Page 1 of 2 12 LastLast
Results 1 to 10 of 20

Thread: Not sure what issue is?? Assistance would be appreciated

  1. 2013-06-27, 22:17 #1
    cv18sro
    cv18sro is offline
    Member
    Join Date
    Jan 2009
    Posts
    35

    Default Not sure what issue is?? Assistance would be appreciated

    I consider myself pretty tech savvy except when it comes to this. I am working on my parents computer which I purchased for them in January. Here is the whole story, I will try to be brief.

    About 2 weeks ago this computer began getting very slow on bootup. Before it would take maybe 60 to 90 seconds from start to Windows loaded and ready to use. Now its more like minutes. Then the same day I noticed issues their Microsoft Outlook .dat file become corrupt. I repaired it via Microsofts Knowledge Center. Also Adobe Reader and Flash Player crashed. I uninstalled them both and reinstalled. All programs were back in operation at that point. But the computer was still booting slow. Now today it is really slow to boot up.

    Everything appears to be working ok and Windows Updates are current, as well as all the other programs installed. It just boots really slow and occasionally, like maybe every 7th or 8th reboot it will take over 5 minutes for Windows to load. I am wondering if it could be hardware rather than malware but thought I would start here.

    I apologize if there is a delay in my response, I may not be able to access this computer but a couple times a day. I apologize in advance

    Here are the logs below:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.25.2
    Run by Home at 13:00:14 on 2013-06-27
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5528.3934 [GMT -7:00]
    .
    AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\IDT\WDM\beats64.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Greetings Workshop\GWREMIND.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe
    C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
    C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Ask.com\Updater\Updater.exe
    C:\Users\Home\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
    C:\Program Files (x86)\AVG\AVG2013\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\System32\WUDFHost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    C:\Users\Home\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\Macromed\Flash\FlashUtil64_11_7_700_224_ActiveX.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: ShopAtHome.com Cash Back Helper: {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\Home\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll
    BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: <No Name>: {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - LocalServer32 - <no file>
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    TB: AVG SafeGuard toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll
    TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    TB: ShopAtHome.com Toolbar: {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Home\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
    mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    mRun: [ShopAtHomeWatcher] C:\Users\Home\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe
    StartupFolder: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Greetings Workshop Reminders.lnk - C:\Program Files (x86)\Greetings Workshop\GWREMIND.EXE
    StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    TCP: NameServer = 192.168.0.1 205.171.3.65
    TCP: Interfaces\{37ABFF8C-6FD4-4331-A23F-ADFC5D0EF40B} : DHCPNameServer = 192.168.0.1 205.171.3.65
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    x64-Run: [NUSB3MON] "C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe"
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]
    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]
    R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]
    R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]
    R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
    R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-3-25 45856]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-5-4 241152]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-9 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-9 701512]
    R2 vToolbarUpdater15.3.0;vToolbarUpdater15.3.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe [2013-6-26 1598128]
    R3 amdhub30;AMD USB 3.0 Hub Driver;C:\Windows\System32\drivers\amdhub30.sys [2012-3-25 103552]
    R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\amdxhc.sys [2012-3-25 220288]
    R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-1-29 104048]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-9 25928]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-2-1 58536]
    S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\Windows\System32\drivers\l260x64.sys [2009-6-10 34304]
    S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\Windows\System32\drivers\l160x64.sys [2009-6-24 58368]
    S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-1 19456]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-2-1 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-1 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-1 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-06-26 17:47:16 -------- d-----w- C:\Users\Home\AppData\Roaming\ShopAtHome
    2013-06-23 20:23:24 -------- d-----w- C:\Program Files (x86)\Ask.com
    2013-06-23 20:23:24 -------- d-----w- C:\Firefox
    2013-06-23 20:21:07 -------- d-----w- C:\ProgramData\Ask
    2013-06-23 20:20:57 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-06-19 00:47:44 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-19 00:47:44 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-06-13 04:35:20 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-06-12 22:02:26 751104 ----a-w- C:\Windows\System32\win32spl.dll
    2013-05-31 00:19:40 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
    2013-05-30 23:54:57 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
    2013-05-30 23:54:57 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
    2013-05-30 23:54:56 239960 ----a-w- C:\Windows\SysWow64\xactengine3_7.dll
    2013-05-30 23:54:56 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll
    2013-05-30 23:54:56 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
    2013-05-30 23:54:56 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
    2013-05-30 23:54:56 1974616 ----a-w- C:\Windows\SysWow64\D3DCompiler_42.dll
    2013-05-30 23:54:56 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll
    2013-05-30 23:54:56 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll
    2013-05-30 23:54:55 81768 ----a-w- C:\Windows\SysWow64\xinput1_3.dll
    .
    ==================== Find3M ====================
    .
    2013-06-27 06:07:44 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2013-06-23 20:20:54 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2013-06-23 20:20:54 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
    2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll
    2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll
    2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll
    2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll
    2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll
    2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe
    2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
    2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
    2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll
    2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll
    2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll
    2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
    2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
    2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys
    2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2013-04-01 01:32:04 82600 ----a-w- C:\Windows\System32\drivers\amd_sata.sys
    2013-04-01 01:32:04 42664 ----a-w- C:\Windows\System32\drivers\amd_xata.sys
    2013-03-31 22:52:16 1887232 ----a-w- C:\Windows\System32\d3d11.dll
    .
    ============= FINISH: 13:00:34.87 ===============


    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-06-27 13:06:36
    -----------------------------
    13:06:36.232 OS Version: Windows x64 6.1.7601 Service Pack 1
    13:06:36.232 Number of processors: 4 586 0x1001
    13:06:36.232 ComputerName: HOME-PC UserName: Home
    13:06:36.263 Initialze error 1
    13:07:05.212 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005d
    13:07:05.228 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 11
    13:07:05.228 Disk 0 MBR read successfully
    13:07:05.228 Disk 0 MBR scan
    13:07:05.244 Disk 0 unknown MBR code
    13:07:05.244 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
    13:07:05.244 Disk 0 scanning C:\Windows\system32\drivers
    13:07:05.259 Service scanning
    13:07:05.821 Modules scanning
    13:07:05.821 Disk 0 trace - called modules:
    13:07:05.821 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
    13:07:05.836 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005ee8060]
    13:07:05.836 3 CLASSPNP.SYS[fffff8800196143f] -> nt!IofCallDriver -> [0xfffffa8005bd5040]
    13:07:05.852 5 amd_xata.sys[fffff88001124d00] -> nt!IofCallDriver -> \Device\0000005d[0xfffffa8005bd1060]
    13:07:05.852 Scan finished successfully
    13:12:53.123 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
    13:12:53.123 The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"
  2. 2013-07-03, 17:45 #2
    OCD
    OCD is offline
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hello cv18sro,

    My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.
    • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

    Please stay with this topic until I let you know that your system appears to be "All Clear"

    Important: All tools MUST be run from the Desktop.

    =========================

    1. Security Check

    Download Security Check by screen317 from here or here.
    • Save it to your Desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


    =========================

    2. aswMBR

    Download aswMBR.exe and save it to your desktop.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • When asked if you want to download Avast's virus definitions please select Yes.
    • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.


    =========================


    3. OTL

    Download OTL to your desktop.
    • Make sure all other windows are closed and to let it run uninterrupted.
      • Windows XP : Double click on the icon to run it.
      • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
    • When the window appears, underneath Output at the top change it to Minimal Output.
    • Check the boxes beside LOP Check and Purity Check.
    • Under Custom Scan paste this in

      %USERPROFILE%\..|smtmp;true;true;true /FP
      %temp%\smtmp\*.* /s >
      /md5start
      iexplore.*
      explorer.*
      winlogon.*
      dll
      zx.dll
      hlp.dat
      consrv.dll
      services.*
      /md5stop
      netsvcs
      drivers32
      %SYSTEMDRIVE%\*.*
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\Fonts\*.exe
      %systemroot%\system32\spool\prtprocs\w32x86\*.*
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.jpg
      %systemroot%\*.png
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %APPDATA%\Update\*.*
      %systemroot%\*. /mp /s
      dir "%systemdrive%\*" /S /A:L /C
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      %PROGRAMFILES%\bak. /s
      %systemroot%\system32\bak. /s
      %ALLUSERSPROFILE%\Start Menu\*.lnk /x
      %systemroot%\system32\config\systemprofile\*.dat /x
      %systemroot%\*.config
      %systemroot%\system32\*.db
      %PROGRAMFILES%\Internet Explorer\*.dat
      %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
      %USERPROFILE%\Desktop\*.exe
      %PROGRAMFILES%\Common Files\*.*
      %systemroot%\*.src
      %systemroot%\install\*.*
      %systemroot%\system32\DLL\*.*
      %systemroot%\system32\HelpFiles\*.*
      %systemroot%\system32\rundll\*.*
      %systemroot%\winn32\*.*
      %systemroot%\Java\*.*
      %systemroot%\system32\test\*.*
      %systemroot%\system32\Rundll32\*.*
      %systemroot%\AppPatch\Custom\*.*
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      BASESERVICES
      DRIVES
      CREATERESTOREPOINT

    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
      • You may need two posts to fit them both in.


    =========================

    In your next post please provide the following:

    • checkup.txt
    • aswMBR.txt
    • attach MBR.zip
    • OTL.txt
    • Extras.txt
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days
  3. 2013-07-03, 20:09 #3
    cv18sro
    cv18sro is offline
    Member
    Join Date
    Jan 2009
    Posts
    35

    Default

    Thank you for the response. I only get to this computer a couple times a day so I apologize for any delay between responses.

    Here are the documents you requested:

    Results of screen317's Security Check version 0.99.68
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 10
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG AntiVirus Free Edition 2013
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.75.0.1300
    AVG PC TuneUp Language Pack (en-US)
    Java 7 Update 25
    Adobe Reader XI
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamservice.exe
    Malwarebytes Anti-Malware mbamgui.exe
    AVG avgwdsvc.exe
    Malwarebytes' Anti-Malware mbamscheduler.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-06-27 13:06:36
    -----------------------------
    13:06:36.232 OS Version: Windows x64 6.1.7601 Service Pack 1
    13:06:36.232 Number of processors: 4 586 0x1001
    13:06:36.232 ComputerName: HOME-PC UserName: Home
    13:06:36.263 Initialze error 1
    13:07:05.212 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005d
    13:07:05.228 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 11
    13:07:05.228 Disk 0 MBR read successfully
    13:07:05.228 Disk 0 MBR scan
    13:07:05.244 Disk 0 unknown MBR code
    13:07:05.244 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
    13:07:05.244 Disk 0 scanning C:\Windows\system32\drivers
    13:07:05.259 Service scanning
    13:07:05.821 Modules scanning
    13:07:05.821 Disk 0 trace - called modules:
    13:07:05.821 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
    13:07:05.836 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005ee8060]
    13:07:05.836 3 CLASSPNP.SYS[fffff8800196143f] -> nt!IofCallDriver -> [0xfffffa8005bd5040]
    13:07:05.852 5 amd_xata.sys[fffff88001124d00] -> nt!IofCallDriver -> \Device\0000005d[0xfffffa8005bd1060]
    13:07:05.852 Scan finished successfully
    13:12:53.123 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
    13:12:53.123 The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"


    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-07-03 10:42:01
    -----------------------------
    10:42:01.619 OS Version: Windows x64 6.1.7601 Service Pack 1
    10:42:01.619 Number of processors: 4 586 0x1001
    10:42:01.619 ComputerName: HOME-PC UserName: Home
    10:42:01.728 Initialze error 1
    10:46:57.371 AVAST engine defs: 13070300
    10:47:58.289 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005d
    10:47:58.305 Disk 0 Vendor: Hitachi_ JP4O Size: 953869MB BusType: 11
    10:47:58.305 Disk 0 MBR read successfully
    10:47:58.320 Disk 0 MBR scan
    10:47:58.320 Disk 0 unknown MBR code
    10:47:58.336 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
    10:47:58.336 Disk 0 scanning C:\Windows\system32\drivers
    10:47:58.336 Service scanning
    10:47:58.898 Modules scanning
    10:47:58.898 Disk 0 trace - called modules:
    10:47:58.913 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
    10:47:58.913 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006266060]
    10:47:58.913 3 CLASSPNP.SYS[fffff880018e043f] -> nt!IofCallDriver -> [0xfffffa8005fe6980]
    10:47:58.929 5 amd_xata.sys[fffff880010ded00] -> nt!IofCallDriver -> \Device\0000005d[0xfffffa8005fe22d0]
    10:47:58.944 AVAST engine scan C:\Windows
    10:47:58.944 AVAST engine scan C:\Windows\system32
    10:47:58.960 AVAST engine scan C:\Windows\system32\drivers
    10:47:58.960 AVAST engine scan C:\Users\Home
    10:47:58.976 AVAST engine scan C:\ProgramData
    10:47:58.991 Scan finished successfully
    10:48:30.566 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\DO NOT DELETE\MBR.dat"
    10:48:30.581 The log file has been saved successfully to "C:\Users\Home\Desktop\DO NOT DELETE\aswMBR.txt"


    MBR.zip <--------- MBR.dat file compressed
  4. 2013-07-03, 20:13 #4
    cv18sro
    cv18sro is offline
    Member
    Join Date
    Jan 2009
    Posts
    35

    Default

    Its not letting me post the entire OTL.txt file into a post so I am splitting it up.

    OTL logfile created on: 7/3/2013 10:55:56 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16614)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.40 Gb Total Physical Memory | 4.07 Gb Available Physical Memory | 75.44% Memory free
    10.79 Gb Paging File | 9.00 Gb Available in Paging File | 83.35% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 910.65 Gb Total Space | 869.80 Gb Free Space | 95.51% Space Free | Partition Type: NTFS
    Drive D: | 19.39 Gb Total Space | 2.42 Gb Free Space | 12.50% Space Free | Partition Type: NTFS

    Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
    PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe (AVG Secure Search)
    PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe ()
    PRC - C:\Users\Home\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe ()
    PRC - C:\Users\Home\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
    PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    PRC - C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe (Advanced Micro Devices, Inc.)
    PRC - C:\Program Files (x86)\Greetings Workshop\GWREMIND.EXE (Microsoft Corporation)


    ========== Modules (No Company Name) ==========

    MOD - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
    MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\log4cplusU.dll ()
    MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\SiteSafety.dll ()
    MOD - C:\Users\Home\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe ()
    MOD - C:\Users\Home\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelperPS.dll ()


    ========== Services (SafeList) ==========

    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (vToolbarUpdater15.3.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe (AVG Secure Search)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
    DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
    DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
    DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
    DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
    DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
    DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
    DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
    DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (AtcL001) -- C:\Windows\SysNative\drivers\l160x64.sys (Atheros Communications, Inc.)
    DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
    DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (Atc002) -- C:\Windows\SysNative\drivers\l260x64.sys (Atheros Communications, Inc.)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV - (aswMBR) -- C:\Users\Home\AppData\Local\Temp\aswMBR.sys ()
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 87 97 DB 4E 28 CE 01 [binary data]
    IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKCU\..\SearchScopes\{2B250660-6553-4C46-B53B-21737CE73FDF}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=86AE981E-E079-46CD-B048-BEA35B6EAC75&apn_sauid=565D380F-D68B-414D-85A7-0C3BD168394C
    IE - HKCU\..\SearchScopes\{8417E916-05DB-4A01-A612-C31402F59A3D}: "URL" = http://websearch.shopathome.com?user_id={2B3BCB7E-C331-499E-BA8D-A6373251DCBF}&q={searchTerms}
    IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={4625A3ED-0CCA-4DD8-B101-6B1E55C9FA15}&mid=fd67b371a2f447d3acbda9aaf3565d44-55a284af6311e149f3b3344a1c03511c75e5ed88&lang=en&ds=AVG&pr=fr&d=2013-03-25 12:20:51&v=15.2.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.3.0\\npsitesafety.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/02/04 12:56:42 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/02/04 12:56:42 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O2 - BHO: (ShopAtHome.com Cash Back Helper) - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\Home\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
    O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Home\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
    O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
    O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
    O4:64bit: - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe (Advanced Micro Devices, Inc.)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [ShopAtHomeWatcher] C:\Users\Home\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe ()
    O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
    O4 - Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Greetings Workshop Reminders.lnk = C:\Program Files (x86)\Greetings Workshop\GWREMIND.EXE (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.65
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37ABFF8C-6FD4-4331-A23F-ADFC5D0EF40B}: DhcpNameServer = 192.168.0.1 205.171.3.65
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
  5. 2013-07-03, 20:16 #5
    cv18sro
    cv18sro is offline
    Member
    Join Date
    Jan 2009
    Posts
    35

    Default

    Here is the second half of the OTL.txt


    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/07/03 10:43:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
    [2013/06/27 13:14:08 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\DO NOT DELETE
    [2013/06/27 12:59:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2013/06/27 12:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
    [2013/06/27 12:58:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
    [2013/06/26 10:47:16 | 000,000,000 | ---D | C] -- C:\Users\Home\AppData\Roaming\ShopAtHome
    [2013/06/23 13:23:24 | 000,000,000 | ---D | C] -- C:\Firefox
    [2013/06/23 13:23:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
    [2013/06/23 13:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask
    [2013/06/23 13:21:00 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013/06/23 13:20:57 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/06/23 13:20:57 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/06/23 13:20:57 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/06/23 13:20:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2013/06/22 08:12:36 | 000,000,000 | ---D | C] -- C:\Users\Home\Desktop\Trip
    [2013/06/19 11:55:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
    [2013/06/19 11:54:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
    [2013/06/18 17:51:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
    [2013/06/18 17:51:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
    [2013/06/18 17:47:44 | 000,692,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/06/18 17:47:44 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/06/14 14:00:27 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/06/14 14:00:27 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [2013/06/12 21:35:20 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2013/06/12 21:35:20 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
    [2013/06/12 21:35:20 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
    [2013/06/12 21:35:20 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
    [2013/06/12 21:35:20 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
    [2013/06/12 21:35:20 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
    [2013/06/12 21:35:19 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
    [2013/06/12 21:35:19 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
    [2013/06/12 21:35:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
    [2013/06/12 21:35:19 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2013/06/12 21:35:18 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
    [2013/06/12 21:35:18 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
    [2013/06/12 21:35:18 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
    [2013/06/12 15:02:26 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
    [2013/06/12 15:02:26 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
    [2013/06/12 15:02:25 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
    [2013/06/12 15:02:24 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
    [2013/06/12 15:02:23 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
    [2013/06/12 15:02:19 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
    [2013/06/12 15:02:19 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
    [2013/06/12 15:02:19 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
    [2013/06/12 15:02:19 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
    [2013/06/12 15:02:19 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
    [2013/06/12 15:02:19 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
    [2013/06/12 15:02:16 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
    [2013/06/12 15:02:16 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
    [2013/06/11 09:16:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2013/03/22 15:55:35 | 000,940,544 | ---- | C] (Apache Software Foundation) -- C:\Users\Home\AppData\Local\log4cxx.dll
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/07/03 10:43:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe
    [2013/07/03 10:34:51 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/07/03 10:34:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/07/02 19:04:31 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/07/02 19:04:31 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/07/02 18:57:02 | 052,076,543 | -HS- | M] () -- C:\hiberfil.sys
    [2013/07/01 15:32:02 | 000,799,826 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2013/07/01 15:32:02 | 000,675,392 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2013/07/01 15:32:02 | 000,126,064 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2013/06/26 23:18:23 | 000,793,550 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/06/26 23:07:44 | 000,045,856 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
    [2013/06/24 17:10:53 | 000,870,128 | ---- | M] () -- C:\Users\Home\AppData\Roaming\mcs.rma
    [2013/06/24 17:10:53 | 000,000,004 | ---- | M] () -- C:\Users\Home\AppData\Roaming\075208
    [2013/06/23 13:20:54 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
    [2013/06/23 13:20:54 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
    [2013/06/23 13:20:54 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
    [2013/06/23 13:20:54 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
    [2013/06/23 13:20:54 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
    [2013/06/23 13:20:54 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013/06/19 12:26:23 | 000,001,113 | ---- | M] () -- C:\Users\Home\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk
    [2013/06/19 11:59:42 | 000,440,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2013/06/18 17:51:28 | 000,001,991 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
    [2013/06/18 17:47:44 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013/06/18 17:47:44 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013/06/15 15:16:01 | 000,001,262 | ---- | M] () -- C:\Users\Home\Documents\photo - Shortcut.lnk
    [2013/06/11 09:16:02 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
    [2013/06/08 07:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
    [2013/06/08 04:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/06/18 17:51:28 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    [2013/06/18 17:51:28 | 000,001,991 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
    [2013/06/18 17:47:46 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/05/30 16:54:15 | 000,793,550 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2013/03/22 15:55:35 | 000,196,608 | ---- | C] () -- C:\Users\Home\AppData\Local\common_functions.dll
    [2013/03/19 16:38:26 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
    [2013/03/19 16:38:26 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
    [2013/03/19 16:00:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
    [2013/03/19 16:00:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
    [2013/02/07 15:57:37 | 000,870,128 | ---- | C] () -- C:\Users\Home\AppData\Roaming\mcs.rma
    [2013/02/07 15:57:37 | 000,000,004 | ---- | C] () -- C:\Users\Home\AppData\Roaming\075208
    [2013/02/04 12:54:09 | 000,221,577 | ---- | C] () -- C:\Windows\hpoins19.dat
    [2013/02/04 12:54:09 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
    [2013/02/01 20:50:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2013/02/01 20:09:17 | 000,000,171 | ---- | C] () -- C:\Windows\QUICKEN.INI
    [2012/09/21 02:29:40 | 000,114,688 | ---- | C] () -- C:\Users\Home\AppData\Local\ie_runner_app.exe
    [2011/09/12 22:06:18 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

    ========== ZeroAccess Check ==========

    [2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/03/03 21:39:50 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\AVG
    [2013/02/01 21:10:42 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\AVG2013
    [2013/06/26 10:47:17 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\ShopAtHome
    [2013/02/01 21:09:58 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\TuneUp Software
    [2013/02/01 19:50:55 | 000,000,000 | ---D | M] -- C:\Users\Home\AppData\Roaming\WinBatch

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %USERPROFILE%\..|smtmp;true;true;true /FP >

    < %temp%\smtmp\*.* /s > >

    < MD5 for: EXPLORER.ADML >
    [2011/04/12 01:17:31 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml

    < MD5 for: EXPLORER.ADMX >
    [2009/06/10 13:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

    < MD5 for: EXPLORER.EXE >
    [2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 20:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

    < MD5 for: EXPLORER.EXE.MUI >
    [2011/04/12 01:17:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
    [2011/04/12 01:17:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
    [2011/04/12 01:17:21 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
    [2011/04/12 01:17:21 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

    < MD5 for: EXPLORER.ZIP >
    [2006/03/06 22:48:08 | 000,020,394 | ---- | M] () MD5=B469409C2B2A33C542190B720E11BD79 -- C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\VSTA\ItemTemplates\VisualBasic\1033\Explorer.zip

    < MD5 for: IEXPLORE.EXE >
    [2013/01/08 18:53:45 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=0100BCF23941C83462E4A70F94C3392E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_0d2c5bc980874648\iexplore.exe
    [2013/05/16 19:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=07DFD28E57879554D054464EE4A5662D -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
    [2013/05/16 19:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=07DFD28E57879554D054464EE4A5662D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_20d88bb252a3770f\iexplore.exe
    [2013/02/01 20:22:24 | 000,757,296 | ---- | M] (Microsoft Corporation) MD5=0D286C0FE561D1A7EB30E83A0FF305B2 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_178ed6e5b4dd3857\iexplore.exe
    [2013/02/26 14:16:40 | 000,770,560 | ---- | M] (Microsoft Corporation) MD5=2859EBC065D2E1CCC94161CE28BAC085 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16521_none_20e4a040529a2792\iexplore.exe
    [2013/02/24 17:58:09 | 000,775,232 | ---- | M] (Microsoft Corporation) MD5=28F93BAFB3EB407E99A7ED3D9DBDE04C -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20644_none_ffb93ba237e760ce\iexplore.exe
    [2013/04/04 22:55:38 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=2DC6BD1047553611DAEF97C751131A5D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20681_none_0a122b746c443b42\iexplore.exe
    [2013/05/16 18:57:28 | 000,770,648 | ---- | M] (Microsoft Corporation) MD5=3902E280F6117A468D5573343A7AA1F6 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_09ffa3426c5372da\iexplore.exe
    [2013/02/21 05:59:57 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=6554208814632C25C77EE02355EB8E95 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16540_none_16920d4a1e377ea4\iexplore.exe
    [2013/02/26 14:16:38 | 000,775,184 | ---- | M] (Microsoft Corporation) MD5=681B380492ACB571ED6CCC1F37F53343 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16521_none_168ff5ee1e396597\iexplore.exe
    [2013/01/08 15:42:06 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=698EB1E5F8C66344D97C00B5699E871D -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_1781061bb4e80843\iexplore.exe
    [2010/11/20 20:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
    [2013/05/16 20:02:08 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=8F00471CA24ADF8D2AFAACF856EB70A4 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_ffaaf8f037f2b0df\iexplore.exe
    [2013/02/24 16:52:40 | 000,770,624 | ---- | M] (Microsoft Corporation) MD5=A11C5E3E288256C540B7ED8BE3A04B01 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20644_none_0a0de5f46c4822c9\iexplore.exe
    [2013/04/04 23:02:26 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=AAD90795E84E710543C6C7C2F7048E30 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_20e92fca5296266a\iexplore.exe
    [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\iexplore.exe
    [2010/11/20 20:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
    [2013/04/05 00:53:33 | 000,775,232 | ---- | M] (Microsoft Corporation) MD5=CEA304830B4770BDA3572B87D0841848 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_169485781e35646f\iexplore.exe
    [2013/04/05 00:23:03 | 000,775,216 | ---- | M] (Microsoft Corporation) MD5=DE751E18F8DBF7BCCE46989CBA4A9828 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20681_none_ffbd812237e37947\iexplore.exe
    [2013/02/21 04:28:11 | 000,770,608 | ---- | M] (Microsoft Corporation) MD5=E4F6125ED5185F8FA37CC4F449B85526 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16540_none_20e6b79c5298409f\iexplore.exe
    [2013/05/16 20:30:45 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=EDC77CF787FA015205936C9A3228486E -- C:\Program Files\Internet Explorer\iexplore.exe
    [2013/05/16 20:30:45 | 000,775,256 | ---- | M] (Microsoft Corporation) MD5=EDC77CF787FA015205936C9A3228486E -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_1683e1601e42b514\iexplore.exe
    [2013/01/08 17:51:57 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=EF1F6F41FB2C9BBB484B21017F380201 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_0daa285e99ade8ac\iexplore.exe
    [2013/01/08 14:32:42 | 000,757,280 | ---- | M] (Microsoft Corporation) MD5=F05982E56ABD835AA8DF260EEC873E5B -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_17fed2b0ce0eaaa7\iexplore.exe
    [2013/02/01 20:22:24 | 000,763,424 | ---- | M] (Microsoft Corporation) MD5=FD0D2E1FAEBAE5031BE2EB8000D973F1 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16457_none_0d3a2c93807c765c\iexplore.exe

    < MD5 for: IEXPLORE.EXE.MUI >
    [2013/02/01 20:22:24 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
    [2013/02/01 20:22:24 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
    [2013/02/26 14:16:40 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
    [2013/02/26 14:16:38 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
    [2013/02/26 14:16:38 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_103c8b6555e6a67e\iexplore.exe.mui
    [2013/02/26 14:16:40 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=8EDDC50FD07326E7DF9C4EEA422F0918 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_10.2.9200.16521_en-us_1a9135b78a476879\iexplore.exe.mui
    [2009/07/13 19:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
    [2009/07/13 19:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui

    < MD5 for: IEXPLORE.EXE-7A9337F2.PF >
    [2013/07/03 10:35:12 | 000,125,448 | ---- | M] () MD5=B5B097225A3D7FD62454EB0943D08AC3 -- C:\Windows\Prefetch\IEXPLORE.EXE-7A9337F2.pf

    < MD5 for: IEXPLORE.EXE-F4FB5D2D.PF >
    [2013/07/03 10:43:39 | 000,389,716 | ---- | M] () MD5=4308AF88AAE99030EAC12076ECB7E750 -- C:\Windows\Prefetch\IEXPLORE.EXE-F4FB5D2D.pf

    < MD5 for: SERVICES >
    [2009/06/10 14:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

    < MD5 for: SERVICES.CFG >
    [2012/09/23 20:43:36 | 000,603,848 | R--- | M] () MD5=81B120EAEE296F0E54F66C16C5A21367 -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744BA0000000010\11.0.0\services.cfg
    [2013/05/11 03:37:26 | 000,558,990 | ---- | M] () MD5=FE8FB005031C2574E990DAC1F9F5ACF8 -- C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Services\Services.cfg

    < MD5 for: SERVICES.EXE >
    [2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
    [2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

    < MD5 for: SERVICES.EXE.MUI >
    [2011/04/12 01:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\SysNative\en-US\services.exe.mui
    [2011/04/12 01:17:17 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

    < MD5 for: SERVICES.LNK >
    [2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
    [2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

    < MD5 for: SERVICES.MOF >
    [2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\SysNative\wbem\services.mof
    [2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

    < MD5 for: SERVICES.MSC >
    [2011/04/12 01:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\en-US\services.msc
    [2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysNative\services.msc
    [2011/04/12 01:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
    [2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
    [2011/04/12 01:17:16 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
    [2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
    [2011/04/12 01:17:18 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
    [2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

    < MD5 for: SERVICES.PTXML >
    [2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\SysNative\wdi\perftrack\Services.ptxml
    [2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

    < MD5 for: WINLOGON.ADML >
    [2011/04/12 01:17:31 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

    < MD5 for: WINLOGON.ADMX >
    [2009/06/10 14:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

    < MD5 for: WINLOGON.EXE >
    [2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
    [2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
    [2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

    < MD5 for: WINLOGON.EXE.MUI >
    [2011/04/12 01:17:16 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\SysNative\en-US\winlogon.exe.mui
    [2011/04/12 01:17:16 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui

    < MD5 for: WINLOGON.MFL >
    [2011/04/12 01:17:17 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\SysNative\wbem\en-US\winlogon.mfl
    [2011/04/12 01:17:17 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

    < MD5 for: WINLOGON.MOF >
    [2009/07/13 13:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\SysNative\wbem\winlogon.mof
    [2009/07/13 13:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof

    < %SYSTEMDRIVE%\*.* >
    [2013/03/04 20:30:55 | 000,000,000 | ---- | M] () -- C:\END
    [2013/04/04 12:26:01 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
    [2013/07/02 18:57:02 | 052,076,543 | -HS- | M] () -- C:\hiberfil.sys
    [2013/07/02 18:57:02 | 1501,093,887 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < dir "%systemdrive%\*" /S /A:L /C >
    Volume in drive C is OS
    Volume Serial Number is 3600-CC64
    Directory of C:\
    07/13/2009 10:08 PM <JUNCTION> Documents and Settings [C:\Users]
    0 File(s) 0 bytes
    Directory of C:\ProgramData
    07/13/2009 10:08 PM <JUNCTION> Application Data [C:\ProgramData]
    07/13/2009 10:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
    07/13/2009 10:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
    07/13/2009 10:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
    07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
    07/13/2009 10:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users
    07/13/2009 10:08 PM <SYMLINKD> All Users [C:\ProgramData]
    07/13/2009 10:08 PM <JUNCTION> Default User [C:\Users\Default]
    0 File(s) 0 bytes
    Directory of C:\Users\All Users
    07/13/2009 10:08 PM <JUNCTION> Application Data [C:\ProgramData]
    07/13/2009 10:08 PM <JUNCTION> Desktop [C:\Users\Public\Desktop]
    07/13/2009 10:08 PM <JUNCTION> Documents [C:\Users\Public\Documents]
    07/13/2009 10:08 PM <JUNCTION> Favorites [C:\Users\Public\Favorites]
    07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
    07/13/2009 10:08 PM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Default
    07/13/2009 10:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
    07/13/2009 10:08 PM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
    07/13/2009 10:08 PM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
    07/13/2009 10:08 PM <JUNCTION> My Documents [C:\Users\Default\Documents]
    07/13/2009 10:08 PM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    07/13/2009 10:08 PM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    07/13/2009 10:08 PM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
    07/13/2009 10:08 PM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
    07/13/2009 10:08 PM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
    07/13/2009 10:08 PM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Default\AppData\Local
    07/13/2009 10:08 PM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
    07/13/2009 10:08 PM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
    07/13/2009 10:08 PM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\Default\Documents
    07/13/2009 10:08 PM <JUNCTION> My Music [C:\Users\Default\Music]
    07/13/2009 10:08 PM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
    07/13/2009 10:08 PM <JUNCTION> My Videos [C:\Users\Default\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\Home
    02/01/2013 05:38 PM <JUNCTION> Application Data [C:\Users\Home\AppData\Roaming]
    02/01/2013 05:38 PM <JUNCTION> Cookies [C:\Users\Home\AppData\Roaming\Microsoft\Windows\Cookies]
    02/01/2013 05:38 PM <JUNCTION> Local Settings [C:\Users\Home\AppData\Local]
    02/01/2013 05:38 PM <JUNCTION> My Documents [C:\Users\Home\Documents]
    02/01/2013 05:38 PM <JUNCTION> NetHood [C:\Users\Home\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
    02/01/2013 05:38 PM <JUNCTION> PrintHood [C:\Users\Home\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
    02/01/2013 05:38 PM <JUNCTION> Recent [C:\Users\Home\AppData\Roaming\Microsoft\Windows\Recent]
    02/01/2013 05:38 PM <JUNCTION> SendTo [C:\Users\Home\AppData\Roaming\Microsoft\Windows\SendTo]
    02/01/2013 05:38 PM <JUNCTION> Start Menu [C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu]
    02/01/2013 05:38 PM <JUNCTION> Templates [C:\Users\Home\AppData\Roaming\Microsoft\Windows\Templates]
    0 File(s) 0 bytes
    Directory of C:\Users\Home\AppData\Local
    02/01/2013 05:38 PM <JUNCTION> Application Data [C:\Users\Home\AppData\Local]
    02/01/2013 05:38 PM <JUNCTION> History [C:\Users\Home\AppData\Local\Microsoft\Windows\History]
    02/01/2013 05:38 PM <JUNCTION> Temporary Internet Files [C:\Users\Home\AppData\Local\Microsoft\Windows\Temporary Internet Files]
    0 File(s) 0 bytes
    Directory of C:\Users\Home\Documents
    02/01/2013 05:38 PM <JUNCTION> My Music [C:\Users\Home\Music]
    02/01/2013 05:38 PM <JUNCTION> My Pictures [C:\Users\Home\Pictures]
    02/01/2013 05:38 PM <JUNCTION> My Videos [C:\Users\Home\Videos]
    0 File(s) 0 bytes
    Directory of C:\Users\Public\Documents
    07/13/2009 10:08 PM <JUNCTION> My Music [C:\Users\Public\Music]
    07/13/2009 10:08 PM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
    07/13/2009 10:08 PM <JUNCTION> My Videos [C:\Users\Public\Videos]
    0 File(s) 0 bytes
    Total Files Listed:
    0 File(s) 0 bytes
    50 Dir(s) 933,754,974,208 bytes free

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2013/02/01 20:52:01 | 000,000,221 | -HS- | M] () -- C:\Users\Home\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2013/07/03 10:43:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Home\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

    ========== Base Services ==========
    SRV:64bit: - [2009/07/13 18:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc)
    SRV:64bit: - [2013/02/26 22:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo)
    SRV:64bit: - [2009/07/13 18:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG)
    SRV:64bit: - [2010/11/20 20:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS)
    SRV:64bit: - [2010/11/20 20:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE)
    SRV:64bit: - [2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso)
    SRV:64bit: - [2009/07/13 18:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem)
    SRV - [2009/07/13 18:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem)
    SRV:64bit: - [2012/07/04 15:13:27 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser)
    SRV:64bit: - [2013/05/12 22:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc)
    SRV - [2013/05/12 21:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc)
    SRV:64bit: - [2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch)
    SRV:64bit: - [2010/11/20 20:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
    SRV - [2010/11/20 20:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
    SRV:64bit: - [2011/03/02 23:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache)
    SRV:64bit: - [2009/07/13 18:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost)
    SRV:64bit: - [2009/07/13 18:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv)
    SRV - [2009/07/13 18:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv)
    SRV:64bit: - [2009/07/13 18:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess)
    SRV:64bit: - [2010/11/20 20:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent)
    No service found with a name of MsMpSvc
    No service found with a name of NisSrv
    SRV:64bit: - [2009/07/13 18:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\swprv.dll -- (swprv)
    SRV:64bit: - [2009/07/13 18:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS)
    SRV:64bit: - [2009/07/13 18:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman)
    SRV:64bit: - [2009/07/13 18:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm)
    SRV - [2009/07/13 18:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm)
    SRV:64bit: - [2012/10/03 10:44:21 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc)
    SRV:64bit: - [2009/07/13 18:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi)
    SRV:64bit: - [2011/05/24 04:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay)
    SRV:64bit: - [2012/02/10 23:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler)
    SRV:64bit: - [2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage)
    No service found with a name of EMDMgmt
    SRV:64bit: - [2009/07/13 18:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto)
    SRV:64bit: - [2010/11/20 20:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasmans.dll -- (RasMan)
    SRV:64bit: - [2010/11/20 20:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs)
    SRV:64bit: - [2010/11/20 20:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon)
    SRV:64bit: - [2011/11/16 23:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs)
    SRV:64bit: - [2009/07/13 18:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc)
    SRV:64bit: - [2010/11/20 20:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer)
    SRV:64bit: - [2010/11/20 20:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection)
    SRV - [2010/11/20 20:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection)
    No service found with a name of slsvc
    SRV:64bit: - [2010/11/20 20:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule)
    SRV:64bit: - [2010/11/20 20:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv)
    SRV - [2010/11/20 20:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv)
    SRV:64bit: - [2009/07/13 18:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
    SRV:64bit: - [2012/04/30 22:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc)
    SRV:64bit: - [2010/11/20 20:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS)
    SRV:64bit: - [2010/11/20 20:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv)
    SRV:64bit: - [2010/11/20 20:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioEndpointBuilder)
    SRV:64bit: - [2010/11/20 20:25:06 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\sdrsvc.dll -- (SDRSVC)
    SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2010/11/20 20:23:55 | 001,646,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wevtsvc.dll -- (eventlog)
    SRV:64bit: - [2010/11/20 20:24:28 | 000,828,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\MPSSVC.dll -- (MpsSvc)
    SRV:64bit: - [2010/11/20 20:24:48 | 000,580,096 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wiaservc.dll -- (stisvc)
    SRV:64bit: - [2010/11/20 20:24:15 | 000,128,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\msiexec.exe -- (msiserver)
    SRV - [2010/11/20 20:24:28 | 000,073,216 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWow64\msiexec.exe -- (msiserver)
    SRV:64bit: - [2009/07/13 18:41:56 | 000,242,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wbem\WMIsvc.dll -- (Winmgmt)
    SRV:64bit: - [2012/06/02 15:19:43 | 002,428,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wuaueng.dll -- (wuauserv)
    SRV:64bit: - [2010/11/20 20:24:09 | 000,252,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\dot3svc.dll -- (dot3svc)
    SRV:64bit: - [2009/07/13 18:41:56 | 000,886,784 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlansvc.dll -- (Wlansvc)
    SRV:64bit: - [2010/11/20 20:24:32 | 000,118,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wkssvc.dll -- (LanmanWorkstation)

    ========== Drive Information ==========

    Physical Drives
    ---------------

    Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
    Interface type: IDE
    Media Type: Fixed hard disk media
    Model: Hitachi HDS721010CLA630 SATA Disk Device
    Partitions: 4
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE1 -
    Interface type: USB
    Media Type:
    Model: Generic- SD/MMC USB Device
    Partitions: 0
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE2 -
    Interface type: USB
    Media Type:
    Model: Generic- Compact Flash USB Device
    Partitions: 0
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE3 -
    Interface type: USB
    Media Type:
    Model: Generic- SM/xD-Picture USB Device
    Partitions: 0
    Status: OK
    Status Info: 0

    Drive: \\\\.\\PHYSICALDRIVE4 -
    Interface type: USB
    Media Type:
    Model: Generic- MS/MS-Pro USB Device
    Partitions: 0
    Status: OK
    Status Info: 0

    Partitions
    ---------------

    DeviceID: Disk #0, Partition #0
    PartitionType: GPT: Unknown
    Bootable: False
    BootPartition: False
    PrimaryPartition: False
    Size: 1,023.00MB
    Starting Offset: 1048576
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #1
    PartitionType: GPT: System
    Bootable: True
    BootPartition: True
    PrimaryPartition: True
    Size: 360.00MB
    Starting Offset: 1073741824
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #2
    PartitionType: GPT: Basic Data
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 911.00GB
    Starting Offset: 1585446912
    Hidden sectors: 0


    DeviceID: Disk #0, Partition #3
    PartitionType: GPT: Basic Data
    Bootable: False
    BootPartition: False
    PrimaryPartition: True
    Size: 19.00GB
    Starting Offset: 979388858368
    Hidden sectors: 0


    < End of report >


    OTL Extras logfile created on: 7/3/2013 10:55:56 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16614)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.40 Gb Total Physical Memory | 4.07 Gb Available Physical Memory | 75.44% Memory free
    10.79 Gb Paging File | 9.00 Gb Available in Paging File | 83.35% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 910.65 Gb Total Space | 869.80 Gb Free Space | 95.51% Space Free | Partition Type: NTFS
    Drive D: | 19.39 Gb Total Space | 2.42 Gb Free Space | 12.50% Space Free | Partition Type: NTFS

    Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0283A0DB-8AFA-4559-BC7C-38611C3189E7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{11586805-3AC9-4E9C-8F01-74BBE9B71BB5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{141D4315-F35C-4CFA-A975-B5479B60B787}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{3B5DF3C6-D767-430F-8383-C9DE7F99E2BC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{BE8812F2-CDC4-48F5-A59D-B0EE1FADA3D9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{EBBFD7B2-AA43-4051-BD33-0F1870D78AAB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{F48F5D42-E619-4D82-813D-59E5EB397F3C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{FB2F92E3-E0DA-4519-B90E-2D166E6A77CA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
  6. 2013-07-03, 20:21 #6
    cv18sro
    cv18sro is offline
    Member
    Join Date
    Jan 2009
    Posts
    35

    Default

    Here is the last half of OTL.txt

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
    "{09350823-BE9F-4CC1-B621-C8F113F714D5}" = AVG 2013
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{AE7891D8-2340-4CD6-BA0A-6C8C01F7B4B4}" = AVG 2013
    "{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
    "{CD2F75E2-076F-0BF5-C887-773D90E84639}" = AMD USB 3.0 Device Detector
    "{DFEFBFBF-02CF-3316-B694-B3C44C9C02B9}" = AMD Catalyst Install Manager
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "AVG" = AVG 2013
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.51
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Shop for HP Supplies" = Shop for HP Supplies

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
    "{17271AB7-D7EC-4a95-9861-FAFE5A4664AD}" = 6300Trb
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
    "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
    "{BC39DBA4-D1B7-483C-BA0D-9EB0BB0B6DCF}" = 6300
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{BDEDBDD9-C97B-4333-B7BE-6979A34F6F74}" = 6300_Help
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
    "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{FB03A941-815E-42F2-B604-FCE5636DB90B}" = AVG PC TuneUp Language Pack (en-US)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ERUNT_is1" = ERUNT 1.1j
    "Greetings Workshop" = Greetings Workshop
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Rhapsody" = Rhapsody
    "ShopAtHome.com Helper" = ShopAtHome.com Helper
    "ShopAtHome.com Toolbar" = ShopAtHome.com Toolbar
    "Yahoo! Companion" = Yahoo! Toolbar

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/28/2013 4:15:04 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 6/28/2013 5:27:41 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: vprot.exe, version: 15.3.0.11, time stamp:
    0x51b85318 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xb50 Faulting application
    start time: 0x01ce743bf9f0352d Faulting application path: C:\Program Files (x86)\AVG
    SafeGuard toolbar\vprot.exe Faulting module path: unknown Report Id: 8fca278e-e039-11e2-9907-78e3b5b2b4b7

    Error - 6/29/2013 3:31:12 AM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 6/29/2013 2:39:21 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 6/29/2013 3:46:37 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: qw.exe, version: 17.1.9.2, time stamp:
    0x49065244 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process id:
    0x12d4 Faulting application start time: 0x01ce74fde772b6a0 Faulting application path:
    C:\Program Files (x86)\Quicken\qw.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: 9c1720ca-e0f4-11e2-b8fc-78e3b5b2b4b7

    Error - 6/29/2013 7:22:21 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: qw.exe, version: 17.1.9.2, time stamp:
    0x49065244 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00034263 Faulting process id:
    0x6c0 Faulting application start time: 0x01ce751f7aa8d52d Faulting application path:
    C:\Program Files (x86)\Quicken\qw.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: bf3e2d4d-e112-11e2-b8fc-78e3b5b2b4b7

    Error - 7/1/2013 3:50:51 PM | Computer Name = Home-PC | Source = Windows Backup | ID = 4103
    Description =

    Error - 7/1/2013 7:03:35 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16611,
    time stamp: 0x5191e7aa Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00038dc9 Faulting
    process id: 0x1ba4 Faulting application start time: 0x01ce76af274f493c Faulting application
    path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
    C:\Windows\SysWOW64\ntdll.dll Report Id: 74f450ee-e2a2-11e2-b8fc-78e3b5b2b4b7

    Error - 7/2/2013 2:30:25 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 7/2/2013 9:58:45 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 5/7/2013 4:26:37 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2

    Error - 5/8/2013 2:53:35 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 5/8/2013 3:50:26 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2

    Error - 5/8/2013 3:56:41 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 5/8/2013 2:57:26 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2

    Error - 5/9/2013 3:31:45 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 5/9/2013 3:42:14 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2

    Error - 5/9/2013 4:21:25 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 5/9/2013 4:22:10 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2

    Error - 5/9/2013 5:39:46 PM | Computer Name = Home-PC | Source = DCOM | ID = 10016
    Description =


    < End of report >
  7. 2013-07-03, 20:23 #7
    cv18sro
    cv18sro is offline
    Member
    Join Date
    Jan 2009
    Posts
    35

    Default

    And here is the Extras.txt

    OTL Extras logfile created on: 7/3/2013 10:55:56 AM - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16614)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.40 Gb Total Physical Memory | 4.07 Gb Available Physical Memory | 75.44% Memory free
    10.79 Gb Paging File | 9.00 Gb Available in Paging File | 83.35% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 910.65 Gb Total Space | 869.80 Gb Free Space | 95.51% Space Free | Partition Type: NTFS
    Drive D: | 19.39 Gb Total Space | 2.42 Gb Free Space | 12.50% Space Free | Partition Type: NTFS

    Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0283A0DB-8AFA-4559-BC7C-38611C3189E7}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{11586805-3AC9-4E9C-8F01-74BBE9B71BB5}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{141D4315-F35C-4CFA-A975-B5479B60B787}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
    "{3B5DF3C6-D767-430F-8383-C9DE7F99E2BC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{BE8812F2-CDC4-48F5-A59D-B0EE1FADA3D9}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
    "{EBBFD7B2-AA43-4051-BD33-0F1870D78AAB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
    "{F48F5D42-E619-4D82-813D-59E5EB397F3C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
    "{FB2F92E3-E0DA-4519-B90E-2D166E6A77CA}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
    "{09350823-BE9F-4CC1-B621-C8F113F714D5}" = AVG 2013
    "{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
    "{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{AE7891D8-2340-4CD6-BA0A-6C8C01F7B4B4}" = AVG 2013
    "{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
    "{CD2F75E2-076F-0BF5-C887-773D90E84639}" = AMD USB 3.0 Device Detector
    "{DFEFBFBF-02CF-3316-B694-B3C44C9C02B9}" = AMD Catalyst Install Manager
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
    "AVG" = AVG 2013
    "HP Imaging Device Functions" = HP Imaging Device Functions 13.0
    "HP Photosmart Essential" = HP Photosmart Essential 3.5
    "HP Smart Web Printing" = HP Smart Web Printing 4.51
    "HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
    "HPExtendedCapabilities" = HP Customer Participation Program 13.0
    "HPOCR" = OCR Software by I.R.I.S. 13.0
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Shop for HP Supplies" = Shop for HP Supplies

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
    "{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
    "{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
    "{17271AB7-D7EC-4a95-9861-FAFE5A4664AD}" = 6300Trb
    "{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
    "{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
    "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
    "{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
    "{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
    "{3B0F52AC-EF5C-4831-B221-06C782E41280}" = Quicken 2008
    "{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
    "{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
    "{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
    "{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
    "{553C904F-57A2-4113-888E-BA0C3D1C69C0}" = Microsoft VC9 runtime libraries
    "{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
    "{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
    "{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
    "{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
    "{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
    "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
    "{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{95140000-0081-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
    "{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
    "{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
    "{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
    "{BC39DBA4-D1B7-483C-BA0D-9EB0BB0B6DCF}" = 6300
    "{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
    "{BDEDBDD9-C97B-4333-B7BE-6979A34F6F74}" = 6300_Help
    "{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
    "{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
    "{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
    "{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
    "{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
    "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{FB03A941-815E-42F2-B604-FCE5636DB90B}" = AVG PC TuneUp Language Pack (en-US)
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "ERUNT_is1" = ERUNT 1.1j
    "Greetings Workshop" = Greetings Workshop
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Rhapsody" = Rhapsody
    "ShopAtHome.com Helper" = ShopAtHome.com Helper
    "ShopAtHome.com Toolbar" = ShopAtHome.com Toolbar
    "Yahoo! Companion" = Yahoo! Toolbar

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 6/28/2013 4:15:04 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 6/28/2013 5:27:41 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: vprot.exe, version: 15.3.0.11, time stamp:
    0x51b85318 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x00000000 Faulting process id: 0xb50 Faulting application
    start time: 0x01ce743bf9f0352d Faulting application path: C:\Program Files (x86)\AVG
    SafeGuard toolbar\vprot.exe Faulting module path: unknown Report Id: 8fca278e-e039-11e2-9907-78e3b5b2b4b7

    Error - 6/29/2013 3:31:12 AM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 6/29/2013 2:39:21 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 6/29/2013 3:46:37 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: qw.exe, version: 17.1.9.2, time stamp:
    0x49065244 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b8f Exception code: 0xc0000374 Fault offset: 0x000ce6c3 Faulting process id:
    0x12d4 Faulting application start time: 0x01ce74fde772b6a0 Faulting application path:
    C:\Program Files (x86)\Quicken\qw.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: 9c1720ca-e0f4-11e2-b8fc-78e3b5b2b4b7

    Error - 6/29/2013 7:22:21 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: qw.exe, version: 17.1.9.2, time stamp:
    0x49065244 Faulting module name: ntdll.dll, version: 6.1.7601.17725, time stamp:
    0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00034263 Faulting process id:
    0x6c0 Faulting application start time: 0x01ce751f7aa8d52d Faulting application path:
    C:\Program Files (x86)\Quicken\qw.exe Faulting module path: C:\Windows\SysWOW64\ntdll.dll
    Report
    Id: bf3e2d4d-e112-11e2-b8fc-78e3b5b2b4b7

    Error - 7/1/2013 3:50:51 PM | Computer Name = Home-PC | Source = Windows Backup | ID = 4103
    Description =

    Error - 7/1/2013 7:03:35 PM | Computer Name = Home-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: IEXPLORE.EXE, version: 10.0.9200.16611,
    time stamp: 0x5191e7aa Faulting module name: ntdll.dll, version: 6.1.7601.17725,
    time stamp: 0x4ec49b8f Exception code: 0xc0000005 Fault offset: 0x00038dc9 Faulting
    process id: 0x1ba4 Faulting application start time: 0x01ce76af274f493c Faulting application
    path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Faulting module path:
    C:\Windows\SysWOW64\ntdll.dll Report Id: 74f450ee-e2a2-11e2-b8fc-78e3b5b2b4b7

    Error - 7/2/2013 2:30:25 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 7/2/2013 9:58:45 PM | Computer Name = Home-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 5/7/2013 4:26:37 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2

    Error - 5/8/2013 2:53:35 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 5/8/2013 3:50:26 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2

    Error - 5/8/2013 3:56:41 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 5/8/2013 2:57:26 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2

    Error - 5/9/2013 3:31:45 AM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 5/9/2013 3:42:14 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2

    Error - 5/9/2013 4:21:25 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7006
    Description = The ScRegSetValueExW call failed for FailureActions with the following
    error: %%5

    Error - 5/9/2013 4:22:10 PM | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000
    Description = The MCSTRM service failed to start due to the following error: %%2

    Error - 5/9/2013 5:39:46 PM | Computer Name = Home-PC | Source = DCOM | ID = 10016
    Description =


    < End of report >
  8. 2013-07-04, 03:12 #8
    OCD
    OCD is offline
    Malware Team-Emeritus
    Join Date
    Sep 2012
    Location
    Florida, USA
    Posts
    1,161

    Default

    Hi cv18sro,

    That's fine, reply when you have access to the computer.

    =========================

    1. Uninstall via Programs and Features

    Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:

    • Ask Toolbar
    • AVG Secure Search
    • AVG SafeGuard toolbar
    • ShopAtHome.com Helper
    • ShopAtHome.com Toolbar

    =========================

    2. Run OTL.exe

    Windows Vista and Windows 7 users Right Click and select "Run as Administrator"
    • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

      Code:
      :OTL
PRC - C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\ToolbarUpdater.exe (AVG Secure Search)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.3.0\loggingserver.exe ()
PRC - C:\Users\Home\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe ()
PRC - C:\Users\Home\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeHelper.exe (ShopAtHome.com)
PRC - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
IE - HKCU\..\SearchScopes\{2B250660-6553-4C46-B53B-21737CE73FDF}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=86AE981E-E079-46CD-B048-BEA35B6EAC75&apn_sauid=565D380F-D68B-414D-85A7-0C3BD168394C
IE - HKCU\..\SearchScopes\{8417E916-05DB-4A01-A612-C31402F59A3D}: "URL" = http://websearch.shopathome.com?user_id={2B3BCB7E-C331-499E-BA8D-A6373251DCBF}&q={searchTerms}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://mysearch.avg.com/search?cid={4625A3ED-0CCA-4DD8-B101-6B1E55C9FA15}&mid=fd67b371a2f447d3acbda9aaf3565d44-55a284af6311e149f3b3344a1c03511c75e5ed88&lang=en&ds=AVG&pr=fr&d=2013-03-25 12:20:51&v=15.2.0.5&pid=safeguard&sg=0&sap=dsp&q={searchTerms}
O2 - BHO: (ShopAtHome.com Cash Back Helper) - {66516A07-F617-488A-90CF-4E690CFB3C5F} - C:\Users\Home\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O2 - BHO: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {311B58DC-A4DC-4B04-B1B5-60299AD3D803} - C:\Users\Home\AppData\Roaming\ShopAtHome\ShopAtHomeToolbar\tbcore3U.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (AVG SafeGuard toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG SafeGuard toolbar\15.3.0.11\AVG SafeGuard toolbar_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ShopAtHomeWatcher] C:\Users\Home\AppData\Roaming\ShopAtHome\ShopAtHomeHelper\ShopAtHomeWatcher.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe ()
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhap-app-4-0] https in Trusted sites)
O15 - HKCU\..Trusted Domains: rhapsody.com ([rhapreg] https in Trusted sites)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.3.0\ViProtocol.dll (AVG Secure Search)
[2013/06/23 13:23:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2013/06/23 13:21:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask

:Files
C:\Program Files (x86)\Common Files\AVG Secure Search

:Services
vToolbarUpdater15.3.0

:Commands
[purity]
[createrestorepoint]
[emptyjava]
[emptyflash]
[Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot when it is done

    =========================

    3. AdwCleaner

    Download AdwCleaner to your desktop.

    Right click and select "Run as Administrator".
    • Run AdwCleaner and select Delete
    • Once done it will ask to reboot, allow the reboot
    • On reboot a log will be produced, please attach the content of the log to your next reply

    =========================

    In your next post please provide the following:

    • AdwCleaner[S1].txt
    • OTL.txt
    • How is the computer running?
    OCD
    ----------
    Graduate of WTT Classroom
    Member of UNITE

    Threads will be closed if no response after 5 days
  9. 2013-07-04, 05:11 #9
    cv18sro
    cv18sro is offline
    Member
    Join Date
    Jan 2009
    Posts
    35

    Default

    Ok I removed Ask Toolbar, Ask Toolbar Updater, and Shop at Home Tool Bar.

    AVG Secure Search was not listed to remove (I remember removing this about 3 months ago)
    AVG Toolbar was not listed to remove (I removed this about 3 months ago)
    Shop at Home Updater was not listed to remove

    I was little confused after running the OTL Fix as you instructed as I did not see a text file after it was finished. So I ran an OTL scan just as you had instructed in your first post. If that was wrong I apologize, as I assumed you wanted an OTL.txt as you requested. The OTL will be placed in a separate post.

    Below is the ADWCleaner.txt- Yes the computer seems to reboot faster and less lag when loading windows.

    # AdwCleaner v2.304 - Logfile created 07/03/2013 at 19:56:51
    # Updated 03/07/2013 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
    # User : Home - HOME-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Home\Desktop\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Deleted : C:\END
    File Deleted : C:\Users\Home\AppData\Local\Temp\Uninstall.exe
    Folder Deleted : C:\Program Files (x86)\SaveValet
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\Tarma Installer

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc
    Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKCU\Software\SocialBit
    Key Deleted : HKCU\Software\YahooPartnerToolbar
    Key Deleted : HKLM\Software\AVG Security Toolbar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\S
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
    Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
    Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
    Key Deleted : HKLM\Software\CompeteInc
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
    Key Deleted : HKLM\SOFTWARE\Tarma Installer

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v10.0.9200.16611

    [OK] Registry is clean.

    -\\ Google Chrome v [Unable to get version]

    File : C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.1] : icon_url ={"browser":{"check_default_browser":false,"last_known_google_url":"hxxps://www.google.com/","last_pr[...]

    *************************

    AdwCleaner[S1].txt - [5011 octets] - [03/07/2013 19:56:51]

    ########## EOF - C:\AdwCleaner[S1].txt - [5071 octets] ##########
  10. 2013-07-04, 05:15 #10
    cv18sro
    cv18sro is offline
    Member
    Join Date
    Jan 2009
    Posts
    35

    Default

    OTL logfile created on: 7/3/2013 8:03:51 PM - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Home\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16614)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.40 Gb Total Physical Memory | 3.64 Gb Available Physical Memory | 67.38% Memory free
    10.79 Gb Paging File | 8.94 Gb Available in Paging File | 82.82% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 910.65 Gb Total Space | 869.26 Gb Free Space | 95.45% Space Free | Partition Type: NTFS
    Drive D: | 19.39 Gb Total Space | 2.42 Gb Free Space | 12.50% Space Free | Partition Type: NTFS

    Computer Name: HOME-PC | User Name: Home | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Home\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    PRC - C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe (Advanced Micro Devices, Inc.)
    PRC - C:\Program Files (x86)\Greetings Workshop\GWREMIND.EXE (Microsoft Corporation)


    ========== Modules (No Company Name) ==========


    ========== Services (SafeList) ==========

    SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
    SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
    SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
    SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
    DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
    DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
    DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
    DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
    DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
    DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
    DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
    DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
    DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
    DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (AtcL001) -- C:\Windows\SysNative\drivers\l160x64.sys (Atheros Communications, Inc.)
    DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
    DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (Atc002) -- C:\Windows\SysNative\drivers\l260x64.sys (Atheros Communications, Inc.)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?PC=msnHomeST&OCID=msnHomepage
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B2 87 97 DB 4E 28 CE 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/02/04 12:56:42 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013/02/04 12:56:42 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: No name found = C:\Users\Home\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
    O4:64bit: - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\ATI Technologies\AMDUSB3DeviceDetector\nusb3mon.exe (Advanced Micro Devices, Inc.)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - Startup: C:\Users\Home\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Greetings Workshop Reminders.lnk = C:\Program Files (x86)\Greetings Workshop\GWREMIND.EXE (Microsoft Corporation)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/s...irector/sw.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 205.171.3.65
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{37ABFF8C-6FD4-4331-A23F-ADFC5D0EF40B}: DhcpNameServer = 192.168.0.1 205.171.3.65
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules