Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't run 32 bit applications, antivirus, malware [Solved]

Started by gkkeith , Jan 23 2013 12:23 AM

  • This topic is locked This topic is locked

#16
gkkeith
Posted 26 January 2013 - 03:41 PM

gkkeith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
OTL logfile created on: 01/26/13 3:31:33 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Greg\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: MM/dd/yy

3.98 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 60.94% Memory free
7.96 Gb Paging File | 6.26 Gb Available in Paging File | 78.62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 449.57 Gb Total Space | 387.81 Gb Free Space | 86.26% Space Free | Partition Type: NTFS
Drive D: | 162.44 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 1863.01 Gb Total Space | 1847.91 Gb Free Space | 99.19% Space Free | Partition Type: NTFS
Drive I: | 3.73 Gb Total Space | 3.53 Gb Free Space | 94.40% Space Free | Partition Type: NTFS

Computer Name: GREG-PC | User Name: Greg | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/25 19:07:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
PRC - [2012/12/04 19:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.2.1.22\ccsvchst.exe
PRC - [2012/06/06 20:33:42 | 001,564,872 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011/09/22 10:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2011/09/22 10:11:26 | 000,460,096 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
PRC - [2011/09/22 10:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2009/07/27 00:59:06 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/07/21 10:50:02 | 000,084,464 | ---- | M] () -- C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
PRC - [2009/02/03 11:48:32 | 000,237,693 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
PRC - [2008/04/23 01:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe


========== Modules (No Company Name) ==========

MOD - [2012/05/30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.2.1.22\wincfi39.dll
MOD - [2012/05/09 02:28:29 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/09 02:28:27 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/09 02:28:27 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/09 02:28:23 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/09/22 10:14:16 | 002,751,808 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
MOD - [2009/07/27 00:50:12 | 000,148,992 | ---- | M] () -- C:\Windows\SysWOW64\OemSpiE.dll
MOD - [2009/07/21 10:50:02 | 000,084,464 | ---- | M] () -- C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe
MOD - [2009/03/26 14:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL


========== Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2011/08/10 16:53:14 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/01/09 01:36:06 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/04 19:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.2.1.22\ccSvcHst.exe -- (N360)
SRV - [2012/01/18 13:03:57 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/01/18 13:03:32 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/12/22 06:31:08 | 000,045,056 | ---- | M] (Intuit) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/09/22 10:06:12 | 001,692,480 | ---- | M] (SoftThinks SAS) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe -- (SftService)
SRV - [2011/05/20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/11/25 05:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/08/25 20:28:54 | 002,823,000 | ---- | M] (Dell, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/07/27 00:59:06 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/07/24 07:33:34 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe -- (RoxWatch12)
SRV - [2009/07/24 07:33:10 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe -- (RoxMediaDB12)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/18 15:45:28 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/06 15:34:50 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/10/08 19:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/10/03 19:40:35 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/10/03 19:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symds64.sys -- (SymDS)
DRV:64bit: - [2012/09/06 20:05:14 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/09/06 19:48:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/09/06 19:40:51 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/08/20 13:50:10 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ccsetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012/08/17 15:26:48 | 000,025,584 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\Dell Support Center\pcdsrvc_x64.pkms -- (PCDSRVC{1E208CE0-FB7451FF-06020200}_0)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 10:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/18 14:41:28 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2012/01/18 14:41:26 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2012/01/18 14:41:23 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2012/01/18 14:41:23 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2012/01/18 14:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/01/18 14:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/08/10 16:53:28 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/08/10 16:53:14 | 009,371,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/08/10 16:53:14 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/05/21 02:01:04 | 000,339,536 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmwfp.sys -- (tmwfp)
DRV:64bit: - [2011/05/21 02:01:04 | 000,194,640 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmlwf.sys -- (tmlwf)
DRV:64bit: - [2011/05/21 02:01:04 | 000,144,656 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2011/05/21 02:01:04 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2011/05/21 02:01:04 | 000,090,896 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2011/05/21 02:01:04 | 000,069,392 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2011/05/20 11:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 21:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/20 21:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 21:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/21 21:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/06/08 06:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/07/27 00:50:06 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2013/01/16 00:41:17 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130125.023\ex64.sys -- (NAVEX15)
DRV - [2013/01/16 00:41:17 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130125.023\eng64.sys -- (NAVENG)
DRV - [2013/01/15 20:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130116.013\BHDrvx64.sys -- (BHDrvx64)
DRV - [2013/01/05 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2013/01/05 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/01/04 16:28:04 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130124.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {8F24045B-8CFB-4185-AD36-9F407ABDC6C2}
IE - HKCU\..\SearchScopes\{0A473A30-C796-4372-BFE9-52547D00242A}: "URL" = http://websearch.ask...7D-EAE659B8957D
IE - HKCU\..\SearchScopes\{8F24045B-8CFB-4185-AD36-9F407ABDC6C2}: "URL" = http://www.google.co...utputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1077\firefoxextension\ [2013/01/25 07:23:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\ [2013/01/25 07:23:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2013/01/26 15:26:57 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2013/01/26 15:21:23 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.2.1.22\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Norton 360\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [CPMonitor] C:\Program Files (x86)\Roxio 2010\5.0\CPMonitor.exe ()
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnabledLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: Garmin Communicator Plug-In https://static.garmi...xControl_32.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B4A3FCC3-565E-453B-9AA1-B4E050811830}: DhcpNameServer = 24.177.176.38 71.92.29.130 24.217.201.67
O18:64bit: - Protocol\Handler\intu-help-qb2 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\qbwc - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\1.5.1464\6.6.1077\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/10/29 12:28:06 | 000,000,047 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2010/02/14 22:53:50 | 000,000,027 | ---- | M] () - F:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{4e67d6c8-4215-11e1-a959-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4e67d6c8-4215-11e1-a959-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2012/11/05 08:08:12 | 169,935,608 | R--- | M] (CCH Small Firm Services)
O33 - MountPoints2\{5af399a5-a547-11e1-b31e-d4bed992690f}\Shell - "" = AutoRun
O33 - MountPoints2\{5af399a5-a547-11e1-b31e-d4bed992690f}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{9eb73fbb-4bec-11e1-b557-d4bed992690f}\Shell - "" = AutoRun
O33 - MountPoints2\{9eb73fbb-4bec-11e1-b557-d4bed992690f}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{fd44020c-4d45-11e1-a269-d4bed992690f}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{fd44020c-4d45-11e1-a269-d4bed992690f}\Shell\phone\command - "" = H:\autorun.exe
O33 - MountPoints2\{fd44028a-4d45-11e1-a269-d4bed992690f}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{fd44028a-4d45-11e1-a269-d4bed992690f}\Shell\phone\command - "" = F:\autorun.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\G\Shell\phone\command - "" = G:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/26 15:21:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/26 14:53:40 | 001,133,216 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symefa64.sys
[2013/01/26 14:53:40 | 000,776,864 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtsp64.sys
[2013/01/26 14:53:40 | 000,493,216 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symds64.sys
[2013/01/26 14:53:40 | 000,432,800 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symnets.sys
[2013/01/26 14:53:40 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtspx64.sys
[2013/01/26 14:53:40 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symelam.sys
[2013/01/26 14:53:39 | 000,224,416 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ironx64.sys
[2013/01/26 14:53:39 | 000,168,096 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ccsetx64.sys
[2013/01/26 14:53:19 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1402010.016
[2013/01/26 07:18:01 | 005,026,751 | ---- | C] (Swearware) -- C:\Users\Greg\Desktop\ComboFix.exe
[2013/01/25 19:07:55 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
[2013/01/23 18:19:36 | 000,000,000 | ---D | C] -- C:\FRST
[2013/01/22 20:13:55 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013/01/12 17:19:25 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Awesomium
[2013/01/12 10:03:27 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\CCH_Small_Firm_Services
[2013/01/12 10:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Gibraltar
[2013/01/12 09:58:43 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\assembly
[2013/01/12 09:58:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCH Small Firm Services
[2013/01/12 09:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\CCH Small Firm Services
[2013/01/12 09:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCH Small Firm Services
[2013/01/09 22:04:11 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\Desk Top
[2013/01/09 22:00:42 | 000,000,000 | ---D | C] -- C:\Users\Greg\Desktop\City of Smithville
[2013/01/09 21:39:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VitalSource Bookshelf
[2013/01/09 21:34:15 | 000,000,000 | ---D | C] -- C:\Users\Greg\Documents\My Books
[2013/01/09 21:30:56 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Shared Books
[2013/01/06 15:34:50 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/01/06 15:34:18 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2013/01/06 15:34:17 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013/01/06 15:33:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/01/05 20:31:04 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Local\MigWiz
[2013/01/04 22:12:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/01/04 22:12:37 | 000,000,000 | ---D | C] -- C:\Users\Greg\Documents\Symantec
[2013/01/04 22:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/01/04 22:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013/01/04 22:10:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2013/01/04 22:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/01/04 22:04:16 | 000,000,000 | ---D | C] -- C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2013/01/04 22:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/26 15:34:48 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/26 15:34:48 | 000,021,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/26 15:31:21 | 000,798,858 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/26 15:31:21 | 000,676,142 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/26 15:31:21 | 000,126,340 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/26 15:29:08 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/26 15:26:46 | 000,002,510 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2013/01/26 15:26:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/26 15:26:27 | 001,651,171 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
[2013/01/26 15:26:23 | 3207,417,856 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/26 15:26:13 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\VT20130115.021
[2013/01/26 15:21:23 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/01/26 15:18:56 | 000,031,088 | ---- | M] () -- C:\{4E7B8B65-0178-4746-8082-767A2E278EC8}
[2013/01/26 07:18:01 | 005,026,751 | ---- | M] (Swearware) -- C:\Users\Greg\Desktop\ComboFix.exe
[2013/01/25 19:07:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Greg\Desktop\OTL.exe
[2013/01/25 07:25:17 | 000,588,880 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/25 07:14:45 | 000,002,299 | ---- | M] () -- C:\Users\Greg\Desktop\fix.rtf
[2013/01/21 22:47:22 | 000,000,394 | ---- | M] () -- C:\Users\Greg\Documents\error messages.rtf
[2013/01/20 21:37:40 | 000,031,120 | ---- | M] () -- C:\{0359807E-1B18-44B1-9FDA-2F9D757E0DFE}
[2013/01/20 13:44:02 | 000,031,120 | ---- | M] () -- C:\{F83A5D03-6432-45A6-BBE5-939FB6F37714}
[2013/01/20 01:10:30 | 000,031,120 | ---- | M] () -- C:\{7FE6CFCC-0756-4B28-B74C-F8967D4DAB04}
[2013/01/19 13:01:54 | 000,031,120 | ---- | M] () -- C:\{6087B4AB-4E3C-4F76-B4A0-09199E3E652D}
[2013/01/19 03:37:54 | 000,031,120 | ---- | M] () -- C:\{E3C01294-E365-4861-8EEE-BA42E3A16887}
[2013/01/19 01:11:23 | 000,031,288 | ---- | M] () -- C:\{D214B67E-7770-4427-A619-EB64469C8252}
[2013/01/18 10:07:30 | 000,031,112 | ---- | M] () -- C:\{72CECB7A-2FD8-48EF-8EB2-9B42EEAD7A96}
[2013/01/18 01:16:10 | 000,031,128 | ---- | M] () -- C:\{E7DAF1BA-7118-41D9-892A-4DD59FC054AD}
[2013/01/17 13:35:52 | 000,031,128 | ---- | M] () -- C:\{561FBD64-5BD6-4181-BD7E-2B6347851FC6}
[2013/01/17 01:29:05 | 000,031,288 | ---- | M] () -- C:\{1DEEF191-5ED4-44BE-8322-75D217D57F98}
[2013/01/16 13:40:19 | 000,031,128 | ---- | M] () -- C:\{A24B0296-8DA0-44AD-B6DC-3C028D0B1146}
[2013/01/15 18:30:02 | 000,031,288 | ---- | M] () -- C:\{54128122-D539-4BDE-AE70-990FBF236131}
[2013/01/15 13:22:06 | 000,031,136 | ---- | M] () -- C:\{C1045E3B-A181-48B9-8C98-179E1EAD4DC3}
[2013/01/14 16:27:24 | 000,031,128 | ---- | M] () -- C:\{2C536ABA-C7D7-46DD-BC88-EDA09A4EF809}
[2013/01/13 13:30:02 | 000,031,152 | ---- | M] () -- C:\{49851CB9-6D43-4A82-B655-AA515A97B38A}
[2013/01/13 01:56:43 | 000,031,136 | ---- | M] () -- C:\{4E282032-A8D9-4975-B5CB-AE9E24617D6F}
[2013/01/12 17:25:39 | 000,002,051 | ---- | M] () -- C:\Users\Public\Desktop\STS 2012.lnk
[2013/01/12 17:18:53 | 000,031,152 | ---- | M] () -- C:\{20DA0C02-2B53-4A18-A67E-284589B5D4EB}
[2013/01/12 09:43:53 | 000,031,144 | ---- | M] () -- C:\{95FA9D90-E001-4153-920A-DAFCF7F0677A}
[2013/01/11 13:39:47 | 000,031,128 | ---- | M] () -- C:\{5E9E9517-E0A2-48E0-92EE-EE9404491CE5}
[2013/01/10 07:03:10 | 000,031,296 | ---- | M] () -- C:\{7F0FE94D-D0B9-4FE3-A812-1201CE49E442}
[2013/01/10 01:46:06 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\isolate.ini
[2013/01/10 01:45:15 | 000,031,144 | ---- | M] () -- C:\{AA3EF57E-F883-4CEE-8E95-6549AB5AE2FE}
[2013/01/09 22:05:01 | 000,000,868 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/01/09 21:39:30 | 000,002,749 | ---- | M] () -- C:\Users\Public\Desktop\VitalSource Bookshelf.lnk
[2013/01/09 19:46:43 | 000,001,294 | ---- | M] () -- C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/01/09 13:19:53 | 000,031,128 | ---- | M] () -- C:\{1EC36ED4-67EE-47D5-956D-8E374B2F0B4F}
[2013/01/08 13:03:01 | 000,031,144 | ---- | M] () -- C:\{8C853E91-0924-4B5E-BD88-A34B8AE1DBD0}
[2013/01/06 20:14:18 | 000,031,144 | ---- | M] () -- C:\{97B6794E-F84F-462A-BBEB-B6BDAE8877F5}
[2013/01/06 15:34:50 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/01/06 15:34:50 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/01/06 15:34:50 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[8 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/26 15:26:13 | 001,651,171 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
[2013/01/26 15:26:13 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\VT20130115.021
[2013/01/26 15:18:56 | 000,031,088 | ---- | C] () -- C:\{4E7B8B65-0178-4746-8082-767A2E278EC8}
[2013/01/26 14:53:40 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symelam64.cat
[2013/01/26 14:53:40 | 000,007,605 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtspx64.cat
[2013/01/26 14:53:40 | 000,007,603 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symefa64.cat
[2013/01/26 14:53:40 | 000,007,601 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symnet64.cat
[2013/01/26 14:53:40 | 000,007,601 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtsp64.cat
[2013/01/26 14:53:40 | 000,007,597 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symds64.cat
[2013/01/26 14:53:40 | 000,003,433 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symefa.inf
[2013/01/26 14:53:40 | 000,002,851 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symds.inf
[2013/01/26 14:53:40 | 000,001,440 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symnet.inf
[2013/01/26 14:53:40 | 000,001,437 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtsp64.inf
[2013/01/26 14:53:40 | 000,001,418 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtspx64.inf
[2013/01/26 14:53:40 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symelam.inf
[2013/01/26 14:53:39 | 000,007,611 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ccsetx64.cat
[2013/01/26 14:53:39 | 000,007,593 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\iron.cat
[2013/01/26 14:53:39 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ccsetx64.inf
[2013/01/26 14:53:39 | 000,000,767 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\iron.inf
[2013/01/26 14:53:19 | 000,009,103 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symvtcer.dat
[2013/01/26 14:53:19 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\isolate.ini
[2013/01/25 07:14:45 | 000,002,299 | ---- | C] () -- C:\Users\Greg\Desktop\fix.rtf
[2013/01/21 22:47:22 | 000,000,394 | ---- | C] () -- C:\Users\Greg\Documents\error messages.rtf
[2013/01/20 21:37:40 | 000,031,120 | ---- | C] () -- C:\{0359807E-1B18-44B1-9FDA-2F9D757E0DFE}
[2013/01/20 13:44:02 | 000,031,120 | ---- | C] () -- C:\{F83A5D03-6432-45A6-BBE5-939FB6F37714}
[2013/01/20 01:10:30 | 000,031,120 | ---- | C] () -- C:\{7FE6CFCC-0756-4B28-B74C-F8967D4DAB04}
[2013/01/19 13:01:54 | 000,031,120 | ---- | C] () -- C:\{6087B4AB-4E3C-4F76-B4A0-09199E3E652D}
[2013/01/19 03:37:54 | 000,031,120 | ---- | C] () -- C:\{E3C01294-E365-4861-8EEE-BA42E3A16887}
[2013/01/19 01:11:23 | 000,031,288 | ---- | C] () -- C:\{D214B67E-7770-4427-A619-EB64469C8252}
[2013/01/18 10:07:30 | 000,031,112 | ---- | C] () -- C:\{72CECB7A-2FD8-48EF-8EB2-9B42EEAD7A96}
[2013/01/18 01:16:10 | 000,031,128 | ---- | C] () -- C:\{E7DAF1BA-7118-41D9-892A-4DD59FC054AD}
[2013/01/17 13:35:52 | 000,031,128 | ---- | C] () -- C:\{561FBD64-5BD6-4181-BD7E-2B6347851FC6}
[2013/01/17 01:29:05 | 000,031,288 | ---- | C] () -- C:\{1DEEF191-5ED4-44BE-8322-75D217D57F98}
[2013/01/16 13:40:19 | 000,031,128 | ---- | C] () -- C:\{A24B0296-8DA0-44AD-B6DC-3C028D0B1146}
[2013/01/15 18:30:02 | 000,031,288 | ---- | C] () -- C:\{54128122-D539-4BDE-AE70-990FBF236131}
[2013/01/15 13:22:06 | 000,031,136 | ---- | C] () -- C:\{C1045E3B-A181-48B9-8C98-179E1EAD4DC3}
[2013/01/14 16:27:24 | 000,031,128 | ---- | C] () -- C:\{2C536ABA-C7D7-46DD-BC88-EDA09A4EF809}
[2013/01/13 13:30:02 | 000,031,152 | ---- | C] () -- C:\{49851CB9-6D43-4A82-B655-AA515A97B38A}
[2013/01/13 01:56:43 | 000,031,136 | ---- | C] () -- C:\{4E282032-A8D9-4975-B5CB-AE9E24617D6F}
[2013/01/12 17:18:53 | 000,031,152 | ---- | C] () -- C:\{20DA0C02-2B53-4A18-A67E-284589B5D4EB}
[2013/01/12 09:58:08 | 000,002,051 | ---- | C] () -- C:\Users\Public\Desktop\STS 2012.lnk
[2013/01/12 09:43:53 | 000,031,144 | ---- | C] () -- C:\{95FA9D90-E001-4153-920A-DAFCF7F0677A}
[2013/01/11 13:39:47 | 000,031,128 | ---- | C] () -- C:\{5E9E9517-E0A2-48E0-92EE-EE9404491CE5}
[2013/01/10 07:03:10 | 000,031,296 | ---- | C] () -- C:\{7F0FE94D-D0B9-4FE3-A812-1201CE49E442}
[2013/01/10 01:45:15 | 000,031,144 | ---- | C] () -- C:\{AA3EF57E-F883-4CEE-8E95-6549AB5AE2FE}
[2013/01/09 21:31:04 | 000,002,749 | ---- | C] () -- C:\Users\Public\Desktop\VitalSource Bookshelf.lnk
[2013/01/09 21:31:03 | 000,002,755 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VitalSource Bookshelf.lnk
[2013/01/09 19:46:43 | 000,001,294 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/01/09 13:19:53 | 000,031,128 | ---- | C] () -- C:\{1EC36ED4-67EE-47D5-956D-8E374B2F0B4F}
[2013/01/08 13:03:01 | 000,031,144 | ---- | C] () -- C:\{8C853E91-0924-4B5E-BD88-A34B8AE1DBD0}
[2013/01/06 20:14:18 | 000,031,144 | ---- | C] () -- C:\{97B6794E-F84F-462A-BBEB-B6BDAE8877F5}
[2013/01/06 15:34:50 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/01/06 15:34:50 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/01/06 15:34:41 | 000,002,510 | ---- | C] () -- C:\Users\Public\Desktop\Norton 360.lnk
[2012/10/11 22:20:58 | 000,000,691 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\GetValue.vbs
[2012/10/11 22:20:58 | 000,000,035 | ---- | C] () -- C:\Users\Greg\AppData\Roaming\SetValue.bat
[2012/02/06 21:14:53 | 000,000,090 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/01/29 20:21:16 | 000,013,701 | ---- | C] () -- C:\Windows\hplj1010.ini
[2012/01/18 14:46:52 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/01/18 14:16:05 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/01/18 13:04:03 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/01/18 13:04:03 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/01/18 13:04:02 | 000,148,992 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2012/01/18 13:04:02 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2012/01/18 13:04:02 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2012/01/18 13:04:02 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2012/01/18 13:04:02 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
[2012/01/18 13:04:02 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
[2012/01/18 13:04:02 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
[2012/01/18 13:04:02 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2012/01/18 13:04:02 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2012/01/18 13:04:02 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2012/01/18 13:04:02 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2012/01/18 13:04:02 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2012/01/18 13:04:02 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2012/01/18 13:04:02 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
[2012/01/18 13:04:02 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
[2012/01/18 13:04:02 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
[2012/01/18 13:04:02 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
[2012/01/18 13:04:02 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
[2012/01/18 13:04:02 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
[2012/01/18 13:04:02 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini
[2012/01/18 13:04:02 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini
[2011/06/28 23:32:24 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011/02/10 08:33:46 | 000,794,772 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/01/12 17:19:25 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Awesomium
[2012/04/09 18:41:25 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/08/15 22:15:17 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\G7SysInfo6
[2012/04/14 15:05:55 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\Garmin
[2012/02/05 10:02:18 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\PCDr
[2012/12/05 21:03:37 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\TechSmith
[2012/08/15 22:22:28 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\VchexMsg
[2012/02/23 23:13:53 | 000,000,000 | ---D | M] -- C:\Users\Greg\AppData\Roaming\WeatherBug

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#17
Essexboy
Posted 26 January 2013 - 04:53 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are the programmes opening correctly now ?
  • 0

#18
gkkeith
Posted 26 January 2013 - 05:53 PM

gkkeith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
They appear to running correctly now.
  • 0

#19
Essexboy
Posted 27 January 2013 - 04:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I do not believe that this was malware related, but lets do one final check

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#20
gkkeith
Posted 27 January 2013 - 03:51 PM

gkkeith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.27.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Greg :: GREG-PC [administrator]

Protection: Enabled

01/27/13 3:45:28 PM
mbam-log-2013-01-27 (15-45-28).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 257993
Time elapsed: 2 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#21
Essexboy
Posted 27 January 2013 - 03:58 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Is it still working properly ?
  • 0

#22
gkkeith
Posted 27 January 2013 - 04:09 PM

gkkeith

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
so far so good
  • 0

#23
Essexboy
Posted 27 January 2013 - 04:20 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:


Remove ComboFix
  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall
    (Notice the space between the "x" and "/")
    then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.


: Keep Java Updated :

WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
See this article and this article.
I would recommend that you completely uninstall Java unless you need it to run an important software.
In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes.

Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

If you use on-line banking then as an added layer of protection install Trusteer Rapport

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe :wave:
  • 0

#24
Essexboy
Posted 30 January 2013 - 09:20 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP