Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

help slow comp and bad bug [Solved]


  • This topic is locked This topic is locked

#16
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm we need to access the infected account as the winlogon entry is probably corrupted

Could you try to access the infected account in safe mode and run a scan from there
  • 0

Advertisements


#17
mayorhemi

mayorhemi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
ok i did the otl for network and i got the following

can noty create file C:\users\tonyg\desktop\cmd.bat

also i got this and now it is not responding

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

i have not rebooted
  • 0

#18
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Reboot manually and then see if you can get a scan from the other account
  • 0

#19
mayorhemi

mayorhemi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
ok i loged on tothe user account named testing

i got user profile not loaded correctly

check computer safety

i tried to d/l otl from beeping computer but it would not d/l so i went to geeks and got it here is the scan hope it helps

this is fron the testing profile not the tonyg one we been working on



also i will not be able to respond back til sunday night camping with my son for boy scouts

thank for all the help so far


OTL logfile created on: 1/17/2014 10:23:35 PM - Run 7
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Windows\SysWOW64\config\systemprofile\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 5.30 Gb Available Physical Memory | 66.31% Memory free
19.88 Gb Paging File | 17.27 Gb Available in Paging File | 86.84% Paging File free
Paging file location(s): c:\pagefile.sys 12273 12273 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.46 Gb Total Space | 487.27 Gb Free Space | 52.31% Space Free | Partition Type: NTFS

Computer Name: TONYG-PC | User Name: testing | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/17 22:22:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Windows\SysWOW64\config\systemprofile\Desktop\OTL.exe
PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/18 16:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
PRC - [2012/12/10 17:12:38 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/10 17:12:38 | 000,460,288 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
SRV:64bit: - [2011/06/13 21:21:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/01/05 13:24:13 | 000,076,888 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/11 14:40:36 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/10 16:26:22 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/18 16:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2012/12/10 17:12:38 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/06/11 18:59:26 | 000,342,016 | ---- | M] (Alcatel-Lucent) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe -- (pcServiceHost)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2014/01/06 20:52:45 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/10/30 12:55:10 | 000,458,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2013/09/26 22:18:30 | 001,147,480 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2013/09/26 21:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2013/09/26 21:26:03 | 000,858,200 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2013/09/25 22:28:00 | 000,507,992 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2013/09/25 21:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/09 21:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2013/09/09 20:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2013/06/12 16:57:39 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/02/11 21:18:19 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/24 21:18:34 | 000,006,656 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\rzkbdhid.sys -- (rzkbdhid)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/01/13 18:14:58 | 000,057,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/01/13 18:14:50 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/01/13 18:14:22 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2008/11/29 06:19:28 | 000,028,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2008/02/13 07:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys -- (Amusbprt)
DRV:64bit: - [2007/10/15 02:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys -- (Amfilter)
DRV:64bit: - [2007/06/29 13:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64)
DRV - [2014/01/10 05:25:02 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140117.021\ex64.sys -- (NAVEX15)
DRV - [2014/01/10 05:25:02 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140117.021\eng64.sys -- (NAVENG)
DRV - [2014/01/07 19:35:46 | 000,057,024 | ---- | M] (Emsisoft GmbH) [Kernel | On_Demand | Stopped] -- C:\EEK\Run\cleanhlp64.sys -- (cleanhlp)
DRV - [2014/01/06 17:48:44 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140117.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/01/06 11:26:36 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/01/04 01:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/12/28 16:41:54 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2013/12/17 19:32:10 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140110.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/08/09 23:11:50 | 000,026,176 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\EEK\Run\a2ddax64.sys -- (A2DDA)
DRV - [2012/12/10 17:12:02 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/12/10 17:12:02 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/06/02 10:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP51
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D ED 9B 6A 78 88 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.RadioPI_4e.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014/01/06 20:53:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/01/16 23:27:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/22 14:32:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/15 08:42:31 | 000,000,000 | ---D | M]

[2013/12/22 14:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/22 14:32:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/22 14:32:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2014/01/16 17:49:35 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsu...oad/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} http://www.battlefie...r_5.0.203.0.cab (Battlefield Heroes Updater)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.15.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE6DB04C-299A-4856-8B5A-3FF62A649F0C}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/17 22:22:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Windows\system32\config\systemprofile\Desktop\OTL.exe
[2014/01/15 16:30:23 | 000,000,000 | ---D | C] -- C:\FRST
[2014/01/13 19:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014/01/10 18:25:01 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/10 18:02:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/08 11:07:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\pinghold
[2014/01/07 02:06:48 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/06 20:55:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/01/06 20:52:45 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/01/06 20:52:07 | 000,507,992 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symtdiv.sys
[2014/01/06 20:52:06 | 001,147,480 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA64.sys
[2014/01/06 20:52:06 | 000,858,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.sys
[2014/01/06 20:52:06 | 000,590,936 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symnets.sys
[2014/01/06 20:52:06 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS64.sys
[2014/01/06 20:52:06 | 000,264,280 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Ironx64.sys
[2014/01/06 20:52:06 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.sys
[2014/01/06 20:52:06 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.sys
[2014/01/06 20:52:06 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymELAM.sys
[2014/01/06 20:51:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2014/01/06 20:51:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1501000.012
[2014/01/06 20:51:55 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
[2014/01/06 20:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Suite
[2014/01/06 20:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell
[2013/12/31 18:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/12/31 18:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/12/28 17:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
[2013/12/28 16:41:54 | 000,021,712 | ---- | C] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2013/12/22 14:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/17 22:22:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Windows\system32\config\systemprofile\Desktop\OTL.exe
[2014/01/17 21:49:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014/01/17 21:25:59 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/17 21:09:27 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/17 21:09:27 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/17 21:01:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/16 23:24:31 | 000,229,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/16 17:49:35 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/01/16 15:33:03 | 000,024,908 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\VT20140116.020
[2014/01/10 18:16:17 | 013,362,272 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/10 18:16:17 | 004,609,778 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/10 18:16:16 | 000,006,624 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/07 02:06:48 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/06 20:53:22 | 002,734,577 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Cat.DB
[2014/01/06 20:52:45 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/01/06 20:52:45 | 000,008,222 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/01/06 20:52:45 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/01/06 20:52:35 | 000,002,258 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2014/01/05 13:24:13 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/01/04 12:58:02 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/28 16:41:54 | 000,021,712 | ---- | M] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2013/12/23 21:37:30 | 000,002,992 | ---- | M] () -- C:\{1DDD58F4-E247-46AB-B2AE-780117A93B82}
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/16 23:48:25 | 000,024,908 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\VT20140116.020
[2014/01/07 18:41:33 | 000,229,160 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/06 20:52:52 | 002,734,577 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Cat.DB
[2014/01/06 20:52:45 | 000,008,222 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/01/06 20:52:45 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/01/06 20:52:35 | 000,002,258 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2014/01/06 20:51:56 | 000,014,818 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymVTcer.dat
[2014/01/06 20:51:56 | 000,009,939 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymELAM64.cat
[2014/01/06 20:51:56 | 000,008,202 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.cat
[2014/01/06 20:51:56 | 000,008,196 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.cat
[2014/01/06 20:51:56 | 000,008,194 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA64.cat
[2014/01/06 20:51:56 | 000,008,192 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symnet64.cat
[2014/01/06 20:51:56 | 000,008,192 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.cat
[2014/01/06 20:51:56 | 000,008,188 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS64.cat
[2014/01/06 20:51:56 | 000,008,184 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\iron.cat
[2014/01/06 20:51:56 | 000,003,433 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA.inf
[2014/01/06 20:51:56 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS.inf
[2014/01/06 20:51:56 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymNet.inf
[2014/01/06 20:51:56 | 000,001,437 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.inf
[2014/01/06 20:51:56 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.inf
[2014/01/06 20:51:56 | 000,001,098 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symELAM.inf
[2014/01/06 20:51:56 | 000,000,855 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.inf
[2014/01/06 20:51:56 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Iron.inf
[2014/01/06 20:51:56 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\isolate.ini
[2013/12/31 18:48:10 | 000,023,754 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013/12/23 21:37:27 | 000,002,992 | ---- | C] () -- C:\{1DDD58F4-E247-46AB-B2AE-780117A93B82}
[2013/07/24 09:28:16 | 000,000,004 | ---- | C] () -- C:\Windows\system32\config\systemprofile\AppData\Roaming\skype.ini
[2013/04/10 11:27:11 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/04/10 11:26:55 | 000,787,681 | ---- | C] () -- C:\ProgramData\1.jpg
[2013/03/23 08:29:25 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/02/09 10:51:06 | 000,090,572 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/07/03 01:20:15 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/04/25 07:54:42 | 000,426,496 | ---- | C] () -- C:\Windows\SysWow64\STLibWrapper.dll
[2012/04/25 07:54:42 | 000,204,884 | ---- | C] () -- C:\Windows\SysWow64\spxusb.dll
[2012/04/25 07:54:42 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========


========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >






this one is on tonyg profile but i checked all users on otl




OTL logfile created on: 1/17/2014 10:51:55 PM - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tonyg\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.31 Gb Available Physical Memory | 79.00% Memory free
19.73 Gb Paging File | 18.14 Gb Available in Paging File | 91.94% Paging File free
Paging file location(s): c:\pagefile.sys 12273 12273 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.46 Gb Total Space | 487.62 Gb Free Space | 52.35% Space Free | Partition Type: NTFS

Computer Name: TONYG-PC | User Name: tonyg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/09 20:47:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tonyg\Desktop\OTL.exe
PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/18 16:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
PRC - [2012/12/10 17:12:38 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/10 17:12:38 | 000,460,288 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
SRV:64bit: - [2011/06/13 21:21:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/01/05 13:24:13 | 000,076,888 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/11 14:40:36 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/12/10 16:26:22 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/18 16:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2012/12/10 17:12:38 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/06/11 18:59:26 | 000,342,016 | ---- | M] (Alcatel-Lucent) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe -- (pcServiceHost)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2014/01/06 20:52:45 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/10/30 12:55:10 | 000,458,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2013/09/26 22:18:30 | 001,147,480 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2013/09/26 21:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2013/09/26 21:26:03 | 000,858,200 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2013/09/25 22:28:00 | 000,507,992 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2013/09/25 21:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/09 21:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2013/09/09 20:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2013/06/12 16:57:39 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/02/11 21:18:19 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/24 21:18:34 | 000,006,656 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\rzkbdhid.sys -- (rzkbdhid)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/01/13 18:14:58 | 000,057,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/01/13 18:14:50 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/01/13 18:14:22 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2008/11/29 06:19:28 | 000,028,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2008/02/13 07:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys -- (Amusbprt)
DRV:64bit: - [2007/10/15 02:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys -- (Amfilter)
DRV:64bit: - [2007/06/29 13:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64)
DRV - [2014/01/10 05:25:02 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140117.021\ex64.sys -- (NAVEX15)
DRV - [2014/01/10 05:25:02 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140117.021\eng64.sys -- (NAVENG)
DRV - [2014/01/07 19:35:46 | 000,057,024 | ---- | M] (Emsisoft GmbH) [Kernel | On_Demand | Stopped] -- C:\EEK\Run\cleanhlp64.sys -- (cleanhlp)
DRV - [2014/01/06 17:48:44 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140117.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/01/06 11:26:36 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/01/04 01:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/12/28 16:41:54 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2013/12/17 19:32:10 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140110.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/08/09 23:11:50 | 000,026,176 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\EEK\Run\a2ddax64.sys -- (A2DDA)
DRV - [2012/12/10 17:12:02 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/12/10 17:12:02 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/06/02 10:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP51
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D ED 9B 6A 78 88 CE 01 [binary data]
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP51
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D ED 9B 6A 78 88 CE 01 [binary data]
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP51
IE - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
IE - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\..\SearchScopes,DefaultScope = {BB58BA57-01AF-494F-93F0-D335053719DB}
IE - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\..\SearchScopes\{BB58BA57-01AF-494F-93F0-D335053719DB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B7affbfae-c4e2-4915-8c0f-00fa3ec610a1%7D:5.74.1.9964
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.4.5%20-%201
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.RadioPI_4e.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\tonyg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014/01/06 20:53:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/01/17 22:48:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/22 14:32:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/15 08:42:31 | 000,000,000 | ---D | M]

[2011/06/16 05:34:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tonyg\AppData\Roaming\Mozilla\Extensions
[2014/01/08 11:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tonyg\AppData\Roaming\Mozilla\Firefox\Profiles\bcsyaewy.default\extensions
[2014/01/08 11:26:36 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\tonyg\AppData\Roaming\Mozilla\Firefox\Profiles\bcsyaewy.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2013/12/22 14:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/22 14:32:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/22 14:32:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/01/06 20:53:41 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
[2011/06/16 06:09:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

O1 HOSTS File: ([2014/01/16 17:49:35 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll File not found
O4 - HKU\S-1-5-19..\Run: [Google] rundll32 "C:\Users\tonyg\AppData\Local\VirtualStore\Google\uksuud.dll",SCBB2_CreateTransformTablesW File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Google] rundll32 "C:\Users\tonyg\AppData\Local\VirtualStore\Google\uksuud.dll",SCBB2_CreateTransformTablesW File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\..Trusted Domains: blank ([]about in Computer)
O15 - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsu...oad/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} http://www.battlefie...r_5.0.203.0.cab (Battlefield Heroes Updater)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.15.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE6DB04C-299A-4856-8B5A-3FF62A649F0C}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/15 16:30:23 | 000,000,000 | ---D | C] -- C:\FRST
[2014/01/15 16:29:34 | 002,076,160 | ---- | C] (Farbar) -- C:\Users\tonyg\Desktop\FRST64.exe
[2014/01/13 19:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014/01/10 18:25:01 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/10 18:02:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/09 20:47:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tonyg\Desktop\OTL.exe
[2014/01/08 11:07:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\pinghold
[2014/01/07 02:06:48 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/06 20:55:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/01/06 20:52:45 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/01/06 20:52:07 | 000,507,992 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symtdiv.sys
[2014/01/06 20:52:06 | 001,147,480 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA64.sys
[2014/01/06 20:52:06 | 000,858,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.sys
[2014/01/06 20:52:06 | 000,590,936 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symnets.sys
[2014/01/06 20:52:06 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS64.sys
[2014/01/06 20:52:06 | 000,264,280 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Ironx64.sys
[2014/01/06 20:52:06 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.sys
[2014/01/06 20:52:06 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.sys
[2014/01/06 20:52:06 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymELAM.sys
[2014/01/06 20:51:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2014/01/06 20:51:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1501000.012
[2014/01/06 20:51:55 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
[2014/01/06 20:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Suite
[2014/01/06 20:50:48 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2014/01/06 20:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell
[2014/01/01 22:24:15 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Local\NVIDIA
[2014/01/01 21:22:00 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Roaming\NVIDIA
[2013/12/31 20:21:00 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Local\Razer_Inc
[2013/12/31 20:20:56 | 000,000,000 | ---D | C] -- C:\Users\tonyg\Documents\Razer
[2013/12/31 18:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/12/31 18:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/12/28 17:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
[2013/12/28 16:41:54 | 000,021,712 | ---- | C] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2013/12/22 14:32:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/12/20 16:35:17 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Roaming\openvr
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/17 22:49:01 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014/01/17 22:45:33 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/17 22:45:33 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/17 22:45:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/17 22:26:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/16 23:24:31 | 000,229,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/16 17:49:35 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/01/16 15:33:03 | 000,024,908 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\VT20140116.020
[2014/01/15 16:29:34 | 002,076,160 | ---- | M] (Farbar) -- C:\Users\tonyg\Desktop\FRST64.exe
[2014/01/14 17:20:25 | 000,014,336 | ---- | M] () -- C:\Users\tonyg\Desktop\avptool_sysinfo.zip
[2014/01/13 19:05:52 | 131,780,856 | ---- | M] () -- C:\Users\tonyg\Desktop\setup_11.0.1.1245.x01_2014_01_13_21_03.exe
[2014/01/10 18:16:17 | 013,362,272 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/10 18:16:17 | 004,609,778 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/10 18:16:16 | 000,006,624 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/09 20:47:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tonyg\Desktop\OTL.exe
[2014/01/07 02:06:48 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/06 21:26:23 | 000,020,408 | ---- | M] () -- C:\Users\tonyg\Documents\cc_20140106_212605.reg
[2014/01/06 20:53:22 | 002,734,577 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Cat.DB
[2014/01/06 20:52:45 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/01/06 20:52:45 | 000,008,222 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/01/06 20:52:45 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/01/06 20:52:35 | 000,002,258 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2014/01/06 20:50:48 | 000,000,846 | ---- | M] () -- C:\Users\tonyg\Desktop\Norton Installation Files.lnk
[2014/01/06 16:51:22 | 000,515,138 | ---- | M] () -- C:\Users\tonyg\Documents\ge microwave.jpg
[2014/01/05 13:24:13 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/01/04 12:58:02 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/01/02 01:10:35 | 000,002,708 | ---- | M] () -- C:\Users\tonyg\AppData\Local\d3d9caps.dat
[2014/01/01 22:07:55 | 000,001,460 | ---- | M] () -- C:\Users\tonyg\AppData\Local\d3d9caps64.dat
[2014/01/01 15:34:58 | 000,002,747 | ---- | M] () -- C:\Users\tonyg\Desktop\Intel Processor Diagnostic Tool.lnk
[2013/12/28 16:41:54 | 000,021,712 | ---- | M] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2013/12/23 21:37:30 | 000,002,992 | ---- | M] () -- C:\{1DDD58F4-E247-46AB-B2AE-780117A93B82}
[2013/12/21 21:26:22 | 000,008,302 | ---- | M] () -- C:\Users\tonyg\Documents\cc_20131221_212614.reg
[2013/12/20 15:33:54 | 000,000,219 | ---- | M] () -- C:\Users\tonyg\Desktop\Team Fortress 2.url
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/16 23:48:25 | 000,024,908 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\VT20140116.020
[2014/01/14 17:29:33 | 000,014,336 | ---- | C] () -- C:\Users\tonyg\Desktop\avptool_sysinfo.zip
[2014/01/13 18:46:16 | 131,780,856 | ---- | C] () -- C:\Users\tonyg\Desktop\setup_11.0.1.1245.x01_2014_01_13_21_03.exe
[2014/01/07 18:41:33 | 000,229,160 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/06 21:26:08 | 000,020,408 | ---- | C] () -- C:\Users\tonyg\Documents\cc_20140106_212605.reg
[2014/01/06 20:52:52 | 002,734,577 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Cat.DB
[2014/01/06 20:52:45 | 000,008,222 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/01/06 20:52:45 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/01/06 20:52:35 | 000,002,258 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2014/01/06 20:51:56 | 000,014,818 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymVTcer.dat
[2014/01/06 20:51:56 | 000,009,939 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymELAM64.cat
[2014/01/06 20:51:56 | 000,008,202 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.cat
[2014/01/06 20:51:56 | 000,008,196 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.cat
[2014/01/06 20:51:56 | 000,008,194 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA64.cat
[2014/01/06 20:51:56 | 000,008,192 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symnet64.cat
[2014/01/06 20:51:56 | 000,008,192 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.cat
[2014/01/06 20:51:56 | 000,008,188 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS64.cat
[2014/01/06 20:51:56 | 000,008,184 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\iron.cat
[2014/01/06 20:51:56 | 000,003,433 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA.inf
[2014/01/06 20:51:56 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS.inf
[2014/01/06 20:51:56 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymNet.inf
[2014/01/06 20:51:56 | 000,001,437 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.inf
[2014/01/06 20:51:56 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.inf
[2014/01/06 20:51:56 | 000,001,098 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symELAM.inf
[2014/01/06 20:51:56 | 000,000,855 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.inf
[2014/01/06 20:51:56 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Iron.inf
[2014/01/06 20:51:56 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\isolate.ini
[2014/01/06 20:50:48 | 000,000,846 | ---- | C] () -- C:\Users\tonyg\Desktop\Norton Installation Files.lnk
[2014/01/06 16:45:43 | 000,515,138 | ---- | C] () -- C:\Users\tonyg\Documents\ge microwave.jpg
[2013/12/31 18:48:10 | 000,023,754 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013/12/23 21:37:27 | 000,002,992 | ---- | C] () -- C:\{1DDD58F4-E247-46AB-B2AE-780117A93B82}
[2013/12/21 21:26:16 | 000,008,302 | ---- | C] () -- C:\Users\tonyg\Documents\cc_20131221_212614.reg
[2013/12/20 15:33:54 | 000,000,219 | ---- | C] () -- C:\Users\tonyg\Desktop\Team Fortress 2.url
[2013/04/10 11:27:11 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/04/10 11:26:55 | 000,787,681 | ---- | C] () -- C:\ProgramData\1.jpg
[2013/03/23 08:29:25 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/02/09 10:51:06 | 000,090,572 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/08/05 01:05:47 | 000,008,704 | ---- | C] () -- C:\Users\tonyg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/03 01:20:15 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/07/03 01:18:33 | 000,000,632 | RHS- | C] () -- C:\Users\tonyg\ntuser.pol
[2012/06/13 18:49:03 | 000,034,764 | ---- | C] () -- C:\Users\tonyg\AppData\Local\dt.dat
[2012/04/25 07:54:42 | 000,426,496 | ---- | C] () -- C:\Windows\SysWow64\STLibWrapper.dll
[2012/04/25 07:54:42 | 000,204,884 | ---- | C] () -- C:\Windows\SysWow64\spxusb.dll
[2012/04/25 07:54:42 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2011/12/07 16:31:47 | 000,002,708 | ---- | C] () -- C:\Users\tonyg\AppData\Local\d3d9caps.dat
[2011/06/16 01:07:26 | 000,001,460 | ---- | C] () -- C:\Users\tonyg\AppData\Local\d3d9caps64.dat

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/05/17 17:28:34 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\.mono
[2012/06/19 17:24:56 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\AVG2012
[2012/10/07 12:53:08 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\Awesomium
[2011/11/20 15:05:28 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\C4amH6sWJfLgZh
[2012/07/01 09:17:17 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\Comcast
[2011/11/20 15:05:28 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\DCwkUVrlOtP
[2011/11/20 11:04:04 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\EbDD33onG4am6sJ
[2012/04/11 13:34:26 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\FreeFileViewer
[2011/11/20 15:20:54 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\GH5sWJ7dE8
[2011/11/21 15:41:43 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\hLLL9ggTZqjYwkV
[2012/07/04 15:24:35 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\ID Vault
[2012/02/26 18:40:24 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\IObit
[2011/11/20 15:20:55 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\iRZqhYXwkVlBz0c
[2011/11/20 11:04:12 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\khhYYXwwjUVlItz
[2012/07/01 12:08:07 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\OpswatLogs
[2012/10/12 14:58:24 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\Pokémon Trading Card Game Online
[2012/07/01 12:07:48 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\QuickScan
[2011/09/10 22:31:29 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\Sammsoft
[2011/11/20 15:01:52 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\TRZqhYXwkVlBz0c
[2012/06/21 18:12:25 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\TS3Client
[2012/04/15 00:00:02 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\ts3overlay
[2011/06/19 22:01:59 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\Unity
[2012/02/03 02:07:55 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\Visan
[2011/11/20 15:01:52 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\w1ivD2onFpHsJdK
[2012/07/02 00:42:24 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\Wargaming.net
[2011/11/20 11:03:57 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\XllIIBrzzPyxAuS
[2011/11/20 11:04:13 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\YNyyccA1uvD2bFp
[2012/10/22 18:55:37 | 000,000,000 | ---D | M] -- C:\Users\family.TonyG-PC\AppData\Roaming\.minecraft
[2012/09/25 18:14:18 | 000,000,000 | ---D | M] -- C:\Users\family.TonyG-PC\AppData\Roaming\Awesomium
[2012/07/10 07:33:08 | 000,000,000 | ---D | M] -- C:\Users\family.TonyG-PC\AppData\Roaming\Comcast
[2012/10/01 16:15:33 | 000,000,000 | ---D | M] -- C:\Users\family.TonyG-PC\AppData\Roaming\FreeFileViewer
[2012/07/25 12:12:39 | 000,000,000 | ---D | M] -- C:\Users\family.TonyG-PC\AppData\Roaming\Sammsoft
[2012/09/01 13:25:37 | 000,000,000 | ---D | M] -- C:\Users\family.TonyG-PC\AppData\Roaming\wargaming.net
[2013/07/06 21:01:29 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\ActiveDossierUploader
[2012/09/12 18:38:17 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Awesomium
[2013/03/27 19:46:37 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Downloaded Installations
[2012/03/20 19:56:01 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\FreeFileViewer
[2012/07/04 15:24:35 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\ID Vault
[2012/02/26 19:21:13 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\IObit
[2013/12/20 16:35:17 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\openvr
[2012/07/07 09:07:22 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\PCDr
[2013/08/09 04:41:23 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\QuickScan
[2013/05/29 16:31:53 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Sammsoft
[2013/06/02 21:50:24 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\ts3overlay
[2013/02/13 20:20:28 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\ts3overlay_hook_win64
[2013/01/01 11:59:57 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Unity
[2012/11/01 19:18:30 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Visan
[2013/11/01 18:06:30 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Wargaming.net

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
  • 0

#20
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is there anything important on that user ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img23.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img23.jpg
[2011/11/20 15:05:28 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\C4amH6sWJfLgZh
[2011/11/20 15:05:28 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\DCwkUVrlOtP
[2011/11/20 11:04:04 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\EbDD33onG4am6sJ
[2012/04/11 13:34:26 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\FreeFileViewer
[2011/11/20 15:20:54 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\GH5sWJ7dE8
[2011/11/21 15:41:43 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\hLLL9ggTZqjYwkV
[2012/07/04 15:24:35 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\ID Vault
[2012/02/26 18:40:24 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\IObit
[2011/11/20 15:20:55 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\iRZqhYXwkVlBz0c
[2011/11/20 11:04:12 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\khhYYXwwjUVlItz
[2011/11/20 15:01:52 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\TRZqhYXwkVlBz0c
[2011/11/20 15:01:52 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\w1ivD2onFpHsJdK
[2011/11/20 11:03:57 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\XllIIBrzzPyxAuS
[2011/11/20 11:04:13 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\YNyyccA1uvD2bFp


:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Attach the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#21
mayorhemi

mayorhemi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
no nothing it is just a profile i use to check things it can be deleted


also the last script do i run that under the main profile tonyg or the testing one

also i have Malwarebytes and is updated or should i uninstall it and re d/l it again
  • 0

#22
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Run the fix from the profile used, although it should work from any profile. Then if you are not using it then delete the user

Just update MBAM and run
  • 0

#23
mayorhemi

mayorhemi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
OTL logfile created on: 1/21/2014 7:34:21 PM - Run 9
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tonyg\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.88 Gb Available Physical Memory | 86.15% Memory free
19.73 Gb Paging File | 18.69 Gb Available in Paging File | 94.75% Paging File free
Paging file location(s): c:\pagefile.sys 12273 12273 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.46 Gb Total Space | 488.58 Gb Free Space | 52.45% Space Free | Partition Type: NTFS

Computer Name: TONYG-PC | User Name: tonyg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/09 20:47:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tonyg\Desktop\OTL.exe
PRC - [2013/12/18 13:42:44 | 000,040,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe
PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/18 16:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
PRC - [2012/12/10 17:12:38 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/10 17:12:38 | 000,460,288 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
SRV:64bit: - [2011/06/13 21:21:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/01/07 16:00:22 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/01/05 13:24:13 | 000,076,888 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/10 16:26:22 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/18 16:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2012/12/10 17:12:38 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/06/11 18:59:26 | 000,342,016 | ---- | M] (Alcatel-Lucent) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe -- (pcServiceHost)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2014/01/06 20:52:45 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/10/30 12:55:10 | 000,458,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2013/09/26 22:18:30 | 001,147,480 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2013/09/26 21:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2013/09/26 21:26:03 | 000,858,200 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2013/09/25 22:28:00 | 000,507,992 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2013/09/25 21:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/09 21:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2013/09/09 20:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2013/06/12 16:57:39 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/02/11 21:18:19 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/24 21:18:34 | 000,006,656 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\rzkbdhid.sys -- (rzkbdhid)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/01/13 18:14:58 | 000,057,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/01/13 18:14:50 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/01/13 18:14:22 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2008/11/29 06:19:28 | 000,028,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2008/02/13 07:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys -- (Amusbprt)
DRV:64bit: - [2007/10/15 02:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys -- (Amfilter)
DRV:64bit: - [2007/06/29 13:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64)
DRV - [2014/01/20 21:52:14 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140118.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/01/10 05:25:02 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140121.005\ex64.sys -- (NAVEX15)
DRV - [2014/01/10 05:25:02 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140121.005\eng64.sys -- (NAVENG)
DRV - [2014/01/07 19:35:46 | 000,057,024 | ---- | M] (Emsisoft GmbH) [Kernel | On_Demand | Stopped] -- C:\EEK\Run\cleanhlp64.sys -- (cleanhlp)
DRV - [2014/01/06 11:26:36 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/01/04 01:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/12/28 16:41:54 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2013/12/17 19:32:10 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140110.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/08/09 23:11:50 | 000,026,176 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\EEK\Run\a2ddax64.sys -- (A2DDA)
DRV - [2012/12/10 17:12:02 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/12/10 17:12:02 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/06/02 10:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP51
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D ED 9B 6A 78 88 CE 01 [binary data]
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP51
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0D ED 9B 6A 78 88 CE 01 [binary data]
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP51
IE - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
IE - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\..\SearchScopes,DefaultScope = {BB58BA57-01AF-494F-93F0-D335053719DB}
IE - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\..\SearchScopes\{BB58BA57-01AF-494F-93F0-D335053719DB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B7affbfae-c4e2-4915-8c0f-00fa3ec610a1%7D:5.74.1.9964
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.4.5%20-%201
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.RadioPI_4e.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\tonyg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014/01/06 20:53:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/01/21 16:12:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/22 14:32:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/15 08:42:31 | 000,000,000 | ---D | M]

[2011/06/16 05:34:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tonyg\AppData\Roaming\Mozilla\Extensions
[2014/01/08 11:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tonyg\AppData\Roaming\Mozilla\Firefox\Profiles\bcsyaewy.default\extensions
[2014/01/08 11:26:36 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\tonyg\AppData\Roaming\Mozilla\Firefox\Profiles\bcsyaewy.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2013/12/22 14:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/22 14:32:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/22 14:32:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/01/06 20:53:41 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
[2011/06/16 06:09:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

O1 HOSTS File: ([2014/01/21 19:26:10 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll File not found
O4 - HKU\S-1-5-19..\Run: [Google] rundll32 "C:\Users\tonyg\AppData\Local\VirtualStore\Google\uksuud.dll",SCBB2_CreateTransformTablesW File not found
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Google] rundll32 "C:\Users\tonyg\AppData\Local\VirtualStore\Google\uksuud.dll",SCBB2_CreateTransformTablesW File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\..Trusted Domains: blank ([]about in Computer)
O15 - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2530642619-985529084-3126391969-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsu...oad/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} http://www.battlefie...r_5.0.203.0.cab (Battlefield Heroes Updater)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.15.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE6DB04C-299A-4856-8B5A-3FF62A649F0C}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/15 16:30:23 | 000,000,000 | ---D | C] -- C:\FRST
[2014/01/15 16:29:34 | 002,076,160 | ---- | C] (Farbar) -- C:\Users\tonyg\Desktop\FRST64.exe
[2014/01/13 19:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014/01/10 18:25:01 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/10 18:02:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/09 20:47:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tonyg\Desktop\OTL.exe
[2014/01/08 11:07:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\pinghold
[2014/01/07 02:06:48 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/06 20:55:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/01/06 20:52:45 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/01/06 20:52:07 | 000,507,992 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symtdiv.sys
[2014/01/06 20:52:06 | 001,147,480 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA64.sys
[2014/01/06 20:52:06 | 000,858,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.sys
[2014/01/06 20:52:06 | 000,590,936 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symnets.sys
[2014/01/06 20:52:06 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS64.sys
[2014/01/06 20:52:06 | 000,264,280 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Ironx64.sys
[2014/01/06 20:52:06 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.sys
[2014/01/06 20:52:06 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.sys
[2014/01/06 20:52:06 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymELAM.sys
[2014/01/06 20:51:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2014/01/06 20:51:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1501000.012
[2014/01/06 20:51:55 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
[2014/01/06 20:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Suite
[2014/01/06 20:50:48 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2014/01/06 20:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell
[2014/01/01 22:24:15 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Local\NVIDIA
[2014/01/01 21:22:00 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Roaming\NVIDIA
[2013/12/31 20:21:00 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Local\Razer_Inc
[2013/12/31 20:20:56 | 000,000,000 | ---D | C] -- C:\Users\tonyg\Documents\Razer
[2013/12/31 18:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/12/31 18:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/12/28 17:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
[2013/12/28 16:41:54 | 000,021,712 | ---- | C] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/21 19:33:33 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/21 19:33:33 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/21 19:33:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/21 19:26:15 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/21 19:26:10 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/01/21 19:20:21 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014/01/20 15:19:57 | 1401,690,415 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/01/19 09:41:11 | 000,000,222 | ---- | M] () -- C:\Users\tonyg\Desktop\Saints Row IV.url
[2014/01/16 23:24:31 | 000,229,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/16 15:33:03 | 000,024,908 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\VT20140116.020
[2014/01/15 16:29:34 | 002,076,160 | ---- | M] (Farbar) -- C:\Users\tonyg\Desktop\FRST64.exe
[2014/01/14 17:20:25 | 000,014,336 | ---- | M] () -- C:\Users\tonyg\Desktop\avptool_sysinfo.zip
[2014/01/13 19:05:52 | 131,780,856 | ---- | M] () -- C:\Users\tonyg\Desktop\setup_11.0.1.1245.x01_2014_01_13_21_03.exe
[2014/01/10 18:16:17 | 013,362,272 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/10 18:16:17 | 004,609,778 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/10 18:16:16 | 000,006,624 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/09 20:47:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tonyg\Desktop\OTL.exe
[2014/01/07 02:06:48 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/06 21:26:23 | 000,020,408 | ---- | M] () -- C:\Users\tonyg\Documents\cc_20140106_212605.reg
[2014/01/06 20:53:22 | 002,734,577 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Cat.DB
[2014/01/06 20:52:45 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/01/06 20:52:45 | 000,008,222 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/01/06 20:52:45 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/01/06 20:52:35 | 000,002,258 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2014/01/06 20:50:48 | 000,000,846 | ---- | M] () -- C:\Users\tonyg\Desktop\Norton Installation Files.lnk
[2014/01/06 16:51:22 | 000,515,138 | ---- | M] () -- C:\Users\tonyg\Documents\ge microwave.jpg
[2014/01/05 13:24:13 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/01/04 12:58:02 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/01/02 01:10:35 | 000,002,708 | ---- | M] () -- C:\Users\tonyg\AppData\Local\d3d9caps.dat
[2014/01/01 22:07:55 | 000,001,460 | ---- | M] () -- C:\Users\tonyg\AppData\Local\d3d9caps64.dat
[2014/01/01 15:34:58 | 000,002,747 | ---- | M] () -- C:\Users\tonyg\Desktop\Intel Processor Diagnostic Tool.lnk
[2013/12/28 16:41:54 | 000,021,712 | ---- | M] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2013/12/23 21:37:30 | 000,002,992 | ---- | M] () -- C:\{1DDD58F4-E247-46AB-B2AE-780117A93B82}
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/20 15:19:57 | 1401,690,415 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/01/19 09:41:11 | 000,000,222 | ---- | C] () -- C:\Users\tonyg\Desktop\Saints Row IV.url
[2014/01/16 23:48:25 | 000,024,908 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\VT20140116.020
[2014/01/14 17:29:33 | 000,014,336 | ---- | C] () -- C:\Users\tonyg\Desktop\avptool_sysinfo.zip
[2014/01/13 18:46:16 | 131,780,856 | ---- | C] () -- C:\Users\tonyg\Desktop\setup_11.0.1.1245.x01_2014_01_13_21_03.exe
[2014/01/07 18:41:33 | 000,229,160 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/06 21:26:08 | 000,020,408 | ---- | C] () -- C:\Users\tonyg\Documents\cc_20140106_212605.reg
[2014/01/06 20:52:52 | 002,734,577 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Cat.DB
[2014/01/06 20:52:45 | 000,008,222 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/01/06 20:52:45 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/01/06 20:52:35 | 000,002,258 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2014/01/06 20:51:56 | 000,014,818 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymVTcer.dat
[2014/01/06 20:51:56 | 000,009,939 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymELAM64.cat
[2014/01/06 20:51:56 | 000,008,202 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.cat
[2014/01/06 20:51:56 | 000,008,196 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.cat
[2014/01/06 20:51:56 | 000,008,194 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA64.cat
[2014/01/06 20:51:56 | 000,008,192 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symnet64.cat
[2014/01/06 20:51:56 | 000,008,192 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.cat
[2014/01/06 20:51:56 | 000,008,188 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS64.cat
[2014/01/06 20:51:56 | 000,008,184 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\iron.cat
[2014/01/06 20:51:56 | 000,003,433 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA.inf
[2014/01/06 20:51:56 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS.inf
[2014/01/06 20:51:56 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymNet.inf
[2014/01/06 20:51:56 | 000,001,437 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.inf
[2014/01/06 20:51:56 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.inf
[2014/01/06 20:51:56 | 000,001,098 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symELAM.inf
[2014/01/06 20:51:56 | 000,000,855 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.inf
[2014/01/06 20:51:56 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Iron.inf
[2014/01/06 20:51:56 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\isolate.ini
[2014/01/06 20:50:48 | 000,000,846 | ---- | C] () -- C:\Users\tonyg\Desktop\Norton Installation Files.lnk
[2014/01/06 16:45:43 | 000,515,138 | ---- | C] () -- C:\Users\tonyg\Documents\ge microwave.jpg
[2013/12/31 18:48:10 | 000,023,754 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013/12/23 21:37:27 | 000,002,992 | ---- | C] () -- C:\{1DDD58F4-E247-46AB-B2AE-780117A93B82}
[2013/04/10 11:27:11 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/04/10 11:26:55 | 000,787,681 | ---- | C] () -- C:\ProgramData\1.jpg
[2013/03/23 08:29:25 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/02/09 10:51:06 | 000,090,572 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/08/05 01:05:47 | 000,008,704 | ---- | C] () -- C:\Users\tonyg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/03 01:20:15 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/07/03 01:18:33 | 000,000,632 | RHS- | C] () -- C:\Users\tonyg\ntuser.pol
[2012/06/13 18:49:03 | 000,034,764 | ---- | C] () -- C:\Users\tonyg\AppData\Local\dt.dat
[2012/04/25 07:54:42 | 000,426,496 | ---- | C] () -- C:\Windows\SysWow64\STLibWrapper.dll
[2012/04/25 07:54:42 | 000,204,884 | ---- | C] () -- C:\Windows\SysWow64\spxusb.dll
[2012/04/25 07:54:42 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2011/12/07 16:31:47 | 000,002,708 | ---- | C] () -- C:\Users\tonyg\AppData\Local\d3d9caps.dat
[2011/06/16 01:07:26 | 000,001,460 | ---- | C] () -- C:\Users\tonyg\AppData\Local\d3d9caps64.dat

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/05/17 17:28:34 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\.mono
[2012/06/19 17:24:56 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\AVG2012
[2012/10/07 12:53:08 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\Awesomium
[2012/07/01 09:17:17 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\Comcast
[2012/07/01 12:08:07 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\OpswatLogs
[2012/10/12 14:58:24 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\Pokémon Trading Card Game Online
[2012/07/01 12:07:48 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\QuickScan
[2011/09/10 22:31:29 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\Sammsoft
[2012/06/21 18:12:25 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\TS3Client
[2012/04/15 00:00:02 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\ts3overlay
[2011/06/19 22:01:59 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\Unity
[2012/02/03 02:07:55 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\Visan
[2012/07/02 00:42:24 | 000,000,000 | ---D | M] -- C:\Users\amg6460\AppData\Roaming\Wargaming.net
[2012/10/22 18:55:37 | 000,000,000 | ---D | M] -- C:\Users\family.TonyG-PC\AppData\Roaming\.minecraft
[2012/09/25 18:14:18 | 000,000,000 | ---D | M] -- C:\Users\family.TonyG-PC\AppData\Roaming\Awesomium
[2012/07/10 07:33:08 | 000,000,000 | ---D | M] -- C:\Users\family.TonyG-PC\AppData\Roaming\Comcast
[2012/10/01 16:15:33 | 000,000,000 | ---D | M] -- C:\Users\family.TonyG-PC\AppData\Roaming\FreeFileViewer
[2012/07/25 12:12:39 | 000,000,000 | ---D | M] -- C:\Users\family.TonyG-PC\AppData\Roaming\Sammsoft
[2012/09/01 13:25:37 | 000,000,000 | ---D | M] -- C:\Users\family.TonyG-PC\AppData\Roaming\wargaming.net
[2013/07/06 21:01:29 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\ActiveDossierUploader
[2012/09/12 18:38:17 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Awesomium
[2013/03/27 19:46:37 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Downloaded Installations
[2012/03/20 19:56:01 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\FreeFileViewer
[2012/07/04 15:24:35 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\ID Vault
[2012/02/26 19:21:13 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\IObit
[2013/12/20 16:35:17 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\openvr
[2012/07/07 09:07:22 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\PCDr
[2013/08/09 04:41:23 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\QuickScan
[2013/05/29 16:31:53 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Sammsoft
[2013/06/02 21:50:24 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\ts3overlay
[2013/02/13 20:20:28 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\ts3overlay_hook_win64
[2013/01/01 11:59:57 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Unity
[2012/11/01 19:18:30 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Visan
[2013/11/01 18:06:30 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Wargaming.net

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
  • 0

#24
mayorhemi

mayorhemi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.01.21.09

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
tonyg :: TONYG-PC [administrator]

1/21/2014 7:52:17 PM
mbam-log-2014-01-21 (19-52-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 276573
Time elapsed: 3 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#25
mayorhemi

mayorhemi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
i sent you a video of the ping.exe flashing in task manager
  • 0

Advertisements


#26
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets remove this small programme and see if the ping disappears. Where did you send the video to ?

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Posted Image
:Commands
[CREATERESTOREPOINT]

:OTL
[2014/01/08 11:07:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\pinghold

:Files

:Commands
[resethosts]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#27
mayorhemi

mayorhemi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
OTL logfile created on: 1/22/2014 12:47:45 PM - Run 10
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tonyg\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.99 Gb Total Physical Memory | 6.42 Gb Available Physical Memory | 80.37% Memory free
19.73 Gb Paging File | 18.27 Gb Available in Paging File | 92.58% Paging File free
Paging file location(s): c:\pagefile.sys 12273 12273 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.46 Gb Total Space | 620.53 Gb Free Space | 66.62% Space Free | Partition Type: NTFS

Computer Name: TONYG-PC | User Name: tonyg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/01/09 20:47:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tonyg\Desktop\OTL.exe
PRC - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/10/18 16:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe
PRC - [2012/12/10 17:12:38 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/10 17:12:38 | 000,460,288 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
SRV:64bit: - [2011/06/13 21:21:14 | 000,343,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV:64bit: - [2008/01/20 21:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2014/01/07 16:00:22 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2014/01/05 13:24:13 | 000,076,888 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013/12/18 13:42:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/12/10 16:26:22 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/18 16:16:11 | 000,264,360 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe -- (N360)
SRV - [2012/12/10 17:12:38 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2012/07/09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012/06/11 18:59:26 | 000,342,016 | ---- | M] (Alcatel-Lucent) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe -- (pcServiceHost)
SRV - [2009/03/29 23:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2014/01/06 20:52:45 | 000,177,752 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2013/10/30 12:55:10 | 000,458,960 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2013/09/26 22:18:30 | 001,147,480 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SYMEFA64.SYS -- (SymEFA)
DRV:64bit: - [2013/09/26 21:45:56 | 000,264,280 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Ironx64.SYS -- (SymIRON)
DRV:64bit: - [2013/09/26 21:26:03 | 000,858,200 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SRTSP64.SYS -- (SRTSP)
DRV:64bit: - [2013/09/25 22:28:00 | 000,507,992 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SYMTDIV.SYS -- (SYMTDIv)
DRV:64bit: - [2013/09/25 21:50:25 | 000,162,392 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2013/09/09 21:47:26 | 000,493,656 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SYMDS64.SYS -- (SymDS)
DRV:64bit: - [2013/09/09 20:49:49 | 000,036,952 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SRTSPX64.SYS -- (SRTSPX)
DRV:64bit: - [2013/06/12 16:57:39 | 000,016,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013/02/11 21:18:19 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/10/24 21:18:34 | 000,006,656 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\rzkbdhid.sys -- (rzkbdhid)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 08:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/09/30 19:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/01/13 18:14:58 | 000,057,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2009/01/13 18:14:50 | 000,015,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2009/01/13 18:14:22 | 000,022,024 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2008/11/29 06:19:28 | 000,028,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2008/02/13 07:20:16 | 000,017,920 | ---- | M] (A4Tech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Amusbx64.sys -- (Amusbprt)
DRV:64bit: - [2007/10/15 02:37:22 | 000,012,288 | ---- | M] ((Standard mouse types)) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\Amfltx64.sys -- (Amfilter)
DRV:64bit: - [2007/06/29 13:48:06 | 000,039,424 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\AmdLLD64.sys -- (AmdLLD64)
DRV - [2014/01/20 21:52:14 | 000,521,944 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140121.001\IDSviA64.sys -- (IDSVia64)
DRV - [2014/01/10 05:25:02 | 002,099,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140122.003\ex64.sys -- (NAVEX15)
DRV - [2014/01/10 05:25:02 | 000,126,040 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140122.003\eng64.sys -- (NAVENG)
DRV - [2014/01/07 19:35:46 | 000,057,024 | ---- | M] (Emsisoft GmbH) [Kernel | On_Demand | Stopped] -- C:\EEK\Run\cleanhlp64.sys -- (cleanhlp)
DRV - [2014/01/06 11:26:36 | 000,137,648 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2014/01/04 01:00:00 | 000,484,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/12/28 16:41:54 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
DRV - [2013/12/17 19:32:10 | 001,526,488 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140110.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/08/09 23:11:50 | 000,026,176 | ---- | M] (Emsisoft GmbH) [File_System | System | Running] -- C:\EEK\Run\a2ddax64.sys -- (A2DDA)
DRV - [2012/12/10 17:12:02 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2012/12/10 17:12:02 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2011/06/02 10:08:34 | 000,017,864 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys -- (cpudrv64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/?...=EIE9HP&PC=UP51
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\SearchScopes,DefaultScope = {BB58BA57-01AF-494F-93F0-D335053719DB}
IE - HKCU\..\SearchScopes\{BB58BA57-01AF-494F-93F0-D335053719DB}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0
FF - prefs.js..extensions.enabledAddons: %7B7affbfae-c4e2-4915-8c0f-00fa3ec610a1%7D:5.74.1.9964
FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.4.5%20-%201
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.RadioPI_4e.com/Plugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\tonyg\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014/01/06 20:53:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2014/01/22 12:46:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/12/22 14:32:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2014/01/15 08:42:31 | 000,000,000 | ---D | M]

[2011/06/16 05:34:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tonyg\AppData\Roaming\Mozilla\Extensions
[2014/01/08 11:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tonyg\AppData\Roaming\Mozilla\Firefox\Profiles\bcsyaewy.default\extensions
[2014/01/08 11:26:36 | 000,000,000 | ---D | M] (AOL Toolbar) -- C:\Users\tonyg\AppData\Roaming\Mozilla\Firefox\Profiles\bcsyaewy.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2013/12/22 14:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/12/22 14:32:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/22 14:32:22 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2014/01/06 20:53:41 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
[2011/06/16 06:09:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION

O1 HOSTS File: ([2014/01/22 12:36:04 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll File not found
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files (x86)\AOL Toolbar\aoltb.dll File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: blank ([]about in Computer)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsu...oad/tgctlsr.cab (SupportSoft Script Runner Class)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} http://support.dell....r/SysProExe.CAB (WMI Class)
O16 - DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} http://quickscan.bit...m/qsax/qsax.cab (Bitdefender QuickScan Control)
O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} http://www.battlefie...r_5.0.203.0.cab (Battlefield Heroes Updater)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.5.15.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FE6DB04C-299A-4856-8B5A-3FF62A649F0C}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2014/01/15 16:30:23 | 000,000,000 | ---D | C] -- C:\FRST
[2014/01/15 16:29:34 | 002,076,160 | ---- | C] (Farbar) -- C:\Users\tonyg\Desktop\FRST64.exe
[2014/01/13 19:18:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2014/01/10 18:25:01 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/01/10 18:02:48 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/01/09 20:47:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\tonyg\Desktop\OTL.exe
[2014/01/08 11:07:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\pinghold
[2014/01/07 02:06:48 | 000,089,304 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/06 20:55:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2014/01/06 20:52:45 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/01/06 20:52:07 | 000,507,992 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symtdiv.sys
[2014/01/06 20:52:06 | 001,147,480 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA64.sys
[2014/01/06 20:52:06 | 000,858,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.sys
[2014/01/06 20:52:06 | 000,590,936 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symnets.sys
[2014/01/06 20:52:06 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS64.sys
[2014/01/06 20:52:06 | 000,264,280 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Ironx64.sys
[2014/01/06 20:52:06 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.sys
[2014/01/06 20:52:06 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.sys
[2014/01/06 20:52:06 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymELAM.sys
[2014/01/06 20:51:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2014/01/06 20:51:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1501000.012
[2014/01/06 20:51:55 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
[2014/01/06 20:51:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Security Suite
[2014/01/06 20:50:48 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2014/01/06 20:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell
[2014/01/01 22:24:15 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Local\NVIDIA
[2014/01/01 21:22:00 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Roaming\NVIDIA
[2013/12/31 20:21:00 | 000,000,000 | ---D | C] -- C:\Users\tonyg\AppData\Local\Razer_Inc
[2013/12/31 20:20:56 | 000,000,000 | ---D | C] -- C:\Users\tonyg\Documents\Razer
[2013/12/31 18:51:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013/12/31 18:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013/12/28 17:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
[2013/12/28 16:41:54 | 000,021,712 | ---- | C] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014/01/22 12:49:04 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2014/01/22 12:43:21 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/22 12:43:21 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/22 12:43:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/22 12:36:04 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2014/01/22 06:26:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/21 20:17:35 | 003,511,776 | ---- | M] () -- C:\Users\tonyg\Desktop\IMG_1109.MOV
[2014/01/20 15:19:57 | 1401,690,415 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/01/19 09:41:11 | 000,000,222 | ---- | M] () -- C:\Users\tonyg\Desktop\Saints Row IV.url
[2014/01/16 23:24:31 | 000,229,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/16 15:33:03 | 000,024,908 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\VT20140116.020
[2014/01/15 16:29:34 | 002,076,160 | ---- | M] (Farbar) -- C:\Users\tonyg\Desktop\FRST64.exe
[2014/01/14 17:20:25 | 000,014,336 | ---- | M] () -- C:\Users\tonyg\Desktop\avptool_sysinfo.zip
[2014/01/13 19:05:52 | 131,780,856 | ---- | M] () -- C:\Users\tonyg\Desktop\setup_11.0.1.1245.x01_2014_01_13_21_03.exe
[2014/01/10 18:16:17 | 013,362,272 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014/01/10 18:16:17 | 004,609,778 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014/01/10 18:16:16 | 000,006,624 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014/01/09 20:47:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tonyg\Desktop\OTL.exe
[2014/01/07 02:06:48 | 000,089,304 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014/01/06 21:26:23 | 000,020,408 | ---- | M] () -- C:\Users\tonyg\Documents\cc_20140106_212605.reg
[2014/01/06 20:53:22 | 002,734,577 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Cat.DB
[2014/01/06 20:52:45 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2014/01/06 20:52:45 | 000,008,222 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/01/06 20:52:45 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/01/06 20:52:35 | 000,002,258 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2014/01/06 20:50:48 | 000,000,846 | ---- | M] () -- C:\Users\tonyg\Desktop\Norton Installation Files.lnk
[2014/01/06 16:51:22 | 000,515,138 | ---- | M] () -- C:\Users\tonyg\Documents\ge microwave.jpg
[2014/01/05 13:24:13 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2014/01/04 12:58:02 | 000,000,770 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2014/01/02 01:10:35 | 000,002,708 | ---- | M] () -- C:\Users\tonyg\AppData\Local\d3d9caps.dat
[2014/01/01 22:07:55 | 000,001,460 | ---- | M] () -- C:\Users\tonyg\AppData\Local\d3d9caps64.dat
[2014/01/01 15:34:58 | 000,002,747 | ---- | M] () -- C:\Users\tonyg\Desktop\Intel Processor Diagnostic Tool.lnk
[2013/12/28 16:41:54 | 000,021,712 | ---- | M] (Phoenix Technologies) -- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
[2013/12/23 21:37:30 | 000,002,992 | ---- | M] () -- C:\{1DDD58F4-E247-46AB-B2AE-780117A93B82}
[1 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014/01/21 20:17:35 | 003,511,776 | ---- | C] () -- C:\Users\tonyg\Desktop\IMG_1109.MOV
[2014/01/20 15:19:57 | 1401,690,415 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/01/19 09:41:11 | 000,000,222 | ---- | C] () -- C:\Users\tonyg\Desktop\Saints Row IV.url
[2014/01/16 23:48:25 | 000,024,908 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\VT20140116.020
[2014/01/14 17:29:33 | 000,014,336 | ---- | C] () -- C:\Users\tonyg\Desktop\avptool_sysinfo.zip
[2014/01/13 18:46:16 | 131,780,856 | ---- | C] () -- C:\Users\tonyg\Desktop\setup_11.0.1.1245.x01_2014_01_13_21_03.exe
[2014/01/07 18:41:33 | 000,229,160 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2014/01/06 21:26:08 | 000,020,408 | ---- | C] () -- C:\Users\tonyg\Documents\cc_20140106_212605.reg
[2014/01/06 20:52:52 | 002,734,577 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Cat.DB
[2014/01/06 20:52:45 | 000,008,222 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2014/01/06 20:52:45 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2014/01/06 20:52:35 | 000,002,258 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Suite.lnk
[2014/01/06 20:51:56 | 000,014,818 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymVTcer.dat
[2014/01/06 20:51:56 | 000,009,939 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymELAM64.cat
[2014/01/06 20:51:56 | 000,008,202 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.cat
[2014/01/06 20:51:56 | 000,008,196 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.cat
[2014/01/06 20:51:56 | 000,008,194 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA64.cat
[2014/01/06 20:51:56 | 000,008,192 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symnet64.cat
[2014/01/06 20:51:56 | 000,008,192 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.cat
[2014/01/06 20:51:56 | 000,008,188 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS64.cat
[2014/01/06 20:51:56 | 000,008,184 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\iron.cat
[2014/01/06 20:51:56 | 000,003,433 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA.inf
[2014/01/06 20:51:56 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS.inf
[2014/01/06 20:51:56 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymNet.inf
[2014/01/06 20:51:56 | 000,001,437 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.inf
[2014/01/06 20:51:56 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.inf
[2014/01/06 20:51:56 | 000,001,098 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symELAM.inf
[2014/01/06 20:51:56 | 000,000,855 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.inf
[2014/01/06 20:51:56 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Iron.inf
[2014/01/06 20:51:56 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\isolate.ini
[2014/01/06 20:50:48 | 000,000,846 | ---- | C] () -- C:\Users\tonyg\Desktop\Norton Installation Files.lnk
[2014/01/06 16:45:43 | 000,515,138 | ---- | C] () -- C:\Users\tonyg\Documents\ge microwave.jpg
[2013/12/31 18:48:10 | 000,023,754 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013/12/23 21:37:27 | 000,002,992 | ---- | C] () -- C:\{1DDD58F4-E247-46AB-B2AE-780117A93B82}
[2013/04/10 11:27:11 | 002,250,054 | ---- | C] () -- C:\ProgramData\1.bmp
[2013/04/10 11:26:55 | 000,787,681 | ---- | C] () -- C:\ProgramData\1.jpg
[2013/03/23 08:29:25 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2013/02/09 10:51:06 | 000,090,572 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012/08/05 01:05:47 | 000,008,704 | ---- | C] () -- C:\Users\tonyg\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/03 01:20:15 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/07/03 01:18:33 | 000,000,632 | RHS- | C] () -- C:\Users\tonyg\ntuser.pol
[2012/06/13 18:49:03 | 000,034,764 | ---- | C] () -- C:\Users\tonyg\AppData\Local\dt.dat
[2012/04/25 07:54:42 | 000,426,496 | ---- | C] () -- C:\Windows\SysWow64\STLibWrapper.dll
[2012/04/25 07:54:42 | 000,204,884 | ---- | C] () -- C:\Windows\SysWow64\spxusb.dll
[2012/04/25 07:54:42 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2011/12/07 16:31:47 | 000,002,708 | ---- | C] () -- C:\Users\tonyg\AppData\Local\d3d9caps.dat
[2011/06/16 01:07:26 | 000,001,460 | ---- | C] () -- C:\Users\tonyg\AppData\Local\d3d9caps64.dat

========== ZeroAccess Check ==========

[2006/11/02 10:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 12:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 12:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 02:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 21:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/07/06 21:01:29 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\ActiveDossierUploader
[2012/09/12 18:38:17 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Awesomium
[2013/03/27 19:46:37 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Downloaded Installations
[2012/03/20 19:56:01 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\FreeFileViewer
[2012/07/04 15:24:35 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\ID Vault
[2012/02/26 19:21:13 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\IObit
[2013/12/20 16:35:17 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\openvr
[2012/07/07 09:07:22 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\PCDr
[2013/08/09 04:41:23 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\QuickScan
[2013/05/29 16:31:53 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Sammsoft
[2013/06/02 21:50:24 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\ts3overlay
[2013/02/13 20:20:28 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\ts3overlay_hook_win64
[2013/01/01 11:59:57 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Unity
[2012/11/01 19:18:30 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Visan
[2013/11/01 18:06:30 | 000,000,000 | ---D | M] -- C:\Users\tonyg\AppData\Roaming\Wargaming.net

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
  • 0

#28
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you reboot to see if the ping still comes up

Also how is the general behaviour
  • 0

#29
mayorhemi

mayorhemi

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
yes
rebooted

ping.exe still comes up like in video i sent

computer is a bit faster but still having slow loading time web pages

i really want to thank you for the tech help

do you think it is from norton security suite it upgraded a while ago and i read that ping.exe might be from the older version???
  • 0

#30
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That is a possibility, what could be done to check that is the following :

First make sure you have your Norton licence backed up and to hand
Download your version of Norton from here http://symantec-nort...CFeKWtAodOCgANw to your desktop
Download the Norton removal tool to your desktop https://support.nort...erProfile_en_us

Uninstall Norton via Control Panel > Programs and Features (there may be several elements under Norton/Symantec )
After the reboot run the removal tool
Reboot and install the fresh copy

Let me know how that goes
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP