Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please help with removing Trojan Horse and Malware [Solved]

Started by Kandi_smoove , Jun 19 2012 08:06 PM

  • This topic is locked This topic is locked

#31
Kandi_smoove
Posted 25 June 2012 - 04:32 PM

Kandi_smoove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Cool that actually went much quicker than I thought it would lol. My computer booted way faster and smoother than it has been and I haven't had any pop ups or symptoms. Thank you so much for all your help and time here is my OLT


OTL logfile created on: 6/25/2012 2:57:08 PM - Run 2
OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Smoove\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 59.34% Memory free
7.49 Gb Paging File | 5.58 Gb Available in Paging File | 74.55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.35 Gb Total Space | 43.76 Gb Free Space | 9.70% Space Free | Partition Type: NTFS
Drive D: | 14.12 Gb Total Space | 1.76 Gb Free Space | 12.48% Space Free | Partition Type: NTFS
Drive G: | 99.02 Mb Total Space | 90.89 Mb Free Space | 91.78% Space Free | Partition Type: FAT32
Drive H: | 6.31 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 1.86 Gb Total Space | 1.77 Gb Free Space | 94.83% Space Free | Partition Type: FAT

Computer Name: DERP-HP | User Name: Smoove | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/21 19:50:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Smoove\Desktop\OTL.exe
PRC - [2012/04/17 08:19:40 | 003,671,872 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/31 13:09:53 | 001,751,656 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2011/01/27 12:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010/12/10 23:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/09/11 02:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/06/28 13:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/07 01:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 01:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 01:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012/06/07 01:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012/06/07 01:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 01:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 01:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2012/06/07 00:23:19 | 009,252,040 | ---- | M] () -- C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
MOD - [2011/07/30 02:32:58 | 000,137,216 | ---- | M] () -- C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfjkgbjaikamkkojmakjclmkianficch\5.0.2_0\plugin\download_helper.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/11 14:13:23 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2011/09/28 10:12:18 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/07/06 18:29:11 | 000,276,992 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/12/09 23:33:22 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/05 20:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/21 15:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/06/17 05:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2012/06/24 17:39:05 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/31 13:09:53 | 001,751,656 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/09/11 02:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/18 18:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/17 00:06:16 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/11 14:13:38 | 000,022,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/28 10:52:48 | 010,210,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/28 09:34:54 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/09/03 01:05:24 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/31 13:13:41 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/08/31 13:09:53 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/07/06 18:29:11 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/23 02:44:31 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/10 23:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/28 13:37:56 | 000,051,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2010/06/28 13:37:36 | 000,121,936 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2010/06/28 13:33:17 | 000,028,752 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2010/06/28 13:33:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/06/28 13:32:36 | 000,020,048 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/06/17 06:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/05/15 11:04:00 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/05/15 11:04:00 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/05/06 06:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/29 05:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow....ion=6.1-x64-SP1
IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\..\SearchScopes\{44816E91-C68A-2FF3-3D8F-8970062E5600}: "URL" = http://www.startnow....ion=6.1-x64-SP1
IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Smoove\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Smoove\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Download Helper (Enabled) = C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfjkgbjaikamkkojmakjclmkianficch\5.0.2_0\plugin/download_helper.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Smoove\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Theme Creator = C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc\2.4_0\
CHR - Extension: AdBlock = C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.37_0\
CHR - Extension: Poppit = C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Download Assistant = C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfjkgbjaikamkkojmakjclmkianficch\5.0.2_0\
CHR - Extension: ChromeTheme = C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\Default\Extensions\npheankbbofjggkjcipfdmpkpbepomol\1_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3194376446-2550877727-52018730-1002..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3194376446-2550877727-52018730-1002..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F1908BC-BBCE-48CD-A2A7-86145F560170}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F1908BC-BBCE-48CD-A2A7-86145F560170}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C0339D4-C247-4D7B-A87E-D90DCDC5CCA3}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/10/23 00:22:58 | 000,000,283 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{036bdcfb-bf10-11e1-a6a5-984be1c0a9bc}\Shell - "" = AutoRun
O33 - MountPoints2\{036bdcfb-bf10-11e1-a6a5-984be1c0a9bc}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- [2007/10/23 00:45:39 | 001,336,632 | R--- | M] ()
O33 - MountPoints2\{27d59294-c60f-11e0-ad24-984be1c0a9bc}\Shell - "" = AutoRun
O33 - MountPoints2\{27d59294-c60f-11e0-ad24-984be1c0a9bc}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{c23343de-6448-11e1-8908-984be1c0a9bc}\Shell - "" = AutoRun
O33 - MountPoints2\{c23343de-6448-11e1-8908-984be1c0a9bc}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- [2007/10/23 00:45:39 | 001,336,632 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/25 05:07:31 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/24 17:39:03 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/24 17:39:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/06/24 04:52:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/06/22 21:56:21 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/22 03:04:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/22 03:03:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/22 03:03:10 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/06/22 02:50:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/21 19:50:06 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Smoove\Desktop\OTL.exe
[2012/06/21 19:43:02 | 002,622,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/21 19:43:02 | 000,057,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/21 19:43:02 | 000,044,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/21 19:42:30 | 000,701,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/21 19:42:30 | 000,099,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll
[2012/06/21 19:42:30 | 000,038,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/21 19:42:02 | 000,186,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/21 19:42:02 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/19 03:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/06/19 03:58:31 | 000,020,048 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/06/19 03:58:30 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/06/19 03:58:24 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/06/19 03:58:21 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/06/19 03:58:16 | 000,061,008 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/06/19 03:57:40 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/06/19 03:57:38 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/06/19 03:27:44 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/06/19 03:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2012/06/19 03:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2012/06/19 03:08:21 | 000,000,000 | ---D | C] -- C:\Users\Smoove\Documents\Avast AntiVirus 6.0.11 + Serial Keys - {RedDragon}
[2012/06/13 00:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/13 00:03:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/06/12 23:51:41 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Smoove\Documents\spybotsd162.exe
[2012/06/12 15:12:19 | 000,918,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/06/12 15:12:19 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/06/12 15:12:07 | 000,735,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/06/12 15:12:05 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/06/12 15:12:02 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/06/12 15:12:00 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/06/12 15:12:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/06/12 15:11:58 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/06/12 15:11:58 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/06/12 15:11:41 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/06/12 15:11:41 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/06/12 15:11:41 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/06/12 15:11:39 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/06/12 15:11:37 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/06/12 15:11:37 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/06/12 15:11:07 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012/06/12 15:11:01 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012/06/12 15:11:00 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012/06/03 17:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/03 17:32:47 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2012/06/03 17:32:47 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2012/06/03 17:32:47 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2012/06/03 17:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/03 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/03 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/06/03 17:26:25 | 076,761,968 | ---- | C] (Apple Inc.) -- C:\Users\Smoove\Documents\iTunes64Setup.exe
[2012/06/03 17:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/03 17:13:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

========== Files - Modified Within 30 Days ==========

[2012/06/25 15:02:14 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012/06/25 15:00:12 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/25 15:00:12 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/25 14:58:42 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/25 14:58:42 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/25 14:58:42 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/25 14:54:02 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/25 14:53:07 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3194376446-2550877727-52018730-1002UA.job
[2012/06/25 14:52:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/25 14:52:15 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/24 17:39:03 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/06/24 17:39:03 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/06/24 04:52:06 | 293,849,311 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/21 21:32:57 | 000,000,622 | ---- | M] () -- C:\Users\Smoove\Desktop\MBR.zip
[2012/06/21 21:27:48 | 000,000,512 | ---- | M] () -- C:\Users\Smoove\Desktop\MBR.dat
[2012/06/21 19:50:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Smoove\Desktop\OTL.exe
[2012/06/21 19:35:27 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSmoove.job
[2012/06/19 15:53:04 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3194376446-2550877727-52018730-1002Core.job
[2012/06/19 03:58:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/06/17 23:51:22 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDERP-HP$.job
[2012/06/17 19:32:35 | 000,007,680 | ---- | M] () -- C:\Users\Smoove\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/13 04:17:59 | 000,276,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/12 23:52:30 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Smoove\Documents\spybotsd162.exe
[2012/06/03 17:32:52 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/03 17:28:41 | 076,761,968 | ---- | M] (Apple Inc.) -- C:\Users\Smoove\Documents\iTunes64Setup.exe
[2012/06/02 15:19:46 | 000,038,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll
[2012/06/02 15:19:42 | 000,186,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll
[2012/06/02 15:19:42 | 000,057,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe
[2012/06/02 15:19:42 | 000,044,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wups2.dll
[2012/06/02 15:19:23 | 000,701,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll
[2012/06/02 15:15:31 | 002,622,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll
[2012/06/02 15:15:12 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe
[2012/06/02 15:15:08 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll

========== Files Created - No Company Name ==========

[2012/06/24 17:39:06 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/24 04:52:06 | 293,849,311 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/21 21:32:57 | 000,000,622 | ---- | C] () -- C:\Users\Smoove\Desktop\MBR.zip
[2012/06/21 21:27:48 | 000,000,512 | ---- | C] () -- C:\Users\Smoove\Desktop\MBR.dat
[2012/06/19 03:16:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/06/13 14:25:42 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForSmoove.job
[2012/06/03 17:32:52 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/20 17:47:03 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012/04/20 17:47:03 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012/04/20 17:47:03 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012/04/20 17:39:57 | 000,039,806 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2012/04/13 16:36:14 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012/03/02 00:50:58 | 000,000,529 | ---- | C] () -- C:\Windows\eReg.dat
[2012/01/20 13:39:52 | 000,743,906 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/17 20:14:05 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/10/17 20:14:05 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2140.DAT
[2011/08/31 13:14:26 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/07/27 03:14:35 | 000,007,680 | ---- | C] () -- C:\Users\Smoove\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/23 02:46:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/08 18:51:01 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/09/24 15:41:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== LOP Check ==========

[2012/05/12 02:07:23 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\.minecraft
[2011/06/16 23:43:19 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\AnvSoft
[2012/03/02 02:22:41 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\DAEMON Tools Lite
[2011/10/22 04:29:09 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\FrostWire
[2012/06/24 05:50:59 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\IrfanView
[2012/02/27 14:41:44 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\Leadertech
[2011/04/12 08:55:41 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\PictureMover
[2012/05/06 00:04:03 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\Rovio
[2012/05/22 14:34:26 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\runic games
[2012/02/27 02:03:27 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\SoftGrid Client
[2011/04/12 08:54:36 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\Synaptics
[2012/01/20 13:41:01 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\TP
[2012/06/24 05:51:00 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\uTorrent
[2012/05/25 12:50:35 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: SERVICES.EXE >
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009/07/13 18:39:37 | 000,329,216 | ---- | M] (Microsoft Corporation) MD5=50BEA589F7D7958BDD2528A8F69D05CC -- C:\FRST\Quarantine\services.exe

< End of report >

Edited by Kandi_smoove, 25 June 2012 - 04:40 PM.

  • 0

Advertisements

#32
Kandi_smoove
Posted 25 June 2012 - 04:50 PM

Kandi_smoove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
oh sorry heres my fixlog as well :lol: .



Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 24-06-2012
Ran by SYSTEM at 2012-06-25 14:50:41 Run:1
Running from I:\

==============================================

C:\Windows\SysWOW64\%APPDATA% moved successfully.
C:\Program Files (x86)\ConduitEngine moved successfully.
C:\Program Files (x86)\Conduit moved successfully.
C:\Windows\Installer\{1f957569-cd63-6237-8ca9-0c9e5cb16265} moved successfully.

========= netsh int ip reset all =========

Reseting Interface, OK!
Restart the computer to complete this action.


========= End of CMD: =========

C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====
  • 0

#33
michaelg9
Posted 25 June 2012 - 05:15 PM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello
Ok it seems to be gone :cool: It did some damage that we should fix though:

  • Download this reg fix file, save it to Desktop and double click it. Confirm that you'd like to import it into registry.
  • Open Registry Editor (type regedit in Start Menu):
  • Navigate to

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy

  • Right-click Policy and select Permissions
  • Click Add, enter “Everyone” and click OK
  • Click on Everyone in the list at the top, and check the “Allow Full Control” checkbox below.
  • Ckick OK to dismiss this dialog.
  • Exit registry editor


Next:

1. Open the Start Menu.

2. Click on All Programs and Accessories, then right click on Command Prompt and click on Run as administrator. (See screenshot below)
Posted Image

3. In the elevated command prompt, type sfc /scannow and press Enter. (see screenshot below)
NOTE: This may take a little bit to finish.
Posted Image

4. When the scan is complete, copy the line below and paste it at the command prompt. Then press Enter 

findstr /c:"[SR]" %windir%\Logs\CBS\CBS.log >%userprofile%\Desktop\sfcdetails.txt


5. The file sfcdetails.txt will now be on your desktop. Please open it , Edit | select all | copy and paste it in your next reply.

Reboot



Next:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :processes
    killallprocesses

    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
    IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startnow....ion=6.1-x64-SP1
    IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
    IE - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\..\SearchScopes\{44816E91-C68A-2FF3-3D8F-8970062E5600}: "URL" = http://www.startnow....ion=6.1-x64-SP1
    O3 - HKU\S-1-5-21-3194376446-2550877727-52018730-1002\..\Toolbar\WebBrowser: (no name) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No CLSID value found.
    O33 - MountPoints2\{036bdcfb-bf10-11e1-a6a5-984be1c0a9bc}\Shell - "" = AutoRun
    O33 - MountPoints2\{036bdcfb-bf10-11e1-a6a5-984be1c0a9bc}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- [2007/10/23 00:45:39 | 001,336,632 | R--- | M] ()
    O33 - MountPoints2\{27d59294-c60f-11e0-ad24-984be1c0a9bc}\Shell - "" = AutoRun
    O33 - MountPoints2\{27d59294-c60f-11e0-ad24-984be1c0a9bc}\Shell\AutoRun\command - "" = F:\autorun.exe
    O33 - MountPoints2\{c23343de-6448-11e1-8908-984be1c0a9bc}\Shell - "" = AutoRun
    O33 - MountPoints2\{c23343de-6448-11e1-8908-984be1c0a9bc}\Shell\AutoRun\command - "" = F:\SETUP.EXE
    O33 - MountPoints2\H\Shell - "" = AutoRun
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- [2007/10/23 00:45:39 | 001,336,632 | R--- | M] ()

    :Services

    :Reg

    :Files
    C:\Windows\assembly\GAC_64\Desktop.ini
    C:\Windows\assembly\GAC_32\Desktop.ini
    sc query BFE /c
    netsh add helper WSHELPER.DLL /c
    netsh int ip reset all /c
    netsh winsock reset /c

    :Commands
    [purity]
    [EMPTYFLASH]
    [EMPTYJAVA]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.



Next:

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.



Next:

Are there any other problems? How's your computer running?
  • 0

#34
Kandi_smoove
Posted 25 June 2012 - 05:51 PM

Kandi_smoove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
sfcdetails I'm about to reboot


2012-06-25 16:29:48, Info CSI 00000009 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:29:48, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2012-06-25 16:29:50, Info CSI 0000000c [SR] Verify complete
2012-06-25 16:29:51, Info CSI 0000000d [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:29:51, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2012-06-25 16:29:52, Info CSI 00000010 [SR] Verify complete
2012-06-25 16:29:53, Info CSI 00000011 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:29:53, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2012-06-25 16:29:55, Info CSI 00000014 [SR] Verify complete
2012-06-25 16:29:55, Info CSI 00000015 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:29:55, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2012-06-25 16:30:00, Info CSI 00000018 [SR] Verify complete
2012-06-25 16:30:01, Info CSI 00000019 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:30:01, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2012-06-25 16:30:03, Info CSI 0000001c [SR] Verify complete
2012-06-25 16:30:03, Info CSI 0000001d [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:30:03, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2012-06-25 16:30:06, Info CSI 00000020 [SR] Verify complete
2012-06-25 16:30:07, Info CSI 00000021 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:30:07, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2012-06-25 16:30:11, Info CSI 00000024 [SR] Verify complete
2012-06-25 16:30:12, Info CSI 00000025 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:30:12, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2012-06-25 16:30:15, Info CSI 00000028 [SR] Verify complete
2012-06-25 16:30:15, Info CSI 00000029 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:30:15, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2012-06-25 16:30:16, Info CSI 0000002c [SR] Verify complete
2012-06-25 16:30:17, Info CSI 0000002d [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:30:17, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2012-06-25 16:30:20, Info CSI 00000031 [SR] Verify complete
2012-06-25 16:30:20, Info CSI 00000032 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:30:20, Info CSI 00000033 [SR] Beginning Verify and Repair transaction
2012-06-25 16:30:28, Info CSI 00000036 [SR] Verify complete
2012-06-25 16:30:28, Info CSI 00000037 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:30:28, Info CSI 00000038 [SR] Beginning Verify and Repair transaction
2012-06-25 16:30:34, Info CSI 0000003c [SR] Verify complete
2012-06-25 16:30:35, Info CSI 0000003d [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:30:35, Info CSI 0000003e [SR] Beginning Verify and Repair transaction
2012-06-25 16:30:40, Info CSI 00000041 [SR] Verify complete
2012-06-25 16:30:40, Info CSI 00000042 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:30:40, Info CSI 00000043 [SR] Beginning Verify and Repair transaction
2012-06-25 16:30:45, Info CSI 00000045 [SR] Verify complete
2012-06-25 16:30:45, Info CSI 00000046 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:30:45, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
2012-06-25 16:30:53, Info CSI 00000069 [SR] Verify complete
2012-06-25 16:30:53, Info CSI 0000006a [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:30:53, Info CSI 0000006b [SR] Beginning Verify and Repair transaction
2012-06-25 16:30:58, Info CSI 00000070 [SR] Verify complete
2012-06-25 16:30:58, Info CSI 00000071 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:30:58, Info CSI 00000072 [SR] Beginning Verify and Repair transaction
2012-06-25 16:31:02, Info CSI 00000074 [SR] Verify complete
2012-06-25 16:31:02, Info CSI 00000075 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:31:02, Info CSI 00000076 [SR] Beginning Verify and Repair transaction
2012-06-25 16:31:07, Info CSI 00000078 [SR] Verify complete
2012-06-25 16:31:07, Info CSI 00000079 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:31:07, Info CSI 0000007a [SR] Beginning Verify and Repair transaction
2012-06-25 16:31:12, Info CSI 0000007c [SR] Verify complete
2012-06-25 16:31:13, Info CSI 0000007d [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:31:13, Info CSI 0000007e [SR] Beginning Verify and Repair transaction
2012-06-25 16:31:20, Info CSI 00000080 [SR] Verify complete
2012-06-25 16:31:21, Info CSI 00000081 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:31:21, Info CSI 00000082 [SR] Beginning Verify and Repair transaction
2012-06-25 16:31:35, Info CSI 000000a5 [SR] Verify complete
2012-06-25 16:31:35, Info CSI 000000a6 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:31:35, Info CSI 000000a7 [SR] Beginning Verify and Repair transaction
2012-06-25 16:31:45, Info CSI 000000a9 [SR] Verify complete
2012-06-25 16:31:45, Info CSI 000000aa [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:31:45, Info CSI 000000ab [SR] Beginning Verify and Repair transaction
2012-06-25 16:32:03, Info CSI 000000ad [SR] Verify complete
2012-06-25 16:32:03, Info CSI 000000ae [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:32:03, Info CSI 000000af [SR] Beginning Verify and Repair transaction
2012-06-25 16:32:16, Info CSI 000000b3 [SR] Verify complete
2012-06-25 16:32:16, Info CSI 000000b4 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:32:16, Info CSI 000000b5 [SR] Beginning Verify and Repair transaction
2012-06-25 16:32:25, Info CSI 000000b7 [SR] Verify complete
2012-06-25 16:32:25, Info CSI 000000b8 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:32:25, Info CSI 000000b9 [SR] Beginning Verify and Repair transaction
2012-06-25 16:32:47, Info CSI 000000bb [SR] Verify complete
2012-06-25 16:32:48, Info CSI 000000bc [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:32:48, Info CSI 000000bd [SR] Beginning Verify and Repair transaction
2012-06-25 16:32:55, Info CSI 000000cc [SR] Verify complete
2012-06-25 16:32:55, Info CSI 000000cd [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:32:55, Info CSI 000000ce [SR] Beginning Verify and Repair transaction
2012-06-25 16:33:00, Info CSI 000000d4 [SR] Verify complete
2012-06-25 16:33:00, Info CSI 000000d5 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:33:00, Info CSI 000000d6 [SR] Beginning Verify and Repair transaction
2012-06-25 16:33:02, Info CSI 000000d8 [SR] Verify complete
2012-06-25 16:33:02, Info CSI 000000d9 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:33:02, Info CSI 000000da [SR] Beginning Verify and Repair transaction
2012-06-25 16:33:05, Info CSI 000000dc [SR] Verify complete
2012-06-25 16:33:05, Info CSI 000000dd [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:33:05, Info CSI 000000de [SR] Beginning Verify and Repair transaction
2012-06-25 16:33:08, Info CSI 000000e0 [SR] Verify complete
2012-06-25 16:33:09, Info CSI 000000e1 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:33:09, Info CSI 000000e2 [SR] Beginning Verify and Repair transaction
2012-06-25 16:33:16, Info CSI 000000e5 [SR] Verify complete
2012-06-25 16:33:16, Info CSI 000000e6 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:33:16, Info CSI 000000e7 [SR] Beginning Verify and Repair transaction
2012-06-25 16:33:23, Info CSI 000000e9 [SR] Verify complete
2012-06-25 16:33:23, Info CSI 000000ea [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:33:23, Info CSI 000000eb [SR] Beginning Verify and Repair transaction
2012-06-25 16:33:26, Info CSI 000000ed [SR] Verify complete
2012-06-25 16:33:26, Info CSI 000000ee [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:33:26, Info CSI 000000ef [SR] Beginning Verify and Repair transaction
2012-06-25 16:33:35, Info CSI 000000f1 [SR] Verify complete
2012-06-25 16:33:35, Info CSI 000000f2 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:33:35, Info CSI 000000f3 [SR] Beginning Verify and Repair transaction
2012-06-25 16:33:42, Info CSI 000000f5 [SR] Verify complete
2012-06-25 16:33:42, Info CSI 000000f6 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:33:42, Info CSI 000000f7 [SR] Beginning Verify and Repair transaction
2012-06-25 16:33:50, Info CSI 000000f9 [SR] Verify complete
2012-06-25 16:33:50, Info CSI 000000fa [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:33:50, Info CSI 000000fb [SR] Beginning Verify and Repair transaction
2012-06-25 16:34:02, Info CSI 00000105 [SR] Verify complete
2012-06-25 16:34:03, Info CSI 00000106 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:34:03, Info CSI 00000107 [SR] Beginning Verify and Repair transaction
2012-06-25 16:34:11, Info CSI 00000117 [SR] Verify complete
2012-06-25 16:34:11, Info CSI 00000118 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:34:11, Info CSI 00000119 [SR] Beginning Verify and Repair transaction
2012-06-25 16:34:18, Info CSI 0000011b [SR] Verify complete
2012-06-25 16:34:19, Info CSI 0000011c [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:34:19, Info CSI 0000011d [SR] Beginning Verify and Repair transaction
2012-06-25 16:34:36, Info CSI 0000011f [SR] Verify complete
2012-06-25 16:34:36, Info CSI 00000120 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:34:36, Info CSI 00000121 [SR] Beginning Verify and Repair transaction
2012-06-25 16:34:50, Info CSI 00000124 [SR] Verify complete
2012-06-25 16:34:50, Info CSI 00000125 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:34:50, Info CSI 00000126 [SR] Beginning Verify and Repair transaction
2012-06-25 16:34:59, Info CSI 00000128 [SR] Verify complete
2012-06-25 16:34:59, Info CSI 00000129 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:34:59, Info CSI 0000012a [SR] Beginning Verify and Repair transaction
2012-06-25 16:35:06, Info CSI 0000012c [SR] Verify complete
2012-06-25 16:35:06, Info CSI 0000012d [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:35:06, Info CSI 0000012e [SR] Beginning Verify and Repair transaction
2012-06-25 16:35:12, Info CSI 00000130 [SR] Verify complete
2012-06-25 16:35:12, Info CSI 00000131 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:35:12, Info CSI 00000132 [SR] Beginning Verify and Repair transaction
2012-06-25 16:35:18, Info CSI 00000136 [SR] Verify complete
2012-06-25 16:35:19, Info CSI 00000137 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:35:19, Info CSI 00000138 [SR] Beginning Verify and Repair transaction
2012-06-25 16:35:34, Info CSI 0000013a [SR] Verify complete
2012-06-25 16:35:34, Info CSI 0000013b [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:35:34, Info CSI 0000013c [SR] Beginning Verify and Repair transaction
2012-06-25 16:35:44, Info CSI 0000013f [SR] Verify complete
2012-06-25 16:35:44, Info CSI 00000140 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:35:44, Info CSI 00000141 [SR] Beginning Verify and Repair transaction
2012-06-25 16:35:49, Info CSI 00000143 [SR] Verify complete
2012-06-25 16:35:49, Info CSI 00000144 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:35:49, Info CSI 00000145 [SR] Beginning Verify and Repair transaction
2012-06-25 16:35:56, Info CSI 00000148 [SR] Verify complete
2012-06-25 16:35:56, Info CSI 00000149 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:35:56, Info CSI 0000014a [SR] Beginning Verify and Repair transaction
2012-06-25 16:36:08, Info CSI 0000014d [SR] Verify complete
2012-06-25 16:36:08, Info CSI 0000014e [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:36:08, Info CSI 0000014f [SR] Beginning Verify and Repair transaction
2012-06-25 16:36:16, Info CSI 00000151 [SR] Verify complete
2012-06-25 16:36:16, Info CSI 00000152 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:36:16, Info CSI 00000153 [SR] Beginning Verify and Repair transaction
2012-06-25 16:36:21, Info CSI 00000155 [SR] Verify complete
2012-06-25 16:36:22, Info CSI 00000156 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:36:22, Info CSI 00000157 [SR] Beginning Verify and Repair transaction
2012-06-25 16:36:27, Info CSI 0000015a [SR] Verify complete
2012-06-25 16:36:28, Info CSI 0000015b [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:36:28, Info CSI 0000015c [SR] Beginning Verify and Repair transaction
2012-06-25 16:36:34, Info CSI 0000015e [SR] Verify complete
2012-06-25 16:36:35, Info CSI 0000015f [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:36:35, Info CSI 00000160 [SR] Beginning Verify and Repair transaction
2012-06-25 16:36:40, Info CSI 00000162 [SR] Verify complete
2012-06-25 16:36:40, Info CSI 00000163 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:36:40, Info CSI 00000164 [SR] Beginning Verify and Repair transaction
2012-06-25 16:36:46, Info CSI 00000167 [SR] Verify complete
2012-06-25 16:36:47, Info CSI 00000168 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:36:47, Info CSI 00000169 [SR] Beginning Verify and Repair transaction
2012-06-25 16:36:54, Info CSI 0000016c [SR] Verify complete
2012-06-25 16:36:55, Info CSI 0000016d [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:36:55, Info CSI 0000016e [SR] Beginning Verify and Repair transaction
2012-06-25 16:37:03, Info CSI 00000171 [SR] Verify complete
2012-06-25 16:37:03, Info CSI 00000172 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:37:03, Info CSI 00000173 [SR] Beginning Verify and Repair transaction
2012-06-25 16:37:10, Info CSI 00000176 [SR] Verify complete
2012-06-25 16:37:10, Info CSI 00000177 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:37:10, Info CSI 00000178 [SR] Beginning Verify and Repair transaction
2012-06-25 16:37:19, Info CSI 0000017a [SR] Verify complete
2012-06-25 16:37:19, Info CSI 0000017b [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:37:19, Info CSI 0000017c [SR] Beginning Verify and Repair transaction
2012-06-25 16:37:22, Info CSI 0000017e [SR] Verify complete
2012-06-25 16:37:22, Info CSI 0000017f [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:37:22, Info CSI 00000180 [SR] Beginning Verify and Repair transaction
2012-06-25 16:37:27, Info CSI 00000182 [SR] Verify complete
2012-06-25 16:37:27, Info CSI 00000183 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:37:27, Info CSI 00000184 [SR] Beginning Verify and Repair transaction
2012-06-25 16:37:30, Info CSI 00000186 [SR] Verify complete
2012-06-25 16:37:31, Info CSI 00000187 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:37:31, Info CSI 00000188 [SR] Beginning Verify and Repair transaction
2012-06-25 16:37:38, Info CSI 0000018a [SR] Verify complete
2012-06-25 16:37:38, Info CSI 0000018b [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:37:38, Info CSI 0000018c [SR] Beginning Verify and Repair transaction
2012-06-25 16:37:51, Info CSI 0000018e [SR] Verify complete
2012-06-25 16:37:52, Info CSI 0000018f [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:37:52, Info CSI 00000190 [SR] Beginning Verify and Repair transaction
2012-06-25 16:37:57, Info CSI 00000192 [SR] Verify complete
2012-06-25 16:37:57, Info CSI 00000193 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:37:57, Info CSI 00000194 [SR] Beginning Verify and Repair transaction
2012-06-25 16:38:14, Info CSI 00000196 [SR] Verify complete
2012-06-25 16:38:14, Info CSI 00000197 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:38:14, Info CSI 00000198 [SR] Beginning Verify and Repair transaction
2012-06-25 16:38:49, Info CSI 0000019a [SR] Verify complete
2012-06-25 16:38:49, Info CSI 0000019b [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:38:49, Info CSI 0000019c [SR] Beginning Verify and Repair transaction
2012-06-25 16:38:56, Info CSI 0000019e [SR] Verify complete
2012-06-25 16:38:57, Info CSI 0000019f [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:38:57, Info CSI 000001a0 [SR] Beginning Verify and Repair transaction
2012-06-25 16:39:05, Info CSI 000001a2 [SR] Verify complete
2012-06-25 16:39:05, Info CSI 000001a3 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:39:05, Info CSI 000001a4 [SR] Beginning Verify and Repair transaction
2012-06-25 16:39:08, Info CSI 000001a6 [SR] Verify complete
2012-06-25 16:39:08, Info CSI 000001a7 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:39:08, Info CSI 000001a8 [SR] Beginning Verify and Repair transaction
2012-06-25 16:39:13, Info CSI 000001aa [SR] Verify complete
2012-06-25 16:39:13, Info CSI 000001ab [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:39:13, Info CSI 000001ac [SR] Beginning Verify and Repair transaction
2012-06-25 16:39:21, Info CSI 000001ae [SR] Verify complete
2012-06-25 16:39:21, Info CSI 000001af [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:39:21, Info CSI 000001b0 [SR] Beginning Verify and Repair transaction
2012-06-25 16:39:35, Info CSI 000001b8 [SR] Verify complete
2012-06-25 16:39:35, Info CSI 000001b9 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:39:35, Info CSI 000001ba [SR] Beginning Verify and Repair transaction
2012-06-25 16:39:45, Info CSI 000001bc [SR] Verify complete
2012-06-25 16:39:45, Info CSI 000001bd [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:39:45, Info CSI 000001be [SR] Beginning Verify and Repair transaction
2012-06-25 16:39:57, Info CSI 000001c0 [SR] Verify complete
2012-06-25 16:39:57, Info CSI 000001c1 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:39:57, Info CSI 000001c2 [SR] Beginning Verify and Repair transaction
2012-06-25 16:40:10, Info CSI 000001c4 [SR] Verify complete
2012-06-25 16:40:10, Info CSI 000001c5 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:40:10, Info CSI 000001c6 [SR] Beginning Verify and Repair transaction
2012-06-25 16:40:23, Info CSI 000001c8 [SR] Verify complete
2012-06-25 16:40:23, Info CSI 000001c9 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:40:23, Info CSI 000001ca [SR] Beginning Verify and Repair transaction
2012-06-25 16:40:41, Info CSI 000001cd [SR] Verify complete
2012-06-25 16:40:42, Info CSI 000001ce [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:40:42, Info CSI 000001cf [SR] Beginning Verify and Repair transaction
2012-06-25 16:40:52, Info CSI 000001d1 [SR] Verify complete
2012-06-25 16:40:52, Info CSI 000001d2 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:40:52, Info CSI 000001d3 [SR] Beginning Verify and Repair transaction
2012-06-25 16:41:03, Info CSI 000001d5 [SR] Verify complete
2012-06-25 16:41:03, Info CSI 000001d6 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:41:03, Info CSI 000001d7 [SR] Beginning Verify and Repair transaction
2012-06-25 16:41:28, Info CSI 000001dc [SR] Verify complete
2012-06-25 16:41:29, Info CSI 000001dd [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:41:29, Info CSI 000001de [SR] Beginning Verify and Repair transaction
2012-06-25 16:41:47, Info CSI 000001e3 [SR] Verify complete
2012-06-25 16:41:47, Info CSI 000001e4 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:41:47, Info CSI 000001e5 [SR] Beginning Verify and Repair transaction
2012-06-25 16:42:02, Info CSI 000001e7 [SR] Verify complete
2012-06-25 16:42:02, Info CSI 000001e8 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:42:02, Info CSI 000001e9 [SR] Beginning Verify and Repair transaction
2012-06-25 16:42:17, Info CSI 000001f5 [SR] Verify complete
2012-06-25 16:42:18, Info CSI 000001f6 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:42:18, Info CSI 000001f7 [SR] Beginning Verify and Repair transaction
2012-06-25 16:42:35, Info CSI 000001fd [SR] Verify complete
2012-06-25 16:42:36, Info CSI 000001fe [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:42:36, Info CSI 000001ff [SR] Beginning Verify and Repair transaction
2012-06-25 16:42:46, Info CSI 00000201 [SR] Verify complete
2012-06-25 16:42:47, Info CSI 00000202 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:42:47, Info CSI 00000203 [SR] Beginning Verify and Repair transaction
2012-06-25 16:42:54, Info CSI 00000207 [SR] Verify complete
2012-06-25 16:42:54, Info CSI 00000208 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:42:54, Info CSI 00000209 [SR] Beginning Verify and Repair transaction
2012-06-25 16:42:59, Info CSI 0000020c [SR] Verify complete
2012-06-25 16:42:59, Info CSI 0000020d [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:42:59, Info CSI 0000020e [SR] Beginning Verify and Repair transaction
2012-06-25 16:43:08, Info CSI 00000232 [SR] Verify complete
2012-06-25 16:43:08, Info CSI 00000233 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:43:08, Info CSI 00000234 [SR] Beginning Verify and Repair transaction
2012-06-25 16:43:19, Info CSI 00000236 [SR] Verify complete
2012-06-25 16:43:19, Info CSI 00000237 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:43:19, Info CSI 00000238 [SR] Beginning Verify and Repair transaction
2012-06-25 16:43:28, Info CSI 0000023a [SR] Verify complete
2012-06-25 16:43:28, Info CSI 0000023b [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:43:28, Info CSI 0000023c [SR] Beginning Verify and Repair transaction
2012-06-25 16:43:38, Info CSI 0000024a [SR] Verify complete
2012-06-25 16:43:38, Info CSI 0000024b [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:43:38, Info CSI 0000024c [SR] Beginning Verify and Repair transaction
2012-06-25 16:43:48, Info CSI 0000024e [SR] Verify complete
2012-06-25 16:43:49, Info CSI 0000024f [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:43:49, Info CSI 00000250 [SR] Beginning Verify and Repair transaction
2012-06-25 16:43:59, Info CSI 0000025e [SR] Verify complete
2012-06-25 16:44:00, Info CSI 0000025f [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:44:00, Info CSI 00000260 [SR] Beginning Verify and Repair transaction
2012-06-25 16:44:05, Info CSI 00000262 [SR] Verify complete
2012-06-25 16:44:05, Info CSI 00000263 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:44:05, Info CSI 00000264 [SR] Beginning Verify and Repair transaction
2012-06-25 16:44:12, Info CSI 00000266 [SR] Verify complete
2012-06-25 16:44:12, Info CSI 00000267 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:44:12, Info CSI 00000268 [SR] Beginning Verify and Repair transaction
2012-06-25 16:44:25, Info CSI 0000026a [SR] Verify complete
2012-06-25 16:44:25, Info CSI 0000026b [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:44:25, Info CSI 0000026c [SR] Beginning Verify and Repair transaction
2012-06-25 16:44:29, Info CSI 0000026e [SR] Verify complete
2012-06-25 16:44:29, Info CSI 0000026f [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:44:29, Info CSI 00000270 [SR] Beginning Verify and Repair transaction
2012-06-25 16:44:38, Info CSI 00000272 [SR] Verify complete
2012-06-25 16:44:38, Info CSI 00000273 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:44:38, Info CSI 00000274 [SR] Beginning Verify and Repair transaction
2012-06-25 16:44:49, Info CSI 00000276 [SR] Verify complete
2012-06-25 16:44:49, Info CSI 00000277 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:44:49, Info CSI 00000278 [SR] Beginning Verify and Repair transaction
2012-06-25 16:45:04, Info CSI 0000027a [SR] Verify complete
2012-06-25 16:45:04, Info CSI 0000027b [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:45:04, Info CSI 0000027c [SR] Beginning Verify and Repair transaction
2012-06-25 16:45:21, Info CSI 00000296 [SR] Verify complete
2012-06-25 16:45:21, Info CSI 00000297 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:45:21, Info CSI 00000298 [SR] Beginning Verify and Repair transaction
2012-06-25 16:45:48, Info CSI 0000029a [SR] Verify complete
2012-06-25 16:45:48, Info CSI 0000029b [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:45:48, Info CSI 0000029c [SR] Beginning Verify and Repair transaction
2012-06-25 16:46:01, Info CSI 0000029e [SR] Verify complete
2012-06-25 16:46:01, Info CSI 0000029f [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:46:01, Info CSI 000002a0 [SR] Beginning Verify and Repair transaction
2012-06-25 16:46:11, Info CSI 000002a2 [SR] Verify complete
2012-06-25 16:46:12, Info CSI 000002a3 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:46:12, Info CSI 000002a4 [SR] Beginning Verify and Repair transaction
2012-06-25 16:46:21, Info CSI 000002a8 [SR] Verify complete
2012-06-25 16:46:22, Info CSI 000002a9 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:46:22, Info CSI 000002aa [SR] Beginning Verify and Repair transaction
2012-06-25 16:46:33, Info CSI 000002ac [SR] Verify complete
2012-06-25 16:46:33, Info CSI 000002ad [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:46:33, Info CSI 000002ae [SR] Beginning Verify and Repair transaction
2012-06-25 16:46:49, Info CSI 000002b0 [SR] Verify complete
2012-06-25 16:46:49, Info CSI 000002b1 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:46:49, Info CSI 000002b2 [SR] Beginning Verify and Repair transaction
2012-06-25 16:46:59, Info CSI 000002b5 [SR] Verify complete
2012-06-25 16:46:59, Info CSI 000002b6 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:46:59, Info CSI 000002b7 [SR] Beginning Verify and Repair transaction
2012-06-25 16:47:10, Info CSI 000002b9 [SR] Verify complete
2012-06-25 16:47:10, Info CSI 000002ba [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:47:10, Info CSI 000002bb [SR] Beginning Verify and Repair transaction
2012-06-25 16:47:21, Info CSI 000002bd [SR] Verify complete
2012-06-25 16:47:21, Info CSI 000002be [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:47:21, Info CSI 000002bf [SR] Beginning Verify and Repair transaction
2012-06-25 16:47:32, Info CSI 000002c1 [SR] Verify complete
2012-06-25 16:47:33, Info CSI 000002c2 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:47:33, Info CSI 000002c3 [SR] Beginning Verify and Repair transaction
2012-06-25 16:47:45, Info CSI 000002c6 [SR] Verify complete
2012-06-25 16:47:45, Info CSI 000002c7 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:47:45, Info CSI 000002c8 [SR] Beginning Verify and Repair transaction
2012-06-25 16:47:55, Info CSI 000002ca [SR] Verify complete
2012-06-25 16:47:56, Info CSI 000002cb [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:47:56, Info CSI 000002cc [SR] Beginning Verify and Repair transaction
2012-06-25 16:48:04, Info CSI 000002ce [SR] Verify complete
2012-06-25 16:48:05, Info CSI 000002cf [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:48:05, Info CSI 000002d0 [SR] Beginning Verify and Repair transaction
2012-06-25 16:48:11, Info CSI 000002d2 [SR] Verify complete
2012-06-25 16:48:12, Info CSI 000002d3 [SR] Verifying 100 (0x0000000000000064) components
2012-06-25 16:48:12, Info CSI 000002d4 [SR] Beginning Verify and Repair transaction
2012-06-25 16:48:23, Info CSI 000002d6 [SR] Verify complete
2012-06-25 16:48:23, Info CSI 000002d7 [SR] Verifying 42 (0x000000000000002a) components
2012-06-25 16:48:23, Info CSI 000002d8 [SR] Beginning Verify and Repair transaction
2012-06-25 16:48:26, Info CSI 000002da [SR] Verify complete
2012-06-25 16:48:26, Info CSI 000002db [SR] Repairing 0 components
2012-06-25 16:48:26, Info CSI 000002dc [SR] Beginning Verify and Repair transaction
2012-06-25 16:48:26, Info CSI 000002de [SR] Repair complete
  • 0

#35
Kandi_smoove
Posted 25 June 2012 - 06:04 PM

Kandi_smoove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
OLT scan after the fix.




========== PROCESSES ==========
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
HKU\S-1-5-21-3194376446-2550877727-52018730-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3194376446-2550877727-52018730-1002\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
Registry key HKEY_USERS\S-1-5-21-3194376446-2550877727-52018730-1002\Software\Microsoft\Internet Explorer\SearchScopes\{44816E91-C68A-2FF3-3D8F-8970062E5600}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44816E91-C68A-2FF3-3D8F-8970062E5600}\ not found.
Registry value HKEY_USERS\S-1-5-21-3194376446-2550877727-52018730-1002\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{036bdcfb-bf10-11e1-a6a5-984be1c0a9bc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{036bdcfb-bf10-11e1-a6a5-984be1c0a9bc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{036bdcfb-bf10-11e1-a6a5-984be1c0a9bc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{036bdcfb-bf10-11e1-a6a5-984be1c0a9bc}\ not found.
File H:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27d59294-c60f-11e0-ad24-984be1c0a9bc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27d59294-c60f-11e0-ad24-984be1c0a9bc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{27d59294-c60f-11e0-ad24-984be1c0a9bc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27d59294-c60f-11e0-ad24-984be1c0a9bc}\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c23343de-6448-11e1-8908-984be1c0a9bc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c23343de-6448-11e1-8908-984be1c0a9bc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c23343de-6448-11e1-8908-984be1c0a9bc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c23343de-6448-11e1-8908-984be1c0a9bc}\ not found.
File F:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\LaunchU3.exe not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
< sc query BFE /c >
SERVICE_NAME: BFE
TYPE : 20 WIN32_SHARE_PROCESS
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
C:\Users\Smoove\Desktop\cmd.bat deleted successfully.
C:\Users\Smoove\Desktop\cmd.txt deleted successfully.
< netsh add helper WSHELPER.DLL /c >
Ok.
C:\Users\Smoove\Desktop\cmd.bat deleted successfully.
C:\Users\Smoove\Desktop\cmd.txt deleted successfully.
< netsh int ip reset all /c >
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
C:\Users\Smoove\Desktop\cmd.bat deleted successfully.
C:\Users\Smoove\Desktop\cmd.txt deleted successfully.
< netsh winsock reset /c >
Access is denied.
C:\Users\Smoove\Desktop\cmd.bat deleted successfully.
C:\Users\Smoove\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Smoove
->Flash cache emptied: 1622 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Smoove
->Java cache emptied: 308926 bytes

Total Java Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.51.0 log created on 06252012_165810

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#36
Kandi_smoove
Posted 25 June 2012 - 06:07 PM

Kandi_smoove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
FSS TXT

Farbar Service Scanner Version: 25-06-2012 01
Ran by Smoove (administrator) on 25-06-2012 at 17:06:08
Running from "C:\Users\Smoove\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#37
michaelg9
Posted 26 June 2012 - 04:45 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hi :)
We're almost done :happy:

Download the following zip file to your Desktop and extract it. Two files should appear (MpsSvc.reg and wscsvc.reg). Double click them both and confirm to import them into registry.
Attached File  fixes.zip   2.06KB   81 downloads

Then reboot before proceeding

Next:

Please run Farbar Service Scanner[/url] on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Next:


  • Double click on OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under custom scans/fixes paste this:

    netsh winsock show catalog /c

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad window. OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post them in your topic


Next:

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.



Next:

Run a full scan with your antivirus and delete anything found. Tell me if it found anything and what was that
  • 0

#38
Kandi_smoove
Posted 26 June 2012 - 05:16 AM

Kandi_smoove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
FSS LOG

Farbar Service Scanner Version: 25-06-2012 01
Ran by Smoove (administrator) on 26-06-2012 at 04:08:32
Running from "C:\Users\Smoove\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#39
Kandi_smoove
Posted 26 June 2012 - 05:30 AM

Kandi_smoove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Oops I forgot to reboot before the FSS scan should I scan again? I just rebooted.
  • 0

#40
Kandi_smoove
Posted 26 June 2012 - 05:43 AM

Kandi_smoove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
OLT scan


OTL logfile created on: 6/26/2012 4:31:30 AM - Run 3
OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Smoove\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.29 Gb Available Physical Memory | 61.05% Memory free
7.49 Gb Paging File | 5.67 Gb Available in Paging File | 75.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.35 Gb Total Space | 34.85 Gb Free Space | 7.72% Space Free | Partition Type: NTFS
Drive D: | 14.12 Gb Total Space | 1.76 Gb Free Space | 12.48% Space Free | Partition Type: NTFS
Drive G: | 99.02 Mb Total Space | 90.89 Mb Free Space | 91.78% Space Free | Partition Type: FAT32

Computer Name: DERP-HP | User Name: Smoove | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/21 19:50:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Smoove\Desktop\OTL.exe
PRC - [2012/04/17 08:19:40 | 003,671,872 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
PRC - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/31 13:09:53 | 001,751,656 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2011/01/27 12:38:04 | 000,318,520 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2010/12/10 23:02:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
PRC - [2010/09/11 02:02:22 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/06/28 13:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/07 01:14:43 | 000,441,880 | ---- | M] () -- C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll
MOD - [2012/06/07 01:14:42 | 003,922,456 | ---- | M] () -- C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
MOD - [2012/06/07 01:13:27 | 000,553,496 | ---- | M] () -- C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\libglesv2.dll
MOD - [2012/06/07 01:13:26 | 000,117,784 | ---- | M] () -- C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\libegl.dll
MOD - [2012/06/07 01:13:16 | 000,134,696 | ---- | M] () -- C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\avutil-51.dll
MOD - [2012/06/07 01:13:15 | 000,250,408 | ---- | M] () -- C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\avformat-54.dll
MOD - [2012/06/07 01:13:14 | 002,375,720 | ---- | M] () -- C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll
MOD - [2011/07/30 02:32:58 | 000,137,216 | ---- | M] () -- C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfjkgbjaikamkkojmakjclmkianficch\5.0.2_0\plugin\download_helper.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/11 14:13:23 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV:64bit: - [2011/09/28 10:12:18 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/07/06 18:29:11 | 000,276,992 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/12/09 23:33:22 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/08/05 20:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/07/21 15:33:00 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/06/28 13:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/06/17 05:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2012/06/24 17:39:05 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/01/03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/10/01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/09 17:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/08/31 13:09:53 | 001,751,656 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010/09/11 02:02:22 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/06/18 18:59:12 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/17 00:06:16 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/03/11 14:13:38 | 000,022,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/10/01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/28 10:52:48 | 010,210,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/28 09:34:54 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/09/03 01:05:24 | 000,412,264 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/31 13:13:41 | 001,451,056 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/08/31 13:09:53 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/07/06 18:29:11 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/03/23 02:44:31 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/12/10 23:03:46 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/11/20 06:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 04:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 02:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/06/28 13:37:56 | 000,051,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2010/06/28 13:37:36 | 000,121,936 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2010/06/28 13:33:17 | 000,028,752 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2010/06/28 13:33:00 | 000,061,008 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/06/28 13:32:36 | 000,020,048 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2010/06/17 06:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2010/05/15 11:04:00 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/05/15 11:04:00 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/05/06 06:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010/04/29 05:43:20 | 000,038,528 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/08/13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 13:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 13:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/HPNOT/1
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {ec29edf6-ad3c-4e1c-a087-d6cb81400c43}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Smoove\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Smoove\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Smoove\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Download Helper (Enabled) = C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfjkgbjaikamkkojmakjclmkianficch\5.0.2_0\plugin/download_helper.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Smoove\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Entanglement = C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: Theme Creator = C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc\2.4_0\
CHR - Extension: AdBlock = C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.37_0\
CHR - Extension: Poppit = C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: Download Assistant = C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfjkgbjaikamkkojmakjclmkianficch\5.0.2_0\
CHR - Extension: ChromeTheme = C:\Users\Smoove\AppData\Local\Google\Chrome\User Data\Default\Extensions\npheankbbofjggkjcipfdmpkpbepomol\1_0\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F1908BC-BBCE-48CD-A2A7-86145F560170}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F1908BC-BBCE-48CD-A2A7-86145F560170}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C0339D4-C247-4D7B-A87E-D90DCDC5CCA3}: NameServer = 8.26.56.26,156.154.70.22
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/25 05:07:31 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/24 17:39:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/06/24 04:52:33 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/06/22 21:56:21 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/22 03:04:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/22 03:03:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/22 03:03:10 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/06/22 02:50:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/21 19:50:06 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Smoove\Desktop\OTL.exe
[2012/06/19 03:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/06/19 03:58:31 | 000,020,048 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/06/19 03:58:30 | 000,121,936 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/06/19 03:58:24 | 000,028,752 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2012/06/19 03:58:21 | 000,051,280 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/06/19 03:58:16 | 000,061,008 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/06/19 03:57:40 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/06/19 03:57:38 | 000,201,352 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/06/19 03:27:44 | 000,258,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/06/19 03:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2012/06/19 03:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2012/06/19 03:08:21 | 000,000,000 | ---D | C] -- C:\Users\Smoove\Documents\Avast AntiVirus 6.0.11 + Serial Keys - {RedDragon}
[2012/06/13 00:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/06/13 00:03:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/06/12 23:51:41 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Smoove\Documents\spybotsd162.exe
[2012/06/03 17:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/03 17:32:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/03 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/06/03 17:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/06/03 17:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/03 17:13:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

========== Files - Modified Within 30 Days ==========

[2012/06/26 04:37:55 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012/06/26 04:35:47 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/26 04:35:47 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/26 04:28:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/26 04:27:57 | 3015,888,896 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/26 04:06:55 | 000,002,106 | ---- | M] () -- C:\Users\Smoove\Desktop\fixes.zip
[2012/06/26 03:54:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/26 03:53:01 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3194376446-2550877727-52018730-1002UA.job
[2012/06/25 17:05:03 | 000,340,645 | ---- | M] () -- C:\Users\Smoove\Desktop\FSS.exe
[2012/06/25 16:25:10 | 000,086,094 | ---- | M] () -- C:\Users\Smoove\Desktop\BFE-Repair-Windows-7.reg
[2012/06/25 15:53:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3194376446-2550877727-52018730-1002Core.job
[2012/06/25 14:58:42 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/25 14:58:42 | 000,624,864 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/25 14:58:42 | 000,106,950 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/24 04:52:06 | 293,849,311 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/06/21 21:27:48 | 000,000,512 | ---- | M] () -- C:\Users\Smoove\Desktop\MBR.dat
[2012/06/21 19:50:09 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Smoove\Desktop\OTL.exe
[2012/06/21 19:35:27 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSmoove.job
[2012/06/19 03:58:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/06/17 23:51:22 | 000,000,340 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForDERP-HP$.job
[2012/06/17 19:32:35 | 000,007,680 | ---- | M] () -- C:\Users\Smoove\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/13 04:17:59 | 000,276,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/12 23:52:30 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Smoove\Documents\spybotsd162.exe
[2012/06/03 17:32:52 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

========== Files Created - No Company Name ==========

[2012/06/26 04:07:40 | 000,003,364 | ---- | C] () -- C:\Users\Smoove\Desktop\mpssvc.reg
[2012/06/26 04:07:40 | 000,002,737 | ---- | C] () -- C:\Users\Smoove\Desktop\wscsvc.reg
[2012/06/26 04:07:02 | 000,002,106 | ---- | C] () -- C:\Users\Smoove\Desktop\fixes.zip
[2012/06/25 17:05:10 | 000,340,645 | ---- | C] () -- C:\Users\Smoove\Desktop\FSS.exe
[2012/06/25 16:25:10 | 000,086,094 | ---- | C] () -- C:\Users\Smoove\Desktop\BFE-Repair-Windows-7.reg
[2012/06/24 17:39:06 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/24 04:52:06 | 293,849,311 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/06/21 21:27:48 | 000,000,512 | ---- | C] () -- C:\Users\Smoove\Desktop\MBR.dat
[2012/06/19 03:16:57 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/06/13 14:25:42 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForSmoove.job
[2012/06/03 17:32:52 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/04/20 17:47:03 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2012/04/20 17:47:03 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2012/04/20 17:47:03 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2012/04/20 17:39:57 | 000,039,806 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2012/04/13 16:36:14 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012/03/02 00:50:58 | 000,000,529 | ---- | C] () -- C:\Windows\eReg.dat
[2012/01/20 13:39:52 | 000,743,906 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/17 20:14:05 | 000,000,410 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/10/17 20:14:05 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2140.DAT
[2011/08/31 13:14:26 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/07/27 03:14:35 | 000,007,680 | ---- | C] () -- C:\Users\Smoove\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/23 02:46:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/17 17:51:46 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/01/08 18:51:01 | 000,000,188 | ---- | C] () -- C:\Windows\SysWow64\HPWA.ini
[2010/09/24 15:41:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL

========== LOP Check ==========

[2012/05/12 02:07:23 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\.minecraft
[2011/06/16 23:43:19 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\AnvSoft
[2012/03/02 02:22:41 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\DAEMON Tools Lite
[2011/10/22 04:29:09 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\FrostWire
[2012/06/24 05:50:59 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\IrfanView
[2012/02/27 14:41:44 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\Leadertech
[2011/04/12 08:55:41 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\PictureMover
[2012/05/06 00:04:03 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\Rovio
[2012/05/22 14:34:26 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\runic games
[2012/02/27 02:03:27 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\SoftGrid Client
[2011/04/12 08:54:36 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\Synaptics
[2012/01/20 13:41:01 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\TP
[2012/06/25 22:38:03 | 000,000,000 | ---D | M] -- C:\Users\Smoove\AppData\Roaming\uTorrent
[2012/05/25 12:50:35 | 000,032,626 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< netsh winsock show catalog /c >
Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [TCP/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: mswsock.dll
Catalog Entry ID: 1001
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 1
Protocol: 6
Service Flags: 0x20066
Protocol Chain Length: 1
Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [UDP/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: mswsock.dll
Catalog Entry ID: 1002
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 2
Protocol: 17
Service Flags: 0x20609
Protocol Chain Length: 1
Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [RAW/IP]
Provider ID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Provider Path: mswsock.dll
Catalog Entry ID: 1003
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 3
Protocol: 0
Service Flags: 0x20609
Protocol Chain Length: 1
Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [TCP/IPv6]
Provider ID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Provider Path: mswsock.dll
Catalog Entry ID: 1004
Version: 2
Address Family: 23
Max Address Length: 28
Min Address Length: 28
Socket Type: 1
Protocol: 6
Service Flags: 0x20066
Protocol Chain Length: 1
Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [UDP/IPv6]
Provider ID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Provider Path: mswsock.dll
Catalog Entry ID: 1005
Version: 2
Address Family: 23
Max Address Length: 28
Min Address Length: 28
Socket Type: 2
Protocol: 17
Service Flags: 0x20609
Protocol Chain Length: 1
Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: MSAFD Tcpip [RAW/IPv6]
Provider ID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Provider Path: mswsock.dll
Catalog Entry ID: 1006
Version: 2
Address Family: 23
Max Address Length: 28
Min Address Length: 28
Socket Type: 3
Protocol: 0
Service Flags: 0x20609
Protocol Chain Length: 1
Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: RSVP TCPv6 Service Provider
Provider ID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Provider Path: mswsock.dll
Catalog Entry ID: 1007
Version: 2
Address Family: 23
Max Address Length: 28
Min Address Length: 28
Socket Type: 1
Protocol: 6
Service Flags: 0x22066
Protocol Chain Length: 1
Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: RSVP TCP Service Provider
Provider ID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Provider Path: mswsock.dll
Catalog Entry ID: 1008
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 1
Protocol: 6
Service Flags: 0x22066
Protocol Chain Length: 1
Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: RSVP UDPv6 Service Provider
Provider ID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Provider Path: mswsock.dll
Catalog Entry ID: 1009
Version: 2
Address Family: 23
Max Address Length: 28
Min Address Length: 28
Socket Type: 2
Protocol: 17
Service Flags: 0x22609
Protocol Chain Length: 1
Winsock Catalog Provider Entry
------------------------------------------------------
Entry Type: Base Service Provider
Description: RSVP UDP Service Provider
Provider ID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Provider Path: mswsock.dll
Catalog Entry ID: 1010
Version: 2
Address Family: 2
Max Address Length: 16
Min Address Length: 16
Socket Type: 2
Protocol: 17
Service Flags: 0x22609
Protocol Chain Length: 1
Name Space Provider Entry
------------------------------------------------------
Description: Network Location Awareness Legacy (NLAv1) Namespace
Provider ID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Name Space: 15
Active: 1
Version: 0
Name Space Provider Entry
------------------------------------------------------
Description: E-mail Naming Shim Provider
Provider ID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Name Space: 37
Active: 1
Version: 0
Name Space Provider Entry
------------------------------------------------------
Description: PNRP Cloud Namespace Provider
Provider ID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Name Space: 39
Active: 1
Version: 0
Name Space Provider Entry
------------------------------------------------------
Description: PNRP Name Namespace Provider
Provider ID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Name Space: 38
Active: 1
Version: 0
Name Space Provider Entry
------------------------------------------------------
Description: WindowsLive NSP
Provider ID: {4177DDE9-6028-479E-B7B7-03591A63FF3A}
Name Space: 12
Active: 1
Version: 1
Name Space Provider Entry
------------------------------------------------------
Description: WindowsLive Local NSP
Provider ID: {229F2A2C-5F18-4A06-8F89-3A372170624D}
Name Space: 19
Active: 1
Version: 1
Name Space Provider Entry
------------------------------------------------------
Description: Tcpip
Provider ID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Name Space: 12
Active: 1
Version: 0
Name Space Provider Entry
------------------------------------------------------
Description: NTDS
Provider ID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Name Space: 32
Active: 1
Version: 0
Name Space Provider Entry
------------------------------------------------------
Description: mdnsNSP
Provider ID: {B600E6E9-553B-4A19-8696-335E5C896153}
Name Space: 12
Active: 1
Version: 1

< End of report >
  • 0

Advertisements

#41
Kandi_smoove
Posted 26 June 2012 - 06:27 AM

Kandi_smoove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
finished malwarebytes here's the results.



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.26.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Smoove :: DERP-HP [administrator]

6/26/2012 4:51:43 AM
mbam-log-2012-06-26 (04-51-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208406
Time elapsed: 5 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#42
michaelg9
Posted 26 June 2012 - 03:17 PM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hi

Oops I forgot to reboot before the FSS scan should I scan again? I just rebooted.

No it's OK :)

After you run a full scan with Avast and delete anything found, do this:


Next:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    netsh winsock reset /c
    netsh int ip reset all /c

    :Commands
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • OTL may ask to reboot the machine. Please do so if asked.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date and the time of the tool run.

  • 0

#43
Kandi_smoove
Posted 26 June 2012 - 09:19 PM

Kandi_smoove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Hey after the scan it found 2 threats.

80000064.@ C:\FRST\Quarantine\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\U Win32:Atraps-PF[Trj]

and

80000064@. C:\_OLT\MovedFiles\06222012_025026\C_Windows\Installer\{1f957569-cd63-6237-8ca9-0c9e5cb16265}\U Win32:Malware-gen


I'm about to run my OLT Fix right now
  • 0

#44
Kandi_smoove
Posted 26 June 2012 - 09:54 PM

Kandi_smoove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts
Finished the fix and reboot here is the log.


========== FILES ==========
< netsh winsock reset /c >
Access is denied.
C:\Users\Smoove\Desktop\cmd.bat deleted successfully.
C:\Users\Smoove\Desktop\cmd.txt deleted successfully.
< netsh int ip reset all /c >
Reseting Interface, OK!
Restart the computer to complete this action.
C:\Users\Smoove\Desktop\cmd.bat deleted successfully.
C:\Users\Smoove\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.51.0 log created on 06262012_202027
  • 0

#45
michaelg9
Posted 27 June 2012 - 05:04 AM

michaelg9

    Trusted Helper

  • Malware Removal
  • 2,949 posts
Hello

Hmm <_< Everything is set, apart from one thing. We need to reset the winsock catalog but is giving an access denied error.

Do this:

Log in safe mode. Instructions for this here
Terminate Avast Antivirus and Comodo Firewall.
Open the Start Menu.

Click on All Programs and Accessories, then right click on Command Prompt and click on Run as administrator.
Posted Image

In the elevated command prompt, type netsh winsock reset and press Enter.
It will output if it was successful or if access was denied. Tell me what was the output
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP