1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Conduit and Lavasoft tabs on Chrome

Discussion in 'Virus & Other Malware Removal' started by jgatses, Feb 25, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. jgatses

    jgatses Thread Starter

    Joined:
    Feb 25, 2013
    Messages:
    15
    Hello,
    I'm having problems with removing this stuff inadvertently installed on my computer. I am running Windows 8. I have a Lavasoft Secure Search and Conduit Search Tab that pops up every time I open Chrome. It was happening in explorer too, but somehow I was able to stop that issue, but I fear my computer is infested with unwanted malware/spyware. I ran AdAware (assuming this is where the lavasoft came in), SpyBot, MalwareBytes, etc. I have since uninstalled all, because none seem to do the trick. I have Norton 360 installed, but this is obviously useless. Need help please. I'm not the most computer-literate person, so if I don't quite understand a response, I apologize in advance.
     
  2. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    650
    Hello jgatses and welcome to TSG.

    My name is Satchfan and I would be glad to help you with your computer problem.

    Please read the following guidelines which will help to make cleaning your machine easier:

    • please follow all instructions in the order posted
    • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
    • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
    • if you don't understand something, please don't hesitate to ask for clarification before proceeding
    • the fixes are specific to your problem and should only be used for this issue on this machine.
    • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!
    IMPORTANT:

    Please DO NOT install/uninstall any programs unless asked to.
    Please DO NOT run any scans other than those requested

    ===================================================

    Uninstall Google Chrome

    For the time being I would like for you to uninstall Google Chrome and only use Firefox or Internet Explorer. You can reinstall it later if you like. We need to remove some entries and that is the easiest way to do so with Google Chrome.

    If asked about user data or settings, don’t check the box that asks to remember settings. We need to remove those also.

    ====================================================

    Download and run AdwCleaner

    Download AdwCleaner from here and save it to your desktop.

    • run AdwCleaner and select Delete
    • when it has finished it will ask to reboot - allow the reboot
    • on reboot a log will be produced; please attach the content of the log to your next reply.
    ===================================================

    Download and run Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop

    • shut down your protection software now to avoid potential conflicts.
    • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    • the tool will open and start scanning your system
    • please be patient as this can take a while to complete depending on your system's specifications
    • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
    • post the contents of JRT.txt into your next message.
    Logs to include in the next post:

    AdwCleaner log
    JRT.txt


    Thanks

    Satchfan
     
  3. jgatses

    jgatses Thread Starter

    Joined:
    Feb 25, 2013
    Messages:
    15
    Thanks Satchfan! I attached the logs. Hope this works.
     

    Attached Files:

  4. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    650
    Thanks for the logs.

    It appears that you have already run AdwCleaner previously which has obviously cleaned up a lot so we’ll have a look now and see what is left.

    Download and run OTL

    • download OTL to your desktop.
    • double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • click Scan all users.
    • under Custom Scan paste this in:
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    consrv.dll
    /md5stop
    %systemroot%\*. /rp /s
    DRIVES
    CREATERESTOREPOINT
    • click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won’t take long.
    • when the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    • you may need two posts to fit them both in.
    ===================================================

    Run aswMBR

    Download aswMBR.exe to your desktop.

    • double click the aswMBR.exe to run it
    • if asked, accept the AVAST virus definition download
    • click the "Scan" button to start scan
    • on completion of the scan click Save log, save it to your desktop and post in your next reply.
    Logs to include with next post:

    OTL.txt
    Extras.txt
    aswMBR log


    Thanks

    Satchfan
     
  5. jgatses

    jgatses Thread Starter

    Joined:
    Feb 25, 2013
    Messages:
    15
    I ran OTL and the txt is pasted below. When I ran the ansMBR, it begins to scan but then stops. I get the following message:
    "avast! Antirootkit has stopped working
    A problem caused the program to stop working correctly. Windows will close the program and notify you if a solution is available"
    Not sure what this means. Anyhow, here are the txt pastes:

    OTL logfile created on: 2/26/2013 10:10:16 AM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Desktop
    64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16484)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.95 Gb Total Physical Memory | 6.10 Gb Available Physical Memory | 76.79% Memory free
    15.95 Gb Paging File | 14.13 Gb Available in Paging File | 88.56% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 111.45 Gb Total Space | 47.50 Gb Free Space | 42.62% Space Free | Partition Type: NTFS
    Drive E: | 1863.01 Gb Total Space | 1559.68 Gb Free Space | 83.72% Space Free | Partition Type: NTFS
    Drive F: | 7.39 Gb Total Space | 6.68 Gb Free Space | 90.33% Space Free | Partition Type: FAT32

    Computer Name: HOME-OFFICE_PC | User Name: John | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/26 09:54:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
    PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/12/04 19:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccsvchst.exe
    PRC - [2012/11/18 22:13:12 | 000,168,864 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
    PRC - [2012/10/26 16:17:52 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
    PRC - [2012/10/19 02:02:30 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2012/10/08 16:40:38 | 000,166,912 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    PRC - [2012/10/02 15:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/11/18 22:13:12 | 000,168,864 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
    MOD - [2012/05/30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\wincfi39.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/01/09 17:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
    SRV:64bit: - [2013/01/09 17:22:53 | 000,464,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
    SRV:64bit: - [2013/01/09 17:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
    SRV:64bit: - [2012/12/05 22:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
    SRV:64bit: - [2012/12/05 22:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
    SRV:64bit: - [2012/11/05 22:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
    SRV:64bit: - [2012/11/05 22:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
    SRV:64bit: - [2012/09/20 03:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
    SRV:64bit: - [2012/09/20 00:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
    SRV:64bit: - [2012/09/20 00:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
    SRV:64bit: - [2012/07/25 21:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV:64bit: - [2012/07/25 21:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
    SRV:64bit: - [2012/07/25 21:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
    SRV:64bit: - [2012/07/25 21:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
    SRV:64bit: - [2012/07/25 21:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
    SRV:64bit: - [2012/07/25 21:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
    SRV:64bit: - [2012/07/25 21:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
    SRV:64bit: - [2012/07/25 21:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
    SRV:64bit: - [2012/07/25 21:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
    SRV:64bit: - [2012/07/25 21:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
    SRV:64bit: - [2012/07/25 21:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
    SRV:64bit: - [2012/07/25 21:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
    SRV:64bit: - [2012/07/25 21:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
    SRV:64bit: - [2012/07/25 21:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
    SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
    SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
    SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
    SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
    SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
    SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/12/04 19:40:03 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe -- (N360)
    SRV - [2012/11/05 22:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
    SRV - [2012/10/26 16:17:52 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService)
    SRV - [2012/10/19 02:02:30 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/10/08 16:40:38 | 000,166,912 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
    SRV - [2012/10/02 15:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/07/25 21:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
    DRV:64bit: - [2013/02/18 09:28:53 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\gfibto.sys -- (gfibto)
    DRV:64bit: - [2013/01/09 19:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
    DRV:64bit: - [2013/01/09 19:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/12/04 19:57:29 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2012/11/26 21:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
    DRV:64bit: - [2012/11/26 21:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
    DRV:64bit: - [2012/11/19 22:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
    DRV:64bit: - [2012/11/06 01:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
    DRV:64bit: - [2012/11/06 01:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
    DRV:64bit: - [2012/11/05 21:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
    DRV:64bit: - [2012/11/02 17:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\point64.sys -- (Point64)
    DRV:64bit: - [2012/11/01 23:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2012/10/12 02:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/10/11 01:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
    DRV:64bit: - [2012/10/11 01:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
    DRV:64bit: - [2012/10/08 19:00:02 | 000,776,864 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2012/10/03 19:40:35 | 001,133,216 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\symefa64.sys -- (SymEFA)
    DRV:64bit: - [2012/10/03 19:40:20 | 000,493,216 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\symds64.sys -- (SymDS)
    DRV:64bit: - [2012/09/25 22:46:20 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\htcnprot.sys -- (htcnprot)
    DRV:64bit: - [2012/09/20 01:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
    DRV:64bit: - [2012/09/20 01:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
    DRV:64bit: - [2012/09/20 01:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
    DRV:64bit: - [2012/09/20 01:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2012/09/20 01:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2012/09/20 01:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2012/09/06 20:05:14 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\symnets.sys -- (SymNetS)
    DRV:64bit: - [2012/09/06 20:05:05 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\symelam.sys -- (SymELAM)
    DRV:64bit: - [2012/09/06 19:48:08 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\ironx64.sys -- (SymIRON)
    DRV:64bit: - [2012/09/06 19:40:51 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2012/08/20 13:50:10 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1402010.016\ccsetx64.sys -- (ccSet_N360)
    DRV:64bit: - [2012/07/25 23:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/07/25 23:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
    DRV:64bit: - [2012/07/25 23:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
    DRV:64bit: - [2012/07/25 23:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
    DRV:64bit: - [2012/07/25 23:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
    DRV:64bit: - [2012/07/25 23:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
    DRV:64bit: - [2012/07/25 23:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
    DRV:64bit: - [2012/07/25 23:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
    DRV:64bit: - [2012/07/25 23:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
    DRV:64bit: - [2012/07/25 23:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2012/07/25 23:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2012/07/25 23:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
    DRV:64bit: - [2012/07/25 23:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2012/07/25 23:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
    DRV:64bit: - [2012/07/25 23:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
    DRV:64bit: - [2012/07/25 23:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2012/07/25 23:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
    DRV:64bit: - [2012/07/25 23:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2012/07/25 23:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2012/07/25 22:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
    DRV:64bit: - [2012/07/25 22:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
    DRV:64bit: - [2012/07/25 22:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
    DRV:64bit: - [2012/07/25 22:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
    DRV:64bit: - [2012/07/25 22:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
    DRV:64bit: - [2012/07/25 21:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2012/07/25 20:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
    DRV:64bit: - [2012/07/25 20:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
    DRV:64bit: - [2012/07/25 20:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
    DRV:64bit: - [2012/07/25 20:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
    DRV:64bit: - [2012/07/25 20:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
    DRV:64bit: - [2012/07/25 20:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
    DRV:64bit: - [2012/07/25 20:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
    DRV:64bit: - [2012/07/25 20:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
    DRV:64bit: - [2012/07/25 20:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
    DRV:64bit: - [2012/07/25 20:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
    DRV:64bit: - [2012/07/25 20:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
    DRV:64bit: - [2012/07/25 20:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
    DRV:64bit: - [2012/07/25 20:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
    DRV:64bit: - [2012/07/25 20:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/07/25 20:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
    DRV:64bit: - [2012/07/25 20:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2012/07/25 20:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/07/25 20:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
    DRV:64bit: - [2012/07/25 20:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
    DRV:64bit: - [2012/07/25 20:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
    DRV:64bit: - [2012/07/25 20:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
    DRV:64bit: - [2012/07/25 20:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
    DRV:64bit: - [2012/07/25 20:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
    DRV:64bit: - [2012/07/25 20:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
    DRV:64bit: - [2012/07/25 20:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
    DRV:64bit: - [2012/07/17 20:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2012/06/02 08:34:38 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VSTDPV6.SYS -- (VST64_DPV)
    DRV:64bit: - [2012/06/02 08:34:38 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VSTCNXT6.SYS -- (winachsf)
    DRV:64bit: - [2012/06/02 08:34:38 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VSTBS26.SYS -- (VST64HWBS2)
    DRV:64bit: - [2012/06/02 08:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
    DRV:64bit: - [2011/04/09 01:00:20 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nuidfltr.sys -- (NuidFltr)
    DRV:64bit: - [2009/11/02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)
    DRV - [2013/01/17 17:07:11 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130226.003\ex64.sys -- (NAVEX15)
    DRV - [2013/01/17 17:07:11 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130226.003\eng64.sys -- (NAVENG)
    DRV - [2013/01/15 20:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130208.001\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2012/12/03 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2012/12/03 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/12/02 17:32:04 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130223.001\IDSviA64.sys -- (IDSVia64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
    IE - HKLM\..\SearchScopes\{9CF29096-9824-4EBB-81DF-BF4F6669A66A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

    IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
    IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\..\SearchScopes\{9CF29096-9824-4EBB-81DF-BF4F6669A66A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1004\..\SearchScopes,DefaultScope =


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\ [2012/12/04 19:57:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2013/02/26 07:14:31 | 000,000,000 | ---D | M]

    [2013/02/17 13:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla FireFox\extensions

    O1 HOSTS File: ([2012/07/25 23:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (KeyDownload Class) - {C1EA4179-A319-4c6a-A3E5-67FF3592A12E} - C:\Program Files (x86)\KeyDownload-Addon\KeyDownload.dll (KeyDownload)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coieplg.dll (Symantec Corporation)
    O3 - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O4 - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001..\Run: [uTorrent] C:\Users\John\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 0.0.0.0 0.0.0.0
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{080E84B1-E448-4A51-8E5F-7C7BC9CBD427}: DhcpNameServer = 192.168.1.254 0.0.0.0 0.0.0.0
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit.dll (NVIDIA Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O30 - LSA: Security Packages - (livessp) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2013/02/17 18:28:28 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2010/07/09 19:10:56 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
    O32 - AutoRun File - [2002/10/16 06:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
    O33 - MountPoints2\{5a2f989b-3e85-11e2-be6b-50465d66467f}\Shell - "" = AutoRun
    O33 - MountPoints2\{5a2f989b-3e85-11e2-be6b-50465d66467f}\Shell\AutoRun\command - "" = "F:\HTC_Sync_Manager_PC.exe"
    O33 - MountPoints2\{e852d86b-3acf-11e2-be6b-50465d66467f}\Shell - "" = AutoRun
    O33 - MountPoints2\{e852d86b-3acf-11e2-be6b-50465d66467f}\Shell\AutoRun\command - "" = "F:\HTC_Sync_Manager_PC.exe"
    O33 - MountPoints2\{e852d87c-3acf-11e2-be6b-50465d66467f}\Shell - "" = AutoRun
    O33 - MountPoints2\{e852d87c-3acf-11e2-be6b-50465d66467f}\Shell\AutoRun\command - "" = "F:\HTC_Sync_Manager_PC.exe"
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs:64bit: wlidsvc - C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
    NetSvcs:64bit: DsmSvc - C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
    NetSvcs:64bit: NcaSvc - C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
    NetSvcs:64bit: SystemEventsBroker - C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    *CREATERESTOREPOINT*
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/26 10:08:20 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\CrashDumps
    [2013/02/26 10:04:50 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
    [2013/02/26 09:54:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
    [2013/02/26 07:17:02 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\files
    [2013/02/26 07:16:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/02/26 07:16:00 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/02/26 07:15:13 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\John\Desktop\JRT.exe
    [2013/02/24 21:45:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Deployment
    [2013/02/24 21:45:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Apps
    [2013/02/23 15:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyDownload-Addon
    [2013/02/23 13:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
    [2013/02/23 13:30:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Real
    [2013/02/23 13:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
    [2013/02/23 13:28:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\uTorrent
    [2013/02/22 07:59:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2013/02/18 09:32:34 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\LavasoftStatistics
    [2013/02/18 09:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
    [2013/02/18 09:30:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
    [2013/02/18 09:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
    [2013/02/18 09:28:53 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
    [2013/02/17 18:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2013/02/17 18:28:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2013/02/17 13:39:29 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
    [2013/02/17 13:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/02/17 13:39:19 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/02/17 13:39:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/02/17 13:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/02/17 13:33:02 | 067,823,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
    [2013/02/17 13:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013/02/17 13:30:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
    [2013/02/17 13:29:45 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Programs
    [2013/02/17 13:04:01 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
    [2013/02/17 13:04:01 | 001,437,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
    [2013/02/17 13:03:49 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe
    [2013/02/17 13:03:49 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidsvc.dll
    [2013/02/17 13:03:49 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe
    [2013/02/17 13:03:49 | 000,820,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpprefcl.dll
    [2013/02/17 13:03:48 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
    [2013/02/17 13:03:48 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
    [2013/02/17 13:03:48 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpprefcl.dll
    [2013/02/17 13:03:48 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
    [2013/02/17 13:03:48 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll
    [2013/02/17 13:03:48 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.dll
    [2013/02/17 13:03:48 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srmstormod.dll
    [2013/02/17 13:03:48 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys
    [2013/02/17 13:03:47 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
    [2013/02/17 13:03:47 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
    [2013/02/17 13:03:47 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
    [2013/02/17 13:03:47 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
    [2013/02/17 13:03:47 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
    [2013/02/17 13:03:47 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
    [2013/02/17 13:03:47 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srm.dll
    [2013/02/17 13:03:47 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srm.dll
    [2013/02/17 13:03:47 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll
    [2013/02/17 13:03:47 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
    [2013/02/17 13:03:47 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srmstormod.dll
    [2013/02/17 13:03:47 | 000,194,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
    [2013/02/17 13:03:47 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncbservice.dll
    [2013/02/17 13:03:47 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
    [2013/02/17 13:03:47 | 000,124,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
    [2013/02/17 13:03:47 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxm.dll
    [2013/02/17 13:03:47 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaacmgr.exe
    [2013/02/17 13:03:47 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaacmgr.exe
    [2013/02/17 13:03:47 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhsvc.dll
    [2013/02/17 13:03:47 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhapi.dll
    [2013/02/17 13:03:47 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxp.dll
    [2013/02/17 13:03:47 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\keepaliveprovider.dll
    [2013/02/13 17:24:59 | 006,967,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2013/02/13 10:59:18 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/02/13 10:59:17 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
    [2013/02/13 10:59:17 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/02/13 10:59:17 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/02/13 10:59:17 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/02/13 10:59:17 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2013/02/13 10:59:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013/02/13 10:59:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013/02/13 10:59:17 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
    [2013/02/13 10:59:17 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2013/02/13 10:59:17 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
    [2013/02/13 10:59:17 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013/02/12 18:31:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
    [2013/02/09 10:45:26 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\CutePDF Writer
    [2013/02/09 10:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acro Software
    [2013/02/09 10:43:38 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
    [2013/02/09 10:43:27 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\CRE
    [2013/02/09 10:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla FireFox
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/02/26 10:06:13 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
    [2013/02/26 09:54:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
    [2013/02/26 07:20:05 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/02/26 07:20:05 | 000,718,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/02/26 07:20:05 | 000,132,542 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/02/26 07:15:14 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\John\Desktop\JRT.exe
    [2013/02/26 07:15:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/02/26 07:13:09 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
    [2013/02/26 07:13:06 | 2533,916,671 | -HS- | M] () -- C:\hiberfil.sys
    [2013/02/26 07:10:57 | 000,594,019 | ---- | M] () -- C:\Users\John\Desktop\adwcleaner.exe
    [2013/02/24 22:00:27 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    [2013/02/24 21:58:59 | 000,000,171 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
    [2013/02/24 14:51:35 | 1464,859,669 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/02/23 15:16:50 | 000,000,110 | ---- | M] () -- C:\prefs.js
    [2013/02/23 15:15:45 | 000,000,884 | RHS- | M] () -- C:\Users\John\ntuser.pol
    [2013/02/23 13:30:05 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
    [2013/02/23 13:30:05 | 000,000,836 | ---- | M] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2013/02/18 11:49:59 | 000,357,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/02/18 09:28:53 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
    [2013/02/17 18:28:28 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
    [2013/02/09 10:45:27 | 000,118,924 | ---- | M] () -- C:\Users\John\Desktop\label.pdf
    [2013/02/06 17:06:14 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/02/06 17:06:14 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/02/04 22:29:08 | 067,823,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/02/26 07:10:57 | 000,594,019 | ---- | C] () -- C:\Users\John\Desktop\adwcleaner.exe
    [2013/02/24 21:58:56 | 000,000,171 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
    [2013/02/23 15:16:50 | 000,000,110 | ---- | C] () -- C:\prefs.js
    [2013/02/23 15:15:45 | 000,000,884 | RHS- | C] () -- C:\Users\John\ntuser.pol
    [2013/02/23 13:30:05 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
    [2013/02/23 13:30:05 | 000,000,836 | ---- | C] () -- C:\Users\John\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2013/02/22 07:59:54 | 1464,859,669 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2013/02/18 11:49:58 | 000,357,056 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/02/18 09:30:17 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    [2013/02/17 18:28:28 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
    [2013/02/17 13:03:47 | 000,386,577 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
    [2013/02/09 10:46:02 | 000,118,924 | ---- | C] () -- C:\Users\John\Desktop\label.pdf
    [2012/11/26 19:42:45 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
    [2012/11/25 16:15:33 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2012/11/25 16:15:32 | 000,033,550 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2012/11/25 16:15:31 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
    [2012/07/26 02:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2012/07/26 02:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2012/07/26 01:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2012/07/25 19:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2012/07/25 14:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2012/07/25 14:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2012/06/02 08:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== ZeroAccess Check ==========

    [2013/02/24 21:45:54 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/01/09 17:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/01/09 17:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 21:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 21:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 21:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== Custom Scans ==========

    < *%SYSTEMDRIVE%\*.exe* >

    < MD5 for: 16191203AECACD015E4700006012B80E.AMD64_MICROSOFT-WINDOWS-WINLOGON_31BF3856AD364E35_6.2.9200.16433_NONE_C8C1B9B35E8E0A07_WINLOGON.EXE_AC37D0C5 >
    [2012/11/24 19:41:38 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows.old\Windows\WinSxS\Temp\PendingRenames\16191203aecacd015e4700006012b80e.amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07_winlogon.exe_ac37d0c5

    < MD5 for: AMD64_MICROSOFT-WINDOWS-SERVICES-SVCHOST_31BF3856AD364E35_6.2.9200.16384_NONE_0E8501058F11F3DC_SVCHOST.EXE_4DD0F0BC >
    [2012/07/26 02:12:08 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=57350BEDE3834915B6145B67C71C7BDA -- C:\Windows.old\Windows\WinSxS\Backup\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_0e8501058f11f3dc_svchost.exe_4dd0f0bc

    < MD5 for: AMD64_MICROSOFT-WINDOWS-SERVICES-SVCHOST_31BF3856AD364E35_6.2.9200.16420_NONE_0EC1E14B8EE4E401_SVCHOST.EXE_4DD0F0BC >
    [2012/11/27 03:08:54 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\WinSxS\Backup\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_0ec1e14b8ee4e401_svchost.exe_4dd0f0bc

    < MD5 for: AMD64_MICROSOFT-WINDOWS-WINLOGON.RESOURCES_31BF3856AD364E35_6.2.9200.16384_EN-US_23C238EF8DDAA831_WINLOGON.EXE.MUI_3280FC46 >
    [2012/07/26 01:49:21 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=B9094B7088CD579E5AED57A693F9BFBD -- C:\Windows.old\Windows\WinSxS\Backup\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.2.9200.16384_en-us_23c238ef8ddaa831_winlogon.exe.mui_3280fc46
    [2012/07/26 01:49:21 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=B9094B7088CD579E5AED57A693F9BFBD -- C:\Windows\WinSxS\Backup\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.2.9200.16384_en-us_23c238ef8ddaa831_winlogon.exe.mui_3280fc46

    < MD5 for: AMD64_MICROSOFT-WINDOWS-WINLOGON_31BF3856AD364E35_6.2.9200.16384_NONE_C88CA87B5EB5B1EC_WINLOGON.EXE_AC37D0C5 >
    [2012/07/26 02:12:10 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows.old\Windows\WinSxS\Backup\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec_winlogon.exe_ac37d0c5

    < MD5 for: AMD64_MICROSOFT-WINDOWS-WINLOGON_31BF3856AD364E35_6.2.9200.16433_NONE_C8C1B9B35E8E0A07_WINLOGON.EXE_AC37D0C5 >
    [2012/11/27 03:00:56 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\WinSxS\Backup\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07_winlogon.exe_ac37d0c5

    < MD5 for: C5371D73AECACD01E86700006012B80E.X86_MICROSOFT-WINDOWS-SERVICES-SVCHOST_31BF3856AD364E35_6.2.9200.16420_NONE_B2A345C7D68772CB_SVCHOST.EXE_4DD0F0BC >
    [2012/11/24 19:44:46 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows.old\Windows\WinSxS\Temp\PendingRenames\c5371d73aecacd01e86700006012b80e.x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_b2a345c7d68772cb_svchost.exe_4dd0f0bc

    < MD5 for: EXPLORER.EXE >
    [2012/10/10 23:53:24 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=0AD19A3CA61271BA872AD90771BA47DC -- C:\Windows.old\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
    [2012/10/10 23:53:24 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=0AD19A3CA61271BA872AD90771BA47DC -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_b592a71650d677ed\explorer.exe
    [2012/10/11 02:09:58 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=0DDFEAA2AA18D4295EF220EB666B2312 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
    [2012/10/11 02:09:58 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=0DDFEAA2AA18D4295EF220EB666B2312 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.20534_none_ab3dfcc41c75b5f2\explorer.exe
    [2012/07/25 21:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows.old\Windows\SysWOW64\explorer.exe
    [2012/07/25 21:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows.old\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
    [2012/07/25 21:50:01 | 002,114,936 | ---- | M] (Microsoft Corporation) MD5=5B6ED1B57DBFF18D405A0260559B571E -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_b4d2f8c937e166b1\explorer.exe
    [2012/07/25 22:49:13 | 002,380,440 | ---- | M] (Microsoft Corporation) MD5=928791755FDDEA721B053535EF84FA17 -- C:\Windows.old\Windows\explorer.exe
    [2012/07/25 22:49:13 | 002,380,440 | ---- | M] (Microsoft Corporation) MD5=928791755FDDEA721B053535EF84FA17 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
    [2012/07/25 22:49:13 | 002,380,440 | ---- | M] (Microsoft Corporation) MD5=928791755FDDEA721B053535EF84FA17 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16384_none_aa7e4e770380a4b6\explorer.exe
    [2012/10/10 23:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows.old\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
    [2012/10/10 23:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\SysWOW64\explorer.exe
    [2012/10/10 23:56:41 | 002,115,952 | ---- | M] (Microsoft Corporation) MD5=953ADECFF08202A01EFC6110214FDE02 -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_b5080a0137b9becc\explorer.exe
    [2012/10/11 01:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe
    [2012/10/11 01:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\explorer.exe
    [2012/10/11 01:35:16 | 002,380,944 | ---- | M] (Microsoft Corporation) MD5=E13A31D5254C25406A7946BDD9B06364 -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.2.9200.16433_none_aab35faf0358fcd1\explorer.exe

    < MD5 for: EXPLORER.EXE.MUI >
    [2012/07/26 01:48:57 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows.old\Windows\en-US\explorer.exe.mui
    [2012/07/26 01:48:57 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows.old\Windows\SysWOW64\en-US\explorer.exe.mui
    [2012/07/26 01:48:57 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_en-us_5ebc2e81fd6600eb\explorer.exe.mui
    [2012/07/26 01:48:57 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows.old\Windows\WinSxS\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_en-us_6910d8d431c6c2e6\explorer.exe.mui
    [2012/07/26 01:48:57 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\en-US\explorer.exe.mui
    [2012/07/26 01:48:57 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
    [2012/07/26 01:48:57 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\WinSxS\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_en-us_5ebc2e81fd6600eb\explorer.exe.mui
    [2012/07/26 01:48:57 | 000,020,480 | ---- | M] (Microsoft Corporation) MD5=C25D32FEDB5AA6FF87B5A29D56D35FFA -- C:\Windows\WinSxS\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.2.9200.16384_en-us_6910d8d431c6c2e6\explorer.exe.mui

    < MD5 for: EXPLORER.EXE-A80E4F97.PF >
    [2013/02/26 07:17:05 | 000,315,928 | ---- | M] () MD5=3F5F2D145BA1158CF2D2A990E40F278B -- C:\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf
    [2012/11/24 20:41:54 | 000,169,890 | ---- | M] () MD5=B5FE6BE7635A1C3620D2C5D0E7500025 -- C:\Windows.old\Windows\Prefetch\EXPLORER.EXE-A80E4F97.pf

    < MD5 for: F8D67C70AECACD01A66700006012B80E.AMD64_MICROSOFT-WINDOWS-SERVICES-SVCHOST_31BF3856AD364E35_6.2.9200.16420_NONE_0EC1E14B8EE4E401_SVCHOST.EXE_4DD0F0BC >
    [2012/11/24 19:44:42 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows.old\Windows\WinSxS\Temp\PendingRenames\f8d67c70aecacd01a66700006012b80e.amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_0ec1e14b8ee4e401_svchost.exe_4dd0f0bc

    < MD5 for: OP-EXPLORER.EXE-A80E4F97-000000F5.PF >
    [2013/02/24 21:42:37 | 000,060,426 | ---- | M] () MD5=480EAB6436093941A54B6BBCAA6F08F1 -- C:\Windows\Prefetch\Op-EXPLORER.EXE-A80E4F97-000000F5.pf

    < MD5 for: SMSVCHOST.EXE >
    [2012/10/09 19:36:23 | 000,117,344 | ---- | M] (Microsoft Corporation) MD5=2303259DAC9F9F59E9E1CC532D58DB0C -- C:\Windows\WinSxS\amd64_wcf-smsvchost_b03f5f7f11d50a3a_6.2.9200.20533_none_e797efb417ff5a55\SMSvcHost.exe
    [2012/07/11 20:02:03 | 000,139,696 | ---- | M] (Microsoft Corporation) MD5=5243CFC2E7161C91C2B355240035B9E4 -- C:\Windows.old\Windows\Microsoft.NET\assembly\GAC_MSIL\SMSvcHost\v4.0_4.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe
    [2012/07/11 20:02:03 | 000,139,696 | ---- | M] (Microsoft Corporation) MD5=5243CFC2E7161C91C2B355240035B9E4 -- C:\Windows.old\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    [2012/07/11 20:01:13 | 000,139,696 | ---- | M] (Microsoft Corporation) MD5=5243CFC2E7161C91C2B355240035B9E4 -- C:\Windows.old\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    [2012/07/11 20:01:13 | 000,139,696 | ---- | M] (Microsoft Corporation) MD5=5243CFC2E7161C91C2B355240035B9E4 -- C:\Windows.old\Windows\WinSxS\amd64_netfx4-smsvchost_b03f5f7f11d50a3a_4.0.9200.16384_none_9a9bcd079a6094b5\SMSvcHost.exe
    [2012/07/11 20:02:03 | 000,139,696 | ---- | M] (Microsoft Corporation) MD5=5243CFC2E7161C91C2B355240035B9E4 -- C:\Windows.old\Windows\WinSxS\msil_smsvchost_b03f5f7f11d50a3a_4.0.9200.16384_none_b74923267f5500f8\SMSvcHost.exe
    [2012/07/11 20:02:03 | 000,139,696 | ---- | M] (Microsoft Corporation) MD5=5243CFC2E7161C91C2B355240035B9E4 -- C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMSvcHost\v4.0_4.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe
    [2012/07/11 20:02:03 | 000,139,696 | ---- | M] (Microsoft Corporation) MD5=5243CFC2E7161C91C2B355240035B9E4 -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    [2012/07/11 20:01:13 | 000,139,696 | ---- | M] (Microsoft Corporation) MD5=5243CFC2E7161C91C2B355240035B9E4 -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    [2012/07/11 20:01:13 | 000,139,696 | ---- | M] (Microsoft Corporation) MD5=5243CFC2E7161C91C2B355240035B9E4 -- C:\Windows\WinSxS\amd64_netfx4-smsvchost_b03f5f7f11d50a3a_4.0.9200.16384_none_9a9bcd079a6094b5\SMSvcHost.exe
    [2012/07/11 20:02:03 | 000,139,696 | ---- | M] (Microsoft Corporation) MD5=5243CFC2E7161C91C2B355240035B9E4 -- C:\Windows\WinSxS\msil_smsvchost_b03f5f7f11d50a3a_4.0.9200.16384_none_b74923267f5500f8\SMSvcHost.exe
    [2012/07/05 20:02:29 | 000,129,608 | ---- | M] (Microsoft Corporation) MD5=5E86280C580BEA60DAD686B0BDF122DC -- C:\Windows.old\Windows\WinSxS\msil_smsvchost_b03f5f7f11d50a3a_6.2.9200.16384_none_1d5a5b840449e418\SMSvcHost.exe
    [2012/07/05 20:02:29 | 000,129,608 | ---- | M] () MD5=5E86280C580BEA60DAD686B0BDF122DC -- C:\Windows\assembly\GAC_MSIL\SMSvcHost\3.0.0.0__b03f5f7f11d50a3a\SMSvcHost.exe
    [2012/07/05 20:02:29 | 000,129,608 | ---- | M] (Microsoft Corporation) MD5=5E86280C580BEA60DAD686B0BDF122DC -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
    [2012/07/05 20:02:29 | 000,129,608 | ---- | M] (Microsoft Corporation) MD5=5E86280C580BEA60DAD686B0BDF122DC -- C:\Windows\WinSxS\msil_smsvchost_b03f5f7f11d50a3a_6.2.9200.16384_none_1d5a5b840449e418\SMSvcHost.exe
    [2012/10/09 19:36:08 | 000,129,632 | ---- | M] (Microsoft Corporation) MD5=6A56FEEAE74F2FA12C8A4A4517A81610 -- C:\Windows\WinSxS\msil_smsvchost_b03f5f7f11d50a3a_6.2.9200.20533_none_0687c9f61df5ac1b\SMSvcHost.exe
    [2012/07/05 20:02:29 | 000,117,320 | ---- | M] (Microsoft Corporation) MD5=AABC045A313259EBE5D1BB88383859D6 -- C:\Windows.old\Windows\WinSxS\amd64_wcf-smsvchost_b03f5f7f11d50a3a_6.2.9200.16384_none_fe6a8141fe539252\SMSvcHost.exe
    [2012/07/05 20:02:29 | 000,117,320 | ---- | M] (Microsoft Corporation) MD5=AABC045A313259EBE5D1BB88383859D6 -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    [2012/07/05 20:02:29 | 000,117,320 | ---- | M] (Microsoft Corporation) MD5=AABC045A313259EBE5D1BB88383859D6 -- C:\Windows\WinSxS\amd64_wcf-smsvchost_b03f5f7f11d50a3a_6.2.9200.16384_none_fe6a8141fe539252\SMSvcHost.exe

    < MD5 for: SMSVCHOST.EXE.CONFIG >
    [2012/06/02 08:35:10 | 000,001,951 | ---- | M] () MD5=757BC33428B870035A16FD96B9DDB7FA -- C:\Windows.old\Windows\WinSxS\amd64_wcf-m_smsvchost_exe_cnf_31bf3856ad364e35_6.2.9200.16384_none_4d7da561a2d21df2\SMSvcHost.exe.config
    [2012/11/25 17:12:52 | 000,001,951 | ---- | M] () MD5=757BC33428B870035A16FD96B9DDB7FA -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config
    [2012/11/25 17:12:52 | 000,001,951 | ---- | M] () MD5=757BC33428B870035A16FD96B9DDB7FA -- C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe.config
    [2012/06/02 08:35:10 | 000,001,951 | ---- | M] () MD5=757BC33428B870035A16FD96B9DDB7FA -- C:\Windows\WinSxS\amd64_wcf-m_smsvchost_exe_cnf_31bf3856ad364e35_6.2.9200.16384_none_4d7da561a2d21df2\SMSvcHost.exe.config
    [2012/06/02 08:35:12 | 000,001,951 | ---- | M] () MD5=757BC33428B870035A16FD96B9DDB7FA -- C:\Windows\WinSxS\x86_wcf-m_smsvchost_exe_cnf_31bf3856ad364e35_6.2.9200.16384_none_f15f09ddea74acbc\SMSvcHost.exe.config
    [2012/07/26 02:11:35 | 000,002,262 | ---- | M] () MD5=A9E7E2A3A82362D180CEA7EA1EDFA81A -- C:\Windows.old\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe.config
    [2012/07/26 02:11:35 | 000,002,262 | ---- | M] () MD5=A9E7E2A3A82362D180CEA7EA1EDFA81A -- C:\Windows.old\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe.config
    [2012/06/02 08:33:38 | 000,002,262 | ---- | M] () MD5=A9E7E2A3A82362D180CEA7EA1EDFA81A -- C:\Windows.old\Windows\WinSxS\amd64_netfx4-smsvchost_exe_config_b03f5f7f11d50a3a_4.0.9200.16384_none_57ec81168331f997\SMSvcHost.exe.config
    [2012/06/02 08:34:41 | 000,002,262 | ---- | M] () MD5=A9E7E2A3A82362D180CEA7EA1EDFA81A -- C:\Windows.old\Windows\WinSxS\x86_netfx4-smsvchost_exe_config_b03f5f7f11d50a3a_4.0.9200.16384_none_9f99b7ed97ae229d\SMSvcHost.exe.config
    [2012/07/26 02:11:35 | 000,002,262 | ---- | M] () MD5=A9E7E2A3A82362D180CEA7EA1EDFA81A -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe.config
    [2012/07/26 02:11:35 | 000,002,262 | ---- | M] () MD5=A9E7E2A3A82362D180CEA7EA1EDFA81A -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe.config
    [2012/06/02 08:33:38 | 000,002,262 | ---- | M] () MD5=A9E7E2A3A82362D180CEA7EA1EDFA81A -- C:\Windows\WinSxS\amd64_netfx4-smsvchost_exe_config_b03f5f7f11d50a3a_4.0.9200.16384_none_57ec81168331f997\SMSvcHost.exe.config
    [2012/06/02 08:34:41 | 000,002,262 | ---- | M] () MD5=A9E7E2A3A82362D180CEA7EA1EDFA81A -- C:\Windows\WinSxS\x86_netfx4-smsvchost_exe_config_b03f5f7f11d50a3a_4.0.9200.16384_none_9f99b7ed97ae229d\SMSvcHost.exe.config

    < MD5 for: SVCHOST.EXE >
    [2012/07/25 21:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=0A175AF8B65797BD22C11903A8BFEB2D -- C:\Windows.old\Windows\SysWOW64\svchost.exe
    [2012/07/25 21:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=0A175AF8B65797BD22C11903A8BFEB2D -- C:\Windows.old\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666581d6b482a6\svchost.exe
    [2012/07/25 21:20:58 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=0A175AF8B65797BD22C11903A8BFEB2D -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666581d6b482a6\svchost.exe
    [2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
    [2012/07/25 21:08:47 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=57350BEDE3834915B6145B67C71C7BDA -- C:\Windows.old\Windows\System32\svchost.exe
    [2012/07/25 21:08:47 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=57350BEDE3834915B6145B67C71C7BDA -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_0e8501058f11f3dc\svchost.exe
    [2012/07/25 21:08:47 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=57350BEDE3834915B6145B67C71C7BDA -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_0e8501058f11f3dc\svchost.exe
    [2012/09/20 00:33:14 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=607F7CB143783A8F9BA058D2FC4F2D36 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_0f4c7e60a8019d22\svchost.exe
    [2012/09/20 00:33:14 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=607F7CB143783A8F9BA058D2FC4F2D36 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_0f4c7e60a8019d22\svchost.exe
    [2012/09/19 23:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows.old\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_b2a345c7d68772cb\svchost.exe
    [2012/09/19 23:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\SysWOW64\svchost.exe
    [2012/09/19 23:55:26 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_b2a345c7d68772cb\svchost.exe
    [2012/09/20 00:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_0ec1e14b8ee4e401\svchost.exe
    [2012/09/20 00:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\SysNative\svchost.exe
    [2012/09/20 00:33:52 | 000,029,696 | ---- | M] (Microsoft Corporation) MD5=EDE27EACE742EE2888C5DD36400A2EC0 -- C:\Windows\WinSxS\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_0ec1e14b8ee4e401\svchost.exe
    [2012/09/19 23:56:27 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=EEF5E64822C3E21B186EA53463BE92DA -- C:\Windows.old\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_b32de2dcefa42bec\svchost.exe
    [2012/09/19 23:56:27 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=EEF5E64822C3E21B186EA53463BE92DA -- C:\Windows\WinSxS\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.20521_none_b32de2dcefa42bec\svchost.exe

    < MD5 for: SVCHOST.EXE.MUI >
    [2012/07/26 01:48:40 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=3666CDC3EE92A59BD2BDC1A5291D6744 -- C:\Windows.old\Windows\System32\en-US\svchost.exe.mui
    [2012/07/26 01:48:40 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=3666CDC3EE92A59BD2BDC1A5291D6744 -- C:\Windows.old\Windows\SysWOW64\en-US\svchost.exe.mui
    [2012/07/26 01:48:40 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=3666CDC3EE92A59BD2BDC1A5291D6744 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.2.9200.16384_en-us_aa12983e313dd967\svchost.exe.mui
    [2012/07/26 01:48:40 | 000,002,048 | ---- | M] (Microsoft Corporation) MD5=3666CDC3EE92A59BD2BDC1A5291D6744 -- C:\Windows.old\Windows\WinSxS\x86_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.2.9200.16384_en-us_4df3fcba78e06831\svchost.exe.mui
    [2012/07/26 01:48:40 | 000,002,048 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\en-US\svchost.exe.mui
    [2012/07/26 01:48:40 | 000,002,048 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\en-US\svchost.exe.mui
    [2012/07/26 01:48:40 | 000,002,048 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\WinSxS\amd64_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.2.9200.16384_en-us_aa12983e313dd967\svchost.exe.mui
    [2012/07/26 01:48:40 | 000,002,048 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\WinSxS\x86_microsoft-windows-s..s-svchost.resources_31bf3856ad364e35_6.2.9200.16384_en-us_4df3fcba78e06831\svchost.exe.mui

    < MD5 for: SVCHOST.EXE-594A37BD.PF >
    [2012/11/24 19:40:29 | 000,021,028 | ---- | M] () MD5=A8167F0AD0B81E40C4F8FFD7824AA3A9 -- C:\Windows.old\Windows\Prefetch\SVCHOST.EXE-594A37BD.pf

    < MD5 for: SVCHOST.EXE-61AE5AB6.PF >
    [2012/11/24 19:40:11 | 000,027,320 | ---- | M] () MD5=D8656C48A05AC054B08E7ED70DCF8B34 -- C:\Windows.old\Windows\Prefetch\SVCHOST.EXE-61AE5AB6.pf

    < MD5 for: SVCHOST.EXE-7AC6742A.PF >
    [2013/02/26 08:00:35 | 000,021,278 | ---- | M] () MD5=8C08C797916A59B6BF229B1C65E9F3CB -- C:\Windows\Prefetch\SVCHOST.EXE-7AC6742A.pf

    < MD5 for: SVCHOST.EXE-7CFEDEA3.PF >
    [2013/02/26 10:10:57 | 000,020,570 | ---- | M] () MD5=8630F4AD4255C093DEF8B4229B23D446 -- C:\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf
    [2012/11/24 19:41:05 | 000,018,040 | ---- | M] () MD5=9CB6384CDC913E0D996635EE652D427E -- C:\Windows.old\Windows\Prefetch\SVCHOST.EXE-7CFEDEA3.pf

    < MD5 for: SVCHOST.EXE-80F4A784.PF >
    [2013/02/26 10:08:09 | 000,019,644 | ---- | M] () MD5=7B07AC8DF58D5B748FAC0A4468C2677A -- C:\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf
    [2012/11/24 19:12:23 | 000,008,984 | ---- | M] () MD5=F29F2FAE0790404E53E5B8FE8F43BD91 -- C:\Windows.old\Windows\Prefetch\SVCHOST.EXE-80F4A784.pf

    < MD5 for: SVCHOST.EXE-DD9DE812.PF >
    [2012/11/24 20:42:12 | 000,014,244 | ---- | M] () MD5=B7B5EF2E378B4F0D6D54738CE364A67F -- C:\Windows.old\Windows\Prefetch\SVCHOST.EXE-DD9DE812.pf

    < MD5 for: USERINIT.EXE >
    [2012/07/25 21:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows.old\Windows\System32\userinit.exe
    [2012/07/25 21:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2617a5b742e02\userinit.exe
    [2012/07/25 21:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\SysNative\userinit.exe
    [2012/07/25 21:08:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E925F7BA032920D58DD284B6181A247 -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_34f2617a5b742e02\userinit.exe
    [2012/07/25 21:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows.old\Windows\SysWOW64\userinit.exe
    [2012/07/25 21:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows.old\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe
    [2012/07/25 21:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\SysWOW64\userinit.exe
    [2012/07/25 21:21:00 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=9F6289D194A04A09671FEED4B6CB6EF7 -- C:\Windows\WinSxS\x86_microsoft-windows-userinit_31bf3856ad364e35_6.2.9200.16384_none_d8d3c5f6a316bccc\userinit.exe

    < MD5 for: USERINIT.EXE.MUI >
    [2012/07/26 01:48:40 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=D0DDFF823D9D568C78F61696ED72990E -- C:\Windows.old\Windows\System32\en-US\userinit.exe.mui
    [2012/07/26 01:48:40 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=D0DDFF823D9D568C78F61696ED72990E -- C:\Windows.old\Windows\SysWOW64\en-US\userinit.exe.mui
    [2012/07/26 01:48:40 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=D0DDFF823D9D568C78F61696ED72990E -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-userinit.resources_31bf3856ad364e35_6.2.9200.16384_en-us_e8ba4d905c16c8bd\userinit.exe.mui
    [2012/07/26 01:48:40 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=D0DDFF823D9D568C78F61696ED72990E -- C:\Windows.old\Windows\WinSxS\x86_microsoft-windows-userinit.resources_31bf3856ad364e35_6.2.9200.16384_en-us_8c9bb20ca3b95787\userinit.exe.mui
    [2012/07/26 01:48:40 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=D0DDFF823D9D568C78F61696ED72990E -- C:\Windows\SysNative\en-US\userinit.exe.mui
    [2012/07/26 01:48:40 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=D0DDFF823D9D568C78F61696ED72990E -- C:\Windows\SysWOW64\en-US\userinit.exe.mui
    [2012/07/26 01:48:40 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=D0DDFF823D9D568C78F61696ED72990E -- C:\Windows\WinSxS\amd64_microsoft-windows-userinit.resources_31bf3856ad364e35_6.2.9200.16384_en-us_e8ba4d905c16c8bd\userinit.exe.mui
    [2012/07/26 01:48:40 | 000,003,584 | ---- | M] (Microsoft Corporation) MD5=D0DDFF823D9D568C78F61696ED72990E -- C:\Windows\WinSxS\x86_microsoft-windows-userinit.resources_31bf3856ad364e35_6.2.9200.16384_en-us_8c9bb20ca3b95787\userinit.exe.mui

    < MD5 for: USERINIT.EXE-2257A3E7.PF >
    [2012/11/24 20:41:54 | 000,016,102 | ---- | M] () MD5=103E57C105D1C953EC9BBC3F9751B694 -- C:\Windows.old\Windows\Prefetch\USERINIT.EXE-2257A3E7.pf

    < MD5 for: WINLOGON.EXE >
    [2012/09/20 00:33:55 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=1F84B5F8DBDFFD36DF143C61CE25F12A -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
    [2012/09/20 00:33:55 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=1F84B5F8DBDFFD36DF143C61CE25F12A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16420_none_c8c988c15e88a211\winlogon.exe
    [2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
    [2012/09/20 00:33:17 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=6522E98C94A2A81AE11EB66D2AF5743A -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
    [2012/09/20 00:33:17 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=6522E98C94A2A81AE11EB66D2AF5743A -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20521_none_c95425d677a55b32\winlogon.exe
    [2012/07/25 21:08:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows.old\Windows\System32\winlogon.exe
    [2012/07/25 21:08:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
    [2012/07/25 21:08:50 | 000,516,608 | ---- | M] (Microsoft Corporation) MD5=93AB226C07A9789B2EC7B41F73602F76 -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16384_none_c88ca87b5eb5b1ec\winlogon.exe
    [2012/10/10 23:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
    [2012/10/10 23:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\SysNative\winlogon.exe
    [2012/10/10 23:46:58 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=BCF2036A0DD579E47C008C133550283E -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.16433_none_c8c1b9b35e8e0a07\winlogon.exe
    [2012/10/10 23:45:27 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=CBFD56B4EC07CB056A6ABD55DD33671F -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe
    [2012/10/10 23:45:27 | 000,517,120 | ---- | M] (Microsoft Corporation) MD5=CBFD56B4EC07CB056A6ABD55DD33671F -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.2.9200.20534_none_c94c56c877aac328\winlogon.exe

    < MD5 for: WINLOGON.EXE.MUI >
    [2012/07/26 01:48:51 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=B9094B7088CD579E5AED57A693F9BFBD -- C:\Windows.old\Windows\System32\en-US\winlogon.exe.mui
    [2012/07/26 01:48:51 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=B9094B7088CD579E5AED57A693F9BFBD -- C:\Windows.old\Windows\WinSxS\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.2.9200.16384_en-us_23c238ef8ddaa831\winlogon.exe.mui
    [2012/07/26 01:48:51 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=B9094B7088CD579E5AED57A693F9BFBD -- C:\Windows\SysNative\en-US\winlogon.exe.mui
    [2012/07/26 01:48:51 | 000,024,064 | ---- | M] (Microsoft Corporation) MD5=B9094B7088CD579E5AED57A693F9BFBD -- C:\Windows\WinSxS\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.2.9200.16384_en-us_23c238ef8ddaa831\winlogon.exe.mui

    < MD5 for: WINLOGON.EXE-B020DC41.PF >
    [2012/11/25 15:40:30 | 000,028,142 | ---- | M] () MD5=856F6FD3EE229B8C794D8D16ABD1D72B -- C:\Windows.old\Windows\Prefetch\WINLOGON.EXE-B020DC41.pf

    < MD5 for: X86_MICROSOFT-WINDOWS-SERVICES-SVCHOST_31BF3856AD364E35_6.2.9200.16384_NONE_B2666581D6B482A6_SVCHOST.EXE_4DD0F0BC >
    [2012/07/26 02:11:51 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=0A175AF8B65797BD22C11903A8BFEB2D -- C:\Windows.old\Windows\WinSxS\Backup\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16384_none_b2666581d6b482a6_svchost.exe_4dd0f0bc

    < MD5 for: X86_MICROSOFT-WINDOWS-SERVICES-SVCHOST_31BF3856AD364E35_6.2.9200.16420_NONE_B2A345C7D68772CB_SVCHOST.EXE_4DD0F0BC >
    [2012/11/27 03:08:59 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=A46DC432F81473F526E3994AA483E366 -- C:\Windows\WinSxS\Backup\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.2.9200.16420_none_b2a345c7d68772cb_svchost.exe_4dd0f0bc

    < *%systemroot%\*. /rp /s* >

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: INTEL SSDSC2CW120A
    Partitions: 2
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE1 - External hard disk media
    Interface type: USB
    Media Type: External hard disk media
    Model: WD Ext HDD 1021 USB Device
    Partitions: 1
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE2 - Removable Media
    Interface type: USB
    Media Type: Removable Media
    Model: Generic STORAGE DEVICE USB Device
    Partitions: 1
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: Installable File System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 350.00MB
    Starting Offset: 1048576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 111.00GB
    Starting Offset: 368050176
    Hidden sectors: 0


    DeviceID: Disk #1, Partition #0
    PartitionType: Installable File System
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 1,863.00GB
    Starting Offset: 1048576
    Hidden sectors: 0


    DeviceID: Disk #2, Partition #0
    PartitionType: Unknown
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 7.00GB
    Starting Offset: 4194304
    Hidden sectors: 0

    < End of report >
     
  6. jgatses

    jgatses Thread Starter

    Joined:
    Feb 25, 2013
    Messages:
    15
    OTL Extras logfile created on: 2/26/2013 9:56:28 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Desktop
    64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16484)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.95 Gb Total Physical Memory | 6.19 Gb Available Physical Memory | 77.88% Memory free
    15.95 Gb Paging File | 14.16 Gb Available in Paging File | 88.81% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 111.45 Gb Total Space | 47.73 Gb Free Space | 42.82% Space Free | Partition Type: NTFS
    Drive E: | 1863.01 Gb Total Space | 1559.68 Gb Free Space | 83.72% Space Free | Partition Type: NTFS
    Drive F: | 7.39 Gb Total Space | 6.68 Gb Free Space | 90.33% Space Free | Partition Type: FAT32

    Computer Name: HOME-OFFICE_PC | User Name: John | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htafile [open] -- "%1" %*
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0AAF002F-58F8-4FDD-BCD3-87381B9909D7}" = rport=138 | protocol=17 | dir=out | app=system |
    "{0FC36CAB-CA64-4975-AF1A-0DD90FAA030E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{17C3C2FD-6134-4C6D-AC7F-3C40F95E7E4E}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{23B89CC4-2C3C-4EFF-8317-E19D9CFBCC57}" = lport=445 | protocol=6 | dir=in | app=system |
    "{3C299EE0-71B8-4F0B-8780-ACA170A8634E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{49C2F2A2-FCEE-4128-A402-2EFCF6858B52}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{4A188E63-A905-4EF1-B135-7EE8C1868806}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{6ECB4B70-FC32-406E-AE86-93974A2F8FF1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{70783446-E8F1-46B3-A183-D49C4A809C37}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{892EC4D9-BEF5-4E7D-8580-0AC58F34C4F4}" = lport=137 | protocol=17 | dir=in | app=system |
    "{8D4B1E03-49F6-4789-AB0D-C87D0E846F24}" = lport=138 | protocol=17 | dir=in | app=system |
    "{A23DA8D0-C964-46FC-A68B-3E7725AA7951}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{A3C02E87-7515-488C-80F3-78C0DB0CC988}" = rport=139 | protocol=6 | dir=out | app=system |
    "{C8E00ACC-6CCB-49BE-86F0-528E47C41CA4}" = rport=445 | protocol=6 | dir=out | app=system |
    "{CBF468A8-4019-4975-9AEC-33379602B814}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{CE5BCCA7-CD7C-4E1C-89B6-1DDC1AFD33D0}" = rport=137 | protocol=17 | dir=out | app=system |
    "{D0030E54-C36A-402E-957A-7687B7AE75C0}" = lport=139 | protocol=6 | dir=in | app=system |
    "{D5A56E3B-6650-451D-BCA0-5D2931F224A1}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{DCB05A7F-08A2-4B2D-B4F3-960BA00AAB54}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{EB77D4DA-AA91-4A3B-8A51-6C3E0895F1A2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{F7A4E5C2-0308-46B4-860E-99964988231A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{016904F4-DF46-49FA-BFF9-CD75D7246AA4}" = dir=out | name=@{microsoft.bingnews_1.5.1.409_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
    "{103296A4-C2FF-4248-80DE-7D5BDB8D77E4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{1358E435-3C4A-4DE0-977D-075291A7AA75}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
    "{1C81A526-5355-426D-9839-496F4D94FDC6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{1CB4AF80-56A1-457B-A00C-B8C245BC8BF0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{21D4A9AF-2CF2-4E0C-82AA-2B02E3F2D702}" = protocol=6 | dir=out | app=system |
    "{2298DF28-0255-45AB-BBED-97C0E5F56EF3}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
    "{2547DBDE-0244-4788-9B04-7E1F530756A3}" = dir=out | name=@{microsoft.bingtravel_1.5.1.248_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
    "{254902C8-7952-4B38-8A57-D52127FA2664}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
    "{30529600-8113-4925-9885-8A9820D0241B}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
    "{34672386-4116-4EC1-8614-4A08D6ED48A3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{37518899-C9FD-4894-8654-60A2E27379EB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{3ED1A7BD-ABAA-4656-A7F2-6D45977E16BD}" = dir=out | name=google search |
    "{422412E9-9059-4AE5-B2DC-9A562B2F66DE}" = protocol=17 | dir=in | app=c:\users\john\appdata\roaming\utorrent\utorrent.exe |
    "{439DF41F-0612-4C34-BCA5-A8E91E63FDBD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{46CA9962-C631-4DEE-9468-CF6E1E78BC48}" = dir=out | name=pinball fx2 |
    "{55F42BC4-CCF2-4172-8BF2-23110BA2E2E7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{58A7D501-E3D5-454C-83F3-F6C41016B7A7}" = dir=out | name=dropbox |
    "{5DF31A23-C498-4364-8479-45005C57AD24}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
    "{67B2C9FF-7A64-41DC-B971-074E9E9DA47A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
    "{6CB9E8D2-65D7-4306-940C-69F28314BE91}" = dir=out | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
    "{6F926873-1EFC-43B2-AF60-71BE1B0F443D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{7A220166-8B4D-4BAB-B0AB-D9A152C19374}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7C3ACFD0-3773-4504-9E64-8683A38F7D8E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{7C5A20B7-A75A-4BE7-AF03-D7C50A573A46}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
    "{8471F62F-C6A9-4787-B9A5-15C897549B53}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{90EF6CBB-16F5-4DDC-8905-CF85733B9C2B}" = dir=out | name=@{microsoft.bingsports_1.5.1.249_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
    "{980DCD72-8B39-4D4C-BB9E-C7766F35DE8E}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
    "{985AB504-A75E-4E5E-99E9-5F40FCB92680}" = dir=in | name=pinball fx2 |
    "{A0B44177-4024-4651-A715-B4A4B83EF860}" = dir=in | name=@{microsoft.reader_6.2.9200.20523_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
    "{A5076CF0-D8DE-4887-B570-86A6D30BC915}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{AE51D5DC-26FB-4BCC-8D8A-8B97448A6438}" = dir=in | app=c:\program files (x86)\htc\htc sync manager\htcsyncmanager.exe |
    "{B1F53B0B-7806-4549-93A1-7AC0CD046EE2}" = protocol=6 | dir=in | app=c:\users\john\appdata\roaming\utorrent\utorrent.exe |
    "{B3E5E2CC-75C9-45ED-8510-AF4C8499FE5E}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
    "{B9BDB6A7-C027-4495-ADC6-B9F9DF55293B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{C24BE32A-4D83-457C-B675-1787EF5BCF08}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{CA0ABB22-A5A1-431B-A70A-FA1C3956DA88}" = dir=out | name=@{microsoft.zunemusic_1.1.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
    "{CE7BFE08-95F7-4B7C-AF6F-0B7E023751BB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{D756F677-8811-465C-B924-4D43EFC8310B}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    "{E2B6452C-6C78-4746-9E9B-45AB89FB65C5}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
    "{E4E22944-555E-49D7-A862-E892C6D953AF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{E58CC246-530E-4C39-834F-81A1002B51FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
    "{F170A28C-2332-4883-8FFC-BEC41AD3EDA2}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe |
    "{FBAB31A3-C96B-4D10-98A3-D84059855A15}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
    "{FC963C55-5E45-4674-9852-12E19A6A1174}" = dir=out | name=@{microsoft.bingweather_1.5.1.245_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
    "{FCE58970-81ED-4898-8462-A62961DBF085}" = dir=out | name=@{microsoft.bingfinance_1.5.1.406_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
    "{FEBB20C8-F066-4990-ADD5-35255D307C99}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{7AB6F8D7-7804-4662-BE8C-1AFCCD602D9F}" = Microsoft Mouse and Keyboard Center
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "Microsoft Mouse and Keyboard Center" = Microsoft Mouse and Keyboard Center

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{4CEEE5D0-F905-4688-B9F9-ECC710507796}" = HTC Driver Installer
    "{5DC3BFF3-B84F-4CBE-B2BD-FB52B6C247CA}" = HTC Sync Manager
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7CD0118B-FE1C-6513-7FCC-2D4BC220DD1F}" = Shutterfly Express Uploader
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
    "Adobe AIR" = Adobe AIR
    "com.Shutterfly.ExpressUploader" = Shutterfly Express Uploader
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
    "N360" = Norton 360
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.SingleImage" = Microsoft Office Home and Student 2010
    "uTorrent" = µTorrent

    < End of report >
     
  7. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    650
    Try running it again.

    If it still doesn't work, try it in safe mode.

    Also:

    Run Security Check

    Download Security Check by screen317 from here or here.

    • save it to your Desktop
    • double click SecurityCheck.exe and follow the onscreen instructions inside of the black box
    • a Notepad document should open automatically called checkup.txt; please post the contents of that document.
    I have to go out for a few hours so won't be replying straight away.

    Satchfan
     
  8. jgatses

    jgatses Thread Starter

    Joined:
    Feb 25, 2013
    Messages:
    15
    OK. Had to start it up in Safe Mode.
    Here is the contents of the checkup txt file:

    Results of screen317's Security Check version 0.99.59
    x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Enabled!
    Windows Defender
    Norton 360
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.70.0.1100
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````

    Thank you so munch for all your help with this. I don't know what you do or how you do it, but I'm thankful there are people like you to help us along.
     

    Attached Files:

  9. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    650
    You are welcome.:)


    SecurityCheck should not have had a problem in normal mode. Please try running it again in normal mode.
     
  10. jgatses

    jgatses Thread Starter

    Joined:
    Feb 25, 2013
    Messages:
    15
    Results of screen317's Security Check version 0.99.59
    x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Enabled!
    Windows Defender
    Norton 360
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.70.0.1100
    ````````Process Check: objlist.exe by Laurent````````
    Norton ccSvcHst.exe
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````
     
  11. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    650
    P2P - I see you have P2P software, (BitTorrent ), installed on your machine.

    We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

    If your computer is infected, it almost certainly contributed to your current situation.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

    Please see this topic for more information:

    Perils of P2P File Sharing.

    I would strongly recommend that you uninstall it now. You can do so via Control Panel, Programs, and then Programs and Features.

    Should you decide to keep it, please don’t use it until we have finished up here.

    ===================================================

    Note: Please temporarily disable MalwareBytes Anti-Malware for the duration of this fix as it may interfere with the successfully execution of the script below.

    Run OTL

    • double click on the icon to run it.
    • copy/paste ALL the following text written inside the code box into the Custom Scans/Fixes box located at the bottom of OTL
    Code:
    [B]:Services
    
      [/B] [B]
    :OTL[/B]
    [B]IE - HKLM\..\SearchScopes\{9CF29096-9824-4EBB-81DF-BF4F6669A66A}: "URL" = [URL="http://www.bing.com/search?q=%7BsearchTerms%7D&FORM=IE8SRC"]http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC[/URL]
    O3 - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    [/B]
    [B]:Commands
    [purity]
    [emptytemp][/B]
    [B][Reboot][/B]
    
    • click the Run Fix button at the top
    • let the program run unhindered, reboot when it is done
    • post a new OTL log (don't check the boxes beside LOP Check or Purity this time)
    ===================================================

    Run MiniToolBox

    Note: Please make sure Firefox is closed before you run this.

    Please download MiniToolBox, save it to your desktop and run it.

    Place a checkmark in the following checkboxes:
    List IP configuration
    List Users, Partitions and Memory size.
    List last 10 Event Viewer log
    List Installed Programs
    Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

    Logs to include in the next post:

    OTL fix log
    New OTL log
    Result.txt


    Thanks

    Satchfan
     
  12. jgatses

    jgatses Thread Starter

    Joined:
    Feb 25, 2013
    Messages:
    15
    I deleted the u torrent....I never once used this, so I'm certain that nothing was from this. All the same, it is gone.

    I ran the otl, hit the run fix and this is what it gave:

    All processes killed
    Error: Unable to interpret <*:Services> in the current context!
    Error: Unable to interpret < * *> in the current context!
    Error: Unable to interpret <:OTL*> in the current context!
    Error: Unable to interpret <*IE - HKLM\..\SearchScopes\{9CF29096-9824-4EBB-81DF-BF4F6669A66A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC (http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC)> in the current context!
    Error: Unable to interpret <O3 - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.> in the current context!
    Error: Unable to interpret <*> in the current context!
    Error: Unable to interpret <*:Commands> in the current context!
    Error: Unable to interpret <[purity]> in the current context!
    Error: Unable to interpret <[emptytemp]*> in the current context!
    Error: Unable to interpret <*[Reboot]*> in the current context!

    OTL by OldTimer - Version 3.2.69.0 log created on 02262013_181306
    Files\Folders moved on Reboot...
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...

    I'm not sure what you post the New OTL. Am I supposed to copy/paste the info and run scan again?

    The Result.txt is attached.
     

    Attached Files:

  13. jgatses

    jgatses Thread Starter

    Joined:
    Feb 25, 2013
    Messages:
    15
    Disrgard the previous post:

    I copied the text for the custom scan/fix box from an email, and it didn't have all the text which was posted in the forum: below is the fix file and new OTL file after the fix Sorry for the confusion:

    All processes killed
    ========== SERVICES/DRIVERS ==========
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CF29096-9824-4EBB-81DF-BF4F6669A66A}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9CF29096-9824-4EBB-81DF-BF4F6669A66A}\ not found.
    Registry value HKEY_USERS\S-1-5-21-1862456514-1726756359-4083149293-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 58264 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: John
    ->Temp folder emptied: 77257790 bytes
    ->Temporary Internet Files folder emptied: 229826303 bytes
    ->Flash cache emptied: 61445 bytes

    User: Public

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 1715727 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 7305778 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 280994 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 302.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 02272013_053619
    Files\Folders moved on Reboot...
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N435TPWP\0[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\N435TPWP\launch[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CHWDHY31\1090980-conduit-lavasoft-tabs-chrome[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\CHWDHY31\um[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\C999SPJ9\facebook_com[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BN7AOD9V\ai[6].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BN7AOD9V\um[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\66NWATTX\si[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JB5E2YC\0[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JB5E2YC\aceUAC[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JB5E2YC\aceUAC[2].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JB5E2YC\csc-render[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JB5E2YC\ext-render-secure[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JB5E2YC\fc[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\5JB5E2YC\si[1].htm moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    PendingFileRenameOperations files...
    Registry entries deleted on Reboot...





    OTL logfile created on: 2/27/2013 5:44:43 AM - Run 4
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\John\Desktop
    64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16484)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    7.95 Gb Total Physical Memory | 6.53 Gb Available Physical Memory | 82.08% Memory free
    15.95 Gb Paging File | 14.48 Gb Available in Paging File | 90.77% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 111.45 Gb Total Space | 47.49 Gb Free Space | 42.61% Space Free | Partition Type: NTFS
    Drive E: | 1863.01 Gb Total Space | 1559.68 Gb Free Space | 83.72% Space Free | Partition Type: NTFS
    Drive F: | 7.39 Gb Total Space | 6.68 Gb Free Space | 90.33% Space Free | Partition Type: FAT32

    Computer Name: HOME-OFFICE_PC | User Name: John | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/02/26 09:54:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
    PRC - [2013/01/31 09:11:58 | 000,542,632 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
    PRC - [2012/12/23 21:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccsvchst.exe
    PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012/11/18 22:13:12 | 000,168,864 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
    PRC - [2012/10/26 16:17:52 | 000,087,368 | ---- | M] (Nero AG) -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
    PRC - [2012/10/19 02:02:30 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2012/10/08 16:40:38 | 000,166,912 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    PRC - [2012/10/02 15:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/11/18 22:13:12 | 000,168,864 | ---- | M] () -- C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
    MOD - [2012/05/30 08:51:08 | 000,699,280 | R--- | M] () -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\wincfi39.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/01/09 17:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
    SRV:64bit: - [2013/01/09 17:22:53 | 000,464,384 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
    SRV:64bit: - [2013/01/09 17:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
    SRV:64bit: - [2012/12/05 22:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
    SRV:64bit: - [2012/12/05 22:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
    SRV:64bit: - [2012/11/05 22:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
    SRV:64bit: - [2012/11/05 22:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
    SRV:64bit: - [2012/09/20 03:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
    SRV:64bit: - [2012/09/20 00:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
    SRV:64bit: - [2012/09/20 00:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
    SRV:64bit: - [2012/07/25 21:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
    SRV:64bit: - [2012/07/25 21:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
    SRV:64bit: - [2012/07/25 21:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
    SRV:64bit: - [2012/07/25 21:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
    SRV:64bit: - [2012/07/25 21:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
    SRV:64bit: - [2012/07/25 21:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
    SRV:64bit: - [2012/07/25 21:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
    SRV:64bit: - [2012/07/25 21:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
    SRV:64bit: - [2012/07/25 21:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
    SRV:64bit: - [2012/07/25 21:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
    SRV:64bit: - [2012/07/25 21:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
    SRV:64bit: - [2012/07/25 21:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
    SRV:64bit: - [2012/07/25 21:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
    SRV:64bit: - [2012/07/25 21:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
    SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
    SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
    SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
    SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
    SRV:64bit: - [2012/07/25 18:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
    SRV - [2012/12/23 21:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe -- (N360)
    SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
    SRV - [2012/11/05 22:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
    SRV - [2012/10/26 16:17:52 | 000,087,368 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe -- (HTCMonitorService)
    SRV - [2012/10/19 02:02:30 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/10/08 16:40:38 | 000,166,912 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
    SRV - [2012/10/02 15:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/07/25 21:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
    DRV:64bit: - [2013/02/18 09:28:53 | 000,014,456 | ---- | M] (GFI Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\gfibto.sys -- (gfibto)
    DRV:64bit: - [2013/01/30 21:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symnets.sys -- (SymNetS)
    DRV:64bit: - [2013/01/30 21:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symefa64.sys -- (SymEFA)
    DRV:64bit: - [2013/01/28 19:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtsp64.sys -- (SRTSP)
    DRV:64bit: - [2013/01/28 19:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtspx64.sys -- (SRTSPX)
    DRV:64bit: - [2013/01/21 20:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symds64.sys -- (SymDS)
    DRV:64bit: - [2013/01/09 19:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
    DRV:64bit: - [2013/01/09 19:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/12/04 19:57:29 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent)
    DRV:64bit: - [2012/11/26 21:56:29 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
    DRV:64bit: - [2012/11/26 21:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
    DRV:64bit: - [2012/11/19 22:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
    DRV:64bit: - [2012/11/15 20:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ironx64.sys -- (SymIRON)
    DRV:64bit: - [2012/11/15 20:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ccsetx64.sys -- (ccSet_N360)
    DRV:64bit: - [2012/11/06 01:52:07 | 000,445,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
    DRV:64bit: - [2012/11/06 01:36:23 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
    DRV:64bit: - [2012/11/05 21:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
    DRV:64bit: - [2012/11/02 17:38:36 | 000,050,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\point64.sys -- (Point64)
    DRV:64bit: - [2012/11/01 23:52:50 | 000,075,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\dc3d.sys -- (dc3d)
    DRV:64bit: - [2012/10/12 02:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/10/11 01:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
    DRV:64bit: - [2012/10/11 01:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
    DRV:64bit: - [2012/09/25 22:46:20 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\htcnprot.sys -- (htcnprot)
    DRV:64bit: - [2012/09/20 01:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
    DRV:64bit: - [2012/09/20 01:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
    DRV:64bit: - [2012/09/20 01:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
    DRV:64bit: - [2012/09/20 01:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2012/09/20 01:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2012/09/20 01:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2012/09/06 20:05:05 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symelam.sys -- (SymELAM)
    DRV:64bit: - [2012/07/25 23:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/07/25 23:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
    DRV:64bit: - [2012/07/25 23:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
    DRV:64bit: - [2012/07/25 23:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
    DRV:64bit: - [2012/07/25 23:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
    DRV:64bit: - [2012/07/25 23:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
    DRV:64bit: - [2012/07/25 23:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
    DRV:64bit: - [2012/07/25 23:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
    DRV:64bit: - [2012/07/25 23:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
    DRV:64bit: - [2012/07/25 23:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2012/07/25 23:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2012/07/25 23:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
    DRV:64bit: - [2012/07/25 23:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2012/07/25 23:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
    DRV:64bit: - [2012/07/25 23:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
    DRV:64bit: - [2012/07/25 23:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2012/07/25 23:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
    DRV:64bit: - [2012/07/25 23:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2012/07/25 23:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2012/07/25 22:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
    DRV:64bit: - [2012/07/25 22:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
    DRV:64bit: - [2012/07/25 22:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
    DRV:64bit: - [2012/07/25 22:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
    DRV:64bit: - [2012/07/25 22:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
    DRV:64bit: - [2012/07/25 21:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2012/07/25 20:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
    DRV:64bit: - [2012/07/25 20:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
    DRV:64bit: - [2012/07/25 20:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
    DRV:64bit: - [2012/07/25 20:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
    DRV:64bit: - [2012/07/25 20:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
    DRV:64bit: - [2012/07/25 20:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
    DRV:64bit: - [2012/07/25 20:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
    DRV:64bit: - [2012/07/25 20:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
    DRV:64bit: - [2012/07/25 20:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
    DRV:64bit: - [2012/07/25 20:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
    DRV:64bit: - [2012/07/25 20:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
    DRV:64bit: - [2012/07/25 20:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
    DRV:64bit: - [2012/07/25 20:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
    DRV:64bit: - [2012/07/25 20:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/07/25 20:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
    DRV:64bit: - [2012/07/25 20:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2012/07/25 20:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/07/25 20:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
    DRV:64bit: - [2012/07/25 20:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
    DRV:64bit: - [2012/07/25 20:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
    DRV:64bit: - [2012/07/25 20:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
    DRV:64bit: - [2012/07/25 20:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
    DRV:64bit: - [2012/07/25 20:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
    DRV:64bit: - [2012/07/25 20:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
    DRV:64bit: - [2012/07/25 20:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
    DRV:64bit: - [2012/07/17 20:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2012/06/02 08:34:38 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VSTDPV6.SYS -- (VST64_DPV)
    DRV:64bit: - [2012/06/02 08:34:38 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VSTCNXT6.SYS -- (winachsf)
    DRV:64bit: - [2012/06/02 08:34:38 | 000,411,136 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\VSTBS26.SYS -- (VST64HWBS2)
    DRV:64bit: - [2012/06/02 08:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
    DRV:64bit: - [2011/04/09 01:00:20 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\nuidfltr.sys -- (NuidFltr)
    DRV:64bit: - [2009/11/02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ANDROIDUSB.sys -- (HTCAND64)
    DRV - [2013/01/17 17:07:11 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130226.025\ex64.sys -- (NAVEX15)
    DRV - [2013/01/17 17:07:11 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\VirusDefs\20130226.025\eng64.sys -- (NAVENG)
    DRV - [2013/01/15 20:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\BASHDefs\20130208.001\BHDrvx64.sys -- (BHDrvx64)
    DRV - [2012/12/03 01:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2012/12/03 01:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
    DRV - [2012/12/02 17:32:04 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\Definitions\IPSDefs\20130226.001\IDSviA64.sys -- (IDSVia64)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633ee93-d776-472f-a0ff-e1416b8b2e3a}

    IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
    IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\..\SearchScopes\{9CF29096-9824-4EBB-81DF-BF4F6669A66A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-21-1862456514-1726756359-4083149293-1004\..\SearchScopes,DefaultScope =


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\IPSFFPlgn\ [2012/12/04 19:57:37 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.2.0.19\coFFPlgn\ [2013/02/26 07:14:31 | 000,000,000 | ---D | M]

    [2013/02/17 13:11:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla FireFox\extensions

    O1 HOSTS File: ([2012/07/25 23:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
    O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
    O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ips\ipsbho.dll (Symantec Corporation)
    O2 - BHO: (KeyDownload Class) - {C1EA4179-A319-4c6a-A3E5-67FF3592A12E} - C:\Program Files (x86)\KeyDownload-Addon\KeyDownload.dll (KeyDownload)
    O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coieplg.dll (Symantec Corporation)
    O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [IntelliType Pro] c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\S-1-5-21-1862456514-1726756359-4083149293-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 0.0.0.0 0.0.0.0
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{080E84B1-E448-4A51-8E5F-7C7BC9CBD427}: DhcpNameServer = 192.168.1.254 0.0.0.0 0.0.0.0
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit64.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\nvStInit.dll) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInit.dll (NVIDIA Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O30 - LSA: Security Packages - (livessp) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2013/02/17 18:28:28 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2010/07/09 19:10:56 | 000,000,000 | RH-D | M] - E:\autorun -- [ NTFS ]
    O32 - AutoRun File - [2002/10/16 06:56:50 | 000,000,036 | RH-- | M] () - E:\autorun.inf -- [ NTFS ]
    O33 - MountPoints2\{5a2f989b-3e85-11e2-be6b-50465d66467f}\Shell - "" = AutoRun
    O33 - MountPoints2\{5a2f989b-3e85-11e2-be6b-50465d66467f}\Shell\AutoRun\command - "" = "F:\HTC_Sync_Manager_PC.exe"
    O33 - MountPoints2\{e852d86b-3acf-11e2-be6b-50465d66467f}\Shell - "" = AutoRun
    O33 - MountPoints2\{e852d86b-3acf-11e2-be6b-50465d66467f}\Shell\AutoRun\command - "" = "F:\HTC_Sync_Manager_PC.exe"
    O33 - MountPoints2\{e852d87c-3acf-11e2-be6b-50465d66467f}\Shell - "" = AutoRun
    O33 - MountPoints2\{e852d87c-3acf-11e2-be6b-50465d66467f}\Shell\AutoRun\command - "" = "F:\HTC_Sync_Manager_PC.exe"
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/02/26 18:15:00 | 000,752,287 | ---- | C] (Farbar) -- C:\Users\John\Desktop\MiniToolBox.exe
    [2013/02/26 18:08:57 | 000,000,000 | ---D | C] -- C:\_OTL
    [2013/02/26 17:15:14 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\adawarebp
    [2013/02/26 10:08:20 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\CrashDumps
    [2013/02/26 10:04:50 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
    [2013/02/26 09:54:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
    [2013/02/26 07:17:02 | 000,000,000 | ---D | C] -- C:\Users\John\Desktop\files
    [2013/02/26 07:16:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
    [2013/02/26 07:16:00 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/02/26 07:15:13 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\John\Desktop\JRT.exe
    [2013/02/24 21:45:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Deployment
    [2013/02/24 21:45:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Apps
    [2013/02/23 15:16:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KeyDownload-Addon
    [2013/02/23 13:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
    [2013/02/23 13:30:39 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Real
    [2013/02/23 13:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
    [2013/02/23 13:28:54 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\uTorrent
    [2013/02/22 07:59:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2013/02/18 09:32:34 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\LavasoftStatistics
    [2013/02/18 09:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
    [2013/02/18 09:30:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner
    [2013/02/18 09:29:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
    [2013/02/18 09:28:53 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
    [2013/02/17 18:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
    [2013/02/17 18:28:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    [2013/02/17 13:39:29 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Roaming\Malwarebytes
    [2013/02/17 13:39:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2013/02/17 13:39:19 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2013/02/17 13:39:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2013/02/17 13:39:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2013/02/17 13:33:02 | 067,823,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
    [2013/02/17 13:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2013/02/17 13:30:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
    [2013/02/17 13:29:45 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\Programs
    [2013/02/17 13:04:01 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
    [2013/02/17 13:04:01 | 001,437,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
    [2013/02/17 13:03:49 | 002,094,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mmc.exe
    [2013/02/17 13:03:49 | 001,964,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlidsvc.dll
    [2013/02/17 13:03:49 | 001,611,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mmc.exe
    [2013/02/17 13:03:49 | 000,820,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gpprefcl.dll
    [2013/02/17 13:03:48 | 001,886,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\setupapi.dll
    [2013/02/17 13:03:48 | 001,120,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msctf.dll
    [2013/02/17 13:03:48 | 000,582,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gpprefcl.dll
    [2013/02/17 13:03:48 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll
    [2013/02/17 13:03:48 | 000,438,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsm.dll
    [2013/02/17 13:03:48 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Media.dll
    [2013/02/17 13:03:48 | 000,274,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srmstormod.dll
    [2013/02/17 13:03:48 | 000,028,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\msgpiowin32.sys
    [2013/02/17 13:03:47 | 000,728,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\samsrv.dll
    [2013/02/17 13:03:47 | 000,666,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL
    [2013/02/17 13:03:47 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.dll
    [2013/02/17 13:03:47 | 000,436,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL
    [2013/02/17 13:03:47 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.dll
    [2013/02/17 13:03:47 | 000,303,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
    [2013/02/17 13:03:47 | 000,279,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srm.dll
    [2013/02/17 13:03:47 | 000,278,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srm.dll
    [2013/02/17 13:03:47 | 000,261,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Media.dll
    [2013/02/17 13:03:47 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDMon.dll
    [2013/02/17 13:03:47 | 000,202,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\srmstormod.dll
    [2013/02/17 13:03:47 | 000,194,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys
    [2013/02/17 13:03:47 | 000,171,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncbservice.dll
    [2013/02/17 13:03:47 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetpp.dll
    [2013/02/17 13:03:47 | 000,124,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys
    [2013/02/17 13:03:47 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxm.dll
    [2013/02/17 13:03:47 | 000,095,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wiaacmgr.exe
    [2013/02/17 13:03:47 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wiaacmgr.exe
    [2013/02/17 13:03:47 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhsvc.dll
    [2013/02/17 13:03:47 | 000,022,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\adhapi.dll
    [2013/02/17 13:03:47 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\httpprxp.dll
    [2013/02/17 13:03:47 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\keepaliveprovider.dll
    [2013/02/13 17:24:59 | 006,967,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
    [2013/02/13 10:59:18 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/02/13 10:59:17 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
    [2013/02/13 10:59:17 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/02/13 10:59:17 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/02/13 10:59:17 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/02/13 10:59:17 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2013/02/13 10:59:17 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013/02/13 10:59:17 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013/02/13 10:59:17 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll
    [2013/02/13 10:59:17 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2013/02/13 10:59:17 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll
    [2013/02/13 10:59:17 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013/02/12 18:31:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
    [2013/02/09 10:45:26 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\CutePDF Writer
    [2013/02/09 10:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acro Software
    [2013/02/09 10:43:38 | 000,000,000 | -HSD | C] -- C:\AI_RecycleBin
    [2013/02/09 10:43:27 | 000,000,000 | ---D | C] -- C:\Users\John\AppData\Local\CRE
    [2013/02/09 10:42:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla FireFox

    ========== Files - Modified Within 30 Days ==========

    [2013/02/27 05:45:20 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/02/27 05:45:20 | 000,718,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/02/27 05:45:20 | 000,132,542 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/02/27 05:42:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/02/27 05:40:31 | 000,002,319 | ---- | M] () -- C:\Users\Public\Desktop\Norton 360.lnk
    [2013/02/27 05:40:29 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
    [2013/02/27 05:40:29 | 002,092,605 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\Cat.DB
    [2013/02/27 05:40:26 | 2533,916,671 | -HS- | M] () -- C:\hiberfil.sys
    [2013/02/27 05:40:25 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\VT20130115.021
    [2013/02/26 18:15:00 | 000,752,287 | ---- | M] (Farbar) -- C:\Users\John\Desktop\MiniToolBox.exe
    [2013/02/26 14:22:23 | 000,881,935 | ---- | M] () -- C:\Users\John\Desktop\SecurityCheck.exe
    [2013/02/26 10:06:13 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\John\Desktop\aswMBR.exe
    [2013/02/26 09:54:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\John\Desktop\OTL.exe
    [2013/02/26 07:15:14 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\John\Desktop\JRT.exe
    [2013/02/26 07:10:57 | 000,594,019 | ---- | M] () -- C:\Users\John\Desktop\adwcleaner.exe
    [2013/02/24 22:00:27 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    [2013/02/24 21:58:59 | 000,000,171 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
    [2013/02/24 14:51:35 | 1464,859,669 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/02/23 15:16:50 | 000,000,110 | ---- | M] () -- C:\prefs.js
    [2013/02/23 15:15:45 | 000,000,884 | RHS- | M] () -- C:\Users\John\ntuser.pol
    [2013/02/18 11:49:59 | 000,357,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/02/18 09:28:53 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
    [2013/02/17 18:28:28 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
    [2013/02/14 11:41:44 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\isolate.ini
    [2013/02/09 10:45:27 | 000,118,924 | ---- | M] () -- C:\Users\John\Desktop\label.pdf
    [2013/02/06 17:06:14 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/02/06 17:06:14 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/02/04 22:29:08 | 067,823,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
    [2013/01/31 21:55:07 | 000,007,589 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.cat
    [2013/01/31 21:55:06 | 000,007,585 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.cat
    [2013/01/30 21:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnets.sys
    [2013/01/30 21:18:11 | 000,001,440 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symnet.inf
    [2013/01/30 21:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symefa64.sys
    [2013/01/30 21:18:06 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symvtcer.dat
    [2013/01/30 21:18:06 | 000,007,587 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symefa64.cat
    [2013/01/30 21:18:06 | 000,003,434 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symefa.inf
    [2013/01/30 21:17:58 | 000,007,581 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\symds64.cat
    [2013/01/28 19:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.sys
    [2013/01/28 19:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.sys
    [2013/01/28 19:45:19 | 000,001,420 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtspx64.inf
    [2013/01/28 19:45:18 | 000,001,438 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1403000.024\srtsp64.inf

    ========== Files Created - No Company Name ==========

    [2013/02/26 14:22:23 | 000,881,935 | ---- | C] () -- C:\Users\John\Desktop\SecurityCheck.exe
    [2013/02/26 07:10:57 | 000,594,019 | ---- | C] () -- C:\Users\John\Desktop\adwcleaner.exe
    [2013/02/24 21:58:56 | 000,000,171 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
    [2013/02/23 15:16:50 | 000,000,110 | ---- | C] () -- C:\prefs.js
    [2013/02/23 15:15:45 | 000,000,884 | RHS- | C] () -- C:\Users\John\ntuser.pol
    [2013/02/22 07:59:54 | 1464,859,669 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2013/02/18 11:49:58 | 000,357,056 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/02/18 09:30:17 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
    [2013/02/17 18:28:28 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
    [2013/02/17 13:03:47 | 000,386,577 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml
    [2013/02/09 10:46:02 | 000,118,924 | ---- | C] () -- C:\Users\John\Desktop\label.pdf
    [2012/11/26 19:42:45 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
    [2012/11/25 16:15:33 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
    [2012/11/25 16:15:32 | 000,033,550 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
    [2012/11/25 16:15:31 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
    [2012/07/26 02:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2012/07/26 02:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2012/07/26 01:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2012/07/25 19:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2012/07/25 14:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2012/07/25 14:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2012/06/02 08:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== ZeroAccess Check ==========

    [2013/02/24 21:45:54 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/01/09 17:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/01/09 17:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 21:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 21:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 21:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    < End of report >
     
  14. jgatses

    jgatses Thread Starter

    Joined:
    Feb 25, 2013
    Messages:
    15
    Here is the new result too. I ran it again after the OTL incase anything changed:
     

    Attached Files:

  15. Satchfan

    Satchfan Malware Specialist

    Joined:
    Jan 12, 2009
    Messages:
    650
    You did well sussing the OTL problem out!

    Please disable Windows firewall.

    Norton has its own firewall and you cannot have two running.

    Can you tell me if there are any outstanding problems.

    Satchfan
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1090980