13 18:47 - 00000000 ____D C:\Users\Darren\AppData\Local\Hewlett-Packard
2013-04-13 18:45 - 2013-04-13 18:45 - 00000020 ___SH C:\Users\Darren\ntuser.ini
2013-04-13 18:45 - 2013-04-13 18:45 - 00000000 ____D C:\Users\Darren\AppData\Local\TouchSmartData
2013-04-13 18:45 - 2013-04-13 18:45 - 00000000 ____D C:\Users\Darren\AppData\Local\RemEngine
2013-04-13 18:45 - 2013-04-13 18:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Mathematics
2013-04-13 18:45 - 2012-05-16 16:07 - 00002327 ____A C:\Users\Public\Desktop\Try HP MyRoom Free.lnk
2013-04-13 18:45 - 2012-05-16 16:07 - 00002263 ____A C:\Users\Public\Desktop\eBay.lnk
2013-04-13 18:45 - 2012-05-16 16:07 - 00002223 ____A C:\Users\Public\Desktop\RaRa Music.lnk
2013-04-13 18:45 - 2012-05-16 16:05 - 00002213 ____A C:\Users\Public\Desktop\Snapfish.lnk
2013-04-13 18:45 - 2012-05-16 16:04 - 00002317 ____A C:\Users\Public\Desktop\Zya Music...FREE!.lnk
2013-04-13 18:45 - 2012-05-16 16:01 - 00000000 ____D C:\Users\Darren\AppData\Roaming\Macromedia
2013-04-13 18:45 - 2012-05-16 16:00 - 00002321 ____A C:\Users\Public\Desktop\HP Download Store.lnk
2013-04-13 18:44 - 2013-04-17 22:39 - 01260084 ____A C:\Windows\WindowsUpdate.log
2013-04-13 18:40 - 2013-04-13 18:45 - 00000000 _RASH C:\Windows\SysWOW64\Drivers\103C_HP_cPC_h8-1234_Y53316J_0U_Q4CE22206HL_E12NA1MRW608_4A_I2AC8_SGigabyte_V1.2_BAn2 705_T120417_W73-1_L409_M10006_J1000_7AMD_8F12_93.50_#120714_N10EC8168;14E44357_Z_G1002677B_Ohp DVD-RAM GH80N SCSI CdRom Device.MRK
2013-04-13 18:40 - 2013-04-13 18:45 - 00000000 _RASH C:\Windows\System32\Drivers\103C_HP_cPC_h8-1234_Y53316J_0U_Q4CE22206HL_E12NA1MRW608_4A_I2AC8_SGigabyte_V1.2_BAn2 705_T120417_W73-1_L409_M10006_J1000_7AMD_8F12_93.50_#120714_N10EC8168;14E44357_Z_G1002677B_Ohp DVD-RAM GH80N SCSI CdRom Device.MRK

==================== One Month Modified Files and Folders =======

2013-04-22 16:05 - 2013-04-22 16:05 - 00000000 ____D C:\FRST
2013-04-22 16:04 - 2013-04-22 16:03 - 01707098 ____A (Farbar) C:\Users\Darren\Desktop\FRST64.exe
2013-04-22 15:14 - 2013-04-22 15:14 - 00000772 ____A C:\Users\Darren\Desktop\checkup.txt
2013-04-22 15:10 - 2013-04-22 15:02 - 00000000 ____D C:\Users\Darren\AppData\Local\CrashDumps
2013-04-22 15:09 - 2013-04-17 19:32 - 00002352 ____A C:\Windows\setupact.log
2013-04-22 15:09 - 2009-07-13 22:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-22 14:57 - 2013-04-22 14:57 - 00890815 ____A C:\Users\Darren\Desktop\SecurityCheck.exe
2013-04-22 14:55 - 2010-11-20 20:47 - 00234960 ____A C:\Windows\PFRO.log
2013-04-22 14:51 - 2013-04-22 14:51 - 00866592 ____A C:\Users\Darren\Desktop\Norton_Removal_Tool.exe
2013-04-22 14:42 - 2013-04-22 14:42 - 01316632 ____A (AVG Technologies CZ, s.r.o.) C:\Users\Darren\Downloads\avgremoverx64.exe
2013-04-22 14:42 - 2013-04-17 22:36 - 00325780 ____A C:\Users\Darren\Desktop\avgremover.log
2013-04-22 14:39 - 2013-04-22 14:39 - 00000000 ____D C:\MATS
2013-04-22 14:37 - 2013-04-22 14:37 - 00347424 ____A (Microsoft Corporation) C:\Users\Darren\Downloads\MicrosoftFixit.ProgramInstallUninstall.RNP.20290097443250652.1.1.Run.exe
2013-04-22 13:21 - 2013-04-22 13:21 - 00092900 ____A C:\Users\Darren\Desktop\OTL.Txt
2013-04-22 13:17 - 2013-04-22 13:17 - 00001947 ____A C:\Users\Darren\Desktop\JRT.txt
2013-04-22 13:15 - 2013-04-22 13:15 - 00000000 ____D C:\Windows\ERUNT
2013-04-22 13:15 - 2013-04-22 13:15 - 00000000 ____D C:\JRT
2013-04-22 13:14 - 2013-04-22 13:14 - 00535747 ____A (Oleg N. Scherbakov) C:\Users\Darren\Desktop\JRT.exe
2013-04-19 22:34 - 2009-07-13 22:13 - 00775032 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-18 19:46 - 2013-04-18 19:45 - 00092237 ____A C:\Users\Darren\Desktop\GetSystemInfo_DARREN-HP_Darren_2013_04_18_19_45_18.zip
2013-04-18 19:30 - 2013-04-18 19:30 - 00180000 ____A (Kaspersky Lab) C:\Users\Darren\Downloads\kss12.0.1.117EN_RU_DE_FR_2926.exe
2013-04-18 19:08 - 2013-04-18 19:08 - 00000000 ____D C:\Users\Darren\AppData\Local\Microsoft Games
2013-04-18 16:53 - 2013-04-18 16:52 - 00080174 ____A C:\Users\Darren\Desktop\GetSystemInfo_DARREN-HP_Darren_2013_04_18_16_52_25.zip
2013-04-18 00:01 - 2013-04-17 21:03 - 00007168 ____A C:\Windows\SysWOW64\Drivers\utiyoti3.sys
2013-04-18 00:00 - 2013-04-18 00:00 - 00000000 ____D C:\Users\Darren\Downloads\avz4
2013-04-17 23:54 - 2013-04-17 23:54 - 00003328 ____N C:\bootsqm.dat
2013-04-17 23:49 - 2013-04-17 23:49 - 00000000 ____A C:\Users\Darren\Desktop\Kaspersky Error.txt
2013-04-17 23:41 - 2013-04-17 23:41 - 00076518 ____A C:\Users\Darren\Desktop\GetSystemInfo_DARREN-HP_Darren_2013_04_17_23_41_09.zip
2013-04-17 23:38 - 2009-07-13 21:45 - 00024400 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-17 23:38 - 2009-07-13 21:45 - 00024400 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-17 23:13 - 2013-04-17 23:13 - 00074814 ____A C:\Users\Darren\Desktop\GetSystemInfo_DARREN-HP_Darren_2013_04_17_23_12_59.zip
2013-04-17 23:12 - 2013-04-17 23:12 - 00231044 ____A C:\Users\Darren\Downloads\getsysteminfo4.zip
2013-04-17 23:03 - 2013-04-17 23:03 - 00000000 ____D C:\Windows\ELAMBKUP
2013-04-17 22:56 - 2009-07-13 21:45 - 00272488 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-17 22:40 - 2010-11-21 00:17 - 00000000 ____D C:\Program Files\Windows Journal
2013-04-17 22:39 - 2013-04-17 22:39 - 00000000 ____D C:\fa3752b0eefbeefb1c0770
2013-04-17 22:39 - 2013-04-13 18:44 - 01260084 ____A C:\Windows\WindowsUpdate.log
2013-04-17 22:33 - 2013-04-17 22:33 - 00001891 ____A C:\Users\Darren\Desktop\jv16 PowerTools 2013.lnk
2013-04-17 22:33 - 2013-04-17 22:33 - 00000022 __ASH C:\Users\Darren\AppData\Roaming\Win3944_ConfigDB.dlx
2013-04-17 22:33 - 2013-04-17 22:33 - 00000022 __ASH C:\Users\Darren\AppData\Roaming\System8638Conf Collection
2013-04-17 22:33 - 2013-04-17 22:33 - 00000000 ____D C:\Program Files (x86)\jv16 PowerTools 2013
2013-04-17 22:32 - 2013-04-17 22:32 - 13194728 ____A C:\Users\Darren\Downloads\jv16pt_setup.exe
2013-04-17 22:31 - 2013-04-17 22:31 - 02540688 ____A (AVG Technologies CZ, s.r.o.) C:\Users\Darren\Downloads\avg_remover_stf_x64_2012_1796.exe
2013-04-17 21:40 - 2012-05-16 16:07 - 00000000 ___RD C:\Program Files\Online Services
2013-04-17 21:40 - 2012-05-16 15:54 - 00000000 ___RD C:\Program Files (x86)\Online Services
2013-04-17 21:39 - 2011-02-11 09:32 - 00000000 ___AD C:\SWSETUP
2013-04-17 21:38 - 2013-04-17 21:38 - 00000000 ____D C:\Users\Darren\AppData\Roaming\WinBatch
2013-04-17 21:37 - 2013-04-13 18:48 - 00000000 ____D C:\Users\Darren\AppData\Roaming\Hewlett-Packard
2013-04-17 21:17 - 2013-04-17 21:17 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-04-17 21:15 - 2013-04-17 21:15 - 00000000 ____D C:\Users\Darren\AppData\Roaming\HP Support Assistant
2013-04-17 21:15 - 2013-04-17 20:23 - 00000000 ____D C:\Users\Darren\AppData\Roaming\HpUpdate
2013-04-17 20:23 - 2013-04-17 20:22 - 08121555 ____A C:\Users\Darren\Downloads\avz4.zip
2013-04-17 20:16 - 2013-04-17 20:16 - 00072672 ____A C:\Users\Darren\Desktop\GetSystemInfo_DARREN-HP_Darren_2013_04_17_20_15_43.zip
2013-04-17 19:43 - 2013-04-17 19:43 - 00000000 ____D C:\Users\Darren\AppData\Local\Avg2013
2013-04-17 19:41 - 2013-04-13 18:45 - 00000000 ____D C:\users\Darren
2013-04-13 20:51 - 2013-04-13 20:51 - 00602112 ____A (OldTimer Tools) C:\Users\Darren\Desktop\OTL.exe
2013-04-13 20:02 - 2013-04-13 20:02 - 21036128 ____A (Mozilla) C:\Users\Darren\Downloads\Firefox Setup 20.0.1.exe
2013-04-13 20:02 - 2013-04-13 20:02 - 00001149 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-04-13 20:02 - 2013-04-13 20:02 - 00000000 ____D C:\Users\Darren\AppData\Roaming\Mozilla
2013-04-13 20:02 - 2013-04-13 20:02 - 00000000 ____D C:\Users\Darren\AppData\Local\Mozilla
2013-04-13 20:02 - 2013-04-13 20:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-04-13 20:02 - 2013-04-13 20:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-13 19:52 - 2013-04-13 19:52 - 00000000 ____D C:\Users\Darren\AppData\Roaming\Malwarebytes
2013-04-13 19:36 - 2009-07-13 22:38 - 00025600 __ASH C:\Windows\System32\config\BCD-Template.LOG
2013-04-13 19:36 - 2009-07-13 22:32 - 00028672 ____A C:\Windows\System32\config\BCD-Template
2013-04-13 19:16 - 2013-04-13 19:16 - 00000632 ____A C:\Windows\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-04-13 19:16 - 2013-04-13 19:16 - 00000628 ____A C:\Windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-04-13 19:16 - 2013-04-13 19:16 - 00000458 ____A C:\Windows\Tasks\Scan the system (Spybot - Search & Destroy).job
2013-04-13 19:00 - 2013-04-13 19:00 - 00039768 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-04-13 19:00 - 2013-04-13 19:00 - 00000000 ____D C:\Users\Darren\AppData\Roaming\TuneUp Software
2013-04-13 18:57 - 2013-04-13 18:57 - 00000000 ____D C:\Users\Darren\AppData\Roaming\Adobe
2013-04-13 18:57 - 2013-04-13 18:57 - 00000000 ____D C:\Users\Darren\AppData\Local\MFAData
2013-04-13 18:55 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\System32\restore
2013-04-13 18:53 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-04-13 18:50 - 2013-04-13 18:50 - 00059792 ____A C:\Users\Darren\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-13 18:50 - 2013-04-13 18:50 - 00000000 ____D C:\Users\Darren\Documents\Bluetooth Exchange Folder
2013-04-13 18:50 - 2013-04-13 18:50 - 00000000 ____D C:\Users\Darren\AppData\Local\Broadcom
2013-04-13 18:49 - 2013-04-13 18:49 - 00000000 ____D C:\Users\Darren\AppData\Roaming\ATI
2013-04-13 18:49 - 2013-04-13 18:49 - 00000000 ____D C:\Users\Darren\AppData\Local\VirtualStore
2013-04-13 18:49 - 2013-04-13 18:49 - 00000000 ____D C:\Users\Darren\AppData\Local\PDFC
2013-04-13 18:49 - 2013-04-13 18:49 - 00000000 ____D C:\Users\Darren\AppData\Local\ATI
2013-04-13 18:49 - 2013-04-13 18:45 - 00000000 ____D C:\Users\Darren\AppData\Local\Hewlett-Packard_Company
2013-04-13 18:48 - 2012-05-16 15:21 - 00000000 __RHD C:\SYSTEM.SAV
2013-04-13 18:47 - 2013-04-13 18:45 - 00000000 ____D C:\Users\Darren\AppData\Local\Hewlett-Packard
2013-04-13 18:45 - 2013-04-13 18:45 - 00000020 ___SH C:\Users\Darren\ntuser.ini
2013-04-13 18:45 - 2013-04-13 18:45 - 00000000 ____D C:\Users\Darren\AppData\Local\TouchSmartData
2013-04-13 18:45 - 2013-04-13 18:45 - 00000000 ____D C:\Users\Darren\AppData\Local\RemEngine
2013-04-13 18:45 - 2013-04-13 18:45 - 00000000 ____D C:\Program Files (x86)\Microsoft Mathematics
2013-04-13 18:45 - 2013-04-13 18:40 - 00000000 _RASH C:\Windows\SysWOW64\Drivers\103C_HP_cPC_h8-1234_Y53316J_0U_Q4CE22206HL_E12NA1MRW608_4A_I2AC8_SGigabyte_V1.2_BAn2 705_T120417_W73-1_L409_M10006_J1000_7AMD_8F12_93.50_#120714_N10EC8168;14E44357_Z_G1002677B_Ohp DVD-RAM GH80N SCSI CdRom Device.MRK
2013-04-13 18:45 - 2013-04-13 18:40 - 00000000 _RASH C:\Windows\System32\Drivers\103C_HP_cPC_h8-1234_Y53316J_0U_Q4CE22206HL_E12NA1MRW608_4A_I2AC8_SGigabyte_V1.2_BAn2 705_T120417_W73-1_L409_M10006_J1000_7AMD_8F12_93.50_#120714_N10EC8168;14E44357_Z_G1002677B_Ohp DVD-RAM GH80N SCSI CdRom Device.MRK
2013-04-13 18:45 - 2011-02-11 10:00 - 00000000 ____D C:\Windows\Panther
2013-04-13 18:45 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-04-13 18:45 - 2009-07-13 22:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2013-04-13 18:43 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-04-13 18:41 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\System32\sysprep
2013-04-13 18:39 - 2011-02-11 10:04 - 00005949 ____A C:\Windows\TSSysprep.log

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2011-02-11 12:22

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-04-2013 01
Ran by Darren at 2013-04-22 16:05:42 Run:
Running from C:\Users\Darren\Desktop
Boot Mode: Network
==========================================================


==================== Installed Programs =======================

Adobe AIR (Version: 2.6.0.19120)
Adobe Flash Player 11 ActiveX (x64) (Version: 11.1.102.55)
AMD Accelerated Video Transcoding (Version: 2.00.0000)
AMD APP SDK Runtime (Version: 10.0.873.1)
AMD Catalyst Install Manager (Version: 3.0.864.0)
AMD VISION Engine Control Center (Version: 2012.0211.52.1206)
Bejeweled 3 (Version: 2.2.0.97)
Bing Bar (Version: 7.0.826.0)
Blackhawk Striker 2 (Version: 2.2.0.95)
Blio (Version: 2.2.8188)
Bluetooth by hp (Version: 6.3.0.8200)
Bubble Wrap (Version: 1.0.0.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (Version: 2012.0211.52.1206)
Catalyst Control Center InstallProxy (Version: 2012.0211.52.1206)
Catalyst Control Center Localization All (Version: 2012.0211.52.1206)
Catalyst Control Center Profiles Desktop (Version: 2012.0211.52.1206)
CCC Help Chinese Standard (Version: 2012.0211.0051.1206)
CCC Help Chinese Traditional (Version: 2012.0211.0051.1206)
CCC Help Czech (Version: 2012.0211.0051.1206)
CCC Help Danish (Version: 2012.0211.0051.1206)
CCC Help Dutch (Version: 2012.0211.0051.1206)
CCC Help English (Version: 2012.0211.0051.1206)
CCC Help Finnish (Version: 2012.0211.0051.1206)
CCC Help French (Version: 2012.0211.0051.1206)
CCC Help German (Version: 2012.0211.0051.1206)
CCC Help Greek (Version: 2012.0211.0051.1206)
CCC Help Hungarian (Version: 2012.0211.0051.1206)
CCC Help Italian (Version: 2012.0211.0051.1206)
CCC Help Japanese (Version: 2012.0211.0051.1206)
CCC Help Korean (Version: 2012.0211.0051.1206)
CCC Help Norwegian (Version: 2012.0211.0051.1206)
CCC Help Polish (Version: 2012.0211.0051.1206)
CCC Help Portuguese (Version: 2012.0211.0051.1206)
CCC Help Russian (Version: 2012.0211.0051.1206)
CCC Help Spanish (Version: 2012.0211.0051.1206)
CCC Help Swedish (Version: 2012.0211.0051.1206)
CCC Help Thai (Version: 2012.0211.0051.1206)
CCC Help Turkish (Version: 2012.0211.0051.1206)
ccc-utility64 (Version: 2012.0211.52.1206)
Chuzzle Deluxe (Version: 2.2.0.95)
Cradle of Rome 2 (Version: 2.2.0.98)
D3DX10 (Version: 15.4.2368.0902)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904)
Dora's World Adventure (Version: 2.2.0.95)
Facebook (Version: 1.1.0004)
Farm Frenzy (Version: 2.2.0.98)
Farmscapes (Version: 2.2.0.98)
FATE (Version: 2.2.0.97)
Final Drive Fury (Version: 2.2.0.95)
Hewlett-Packard ACLM.NET v1.1.2.0 (Version: 1.00.0000)
Hoyle Card Games (Version: 2.2.0.95)
HP Application Assistant (Version: 1.0.393.3870)
HP Auto (Version: 1.0.12935.3667)
HP Calendar (Version: 5.1.4245.23508)
HP Client Services (Version: 1.1.12938.3539)
HP Clock (Version: 5.1.4244.16367)
HP Customer Experience Enhancements (Version: 6.0.1.8)
HP Games (Version: 1.0.2.5)
HP LinkUp (Version: 2.01.029)
HP Magic Canvas (Version: 5.1.15.0)
HP Magic Canvas Tutorials (Version: 5.0.0.3)
HP MovieStore (Version: 2.1.091)
HP MovieStore (Version: 2.1.21091.0)
HP Notes (Version: 5.1.4274.30382)
HP Odometer (Version: 2.10.0000)
HP RSS (Version: 5.1.4301.21494)
HP Setup (Version: 9.0.15130.3904)
HP Setup Manager (Version: 1.2.15145.3905)
HP Support Assistant (Version: 6.1.12.1)
HP Support Information (Version: 11.00.0001)
HP TouchSmart Background - Beats (Version: 1.0.1.0)
HP TouchSmart RecipeBox (Version: 3.0.3830.27730)
HP Update (Version: 5.003.001.001)
HP Vision Hardware Diagnostics (Version: 2.12.1.0)
HP Weather (Version: 5.1.4295.16450)
HydraVision (Version: 4.2.222.0)
Jewel Match 3 (Version: 2.2.0.98)
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (Version: 2.2.0.98)
John Deere Drive Green (Version: 2.2.0.95)
Junk Mail filter update (Version: 15.4.3502.0922)
jv16 PowerTools 2013 (Version: )
Kaspersky Anti-Virus 2013 (Version: 13.0.1.4190)
Kobo (Version: 2.0.3)
LabelPrint (Version: 2.5.4507)
Letters from Nowhere 2 (Version: 2.2.0.97)
Luxor HD (Version: 2.2.0.98)
Mah Jong Medley (Version: 2.2.0.95)
Mesh Runtime (Version: 15.4.5722.2)
Metric Converter (Version: 1.0.0.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mathematics (Version: 4.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.0.50401.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
Norton Online Backup (Version: 2.1.17869)
opensource (Version: 1.0.14960.3876)
PDF Complete Special Edition (Version: 4.0.65)
Penguins! (Version: 2.2.0.98)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.98)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PlayReady PC Runtime x86 (Version: 1.3.0)
Poker Superstars III (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.97)
Polar Golfer (Version: 2.2.0.98)
Power2Go (Version: 6.1.5706)
PressReader (Version: 5.11.0721.0)
RAIDXpert (Version: 3.3.1540.19)
Recovery Manager (Version: 5.5.0.4424)
Remote Graphics Receiver (Version: 5.4.5)
RollerCoaster Tycoon 3: Platinum (Version: 2.2.0.98)
Skype™ 5.5 (Version: 5.5.117)
Spot (Version: 1.0.0.0)
Tap Tap Bear (Version: 1.0.0.0)
The Treasures of Mystery Island: The Ghost Ship (Version: 2.2.0.98)
Torchlight (Version: 2.2.0.98)
TSHostedAppLauncher (Version: 5.1.15.0)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.98)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
WildTangent Games App (HP Games) (Version: 4.0.5.32)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Zinio Reader 4 (Version: 4.2.4164)
Zuma's Revenge (Version: 2.2.0.98)

==================== Restore Points =========================

14-04-2013 01:55:54 Initial Restore Point
14-04-2013 01:59:25 Installed AVG 2013
14-04-2013 01:59:41 Installed AVG 2013
18-04-2013 02:34:30 Removed AVG 2013
18-04-2013 03:30:44 Windows Update
18-04-2013 04:37:28 HPSF Applying updates
18-04-2013 05:38:21 Windows Update

==================== Faulty Device Manager Devices =============

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/22/2013 03:09:36 PM) (Source: Application Error) (User: )
Description: Faulting application name: NOBuClient.exe, version: 2.1.17869.0, time stamp: 0x4c056071
Faulting module name: NOBuClient.exe, version: 2.1.17869.0, time stamp: 0x4c056071
Exception code: 0xc0000005
Fault offset: 0x0000000000019f6f
Faulting process id: 0x494
Faulting application start time: 0xNOBuClient.exe0
Faulting application path: NOBuClient.exe1
Faulting module path: NOBuClient.exe2
Report Id: NOBuClient.exe3

Error: (04/22/2013 03:05:46 PM) (Source: Application Error) (User: )
Description: Faulting application name: NOBuClient.exe, version: 2.1.17869.0, time stamp: 0x4c056071
Faulting module name: NOBuClient.exe, version: 2.1.17869.0, time stamp: 0x4c056071
Exception code: 0xc0000005
Fault offset: 0x0000000000019f6f
Faulting process id: 0xbd4
Faulting application start time: 0xNOBuClient.exe0
Faulting application path: NOBuClient.exe1
Faulting module path: NOBuClient.exe2
Report Id: NOBuClient.exe3

Error: (04/22/2013 03:01:45 PM) (Source: Application Error) (User: )
Description: Faulting application name: NOBuClient.exe, version: 2.1.17869.0, time stamp: 0x4c056071
Faulting module name: NOBuClient.exe, version: 2.1.17869.0, time stamp: 0x4c056071
Exception code: 0xc0000005
Fault offset: 0x0000000000019f6f
Faulting process id: 0xbdc
Faulting application start time: 0xNOBuClient.exe0
Faulting application path: NOBuClient.exe1
Faulting module path: NOBuClient.exe2
Report Id: NOBuClient.exe3

Error: (04/22/2013 02:39:32 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\System32\sdiagnhost.exe -Embedding; Description = Kaspersky Anti-Virus 2013 ; Error = 0x8007043c).

Error: (04/22/2013 02:39:04 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\System32\sdiagnhost.exe -Embedding; Description = Restore Point before Kaspersky Anti-Virus 2013 was removed using Program Install and Uninstall troubleshooter; Error = 0x8007043c).


System errors:
=============
Error: (04/22/2013 04:05:37 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/22/2013 04:05:37 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/22/2013 04:05:37 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/22/2013 04:03:03 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/22/2013 04:03:03 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/22/2013 04:03:03 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/22/2013 03:58:29 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/22/2013 03:58:29 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/22/2013 03:58:29 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/22/2013 03:55:55 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (04/22/2013 03:09:36 PM) (Source: Application Error)(User: )
Description: NOBuClient.exe2.1.17869.04c056071NOBuClient.exe2.1.17869.04c056071c00000050000000000019f6f49401ce3fa612649847C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exeC:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe5159a10d-ab99-11e2-b08a-446d5755466f

Error: (04/22/2013 03:05:46 PM) (Source: Application Error)(User: )
Description: NOBuClient.exe2.1.17869.04c056071NOBuClient.exe2.1.17869.04c056071c00000050000000000019f6fbd401ce3fa58986151dC:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exeC:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exec7e2c5d2-ab98-11e2-b003-446d5755466f

Error: (04/22/2013 03:01:45 PM) (Source: Application Error)(User: )
Description: NOBuClient.exe2.1.17869.04c056071NOBuClient.exe2.1.17869.04c056071c00000050000000000019f6fbdc01ce3fa4f9db93d4C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exeC:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe3848ee2a-ab98-11e2-a002-446d5755466f

Error: (04/22/2013 02:39:32 PM) (Source: System Restore)(User: )
Description: C:\Windows\System32\sdiagnhost.exe -Embedding Kaspersky Anti-Virus 2013 0x8007043c

Error: (04/22/2013 02:39:04 PM) (Source: System Restore)(User: )
Description: C:\Windows\System32\sdiagnhost.exe -EmbeddingRestore Point before Kaspersky Anti-Virus 2013 was removed using Program Install and Uninstall troubleshooter0x8007043c


CodeIntegrity Errors:
===================================
Date: 2013-04-22 14:39:13.721
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-04-22 14:39:13.721
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-04-22 14:39:13.721
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-04-22 14:39:13.721
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-04-22 14:39:10.367
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-04-22 14:39:10.367
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-04-22 14:39:10.367
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-04-22 14:39:10.367
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-04-18 19:04:04.245
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-04-18 19:04:04.245
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 8%
Total physical RAM: 10005.44 MB
Available physical RAM: 9136.35 MB
Total Pagefile: 20009.07 MB
Available Pagefile: 19169.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:914.11 GB) (Free:865.88 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:17.12 GB) (Free:2.14 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 931 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 No Media 0 B 0 B
Disk 3 No Media 0 B 0 B
Disk 4 No Media 0 B 0 B

Partitions of Disk 0:
===============

Disk ID: 8D19C4C4

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 914 GB 101 MB
Partition 3 Primary 17 GB 914 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM NTFS Partition 100 MB Healthy System (partition with boot components)

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 914 GB Healthy Boot

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D HP_RECOVERY NTFS Partition 17 GB Healthy

=========================================================
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931 GB) (Disk ID: 8D19C4C4)

Partition 1: (Active) - (Size=100 MB) - (Type=07) (NTFS)

Partition 2: (Not Active) - (Size=914 GB) - (Type=07) (NTFS)

Partition 3: (Not Active) - (Size=17 GB) - (Type=07) (NTFS)
  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After that

Download Windows Repair (all in one) from here.

Install the program then run

Posted Image

Go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab click start
Posted Image

Select All and tick restart system when finished
Posted Image

When you return please post
  • Fixlog.txt
  • and tell me if you are able to boot normally now

  • 0

#9
NLucied

NLucied

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Nope, problems still here. The like 7+ wmpnscfg.exe in safemode shortly after log-on and a Freeze/Restart usually about 2-4 minutes after log-on in normal.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-04-2013 01
Ran by Darren at 2013-04-22 17:03:13 Run:1
Running from C:\Users\Darren\Desktop
Boot Mode: Network
==============================================

utiyoti3 service deleted successfully.
C:\Windows\system32\Drivers\utiyoti3.sys not found.
C:\Windows\SysWOW64\Drivers\utiyoti3.sys moved successfully.
avgtp service deleted successfully.
C:\Windows\system32\drivers\avgtpx64.sys moved successfully.
C:\Users\Darren\AppData\Local\Avg2013 moved successfully.
C:\Program Files (x86)\Symantec moved successfully.
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe not found.
C:\Windows\system32\drivers\avgtpx64.sys not found.


The system needs a manual reboot.

==== End of Fixlog ====
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello NLucied,

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

Advertisements


#11
NLucied

NLucied

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
One report fresh from the scanner.


ComboFix 13-04-22.01 - Darren 04/22/2013 19:04:19.1.6 - x64 NETWORK
Running from: c:\users\Darren\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\Darren\AppData\Local\Microsoft\Windows\Temporary Internet Files\App1041 Data_List.dat
.
.
((((((((((((((((((((((((( Files Created from 2013-03-23 to 2013-04-23 )))))))))))))))))))))))))))))))
.
.
2013-04-23 02:07 . 2013-04-23 02:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-23 01:19 . 2013-04-23 01:21 -------- d-----w- c:\windows\system32\catroot2
2013-04-23 00:34 . 2013-04-23 01:11 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2013-04-23 00:26 . 2013-04-23 00:26 -------- d-----w- C:\RegBackup
2013-04-22 23:05 . 2013-04-23 00:03 -------- d-----w- C:\FRST
2013-04-22 22:01 . 2013-04-22 22:01 -------- d-----w- c:\programdata\Symantec
2013-04-22 21:39 . 2013-04-22 21:39 -------- d-----w- C:\MATS
2013-04-22 20:15 . 2013-04-22 20:15 -------- d-----w- c:\windows\ERUNT
2013-04-22 20:15 . 2013-04-22 20:15 -------- d-----w- C:\JRT
2013-04-19 02:04 . 2012-07-12 00:09 64856 ----a-w- c:\windows\system32\klfphc.dll
2013-04-19 02:03 . 2012-08-14 01:24 89432 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-04-19 02:03 . 2012-08-14 01:24 611160 ----a-w- c:\windows\system32\drivers\klif.sys
2013-04-18 06:03 . 2013-04-18 06:03 -------- d-----w- c:\windows\ELAMBKUP
2013-04-18 06:03 . 2013-04-22 20:00 -------- d-----w- c:\programdata\Kaspersky Lab
2013-04-18 06:02 . 2013-04-22 22:03 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2013-04-18 05:39 . 2013-04-18 05:39 -------- d-----w- C:\fa3752b0eefbeefb1c0770
2013-04-18 05:33 . 2013-04-18 05:33 -------- d-----w- c:\program files (x86)\jv16 PowerTools 2013
2013-04-18 03:31 . 2013-02-19 10:57 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{76E79C18-492F-4329-9C0F-F591F0224670}\mpengine.dll
2013-04-14 03:02 . 2013-04-14 03:02 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-04-14 02:52 . 2013-04-14 02:52 -------- d-----w- c:\programdata\Malwarebytes
2013-04-14 02:36 . 2013-04-14 02:37 -------- d-----w- c:\programdata\Recovery
2013-04-14 02:17 . 2013-04-18 02:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-04-14 01:57 . 2013-04-18 05:36 -------- d-----w- c:\programdata\MFAData
2013-04-14 01:57 . 2013-04-14 01:57 -------- d-----w- c:\programdata\Common Files
2013-04-14 01:53 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-04-14 01:53 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2013-04-14 01:53 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-04-14 01:53 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-04-14 01:50 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-04-14 01:50 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-04-14 01:50 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-04-14 01:50 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-04-14 01:50 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2013-04-14 01:50 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2013-04-14 01:50 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2013-04-14 01:50 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2013-04-14 01:50 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2013-04-14 01:45 . 2013-04-18 02:41 -------- d-----w- c:\users\Darren
2013-04-14 01:45 . 2013-04-14 01:45 -------- d-----w- c:\program files (x86)\Microsoft Mathematics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-14 01:56 . 2011-03-29 01:36 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2012-02-11 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-11 630912]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-12-23 89600]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-11 235520]
R2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2011-12-14 131320]
R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648]
R2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-08-16 16384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
R2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
R2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-08-12 1128952]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-06 95248]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-03-26 349736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-03-26 39464]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-05-26 29016]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-07-25 29016]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2012-03-08 291624]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-06-08 54104]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-11-30 565352]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys [2011-12-29 136000]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [2011-12-29 409408]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-08-16 47232]
.
.
Contents of the 'Scheduled Tasks' folder
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-23 1424896]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2011-12-23 37888]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\k1jvfqtg.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Norton Online Backup - c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
Completion time: 2013-04-22 19:08:49
ComboFix-quarantined-files.txt 2013-04-23 02:08
.
Pre-Run: 932,110,741,504 bytes free
Post-Run: 932,032,012,288 bytes free
.
- - End Of File - - C253DFE0C19498BCBE3149A90E053739
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Hello NLucied,

Go here for instructions on how to disable wmpnscfg.exe.

After that

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Driver::
NOBU
klkbdflt

File::
c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
c:\windows\system32\DRIVERS\klkbdflt.sys

Folder::
c:\program files (x86)\Symantec
c:\programdata\Symantec

Reboot::


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.
  • 0

#13
NLucied

NLucied

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
ACK! keyboard non-functional. using virtual keyboard now. Help?



ComboFix 13-04-22.01 - Darren 04/22/2013 19:58:03.2.6 - x64 NETWORK
Running from: c:\users\Darren\Desktop\ComboFix.exe
Command switches used :: c:\users\Darren\Desktop\CFScript.txt.txt
.
FILE ::
"c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe"
"c:\windows\system32\DRIVERS\klkbdflt.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Symantec
c:\programdata\Symantec\Norton Online Backup\log.txt
c:\programdata\Symantec\Norton Online Backup\NobuClient3E7C3E06-3344-4EA3-92A3-6F6A47FD6938_2.1.17869.dmp
c:\programdata\Symantec\Norton Online Backup\NobuClient59ECB5A2-EAAA-49B7-97F9-A850E9342EC2_2.1.17869.dmp
c:\programdata\Symantec\Norton Online Backup\NobuClientD6E5F063-7844-4A4F-BB80-4FF6E29704C0_2.1.17869.dmp
c:\programdata\Symantec\Norton Online Backup\temp\boost_interprocess\Nobu64AgentService
c:\programdata\Symantec\Norton Online Backup\temp\boost_interprocess\Nobu64TrayIcon
c:\windows\system32\DRIVERS\klkbdflt.sys
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_klkbdflt
-------\Service_NOBU
.
.
((((((((((((((((((((((((( Files Created from 2013-03-23 to 2013-04-23 )))))))))))))))))))))))))))))))
.
.
2013-04-23 01:19 . 2013-04-23 01:21 -------- d-----w- c:\windows\system32\catroot2
2013-04-23 00:34 . 2013-04-23 01:11 -------- d-----w- c:\windows\SysWow64\wbem\Performance
2013-04-23 00:26 . 2013-04-23 00:26 -------- d-----w- C:\RegBackup
2013-04-22 23:05 . 2013-04-23 00:03 -------- d-----w- C:\FRST
2013-04-22 21:39 . 2013-04-22 21:39 -------- d-----w- C:\MATS
2013-04-22 20:15 . 2013-04-22 20:15 -------- d-----w- c:\windows\ERUNT
2013-04-22 20:15 . 2013-04-22 20:15 -------- d-----w- C:\JRT
2013-04-19 02:04 . 2012-07-12 00:09 64856 ----a-w- c:\windows\system32\klfphc.dll
2013-04-19 02:03 . 2012-08-14 01:24 89432 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-04-19 02:03 . 2012-08-14 01:24 611160 ----a-w- c:\windows\system32\drivers\klif.sys
2013-04-18 06:03 . 2013-04-18 06:03 -------- d-----w- c:\windows\ELAMBKUP
2013-04-18 06:03 . 2013-04-22 20:00 -------- d-----w- c:\programdata\Kaspersky Lab
2013-04-18 06:02 . 2013-04-22 22:03 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2013-04-18 05:39 . 2013-04-18 05:39 -------- d-----w- C:\fa3752b0eefbeefb1c0770
2013-04-18 05:33 . 2013-04-18 05:33 -------- d-----w- c:\program files (x86)\jv16 PowerTools 2013
2013-04-18 03:31 . 2013-02-19 10:57 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{76E79C18-492F-4329-9C0F-F591F0224670}\mpengine.dll
2013-04-14 03:02 . 2013-04-14 03:02 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-04-14 02:52 . 2013-04-14 02:52 -------- d-----w- c:\programdata\Malwarebytes
2013-04-14 02:36 . 2013-04-14 02:37 -------- d-----w- c:\programdata\Recovery
2013-04-14 02:17 . 2013-04-18 02:32 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-04-14 01:57 . 2013-04-18 05:36 -------- d-----w- c:\programdata\MFAData
2013-04-14 01:57 . 2013-04-14 01:57 -------- d-----w- c:\programdata\Common Files
2013-04-14 01:53 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2013-04-14 01:53 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2013-04-14 01:53 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2013-04-14 01:53 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2013-04-14 01:50 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2013-04-14 01:50 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2013-04-14 01:50 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2013-04-14 01:50 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2013-04-14 01:50 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2013-04-14 01:50 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2013-04-14 01:50 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2013-04-14 01:50 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2013-04-14 01:50 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2013-04-14 01:45 . 2013-04-18 02:41 -------- d-----w- c:\users\Darren
2013-04-14 01:45 . 2013-04-14 01:45 -------- d-----w- c:\program files (x86)\Microsoft Mathematics
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-14 01:56 . 2011-03-29 01:36 19696 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2012-02-11 393216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-02-11 630912]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]
R2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-12-23 89600]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-11 235520]
R2 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2011-12-14 131320]
R2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648]
R2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2011-08-16 16384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072]
R2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
R2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264]
R2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-08-12 1128952]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-06 95248]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320]
R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-03-26 349736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-03-26 39464]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-07-25 29016]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [2012-03-08 291624]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2012-06-08 54104]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-11-30 565352]
S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys [2011-12-29 136000]
S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys [2011-12-29 409408]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2011-08-16 47232]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-23 1424896]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2011-12-23 37888]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\users\Darren\AppData\Roaming\Mozilla\Firefox\Profiles\k1jvfqtg.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
Completion time: 2013-04-22 20:08:14 - machine was rebooted
ComboFix-quarantined-files.txt 2013-04-23 03:08
ComboFix2.txt 2013-04-23 02:08
.
Pre-Run: 932,091,703,296 bytes free
Post-Run: 931,640,635,392 bytes free
.
- - End Of File - - CB7B47E318C2AA25092AFE59C2C14CF6
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts

ACK! keyboard non-functional. using virtual keyboard now. Help?


Hmm... we haven't touched anything that would cause that.

Did you disable wmpnscfg.exe? I wonder if anything happened there...

Anyway let's do this:

Please download Farbar Service Scanner and run.

  • Make sure the following options are checked:


  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Other Services

[*]Press Scan
[*]A log (FSS.txt) will be created in the same directory the tool is run.
[*]Copy and paste the log back here.
[/list]
  • 0

#15
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 19,991 posts
Further to my last post.

Also do this:

Right click on My Computer > Manage and click on Device Manager (under System Tools - list on left hand side)

Scroll down to Keyboards and see if there are any warning signs there. If you see a yellow warning sign next to a name, double click its name to figure out what the problem is. Windows will explain why the device is temporarily out of work, and may even advise you to run its troubleshooter program. Try that.

If that solves the problem well and good. If not come back and tell me what happened.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP