Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

help slow comp and bad bug [Solved]

Started by mayorhemi , Jan 09 2014 06:46 PM

  • This topic is locked This topic is locked

#1
mayorhemi
Posted 09 January 2014 - 06:46 PM

mayorhemi

    Member

  • Member
  • PipPip
  • 29 posts
i think i got the ping.exe bug none of my av are clearing it this is for essexboy

ok what and where do i start what programs do i need to d/l and log to send

i have never done this before

thanks a million
  • 0

Advertisements

#2
mayorhemi
Posted 09 January 2014 - 08:23 PM

mayorhemi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
here is my otl i read to post this

when i ran otl it gave me 2 file otl.txt and extras.txt i did not post this one do you need it?



OTL logfile created on: 1/9/2014 8:48:06 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tonyg\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.21 Gb Available Physical Memory | 77.76% Memory free
19.88 Gb Paging File | 18.01 Gb Available in Paging File | 90.60% Paging File free
Paging file location(s): c:\pagefile.sys 12273 12273 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.46 Gb Total Space | 476.79 Gb Free Space | 51.19% Space Free | Partition Type: NTFS

Computer Name: TONYG-PC | User Name: tonyg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/09 20:47:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tonyg\Desktop\OTL.exe
PRC - [2013/10/18 16:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/10 17:12:38 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/10 17:12:38 | 000,460,288 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
SRV:64bit: - [2011/06/13 21:21:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/01/05 13:24:13 | 000,076,888 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/12/11 14:40:36 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/10 16:26:22 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/18 16:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/10 17:12:38 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/06/11 18:59:26 | 000,342,016 | ---- | M] (Alcatel-Lucent) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe -- (pcServiceHost)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2014/01/06 20:52:45 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/10/30 12:55:10 | 000,458,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2013/09/26 22:18:30 | 001,147,480 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2013/09/26 21:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2013/09/26 21:26:03 | 000,858,200 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2013/09/25 22:28:00 | 000,507,992 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2013/09/25 21:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/09 21:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2013/09/09 20:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2013/06/12 16:57:39 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/02/11 21:18:19 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/24 21:18:34 | 000,006,656 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\rzkbdhid.sys -- (rzkbdhid)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/01/13 18:14:58 | 000,057,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/01/13 18:14:50 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/01/13 18:14:22 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2008/11/29 06:19:28 | 000,028,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2008/02/13 07:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys -- (Amusbprt)
DRV:64bit: - [2007/10/15 02:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys -- (Amfilter)
DRV:64bit: - [2007/06/29 13:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64)
DRV - [2014/01/07 19:35:46 | 000,057,024 | ---- | M] (Emsisoft GmbH) [Kernel | On_Demand | Stopped] -- C:\EEK\Run\cleanhlp64.sys -- (cleanhlp)
DRV - [2014/01/06 17:48:44 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140108.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/01/06 11:26:36 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140108.023\ex64.sys -- (NAVEX15)
DRV - [2014/01/06 11:26:36 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/01/06 11:26:36 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140108.023\eng64.sys -- (NAVENG)
DRV - [2014/01/04 01:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/12/28 16:41:54 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2013/12/17 19:32:10 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20131218.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/08/09 23:11:50 | 000,026,176 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\EEK\Run\a2ddax64.sys -- (A2DDA)
DRV - [2012/12/10 17:12:02 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/12/10 17:12:02 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/06/02 10:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP51
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {BB58BA57-01AF-494F-93F0-D335053719DB}
IE - HKCU\..\SearchScopes\{BB58BA57-01AF-494F-93F0-D335053719DB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Conduit Search"
FF - prefs.js..browser.search.selectedEngine: "Conduit Search"
FF - prefs.js..browser.startup.homepage: "http://search.condui...Atest29B_sp_ff"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.4.5%20-%201
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.RadioPI_4e.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\tonyg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014/01/06 20:53:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/01/09 17:55:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/22 14:32:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/08 11:26:34 | 000,000,000 | ---D | M]

[2011/06/16 05:34:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tonyg\AppData\Roaming\Mozilla\Extensions
[2014/01/08 11:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tonyg\AppData\Roaming\Mozilla\Firefox\Profiles\bcsyaewy.default\extensions
[2014/01/08 11:26:36 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\tonyg\AppData\Roaming\Mozilla\Firefox\Profiles\bcsyaewy.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2013/12/21 21:28:35 | 000,000,876 | ---- | M] () -- C:\Users\tonyg\AppData\Roaming\Mozilla\Firefox\Profiles\bcsyaewy.default\searchplugins\conduit-search.xml
[2013/10/09 17:27:13 | 000,003,746 | ---- | M] () -- C:\Users\tonyg\AppData\Roaming\Mozilla\Firefox\Profiles\bcsyaewy.default\searchplugins\safeguard-secure-search.xml
[2013/12/22 14:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/22 14:32:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/22 14:32:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF
[2011/06/16 06:09:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

Hosts file not found
O2:64bit: - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {25515A79-C1C7-4B97-97F8-31A711694487} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {462BE121-2B54-4218-BF00-B9BF8135B23F} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: blank ([]about in Computer)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsu...oad/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} http://www.battlefie...r_5.0.203.0.cab (Battlefield Heroes Updater)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.15.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE6DB04C-299A-4856-8B5A-3FF62A649F0C}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/09 20:47:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tonyg\Desktop\OTL.exe
[2014/01/08 11:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Toolbar
[2014/01/08 11:26:43 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Local\AOL Toolbar
[2014/01/08 11:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Toolbar
[2014/01/08 11:26:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2014/01/08 11:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOL Toolbar
[2014/01/08 11:07:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\pinghold
[2014/01/07 02:06:48 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/06 20:55:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/01/06 20:52:45 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/01/06 20:52:07 | 000,507,992 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symtdiv.sys
[2014/01/06 20:52:06 | 001,147,480 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA64.sys
[2014/01/06 20:52:06 | 000,858,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.sys
[2014/01/06 20:52:06 | 000,590,936 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symnets.sys
[2014/01/06 20:52:06 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS64.sys
[2014/01/06 20:52:06 | 000,264,280 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Ironx64.sys
[2014/01/06 20:52:06 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.sys
[2014/01/06 20:52:06 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.sys
[2014/01/06 20:52:06 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymELAM.sys
[2014/01/06 20:51:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2014/01/06 20:51:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1501000.012
[2014/01/06 20:51:55 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
[2014/01/06 20:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Suite
[2014/01/06 20:50:48 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2014/01/06 20:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell
[2014/01/01 22:24:15 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Local\NVIDIA
[2014/01/01 21:22:00 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Roaming\NVIDIA
[2013/12/31 20:21:00 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Local\Razer_Inc
[2013/12/31 20:20:56 | 000,000,000 | ---D | C] -- C:\Users\tonyg\Documents\Razer
[2013/12/31 18:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/12/31 18:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/12/28 17:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
[2013/12/28 16:41:54 | 000,021,712 | ---- | C] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2013/12/28 16:41:54 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Local\eSupport.com
[2013/12/28 16:41:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eSupport.com
[2013/12/22 14:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/20 16:35:17 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Roaming\openvr
[2013/12/17 05:38:29 | 000,000,000 | ---D | C] -- C:\Users\tonyg\Documents\famepoints
[2013/12/14 16:11:10 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
[2013/12/14 16:11:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPU-Z
[2013/12/13 18:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/12/13 18:08:52 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/09 20:47:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tonyg\Desktop\OTL.exe
[2014/01/09 19:52:20 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/09 19:52:20 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/09 19:25:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/09 18:49:42 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014/01/09 17:57:41 | 013,335,612 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/09 17:57:41 | 004,600,250 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/09 17:57:41 | 000,006,624 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/09 17:52:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/07 22:35:21 | 000,229,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/07 02:06:48 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/06 21:26:23 | 000,020,408 | ---- | M] () -- C:\Users\tonyg\Documents\cc_20140106_212605.reg
[2014/01/06 20:53:22 | 002,734,577 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Cat.DB
[2014/01/06 20:52:45 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/01/06 20:52:45 | 000,008,222 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/01/06 20:52:45 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/01/06 20:52:35 | 000,002,258 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2014/01/06 20:50:48 | 000,000,846 | ---- | M] () -- C:\Users\tonyg\Desktop\Norton Installation Files.lnk
[2014/01/06 16:51:22 | 000,515,138 | ---- | M] () -- C:\Users\tonyg\Documents\ge microwave.jpg
[2014/01/05 13:24:13 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/01/04 12:58:02 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/01/02 01:10:35 | 000,002,708 | ---- | M] () -- C:\Users\tonyg\AppData\Local\d3d9caps.dat
[2014/01/01 22:07:55 | 000,001,460 | ---- | M] () -- C:\Users\tonyg\AppData\Local\d3d9caps64.dat
[2014/01/01 15:34:58 | 000,002,747 | ---- | M] () -- C:\Users\tonyg\Desktop\Intel Processor Diagnostic Tool.lnk
[2013/12/28 16:41:54 | 000,021,712 | ---- | M] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2013/12/23 21:37:30 | 000,002,992 | ---- | M] () -- C:\{1DDD58F4-E247-46AB-B2AE-780117A93B82}
[2013/12/21 21:26:22 | 000,008,302 | ---- | M] () -- C:\Users\tonyg\Documents\cc_20131221_212614.reg
[2013/12/20 15:33:54 | 000,000,219 | ---- | M] () -- C:\Users\tonyg\Desktop\Team Fortress 2.url
[2013/12/19 13:55:20 | 000,023,702 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\VT20131219.024
[2013/12/18 09:45:50 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/12/17 06:50:26 | 003,772,001 | ---- | M] () -- C:\Users\tonyg\Documents\alleyoffamepoints.rtf
[2013/12/16 22:03:48 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/12/16 21:51:08 | 000,003,849 | ---- | M] () -- C:\Users\tonyg\Documents\campagin2 rules.rtf
[2013/12/16 20:42:34 | 000,001,157 | ---- | M] () -- C:\Users\tonyg\Desktop\Continue Microsoft Office Home and Student Installation.lnk
[2013/12/14 16:58:53 | 000,000,689 | ---- | M] () -- C:\Users\tonyg\Desktop\cmd - Shortcut.lnk
[2013/12/14 16:17:46 | 000,030,574 | ---- | M] () -- C:\Users\tonyg\Documents\gt8800.gif
[2013/12/14 16:11:11 | 000,000,802 | ---- | M] () -- C:\Users\tonyg\Desktop\TechPowerUp GPU-Z.lnk
[2013/12/13 18:09:50 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/07 18:41:33 | 000,229,160 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/06 23:59:28 | 000,023,702 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\VT20131219.024
[2014/01/06 21:26:08 | 000,020,408 | ---- | C] () -- C:\Users\tonyg\Documents\cc_20140106_212605.reg
[2014/01/06 20:52:52 | 002,734,577 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Cat.DB
[2014/01/06 20:52:45 | 000,008,222 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/01/06 20:52:45 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/01/06 20:52:35 | 000,002,258 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2014/01/06 20:51:56 | 000,014,818 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymVTcer.dat
[2014/01/06 20:51:56 | 000,009,939 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymELAM64.cat
[2014/01/06 20:51:56 | 000,008,202 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.cat
[2014/01/06 20:51:56 | 000,008,196 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.cat
[2014/01/06 20:51:56 | 000,008,194 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA64.cat
[2014/01/06 20:51:56 | 000,008,192 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symnet64.cat
[2014/01/06 20:51:56 | 000,008,192 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.cat
[2014/01/06 20:51:56 | 000,008,188 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS64.cat
[2014/01/06 20:51:56 | 000,008,184 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\iron.cat
[2014/01/06 20:51:56 | 000,003,433 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA.inf
[2014/01/06 20:51:56 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS.inf
[2014/01/06 20:51:56 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymNet.inf
[2014/01/06 20:51:56 | 000,001,437 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.inf
[2014/01/06 20:51:56 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.inf
[2014/01/06 20:51:56 | 000,001,098 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symELAM.inf
[2014/01/06 20:51:56 | 000,000,855 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.inf
[2014/01/06 20:51:56 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Iron.inf
[2014/01/06 20:51:56 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\isolate.ini
[2014/01/06 20:50:48 | 000,000,846 | ---- | C] () -- C:\Users\tonyg\Desktop\Norton Installation Files.lnk
[2014/01/06 16:45:43 | 000,515,138 | ---- | C] () -- C:\Users\tonyg\Documents\ge microwave.jpg
[2013/12/31 18:48:10 | 000,023,754 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013/12/23 21:37:27 | 000,002,992 | ---- | C] () -- C:\{1DDD58F4-E247-46AB-B2AE-780117A93B82}
[2013/12/21 21:26:16 | 000,008,302 | ---- | C] () -- C:\Users\tonyg\Documents\cc_20131221_212614.reg
[2013/12/20 15:33:54 | 000,000,219 | ---- | C] () -- C:\Users\tonyg\Desktop\Team Fortress 2.url
[2013/12/18 09:45:50 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/12/17 06:50:26 | 003,772,001 | ---- | C] () -- C:\Users\tonyg\Documents\alleyoffamepoints.rtf
[2013/12/16 21:51:08 | 000,003,849 | ---- | C] () -- C:\Users\tonyg\Documents\campagin2 rules.rtf
[2013/12/16 20:39:30 | 000,001,157 | ---- | C] () -- C:\Users\tonyg\Desktop\Continue Microsoft Office Home and Student Installation.lnk
[2013/12/14 16:58:53 | 000,000,689 | ---- | C] () -- C:\Users\tonyg\Desktop\cmd - Shortcut.lnk
[2013/12/14 16:17:46 | 000,030,574 | ---- | C] () -- C:\Users\tonyg\Documents\gt8800.gif
[2013/12/14 16:11:10 | 000,000,802 | ---- | C] () -- C:\Users\tonyg\Desktop\TechPowerUp GPU-Z.lnk
[2013/12/13 18:09:50 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/04/10 11:27:11 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/04/10 11:26:55 | 000,787,681 | ---- | C] () -- C:\ProgramData\1.jpg
[2013/03/23 08:29:25 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/02/09 10:51:06 | 000,090,572 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/08/05 01:05:47 | 000,008,704 | ---- | C] () -- C:\Users\tonyg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/03 01:20:15 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/07/03 01:18:33 | 000,000,632 | RHS- | C] () -- C:\Users\tonyg\ntuser.pol
[2012/06/13 18:49:03 | 000,034,764 | ---- | C] () -- C:\Users\tonyg\AppData\Local\dt.dat
[2012/04/25 07:54:42 | 000,426,496 | ---- | C] () -- C:\Windows\SysWow64\STLibWrapper.dll
[2012/04/25 07:54:42 | 000,204,884 | ---- | C] () -- C:\Windows\SysWow64\spxusb.dll
[2012/04/25 07:54:42 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2012/01/13 21:30:30 | 001,236,992 | ---- | C] () -- C:\Windows\SysWow64\IAIFFCtrl.dll
[2012/01/13 21:30:30 | 001,032,192 | ---- | C] () -- C:\Windows\SysWow64\IAI286Ctrl.dll
[2012/01/13 21:30:30 | 000,831,488 | ---- | C] () -- C:\Windows\SysWow64\IAI285Ctrl.dll
[2012/01/13 21:30:30 | 000,720,896 | ---- | C] () -- C:\Windows\SysWow64\IAIGameCtrl.dll
[2011/12/07 16:31:47 | 000,002,708 | ---- | C] () -- C:\Users\tonyg\AppData\Local\d3d9caps.dat
[2011/06/16 01:07:26 | 000,001,460 | ---- | C] () -- C:\Users\tonyg\AppData\Local\d3d9caps64.dat

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/06 21:01:29 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\ActiveDossierUploader
[2012/03/28 16:44:07 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\AVG
[2012/09/12 18:38:17 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Awesomium
[2013/03/27 19:46:37 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Downloaded Installations
[2012/03/20 19:56:01 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\FreeFileViewer
[2012/07/04 15:24:35 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\ID Vault
[2012/02/26 19:21:13 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\IObit
[2013/12/20 16:35:17 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\openvr
[2012/07/07 09:07:22 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\PCDr
[2013/08/09 04:41:23 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\QuickScan
[2013/05/29 16:31:53 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Sammsoft
[2013/06/02 21:50:24 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\ts3overlay
[2013/02/13 20:20:28 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\ts3overlay_hook_win64
[2013/01/01 11:59:57 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Unity
[2012/11/01 19:18:30 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Visan
[2013/11/01 18:06:30 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Wargaming.net

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
  • 0

#3
Essexboy
Posted 10 January 2014 - 06:54 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
On completion of this run let me know what problems you are experiencing

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
FF - prefs.js..browser.search.defaultenginename: "Conduit Search"
FF - prefs.js..browser.search.selectedEngine: "Conduit Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3317191&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPB9F72766-F931-4516-BC72-7FA4B3DA8F42&SSPV=AAtest29B_sp_ff"
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: File not found
[2013/12/21 21:28:35 | 000,000,876 | ---- | M] () -- C:\Users\tonyg\AppData\Roaming\Mozilla\Firefox\Profiles\bcsyaewy.default\searchplugins\conduit-search.xml
[2013/10/09 17:27:13 | 000,003,746 | ---- | M] () -- C:\Users\tonyg\AppData\Roaming\Mozilla\Firefox\Profiles\bcsyaewy.default\searchplugins\safeguard-secure-search.xml
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {25515A79-C1C7-4B97-97F8-31A711694487} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {462BE121-2B54-4218-BF00-B9BF8135B23F} - No CLSID value found.
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
[2014/01/08 11:26:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Software Update Utility
[2014/01/08 11:07:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\pinghold
[2012/03/28 16:44:07 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\AVG

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

  • 0

#4
mayorhemi
Posted 10 January 2014 - 05:39 PM

mayorhemi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
ok i done this.
so far the problems i was having is slow computer, slow web loading, having to click several time to get icon to open.
allot of no access to files i make even with admin account security features i tried to change but no luck.

my wife and son are point and click happy they dont read everything before loading.

i got some program that was poping up saying i had a bunch of trojens but my av did not detect any.

i also have these files under c:\ i knoe i is a reg file ????

{0CC25C18-B4D2-4EBB-9378-1CE7B3D4537D}
{1DDD58F4-E247-46AB-B2AE-780117A93B82}
{B1114AAC-C692-480A-9468-B868750393B6}
{CAD1F013-7F10-4D82-AD74-AF20182E1465}
BOOTSECT .bak
JavaRa
S-1-5-21-2530642619-985529084-3126391969-1049




OTL logfile created on: 1/10/2014 6:14:16 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tonyg\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.40 Gb Available Physical Memory | 80.15% Memory free
19.73 Gb Paging File | 18.25 Gb Available in Paging File | 92.52% Paging File free
Paging file location(s): c:\pagefile.sys 12273 12273 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.46 Gb Total Space | 478.21 Gb Free Space | 51.34% Space Free | Partition Type: NTFS

Computer Name: TONYG-PC | User Name: tonyg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/09 20:47:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tonyg\Desktop\OTL.exe
PRC - [2013/10/18 16:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
PRC - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/12/10 17:12:38 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/10 17:12:38 | 000,460,288 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
SRV:64bit: - [2011/06/13 21:21:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/01/05 13:24:13 | 000,076,888 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/12/11 14:40:36 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/10 16:26:22 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/18 16:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/10 17:12:38 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/06/11 18:59:26 | 000,342,016 | ---- | M] (Alcatel-Lucent) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe -- (pcServiceHost)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2014/01/06 20:52:45 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/10/30 12:55:10 | 000,458,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2013/09/26 22:18:30 | 001,147,480 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2013/09/26 21:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2013/09/26 21:26:03 | 000,858,200 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2013/09/25 22:28:00 | 000,507,992 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2013/09/25 21:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/09 21:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2013/09/09 20:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2013/06/12 16:57:39 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/02/11 21:18:19 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/24 21:18:34 | 000,006,656 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\rzkbdhid.sys -- (rzkbdhid)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/01/13 18:14:58 | 000,057,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/01/13 18:14:50 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/01/13 18:14:22 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2008/11/29 06:19:28 | 000,028,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2008/02/13 07:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys -- (Amusbprt)
DRV:64bit: - [2007/10/15 02:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys -- (Amfilter)
DRV:64bit: - [2007/06/29 13:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64)
DRV - [2014/01/07 19:35:46 | 000,057,024 | ---- | M] (Emsisoft GmbH) [Kernel | On_Demand | Stopped] -- C:\EEK\Run\cleanhlp64.sys -- (cleanhlp)
DRV - [2014/01/06 17:48:44 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140109.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/01/06 11:26:36 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140109.018\ex64.sys -- (NAVEX15)
DRV - [2014/01/06 11:26:36 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/01/06 11:26:36 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140109.018\eng64.sys -- (NAVENG)
DRV - [2014/01/04 01:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/12/28 16:41:54 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2013/12/17 19:32:10 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20131218.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/08/09 23:11:50 | 000,026,176 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\EEK\Run\a2ddax64.sys -- (A2DDA)
DRV - [2012/12/10 17:12:02 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/12/10 17:12:02 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/06/02 10:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP51
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {BB58BA57-01AF-494F-93F0-D335053719DB}
IE - HKCU\..\SearchScopes\{BB58BA57-01AF-494F-93F0-D335053719DB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..extensions.enabledAddons:
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.4.5%20-%201
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..keyword.URL: ""


FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.RadioPI_4e.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\tonyg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014/01/06 20:53:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/01/10 18:12:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/22 14:32:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/08 11:26:34 | 000,000,000 | ---D | M]

[2011/06/16 05:34:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tonyg\AppData\Roaming\Mozilla\Extensions
[2014/01/08 11:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tonyg\AppData\Roaming\Mozilla\Firefox\Profiles\bcsyaewy.default\extensions
[2014/01/08 11:26:36 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\tonyg\AppData\Roaming\Mozilla\Firefox\Profiles\bcsyaewy.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2013/12/22 14:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/22 14:32:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/22 14:32:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF
[2011/06/16 06:09:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

O1 HOSTS File: ([2014/01/10 18:03:20 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll (AOL Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\SysWow64\wpclsp.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: blank ([]about in Computer)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsu...oad/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} http://www.battlefie...r_5.0.203.0.cab (Battlefield Heroes Updater)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.15.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE6DB04C-299A-4856-8B5A-3FF62A649F0C}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/10 18:02:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/09 20:47:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tonyg\Desktop\OTL.exe
[2014/01/08 11:26:45 | 000,000,000 | ---D | C] -- C:\Program Files\AOL Toolbar
[2014/01/08 11:26:43 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Local\AOL Toolbar
[2014/01/08 11:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\AOL Toolbar
[2014/01/08 11:26:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AOL Toolbar
[2014/01/08 11:07:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\pinghold
[2014/01/07 02:06:48 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/06 20:55:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/01/06 20:52:45 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/01/06 20:52:07 | 000,507,992 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symtdiv.sys
[2014/01/06 20:52:06 | 001,147,480 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA64.sys
[2014/01/06 20:52:06 | 000,858,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.sys
[2014/01/06 20:52:06 | 000,590,936 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symnets.sys
[2014/01/06 20:52:06 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS64.sys
[2014/01/06 20:52:06 | 000,264,280 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Ironx64.sys
[2014/01/06 20:52:06 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.sys
[2014/01/06 20:52:06 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.sys
[2014/01/06 20:52:06 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymELAM.sys
[2014/01/06 20:51:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2014/01/06 20:51:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1501000.012
[2014/01/06 20:51:55 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
[2014/01/06 20:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Suite
[2014/01/06 20:50:48 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2014/01/06 20:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell
[2014/01/01 22:24:15 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Local\NVIDIA
[2014/01/01 21:22:00 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Roaming\NVIDIA
[2013/12/31 20:21:00 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Local\Razer_Inc
[2013/12/31 20:20:56 | 000,000,000 | ---D | C] -- C:\Users\tonyg\Documents\Razer
[2013/12/31 18:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/12/31 18:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/12/28 17:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
[2013/12/28 16:41:54 | 000,021,712 | ---- | C] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2013/12/28 16:41:54 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Local\eSupport.com
[2013/12/28 16:41:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eSupport.com
[2013/12/22 14:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/20 16:35:17 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Roaming\openvr
[2013/12/17 05:38:29 | 000,000,000 | ---D | C] -- C:\Users\tonyg\Documents\famepoints
[2013/12/14 16:11:10 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TechPowerUp GPU-Z
[2013/12/14 16:11:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GPU-Z
[2013/12/13 18:09:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/12/13 18:08:52 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/10 18:16:17 | 013,362,272 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/10 18:16:17 | 004,609,778 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/10 18:16:16 | 000,006,624 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/10 18:13:08 | 001,233,962 | ---- | M] () -- C:\Users\tonyg\Desktop\AdwCleaner.exe
[2014/01/10 18:08:53 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/10 18:08:53 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/10 18:08:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/10 18:03:20 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/01/10 17:49:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014/01/10 06:26:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/09 20:47:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tonyg\Desktop\OTL.exe
[2014/01/07 22:35:21 | 000,229,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/07 02:06:48 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/06 21:26:23 | 000,020,408 | ---- | M] () -- C:\Users\tonyg\Documents\cc_20140106_212605.reg
[2014/01/06 20:53:22 | 002,734,577 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Cat.DB
[2014/01/06 20:52:45 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/01/06 20:52:45 | 000,008,222 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/01/06 20:52:45 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/01/06 20:52:35 | 000,002,258 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2014/01/06 20:50:48 | 000,000,846 | ---- | M] () -- C:\Users\tonyg\Desktop\Norton Installation Files.lnk
[2014/01/06 16:51:22 | 000,515,138 | ---- | M] () -- C:\Users\tonyg\Documents\ge microwave.jpg
[2014/01/05 13:24:13 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/01/04 12:58:02 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/01/02 01:10:35 | 000,002,708 | ---- | M] () -- C:\Users\tonyg\AppData\Local\d3d9caps.dat
[2014/01/01 22:07:55 | 000,001,460 | ---- | M] () -- C:\Users\tonyg\AppData\Local\d3d9caps64.dat
[2014/01/01 15:34:58 | 000,002,747 | ---- | M] () -- C:\Users\tonyg\Desktop\Intel Processor Diagnostic Tool.lnk
[2013/12/28 16:41:54 | 000,021,712 | ---- | M] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2013/12/23 21:37:30 | 000,002,992 | ---- | M] () -- C:\{1DDD58F4-E247-46AB-B2AE-780117A93B82}
[2013/12/21 21:26:22 | 000,008,302 | ---- | M] () -- C:\Users\tonyg\Documents\cc_20131221_212614.reg
[2013/12/20 15:33:54 | 000,000,219 | ---- | M] () -- C:\Users\tonyg\Desktop\Team Fortress 2.url
[2013/12/19 13:55:20 | 000,023,702 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\VT20131219.024
[2013/12/18 09:45:50 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/12/17 06:50:26 | 003,772,001 | ---- | M] () -- C:\Users\tonyg\Documents\alleyoffamepoints.rtf
[2013/12/16 22:03:48 | 000,001,830 | ---- | M] () -- C:\Users\Public\Desktop\HP Photo Creations.lnk
[2013/12/16 21:51:08 | 000,003,849 | ---- | M] () -- C:\Users\tonyg\Documents\campagin2 rules.rtf
[2013/12/16 20:42:34 | 000,001,157 | ---- | M] () -- C:\Users\tonyg\Desktop\Continue Microsoft Office Home and Student Installation.lnk
[2013/12/14 16:58:53 | 000,000,689 | ---- | M] () -- C:\Users\tonyg\Desktop\cmd - Shortcut.lnk
[2013/12/14 16:17:46 | 000,030,574 | ---- | M] () -- C:\Users\tonyg\Documents\gt8800.gif
[2013/12/14 16:11:11 | 000,000,802 | ---- | M] () -- C:\Users\tonyg\Desktop\TechPowerUp GPU-Z.lnk
[2013/12/13 18:09:50 | 000,001,694 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/10 18:13:08 | 001,233,962 | ---- | C] () -- C:\Users\tonyg\Desktop\AdwCleaner.exe
[2014/01/07 18:41:33 | 000,229,160 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/06 23:59:28 | 000,023,702 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\VT20131219.024
[2014/01/06 21:26:08 | 000,020,408 | ---- | C] () -- C:\Users\tonyg\Documents\cc_20140106_212605.reg
[2014/01/06 20:52:52 | 002,734,577 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Cat.DB
[2014/01/06 20:52:45 | 000,008,222 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/01/06 20:52:45 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/01/06 20:52:35 | 000,002,258 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2014/01/06 20:51:56 | 000,014,818 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymVTcer.dat
[2014/01/06 20:51:56 | 000,009,939 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymELAM64.cat
[2014/01/06 20:51:56 | 000,008,202 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.cat
[2014/01/06 20:51:56 | 000,008,196 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.cat
[2014/01/06 20:51:56 | 000,008,194 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA64.cat
[2014/01/06 20:51:56 | 000,008,192 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symnet64.cat
[2014/01/06 20:51:56 | 000,008,192 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.cat
[2014/01/06 20:51:56 | 000,008,188 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS64.cat
[2014/01/06 20:51:56 | 000,008,184 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\iron.cat
[2014/01/06 20:51:56 | 000,003,433 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA.inf
[2014/01/06 20:51:56 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS.inf
[2014/01/06 20:51:56 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymNet.inf
[2014/01/06 20:51:56 | 000,001,437 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.inf
[2014/01/06 20:51:56 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.inf
[2014/01/06 20:51:56 | 000,001,098 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symELAM.inf
[2014/01/06 20:51:56 | 000,000,855 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.inf
[2014/01/06 20:51:56 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Iron.inf
[2014/01/06 20:51:56 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\isolate.ini
[2014/01/06 20:50:48 | 000,000,846 | ---- | C] () -- C:\Users\tonyg\Desktop\Norton Installation Files.lnk
[2014/01/06 16:45:43 | 000,515,138 | ---- | C] () -- C:\Users\tonyg\Documents\ge microwave.jpg
[2013/12/31 18:48:10 | 000,023,754 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013/12/23 21:37:27 | 000,002,992 | ---- | C] () -- C:\{1DDD58F4-E247-46AB-B2AE-780117A93B82}
[2013/12/21 21:26:16 | 000,008,302 | ---- | C] () -- C:\Users\tonyg\Documents\cc_20131221_212614.reg
[2013/12/20 15:33:54 | 000,000,219 | ---- | C] () -- C:\Users\tonyg\Desktop\Team Fortress 2.url
[2013/12/18 09:45:50 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/12/17 06:50:26 | 003,772,001 | ---- | C] () -- C:\Users\tonyg\Documents\alleyoffamepoints.rtf
[2013/12/16 21:51:08 | 000,003,849 | ---- | C] () -- C:\Users\tonyg\Documents\campagin2 rules.rtf
[2013/12/16 20:39:30 | 000,001,157 | ---- | C] () -- C:\Users\tonyg\Desktop\Continue Microsoft Office Home and Student Installation.lnk
[2013/12/14 16:58:53 | 000,000,689 | ---- | C] () -- C:\Users\tonyg\Desktop\cmd - Shortcut.lnk
[2013/12/14 16:17:46 | 000,030,574 | ---- | C] () -- C:\Users\tonyg\Documents\gt8800.gif
[2013/12/14 16:11:10 | 000,000,802 | ---- | C] () -- C:\Users\tonyg\Desktop\TechPowerUp GPU-Z.lnk
[2013/12/13 18:09:50 | 000,001,694 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/04/10 11:27:11 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/04/10 11:26:55 | 000,787,681 | ---- | C] () -- C:\ProgramData\1.jpg
[2013/03/23 08:29:25 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/02/09 10:51:06 | 000,090,572 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/08/05 01:05:47 | 000,008,704 | ---- | C] () -- C:\Users\tonyg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/03 01:20:15 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/07/03 01:18:33 | 000,000,632 | RHS- | C] () -- C:\Users\tonyg\ntuser.pol
[2012/06/13 18:49:03 | 000,034,764 | ---- | C] () -- C:\Users\tonyg\AppData\Local\dt.dat
[2012/04/25 07:54:42 | 000,426,496 | ---- | C] () -- C:\Windows\SysWow64\STLibWrapper.dll
[2012/04/25 07:54:42 | 000,204,884 | ---- | C] () -- C:\Windows\SysWow64\spxusb.dll
[2012/04/25 07:54:42 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2012/01/13 21:30:30 | 001,236,992 | ---- | C] () -- C:\Windows\SysWow64\IAIFFCtrl.dll
[2012/01/13 21:30:30 | 001,032,192 | ---- | C] () -- C:\Windows\SysWow64\IAI286Ctrl.dll
[2012/01/13 21:30:30 | 000,831,488 | ---- | C] () -- C:\Windows\SysWow64\IAI285Ctrl.dll
[2012/01/13 21:30:30 | 000,720,896 | ---- | C] () -- C:\Windows\SysWow64\IAIGameCtrl.dll
[2011/12/07 16:31:47 | 000,002,708 | ---- | C] () -- C:\Users\tonyg\AppData\Local\d3d9caps.dat
[2011/06/16 01:07:26 | 000,001,460 | ---- | C] () -- C:\Users\tonyg\AppData\Local\d3d9caps64.dat

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/06 21:01:29 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\ActiveDossierUploader
[2012/09/12 18:38:17 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Awesomium
[2013/03/27 19:46:37 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Downloaded Installations
[2012/03/20 19:56:01 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\FreeFileViewer
[2012/07/04 15:24:35 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\ID Vault
[2012/02/26 19:21:13 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\IObit
[2013/12/20 16:35:17 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\openvr
[2012/07/07 09:07:22 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\PCDr
[2013/08/09 04:41:23 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\QuickScan
[2013/05/29 16:31:53 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Sammsoft
[2013/06/02 21:50:24 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\ts3overlay
[2013/02/13 20:20:28 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\ts3overlay_hook_win64
[2013/01/01 11:59:57 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Unity
[2012/11/01 19:18:30 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Visan
[2013/11/01 18:06:30 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Wargaming.net

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >



----------------------------------------------------------------------------------------------------------------------------

# AdwCleaner v3.016 - Report created 10/01/2014 at 18:26:17
# Updated 23/12/2013 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : tonyg - TONYG-PC
# Running from : C:\Users\tonyg\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\AOL Toolbar
[!] Folder Deleted : C:\Program Files (x86)\AOL Toolbar
[!] Folder Deleted : C:\Program Files (x86)\eSupport.com
[!] Folder Deleted : C:\Program Files\AOL Toolbar
[!] Folder Deleted : C:\Users\tonyg\AppData\Local\AOL Toolbar
[!] Folder Deleted : C:\Users\tonyg\AppData\Local\eSupport.com
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\tonyg\AppData\Roaming\Mozilla\Firefox\Profiles\bcsyaewy.default\user.js
File Deleted : C:\Windows\System32\Tasks\ProtectedSearch

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16526


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\tonyg\AppData\Roaming\Mozilla\Firefox\Profiles\bcsyaewy.default\prefs.js ]


[ File : C:\Users\amg6460\AppData\Roaming\Mozilla\Firefox\Profiles\enybmpur.default\prefs.js ]

Line Deleted : user_pref("DownTangoLauncherToolbar_592.global.CurrentLanguageSelection", "English");
Line Deleted : user_pref("DownTangoLauncherToolbar_592.global.CurrentNavigationSelection", "Current window");
Line Deleted : user_pref("DownTangoLauncherToolbar_592.global.CurrentSearchEngineSelection", "US: United States of America");
Line Deleted : user_pref("DownTangoLauncherToolbar_592.global.UpdateTime", "1350047606753");
Line Deleted : user_pref("DownTangoLauncherToolbar_592.global.userEnable", true);
Line Deleted : user_pref("DownTangoLauncherToolbar_592.global.userID", "ec9048307d8c0e48d1ee62398bfd0f65");
Line Deleted : user_pref("extensions.crossrider.bic", "135bd4723a770f772d4b61b12d9f2f60");

[ File : C:\Users\family.TonyG-PC\AppData\Roaming\Mozilla\Firefox\Profiles\beepo8t2.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [4898 octets] - [10/01/2014 18:25:08]
AdwCleaner[S0].txt - [4330 octets] - [10/01/2014 18:26:17]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4390 octets] ##########

Edited by mayorhemi, 10 January 2014 - 05:55 PM.

  • 0

#5
Essexboy
Posted 11 January 2014 - 06:13 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you now defragment the drive and on completion let me know how it is behaving
http://www.dummies.c...-windows-7.html
  • 0

#6
mayorhemi
Posted 11 January 2014 - 04:41 PM

mayorhemi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
long page loading having to click several time to open a program worse now than when we started

also i have vista and defrag sucks it never ends i will try now but last one i had to end it after 15 hrs i only have a 1tb hd

ok i did it through cmd and it dont need defrag

1% is fragmented

Edited by mayorhemi, 11 January 2014 - 04:50 PM.

  • 0

#7
Essexboy
Posted 12 January 2014 - 05:34 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
As it stands I can see no apparent malware. But lets confirm that

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop ( it will be randomly named )

First we will run a virus scan
Select the cog to access scan areas
Posted Image

On the first tab select all elements down to OS C and then select start scan
Posted Image

Once it has finished select reports and post the detected threats
.

Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button

Posted Image

Once it has completed then click Step 2 Report sending
Posted Image

Click avptool.sysinfo.zip
And you will be taken to the zip file that needs to be attached
  • 0

#8
mayorhemi
Posted 13 January 2014 - 06:44 PM

mayorhemi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
ok it gona take 7 hrs to complete wow i will post if i am awake if not i will post tomorrow

thanks again for helping
  • 0

#9
mayorhemi
Posted 14 January 2014 - 03:47 PM

mayorhemi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
ok this thing keeps adding hours to the scan i am now at 49% complete and it says 22 hr til finish

should i shut it down and re start or re d/l it

it has found 12 so far


Status: Quarantined (events: 12)
1/14/2014 6:35:34 AM Quarantined Trojan program HEUR:Exploit.Script.Generic C:\Windows\System32\config\systemprofile\AppData\Roaming\Sun\Java\Deployment\cache\6.0\21\4625a495-4e41f93a High
1/14/2014 6:35:49 AM Quarantined Trojan program HEUR:Exploit.Script.Generic C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Sun\Java\Deployment\cache\6.0\0\5f9a6c0-3b608467 High
1/14/2014 6:36:03 AM Quarantined Trojan program HEUR:Exploit.Java.CVE-2011-3544.gen C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Sun\Java\Deployment\cache\6.0\12\d3cf9cc-773836d1 High
1/14/2014 6:36:12 AM Quarantined Trojan program HEUR:Exploit.Java.CVE-2013-2465.gen C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Sun\Java\Deployment\cache\6.0\13\34f0d2cd-53b9195d High
1/14/2014 6:36:25 AM Quarantined Trojan program HEUR:Exploit.Script.Generic C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Sun\Java\Deployment\cache\6.0\19\51f8d613-5f7ebfc3 High
1/14/2014 6:36:28 AM Quarantined Trojan program HEUR:Exploit.Java.Generic C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Sun\Java\Deployment\cache\6.0\19\6fff9c93-73dad88c High
1/14/2014 6:36:35 AM Quarantined Trojan program HEUR:Exploit.Script.Generic C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Sun\Java\Deployment\cache\6.0\34\2f1f0d22-7ec967ad High
1/14/2014 6:37:26 AM Quarantined Trojan program HEUR:Exploit.Script.Generic C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Sun\Java\Deployment\cache\6.0\35\abd6863-587d4c41 High
1/14/2014 6:40:11 AM Quarantined Trojan program HEUR:Exploit.Script.Generic C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Sun\Java\Deployment\cache\6.0\36\5b2f0324-284c11c7 High
1/14/2014 6:40:11 AM Quarantined Trojan program HEUR:Exploit.Java.Generic C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Sun\Java\Deployment\cache\6.0\54\6b2dc6f6-4c8f2338 High
1/14/2014 6:41:59 AM Quarantined Trojan program HEUR:Exploit.Script.Generic C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Sun\Java\Deployment\cache\6.0\58\3f6f9a7a-68d334c4 High
1/14/2014 6:43:10 AM Quarantined Trojan program HEUR:Exploit.Java.CVE-2011-3544.gen C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Sun\Java\Deployment\cache\6.0\6\11a625c6-417425e3 High

Edited by mayorhemi, 14 January 2014 - 03:49 PM.

  • 0

#10
Essexboy
Posted 14 January 2014 - 04:10 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It is just finding Java exploits

Stop the scan and run the analysis, that should take no more than 5 minutes
  • 0

Advertisements

#11
mayorhemi
Posted 14 January 2014 - 04:31 PM

mayorhemi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
ok i stopped it and did what you said here is the .zip

Attached Files


  • 0

#12
Essexboy
Posted 15 January 2014 - 08:04 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Again it looks clean.. Lets now reset the network connections and see if that helps

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]
:Files
ipconfig /flushdns /c
ipconfig /release /c
ipconfig /renew /c
netsh advfirewall reset /c
netsh winsock reset  /c
netsh int ipv4 reset  /c
netsh int ipv6 reset /c

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#13
mayorhemi
Posted 15 January 2014 - 10:09 AM

mayorhemi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
ok i was on one of my users accounts on same computer and it came up as locked FBI money pak i looked it up is some kind of bad bug. it is telling me to d/l spyhunter and to reeboot but the bug page says if i do this it will lock my computer

http://www.2-spyware...ypak-virus.html



i will leave on for now what should i do?????????

norton sucks lol
  • 0

#14
Essexboy
Posted 15 January 2014 - 11:31 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you able to run OTL on that account ?

If not

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#15
mayorhemi
Posted 15 January 2014 - 03:34 PM

mayorhemi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
ok here is log from the account we been working i will try to log back on to other user and see what happens



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014 01
Ran by tonyg (administrator) on TONYG-PC on 15-01-2014 16:31:03
Running from C:\Users\tonyg\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\amg6460\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\amg6460\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\amg6460\...\Policies\system: [LogonHoursAction] 2
HKU\amg6460\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\family.TonyG-PC\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\family.TonyG-PC\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\family.TonyG-PC\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKU\family.TonyG-PC\...\Policies\system: [LogonHoursAction] 2
HKU\family.TonyG-PC\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
AppInit_DLLs: [ ] ()
AppInit_DLLs-x32: [ ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP51
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll No File
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll No File
DPF: HKLM-x32 {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsu...oad/tgctlsr.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB
DPF: HKLM-x32 {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab
DPF: HKLM-x32 {784797A8-342D-4072-9486-03C8D0F2F0A1} http://www.battlefie...r_5.0.203.0.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.15.0.cab
Winsock: Catalog9 01 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 19 C:\Windows\SysWOW64\wpclsp.dll [72192] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\tonyg\AppData\Roaming\Mozilla\Firefox\Profiles\bcsyaewy.default
FF DefaultSearchEngine: user_pref("browser.search.defaultenginename", "");
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\tonyg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: AOL Toolbar - C:\Users\tonyg\AppData\Roaming\Mozilla\Firefox\Profiles\bcsyaewy.default\Extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1} [2014-01-08]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-01-06]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Motive Extension) - C:\Users\tonyg\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmgmpmklgfbohogafcfobonnkogchec\1.0_0 [2013-03-25]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-06]

==================== Services (Whitelisted) =================

S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [264360 2013-10-18] (Symantec Corporation)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-12-10] (Alcatel-Lucent)
S4 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-05] ()

==================== Drivers (Whitelisted) ====================

R0 14778425; C:\Windows\System32\DRIVERS\14778425.sys [460888 2014-01-13] (Kaspersky Lab ZAO)
R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2013-08-09] (Emsisoft GmbH)
R1 Amfilter; C:\Windows\System32\DRIVERS\Amfltx64.sys [12288 2007-10-15] ((Standard mouse types))
S3 Amusbprt; C:\Windows\System32\DRIVERS\Amusbx64.sys [17920 2008-02-13] (A4Tech Co.,Ltd.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140110.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-01-07] (Emsisoft GmbH)
S3 cpudrv64; C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [17864 2011-06-02] ()
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-06] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140114.001\IDSvia64.sys [521944 2014-01-06] (Symantec Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA))
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140114.023\ENG64.SYS [126040 2014-01-10] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140114.023\EX64.SYS [2099288 2014-01-10] (Symantec Corporation)
S3 rzkbdhid; C:\Windows\System32\DRIVERS\rzkbdhid.sys [6656 2012-10-24] (Razer USA Ltd)
R3 SRTSP; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-06-12] ()
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-06] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\system32\drivers\N360x64\1501000.012\SYMTDIV.SYS [507992 2013-09-25] (Symantec Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [x]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-15 16:31 - 2014-01-15 16:31 - 00014215 _____ C:\Users\tonyg\Desktop\FRST.txt
2014-01-15 16:30 - 2014-01-15 16:30 - 00000000 ____D C:\FRST
2014-01-15 16:29 - 2014-01-15 16:29 - 02076160 _____ (Farbar) C:\Users\tonyg\Desktop\FRST64.exe
2014-01-14 17:29 - 2014-01-14 17:20 - 00014336 _____ C:\Users\tonyg\Desktop\avptool_sysinfo.zip
2014-01-14 16:46 - 2014-01-14 16:46 - 00002344 _____ C:\Users\tonyg\Documents\sofar12.txt
2014-01-14 06:45 - 2014-01-14 06:45 - 00002344 _____ C:\Users\tonyg\Documents\knap1bug.txt
2014-01-13 19:18 - 2014-01-13 21:02 - 00460888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\14778425.sys
2014-01-13 19:18 - 2014-01-13 19:18 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-13 18:46 - 2014-01-13 19:05 - 131780856 _____ C:\Users\tonyg\Desktop\setup_11.0.1.1245.x01_2014_01_13_21_03.exe
2014-01-10 18:25 - 2014-01-10 18:26 - 00000000 ____D C:\AdwCleaner
2014-01-10 18:21 - 2014-01-10 18:22 - 00082876 _____ C:\Users\tonyg\Desktop\OTL.Txt
2014-01-10 18:02 - 2014-01-10 18:02 - 00000000 ____D C:\_OTL
2014-01-09 20:55 - 2014-01-09 21:26 - 00052134 _____ C:\Users\tonyg\Desktop\Extras.Txt
2014-01-09 20:54 - 2014-01-09 20:54 - 00085082 _____ C:\Users\tonyg\Desktop\OTL1.Txt
2014-01-09 20:47 - 2014-01-09 20:47 - 00602112 _____ (OldTimer Tools) C:\Users\tonyg\Desktop\OTL.exe
2014-01-08 11:30 - 2014-01-08 11:30 - 00003392 _____ C:\Windows\System32\Tasks\{AC052A33-2CA4-49F0-AA1F-9430DD51F94B}
2014-01-08 11:14 - 2014-01-08 17:45 - 00003180 _____ C:\Windows\setupact.log
2014-01-08 11:14 - 2014-01-08 11:14 - 00000000 _____ C:\Windows\setuperr.log
2014-01-08 11:07 - 2014-01-08 11:07 - 00000000 ____D C:\Windows\system32\pinghold
2014-01-07 18:41 - 2014-01-13 18:40 - 00030758 _____ C:\Windows\PFRO.log
2014-01-07 18:41 - 2014-01-07 22:35 - 00229160 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-07 02:06 - 2014-01-07 02:06 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-06 21:45 - 2014-01-06 21:45 - 00049168 _____ C:\Users\tonyg\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-06 21:26 - 2014-01-06 21:26 - 00020408 _____ C:\Users\tonyg\Documents\cc_20140106_212605.reg
2014-01-06 20:54 - 2014-01-06 20:54 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security Suite
2014-01-06 20:52 - 2014-01-06 20:52 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-01-06 20:52 - 2014-01-06 20:52 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-01-06 20:52 - 2014-01-06 20:52 - 00002258 _____ C:\Users\Public\Desktop\Norton Security Suite.lnk
2014-01-06 20:51 - 2014-01-06 20:51 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2014-01-06 20:51 - 2014-01-06 20:51 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite
2014-01-06 20:50 - 2014-01-06 20:53 - 00000000 ____D C:\Users\tonyg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-01-06 20:50 - 2014-01-06 20:50 - 00000846 _____ C:\Users\tonyg\Desktop\Norton Installation Files.lnk
2014-01-06 20:23 - 2014-01-06 20:23 - 00000000 ____D C:\Program Files\My Dell
2014-01-01 22:24 - 2014-01-02 00:44 - 00000000 ____D C:\Users\tonyg\AppData\Local\NVIDIA
2014-01-01 21:22 - 2014-01-01 21:22 - 00000000 ____D C:\Users\tonyg\AppData\Roaming\NVIDIA
2013-12-31 20:34 - 2013-10-30 12:55 - 00458960 _____ (Broadcom Corporation) C:\Windows\system32\Drivers\k57nd60a.sys
2013-12-31 20:21 - 2013-12-31 20:21 - 00000000 ____D C:\Users\tonyg\AppData\Local\Razer_Inc
2013-12-31 20:20 - 2013-12-31 20:20 - 00000000 ____D C:\Users\tonyg\Documents\Razer
2013-12-31 18:51 - 2013-12-31 18:51 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-12-31 18:50 - 2013-11-11 10:02 - 06674208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-12-31 18:50 - 2013-11-11 10:02 - 03490080 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-12-31 18:50 - 2013-11-11 10:01 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-12-31 18:50 - 2013-11-11 10:01 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-12-31 18:50 - 2013-11-11 10:01 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-12-31 18:49 - 2014-01-02 00:44 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-12-31 18:48 - 2013-11-14 06:55 - 30361888 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-12-31 18:48 - 2013-11-14 06:55 - 25257248 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-12-31 18:48 - 2013-11-14 06:55 - 22951200 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-12-31 18:48 - 2013-11-14 06:55 - 18293608 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-12-31 18:48 - 2013-11-14 06:55 - 18208624 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-12-31 18:48 - 2013-11-14 06:55 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-12-31 18:48 - 2013-11-14 06:55 - 15862272 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-12-31 18:48 - 2013-11-14 06:55 - 15218504 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-12-31 18:48 - 2013-11-14 06:55 - 12613408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-12-31 18:48 - 2013-11-14 06:55 - 11600432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-12-31 18:48 - 2013-11-14 06:55 - 11514624 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-12-31 18:48 - 2013-11-14 06:55 - 09691888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-12-31 18:48 - 2013-11-14 06:55 - 09619872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-12-31 18:48 - 2013-11-14 06:55 - 03132704 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-12-31 18:48 - 2013-11-14 06:55 - 03125024 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-12-31 18:48 - 2013-11-14 06:55 - 03069608 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-12-31 18:48 - 2013-11-14 06:55 - 02947872 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-12-31 18:48 - 2013-11-14 06:55 - 02747680 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-12-31 18:48 - 2013-11-14 06:55 - 02697248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-12-31 18:48 - 2013-11-14 06:55 - 01884448 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433182.dll
2013-12-31 18:48 - 2013-11-14 06:55 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433182.dll
2013-12-31 18:48 - 2013-11-14 06:55 - 00023754 _____ C:\Windows\system32\nvinfo.pb
2013-12-28 16:41 - 2013-12-28 16:41 - 00021712 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2013-12-23 21:37 - 2013-12-23 21:37 - 00002992 _____ C:\{1DDD58F4-E247-46AB-B2AE-780117A93B82}
2013-12-22 14:32 - 2014-01-08 11:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-21 21:26 - 2013-12-21 21:26 - 00008302 _____ C:\Users\tonyg\Documents\cc_20131221_212614.reg
2013-12-20 20:03 - 2013-12-20 20:03 - 00002586 _____ C:\Users\tonyg\Documents\bull.txt
2013-12-20 16:35 - 2013-12-20 16:35 - 00000000 ____D C:\Users\tonyg\AppData\Roaming\openvr
2013-12-20 15:33 - 2013-12-20 15:33 - 00000219 _____ C:\Users\tonyg\Desktop\Team Fortress 2.url
2013-12-18 09:45 - 2013-12-18 09:45 - 00000857 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-12-17 05:38 - 2013-12-17 05:55 - 00000000 ____D C:\Users\tonyg\Documents\famepoints
2013-12-16 21:53 - 2013-12-16 21:53 - 00003423 _____ C:\Users\tonyg\Documents\campagin_2 rules.txt
2013-12-16 20:39 - 2013-12-16 20:42 - 00001157 _____ C:\Users\tonyg\Desktop\Continue Microsoft Office Home and Student Installation.lnk
2013-12-16 20:14 - 2013-12-16 20:14 - 00003431 _____ C:\Users\tonyg\Documents\camp2rule.txt
2013-12-16 18:25 - 2013-12-16 22:10 - 00010279 _____ C:\Users\tonyg\Documents\top 3k.txt

==================== One Month Modified Files and Folders =======

2014-01-15 16:31 - 2014-01-15 16:31 - 00014215 _____ C:\Users\tonyg\Desktop\FRST.txt
2014-01-15 16:30 - 2014-01-15 16:30 - 00000000 ____D C:\FRST
2014-01-15 16:29 - 2014-01-15 16:29 - 02076160 _____ (Farbar) C:\Users\tonyg\Desktop\FRST64.exe
2014-01-15 16:27 - 2011-06-16 01:07 - 00000000 ___RD C:\Users\tonyg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-15 16:26 - 2013-09-26 10:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-15 16:24 - 2013-09-26 08:47 - 01150054 _____ C:\Windows\WindowsUpdate.log
2014-01-15 16:24 - 2012-02-03 02:07 - 00000338 _____ C:\Windows\Tasks\HP Photo Creations Communicator.job
2014-01-15 11:23 - 2006-11-02 10:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-15 11:23 - 2006-11-02 10:22 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-14 20:23 - 2012-10-02 09:15 - 00000000 ____D C:\Users\tonyg\AppData\Local\NPE
2014-01-14 17:20 - 2014-01-14 17:29 - 00014336 _____ C:\Users\tonyg\Desktop\avptool_sysinfo.zip
2014-01-14 16:46 - 2014-01-14 16:46 - 00002344 _____ C:\Users\tonyg\Documents\sofar12.txt
2014-01-14 06:45 - 2014-01-14 06:45 - 00002344 _____ C:\Users\tonyg\Documents\knap1bug.txt
2014-01-13 21:02 - 2014-01-13 19:18 - 00460888 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\14778425.sys
2014-01-13 19:18 - 2014-01-13 19:18 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-13 19:05 - 2014-01-13 18:46 - 131780856 _____ C:\Users\tonyg\Desktop\setup_11.0.1.1245.x01_2014_01_13_21_03.exe
2014-01-13 18:40 - 2014-01-07 18:41 - 00030758 _____ C:\Windows\PFRO.log
2014-01-13 18:40 - 2006-11-02 10:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-13 07:00 - 2011-06-16 19:23 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-13 07:00 - 2006-11-02 10:42 - 00032558 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-10 18:26 - 2014-01-10 18:25 - 00000000 ____D C:\AdwCleaner
2014-01-10 18:22 - 2014-01-10 18:21 - 00082876 _____ C:\Users\tonyg\Desktop\OTL.Txt
2014-01-10 18:16 - 2006-11-02 07:46 - 00006624 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-10 18:02 - 2014-01-10 18:02 - 00000000 ____D C:\_OTL
2014-01-09 21:26 - 2014-01-09 20:55 - 00052134 _____ C:\Users\tonyg\Desktop\Extras.Txt
2014-01-09 20:54 - 2014-01-09 20:54 - 00085082 _____ C:\Users\tonyg\Desktop\OTL1.Txt
2014-01-09 20:47 - 2014-01-09 20:47 - 00602112 _____ (OldTimer Tools) C:\Users\tonyg\Desktop\OTL.exe
2014-01-08 17:45 - 2014-01-08 11:14 - 00003180 _____ C:\Windows\setupact.log
2014-01-08 11:30 - 2014-01-08 11:30 - 00003392 _____ C:\Windows\System32\Tasks\{AC052A33-2CA4-49F0-AA1F-9430DD51F94B}
2014-01-08 11:26 - 2013-12-22 14:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-08 11:14 - 2014-01-08 11:14 - 00000000 _____ C:\Windows\setuperr.log
2014-01-08 11:07 - 2014-01-08 11:07 - 00000000 ____D C:\Windows\system32\pinghold
2014-01-07 22:35 - 2014-01-07 18:41 - 00229160 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-07 06:53 - 2013-08-10 08:17 - 00000000 ____D C:\Users\tonyg\Desktop\mbar
2014-01-07 06:53 - 2013-07-23 20:37 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-07 02:06 - 2014-01-07 02:06 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-01-06 22:02 - 2012-12-07 21:49 - 00000000 ____D C:\ProgramData\Razer
2014-01-06 22:02 - 2012-12-07 20:01 - 00000000 ____D C:\Users\tonyg\AppData\Local\Razer
2014-01-06 22:02 - 2012-12-07 19:50 - 00000000 ____D C:\Program Files (x86)\Razer
2014-01-06 21:51 - 2013-04-27 09:40 - 00000000 ____D C:\guru3d
2014-01-06 21:45 - 2014-01-06 21:45 - 00049168 _____ C:\Users\tonyg\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-06 21:26 - 2014-01-06 21:26 - 00020408 _____ C:\Users\tonyg\Documents\cc_20140106_212605.reg
2014-01-06 21:24 - 2012-06-19 19:35 - 00000000 ____D C:\Users\tonyg\AppData\Local\CrashDumps
2014-01-06 21:24 - 2012-03-28 07:42 - 00000000 ____D C:\Windows\Minidump
2014-01-06 20:54 - 2014-01-06 20:54 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security Suite
2014-01-06 20:53 - 2014-01-06 20:50 - 00000000 ____D C:\Users\tonyg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-01-06 20:53 - 2012-06-19 18:55 - 00000000 ____D C:\ProgramData\Norton
2014-01-06 20:52 - 2014-01-06 20:52 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-01-06 20:52 - 2014-01-06 20:52 - 00008222 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-01-06 20:52 - 2014-01-06 20:52 - 00002258 _____ C:\Users\Public\Desktop\Norton Security Suite.lnk
2014-01-06 20:52 - 2012-06-19 19:03 - 00003228 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2014-01-06 20:52 - 2012-06-19 19:03 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2014-01-06 20:51 - 2014-01-06 20:51 - 00000000 ____D C:\Windows\system32\Drivers\N360x64
2014-01-06 20:51 - 2014-01-06 20:51 - 00000000 ____D C:\Program Files (x86)\Norton Security Suite
2014-01-06 20:50 - 2014-01-06 20:50 - 00000846 _____ C:\Users\tonyg\Desktop\Norton Installation Files.lnk
2014-01-06 20:23 - 2014-01-06 20:23 - 00000000 ____D C:\Program Files\My Dell
2014-01-06 13:11 - 2011-06-16 01:21 - 00000000 ____D C:\ProgramData\PCDr
2014-01-05 13:24 - 2011-06-29 19:47 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2014-01-04 22:55 - 2012-06-19 18:55 - 00000000 ____D C:\Users\Public\Downloads\Norton
2014-01-04 12:58 - 2012-07-01 11:42 - 00000770 _____ C:\Users\Public\Desktop\CCleaner.lnk
2014-01-04 12:58 - 2012-07-01 11:42 - 00000000 ____D C:\Program Files\CCleaner
2014-01-03 10:27 - 2012-04-26 22:55 - 00000000 ____D C:\wotmods
2014-01-02 01:10 - 2011-12-07 16:31 - 00002708 _____ C:\Users\tonyg\AppData\Local\d3d9caps.dat
2014-01-02 00:44 - 2014-01-01 22:24 - 00000000 ____D C:\Users\tonyg\AppData\Local\NVIDIA
2014-01-02 00:44 - 2013-12-31 18:49 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2014-01-02 00:44 - 2013-04-27 10:16 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2014-01-02 00:44 - 2013-04-27 10:13 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2014-01-02 00:43 - 2011-06-16 05:03 - 00000000 ____D C:\Users\tonyg\AppData\Local\Deployment
2014-01-01 22:13 - 2013-08-31 15:28 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-01 22:07 - 2011-06-16 01:07 - 00001460 _____ C:\Users\tonyg\AppData\Local\d3d9caps64.dat
2014-01-01 21:22 - 2014-01-01 21:22 - 00000000 ____D C:\Users\tonyg\AppData\Roaming\NVIDIA
2014-01-01 15:34 - 2013-10-19 15:43 - 00002747 _____ C:\Users\tonyg\Desktop\Intel Processor Diagnostic Tool.lnk
2013-12-31 20:36 - 2011-06-16 01:07 - 00000000 ____D C:\Users\tonyg
2013-12-31 20:31 - 2011-06-16 01:19 - 00000000 ____D C:\dell
2013-12-31 20:21 - 2013-12-31 20:21 - 00000000 ____D C:\Users\tonyg\AppData\Local\Razer_Inc
2013-12-31 20:20 - 2013-12-31 20:20 - 00000000 ____D C:\Users\tonyg\Documents\Razer
2013-12-31 18:51 - 2013-12-31 18:51 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-12-31 18:50 - 2006-11-02 08:33 - 00000000 ____D C:\Windows\Help
2013-12-28 16:41 - 2013-12-28 16:41 - 00021712 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2013-12-28 12:01 - 2012-02-02 21:53 - 00000000 ____D C:\broadcomnic
2013-12-27 13:15 - 2012-05-20 20:42 - 00000000 ____D C:\Users\tonyg\AppData\Roaming\vlc
2013-12-23 21:37 - 2013-12-23 21:37 - 00002992 _____ C:\{1DDD58F4-E247-46AB-B2AE-780117A93B82}
2013-12-21 21:26 - 2013-12-21 21:26 - 00008302 _____ C:\Users\tonyg\Documents\cc_20131221_212614.reg
2013-12-20 20:03 - 2013-12-20 20:03 - 00002586 _____ C:\Users\tonyg\Documents\bull.txt
2013-12-20 16:35 - 2013-12-20 16:35 - 00000000 ____D C:\Users\tonyg\AppData\Roaming\openvr
2013-12-20 15:33 - 2013-12-20 15:33 - 00000219 _____ C:\Users\tonyg\Desktop\Team Fortress 2.url
2013-12-18 09:45 - 2013-12-18 09:45 - 00000857 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-12-17 05:55 - 2013-12-17 05:38 - 00000000 ____D C:\Users\tonyg\Documents\famepoints
2013-12-16 22:10 - 2013-12-16 18:25 - 00010279 _____ C:\Users\tonyg\Documents\top 3k.txt
2013-12-16 22:03 - 2012-11-01 19:18 - 00000000 ___RD C:\Users\tonyg\Documents\HP Photo Creations
2013-12-16 22:03 - 2012-11-01 19:16 - 00003346 _____ C:\Windows\System32\Tasks\HP Photo Creations Communicator
2013-12-16 22:03 - 2011-12-03 22:05 - 00001830 _____ C:\Users\Public\Desktop\HP Photo Creations.lnk
2013-12-16 22:03 - 2011-12-03 22:05 - 00000000 ____D C:\ProgramData\HP Photo Creations
2013-12-16 21:53 - 2013-12-16 21:53 - 00003423 _____ C:\Users\tonyg\Documents\campagin_2 rules.txt
2013-12-16 20:42 - 2013-12-16 20:39 - 00001157 _____ C:\Users\tonyg\Desktop\Continue Microsoft Office Home and Student Installation.lnk
2013-12-16 20:14 - 2013-12-16 20:14 - 00003431 _____ C:\Users\tonyg\Documents\camp2rule.txt

Files to move or delete:
====================
C:\Users\d7584989e40e828c152857c0a1fb9af8\MpMiniSigStub.exe


Some content of TEMP:
====================
C:\Users\tonyg\AppData\Local\Temp\Quarantine.exe
C:\Users\tonyg\AppData\Local\Temp\SHSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-14 06:59

==================== End Of Log ============================
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP