Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help with Avast! Boot scan warnings: Win32: Sirefef_pl , Downloade


  • This topic is locked This topic is locked

#1
Sly_Ry

Sly_Ry

    Member

  • Member
  • PipPip
  • 16 posts
Hello,

My name's Ryan. I use my computer for internet browsing, purchasing, music, pictures, and games via Steam. About a week ago I noticed Internet pop-ups for alternative search engines when clicking Google or Bing links. Initially installed Microsoft Security Essentials but was caught in perpetual rebooting. Deleted that program after downloading Avast and Malware Bytes Anti-Malware trials and ran scans with both of those programs. It solved the constant rebooting issue.

I ran a bootscan with Avast twice this week. More infections showed up the second time. My Avast Chest includes:

[email protected], [email protected], [email protected], [email protected], [email protected], [email protected] C:\Windows\Installer\{81797575-4c4d-ed00-3382-fd1e9655e904}\U

[email protected] infected by Win32: Downloader-PKU [Trj]
[email protected] infected by Win32: BitCoinMiner-U [PUP]
[email protected] infected by Win32: Malware-Gen
ha\hd.class C:\Users\Harper\AppData\LocalLow\Sun\Deployment\cache\6.0\50\5303fa32-1cab5b23 infected by Java:CVE-2012-1723-BA [Expl]
qyujiv C:\Users\Harper\AppData\LocalLow\Sun\Deployment\cache\6.0\12\5e4df4c-23052e2a infected by Win32: FakeAV-DTL [Trj]

There was at one point a Windows\Assembly\GAC_64\desktop.ini infected by Win32:Sirefef_pl but I haven't seen that return.
Also, I've seen ZeroRootKit as well.

I only repaired a few Java issues on bootscan but all others I ignored because it asked if I was sure if I wanted to move Windows folder's into chest. They would not repair, and I wasn't sure. So I ignored them.

I have Avast running constantly collecting alerts and moving issues into the chest. I haven't purchased anything or used Steam since this issue happened.

I backed up my files on an external hard drive to prepare for a reinstall of Windows 7. Is it that bad to do? There seems to be big warnings about it I'm not sure why. Wouldn't it wipe everything clean for good and then I just throw everything back from the external HD? I want no traces of these infections. But I also have a refurbished Dell XPS 15 laptop that only came with a Windows 7 installer disc and a preloaded hard drive (my second one unfortunately) from the manufacturer. I was told to not take programs over to external hard drive. Would they disappear on reinstall? Is Windows 7 different with this? I'm interested in doing a reinstall or hearing more about it if the issue can't be resolved.

Thank you so much in advance for your time with this. OTL Log:


OTL logfile created on: 8/10/2012 10:53:48 AM - Run 3
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Harper\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 5.87 Gb Available Physical Memory | 74.00% Memory free
15.87 Gb Paging File | 13.61 Gb Available in Paging File | 85.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.64 Gb Total Space | 573.83 Gb Free Space | 83.69% Space Free | Partition Type: NTFS

Computer Name: HARPER-PC | User Name: Harper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/10 10:46:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Harper\Desktop\OTL.exe
PRC - [2012/08/03 21:48:26 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/08/01 20:22:44 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/07/08 01:56:34 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012/07/08 01:56:25 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 11:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/01 18:06:40 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 18:06:40 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 11:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2010/12/23 21:48:02 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/09/24 11:21:20 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/07/29 20:39:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/07/01 10:10:26 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2010/07/01 10:10:22 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/01 20:22:44 | 020,316,496 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/08/01 20:22:43 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/08/01 20:22:43 | 000,900,944 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/08/01 20:22:43 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/08/01 20:22:43 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/07/10 08:56:35 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll
MOD - [2012/07/10 08:56:30 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b68fdf2c95b93fc5006a092c11eed07c\WindowsBase.ni.dll
MOD - [2012/07/10 08:56:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/07/10 08:56:28 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\73baa23d28d21c7c01e334211330a84e\IAStorUtil.ni.dll
MOD - [2012/07/10 08:56:26 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/07/10 08:56:21 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/07/10 08:56:20 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b7a7f9c607e09bfa03c07b5ff3a8ae3\System.ServiceProcess.ni.dll
MOD - [2012/07/10 08:56:16 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/07/10 08:56:13 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/07/10 08:56:12 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/07/10 08:56:09 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\34f340b0c113f7216a55dd7c82a69cc2\Accessibility.ni.dll
MOD - [2012/07/10 08:56:08 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2011/06/01 18:11:18 | 000,030,984 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/06/01 18:06:34 | 000,108,296 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/06/01 11:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2011/06/01 11:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2010/09/24 11:21:20 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2009/07/13 20:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/07/29 20:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/03/05 11:26:38 | 001,425,168 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/03/05 11:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/03/05 11:06:22 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/11/02 13:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2012/08/02 23:41:14 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/01 22:29:31 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2012/08/01 20:22:44 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/08 01:56:34 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012/07/08 01:56:25 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/01 18:06:40 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/05/12 18:55:46 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/12/23 21:48:02 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/07/01 10:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/07/01 10:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/03 11:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 11:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 11:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 11:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 11:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 11:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/13 20:46:31 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/02/13 20:46:31 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/02/13 20:46:04 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/12 07:40:50 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/11/10 20:32:20 | 000,172,632 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/08/20 14:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/08/20 09:05:18 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/07/19 20:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/19 20:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/19 20:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/15 15:54:20 | 001,381,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/07/13 13:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/07/12 21:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010/06/23 20:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/11 12:14:00 | 001,799,808 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer7231_x64.sys -- (AVer7231_x64)
DRV:64bit: - [2010/05/31 13:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010/04/27 21:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/27 21:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/03/03 21:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/01 20:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/11/02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 10:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00058946b7bcc1d
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Harper\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Harper\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)



========== Chrome ==========

CHR - homepage: http://www.msn.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.msn.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Harper\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Harper\AppData\Local\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Harper\AppData\Local\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Harper\AppData\Local\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: avast! WebRep = C:\Users\Harper\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Backup Premium] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/...t/Ode/pcd86.cab (Launcher Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E42B44A6-00F8-4FF7-8DE7-92B807DEBDDB}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/10 10:46:53 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Harper\Desktop\OTL.exe
[2012/08/06 21:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\MemeoCommon
[2012/08/06 21:11:13 | 000,000,000 | ---D | C] -- C:\Users\Harper\AppData\Roaming\Seagate
[2012/08/06 21:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
[2012/08/06 21:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\Memeo
[2012/08/06 21:06:47 | 000,000,000 | ---D | C] -- C:\Windows\[SystemFolder]
[2012/08/06 21:06:10 | 000,000,000 | ---D | C] -- C:\Users\Harper\AppData\Roaming\Memeo
[2012/08/06 21:06:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
[2012/08/06 21:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Memeo
[2012/08/06 21:06:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Memeo
[2012/08/06 21:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2012/08/06 21:03:50 | 000,000,000 | ---D | C] -- C:\Users\Harper\AppData\Roaming\Leadertech
[2012/08/05 01:24:04 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/05 01:24:04 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/05 01:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/05 01:24:02 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/05 01:24:01 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/05 01:24:00 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/05 01:24:00 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/05 01:24:00 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/05 01:22:59 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/05 01:22:59 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/05 01:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/08/05 01:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/05 01:07:01 | 000,000,000 | ---D | C] -- C:\Users\Harper\AppData\Roaming\Malwarebytes
[2012/08/05 01:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/05 01:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/05 01:06:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/05 01:06:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/04 23:31:16 | 000,000,000 | ---D | C] -- C:\Users\Harper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/03 10:49:12 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/08/01 22:29:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Desura
[2012/08/01 22:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Desura
[2012/08/01 22:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desura
[2012/08/01 22:28:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Desura
[2012/07/27 20:17:49 | 000,000,000 | ---D | C] -- C:\Users\Harper\Desktop\New folder
[2012/07/23 11:05:37 | 000,000,000 | ---D | C] -- C:\Users\Harper\AppData\Roaming\NVIDIA
[2012/07/23 11:02:55 | 000,000,000 | ---D | C] -- C:\Users\Harper\Documents\Square Enix
[2012/07/23 01:35:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012/07/23 01:35:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2012/07/23 00:09:59 | 000,000,000 | ---D | C] -- C:\Users\Harper\AppData\Roaming\runic games
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/10 10:46:59 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Harper\Desktop\OTL.exe
[2012/08/10 10:42:45 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/10 10:42:45 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/10 10:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/10 10:40:18 | 000,779,092 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/10 10:40:18 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/10 10:40:18 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/10 10:40:02 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-218655182-632381778-2820857352-1000UA.job
[2012/08/10 10:35:40 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/10 10:35:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/10 10:35:05 | 2094,301,183 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/10 04:33:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/10 03:59:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/10 03:29:10 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-218655182-632381778-2820857352-1000Core.job
[2012/08/09 18:41:00 | 000,002,459 | ---- | M] () -- C:\Users\Harper\Desktop\Google Chrome.lnk
[2012/08/06 21:07:21 | 000,001,283 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2012/08/05 01:24:04 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/05 01:16:36 | 000,016,160 | ---- | M] () -- C:\Users\Harper\Documents\REG AUGUST 2012- cc_20120805_011542.reg
[2012/08/05 01:01:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/05 00:02:48 | 000,796,678 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/16 20:39:48 | 000,275,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/10 06:13:47 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{81797575-4c4d-ed00-3382-fd1e9655e904}\U\[email protected]
[2012/08/06 21:07:21 | 000,001,283 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2012/08/05 01:24:04 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/05 01:24:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/08/05 01:16:09 | 000,016,160 | ---- | C] () -- C:\Users\Harper\Documents\REG AUGUST 2012- cc_20120805_011542.reg
[2012/08/05 00:03:04 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/08/04 23:31:18 | 000,002,459 | ---- | C] () -- C:\Users\Harper\Desktop\Google Chrome.lnk
[2012/08/04 23:30:40 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-218655182-632381778-2820857352-1000UA.job
[2012/08/04 23:30:38 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-218655182-632381778-2820857352-1000Core.job
[2012/08/03 10:43:45 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{81797575-4c4d-ed00-3382-fd1e9655e904}\L\[email protected]
[2012/07/08 01:58:10 | 000,796,678 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/08 01:56:26 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/08 01:56:25 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/08 01:56:24 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/02/15 21:00:58 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{81797575-4c4d-ed00-3382-fd1e9655e904}\@
[2012/02/15 21:00:58 | 000,002,048 | -HS- | C] () -- C:\Users\Harper\AppData\Local\{81797575-4c4d-ed00-3382-fd1e9655e904}\@
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_89001461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_49001461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_33011461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_ca.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_8a.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A0F1461_ca.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_ca.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_8a.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_ca.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_8a.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A0F1461_ca.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_ca.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_8a.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_ca.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_ca.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_ca.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_aa.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_8a.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_ca.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_aa.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_8a.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin
[2012/02/13 20:40:17 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_890F1461_ca.bin
[2012/02/13 20:40:17 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_2B0f1461_ca.bin
[2012/02/13 20:40:17 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_29001461_ca.bin
[2012/02/13 20:40:17 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_0B0f1461_ca.bin
[2012/02/13 20:40:17 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin
[2012/02/13 20:40:17 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin
[2012/02/13 20:40:17 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin
[2012/02/13 20:40:17 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin

========== LOP Check ==========

[2012/06/28 00:55:38 | 000,000,000 | ---D | M] -- C:\Users\Harper\AppData\Roaming\Amazon
[2012/06/15 21:52:05 | 000,000,000 | ---D | M] -- C:\Users\Harper\AppData\Roaming\Babylon
[2012/08/06 21:03:50 | 000,000,000 | ---D | M] -- C:\Users\Harper\AppData\Roaming\Leadertech
[2012/08/07 18:40:24 | 000,000,000 | ---D | M] -- C:\Users\Harper\AppData\Roaming\Memeo
[2012/05/19 20:29:38 | 000,000,000 | ---D | M] -- C:\Users\Harper\AppData\Roaming\PCDr
[2012/07/23 00:09:59 | 000,000,000 | ---D | M] -- C:\Users\Harper\AppData\Roaming\runic games
[2012/08/06 21:11:13 | 000,000,000 | ---D | M] -- C:\Users\Harper\AppData\Roaming\Seagate
[2012/07/24 10:22:34 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by Sly_Ry, 10 August 2012 - 10:41 AM.

  • 0

Advertisements


#2
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hello Sly_Ry and welcome to GeeksToGo :)

My nickname is WhiteHat and I'm going to help you fix your problem.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please do not try to fix anything without being asked
  • I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread.
  • Do not put your logs inside <Quote> and/or <Code> *important*
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • Lastly, Please be aware that removing Malware is a hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. Some infections are so severe that we might encounter situations where the only recourse is to re-format and re-install your operating system. Don't worry, this only happens in severe cases, but, sadly, it does happen.
    In light of this be prepared to back up your data. Have means of backing up your data available.

In order to be notified when your topic has been replied to:

Click My Settings at the top of the page. An Option page will open. In the left hand column click Notification Options. On the new page that opens under the Notification Preferences section click Watch every topic I reply to and set the notification type to Immediate Notification.

Is it that bad to do?

Yes, Zero Access is a pretty bad infection.

Would they disappear on reinstall?

Yes. They will disappear on reinstall.

# Step 1 #
Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :OTL
    IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...00058946b7bcc1d
    [2012/08/03 10:49:12 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    
    :Files
    C:\Windows\Installer\{81797575-4c4d-ed00-3382-fd1e9655e904}
    C:\Users\Harper\AppData\Local\{81797575-4c4d-ed00-3382-fd1e9655e904}
    
    :Commands
    [CREATERESTOREPOINT]
    [REBOOT]
    
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

# Step 2 #
Please download Farbar Service Scanner and run it on the computer.
Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
# Step 3 #
Download aswMBR.exe ( 4.8mb ) to your desktop.

Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Sly_Ry

Sly_Ry

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Hey Whitehat, thank you for your quick response!

Here are the logs:


========== OTL ==========
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
C:\Windows\SysWow64\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
C:\Windows\SysWow64\%APPDATA%\Microsoft\Windows folder moved successfully.
C:\Windows\SysWow64\%APPDATA%\Microsoft folder moved successfully.
C:\Windows\SysWow64\%APPDATA% folder moved successfully.
========== FILES ==========
C:\Windows\Installer\{81797575-4c4d-ed00-3382-fd1e9655e904}\U folder moved successfully.
C:\Windows\Installer\{81797575-4c4d-ed00-3382-fd1e9655e904}\L folder moved successfully.
C:\Windows\Installer\{81797575-4c4d-ed00-3382-fd1e9655e904} folder moved successfully.
C:\Users\Harper\AppData\Local\{81797575-4c4d-ed00-3382-fd1e9655e904}\U folder moved successfully.
C:\Users\Harper\AppData\Local\{81797575-4c4d-ed00-3382-fd1e9655e904}\L folder moved successfully.
C:\Users\Harper\AppData\Local\{81797575-4c4d-ed00-3382-fd1e9655e904} folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.56.0 log created on 08102012_121338





Farbar Service Scanner Version: 06-08-2012
Ran by Harper (administrator) on 10-08-2012 at 12:22:18
Running from "C:\Users\Harper\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 21:01] - [2011-12-27 22:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 18:32] - [2012-03-30 06:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-12 19:01] - [2012-04-24 00:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-10 12:24:37
-----------------------------
12:24:37.043 OS Version: Windows x64 6.1.7600
12:24:37.043 Number of processors: 8 586 0x1E05
12:24:37.045 ComputerName: HARPER-PC UserName: Harper
12:24:39.941 Initialize success
12:24:40.331 AVAST engine defs: 12081000
12:24:45.364 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:24:45.370 Disk 0 Vendor: ST975042 0002 Size: 715404MB BusType: 3
12:24:45.753 Disk 0 MBR read successfully
12:24:45.760 Disk 0 MBR scan
12:24:45.768 Disk 0 Windows VISTA default MBR code
12:24:45.777 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
12:24:45.794 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 13268 MB offset 81920
12:24:45.811 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 702092 MB offset 27254784
12:24:45.844 Disk 0 scanning C:\Windows\system32\drivers
12:24:59.222 Service scanning
12:25:18.692 Modules scanning
12:25:18.711 Disk 0 trace - called modules:
12:25:18.812 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys iaStor.sys hal.dll
12:25:18.825 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007e53060]
12:25:19.054 3 CLASSPNP.SYS[fffff88001b9c43f] -> nt!IofCallDriver -> [0xfffffa8007ca4cb0]
12:25:19.067 5 stdcfltn.sys[fffff880017dfc52] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006cd2050]
12:25:22.789 AVAST engine scan C:\Windows
12:25:37.387 AVAST engine scan C:\Windows\system32
12:27:04.127 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
12:27:06.233 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
12:27:50.308 AVAST engine scan C:\Windows\system32\drivers
12:28:01.608 AVAST engine scan C:\Users\Harper
12:35:49.788 AVAST engine scan C:\ProgramData
12:36:36.277 Scan finished successfully
12:37:59.848 Disk 0 MBR has been saved successfully to "C:\Users\Harper\Desktop\MBR.dat"
12:37:59.857 The log file has been saved successfully to "C:\Users\Harper\Desktop\aswMBR.txt"
  • 0

#4
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Do you have the Windows 7 DVD?

I need to know if you have the Recovery Console in your computer. To see this, follow these steps:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • See if the option Repair your computer exist:
    Posted Image

  • 0

#5
Sly_Ry

Sly_Ry

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Yes I have the Windows 7 DVD.

Unfortunately I can't open Advanced Boot Options via F8. I have only two options F2 Setup and F12 Boot Options but neither show me that screen, just diagnostics screen. They've always been there too with no Safe Mode option. I've tried every which way to Fn/tap/hold/fast/slow with F8 and it doesn't seem to respond. I tried going into msconfig boot options and change some settings but that didn't work. I'll keep trying but so far nothing can get me to that screen :/ Am I missing something?

EDIT: I googled and read that changing msconfig settings might send me into a Safe Mode loop that I can't get out of. So I'll just wait for you.

Edited by Sly_Ry, 10 August 2012 - 09:12 PM.

  • 0

#6
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts

EDIT: I googled and read that changing msconfig settings might send me into a Safe Mode loop that I can't get out of. So I'll just wait for you.

Just for me understand. What you did was select the Safe boot option in msconfig?
Posted Image
  • 0

#7
Sly_Ry

Sly_Ry

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Yep that's exactly the screen I went to. I'm trying it again in case I did something wrong...

Edited by Sly_Ry, 11 August 2012 - 08:55 PM.

  • 0

#8
Sly_Ry

Sly_Ry

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
EDIT: I got it! I went into msconfig, clicked Safe Boot minimal, was still unable to get F8 to work, so I went back to msconfig to go back to normal boot up. When I pressed F8 on the next restart it worked. I pressed Enter on Repair Your Computer but then just clicked restart at the next screen to wait for the next step...
  • 0

#9
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
  • 0

#10
Sly_Ry

Sly_Ry

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Scan result of Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 12-08-2012 13:02:57
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2247976 2010-07-15] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6539880 2010-11-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 [2181224 2010-11-03] (Realtek Semiconductor)
HKLM\...\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start [312936 2010-12-23] (NVIDIA Corporation)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel® Corporation)
HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [3206816 2010-08-04] (Dell Inc.)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [727664 2010-09-24] ()
HKLM-x32\...\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)
HKLM-x32\...\Run: [Memeo Backup Premium] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe --silent --no_ui [136416 2011-05-12] (Memeo Inc.)
HKLM-x32\...\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent [144608 2011-05-12] (Memeo Inc.)
HKLM-x32\...\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui [79112 2011-06-01] ()
HKU\Harper\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1353080 2012-08-03] (Valve Corporation)
HKU\Harper\...\Run: [Google Update] "C:\Users\Harper\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-08-04] (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)

==================== Services (Whitelisted) ======

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 MemeoBackgroundService; C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [25824 2011-05-12] (Memeo)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-07-07] ()
2 PnkBstrB; C:\Windows\SysWow64\PnkBstrB.exe [189248 2012-07-07] ()
2 UNS; "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe" [2533400 2010-07-01] (Intel Corporation)

========================== Drivers (Whitelisted) =============

2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-07-03] (AVAST Software)
2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [71064 2012-07-03] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-07-03] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [958400 2012-07-03] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [355856 2012-07-03] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-07-03] (AVAST Software)
3 AVer7231_x64; C:\Windows\System32\Drivers\AVer7231_x64.sys [1799808 2010-06-11] (AVerMedia TECHNOLOGIES, Inc.)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] ()
1 judaugcr; \??\C:\Windows\system32\drivers\judaugcr.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-12 13:02 - 2012-08-12 13:02 - 00000000 ____D C:\FRST
2012-08-12 09:23 - 2012-08-12 09:24 - 01439703 ____A (Farbar) C:\Users\Harper\Desktop\FRST64.exe
2012-08-11 21:24 - 2012-08-11 21:24 - 00000638 ____A C:\Windows\PFRO.log
2012-08-10 17:23 - 2012-08-11 13:02 - 00000000 ____D C:\Windows\pss
2012-08-10 09:37 - 2012-08-10 09:37 - 00002199 ____A C:\Users\Harper\Desktop\aswMBR.txt
2012-08-10 09:37 - 2012-08-10 09:37 - 00000512 ____A C:\Users\Harper\Desktop\MBR.dat
2012-08-10 09:23 - 2012-08-10 09:24 - 04731392 ____A (AVAST Software) C:\Users\Harper\Desktop\aswMBR.exe
2012-08-10 09:22 - 2012-08-10 09:22 - 00005389 ____A C:\Users\Harper\Desktop\FSS.txt
2012-08-10 09:21 - 2012-08-10 09:22 - 00693235 ____A (Farbar) C:\Users\Harper\Desktop\FSS.exe
2012-08-10 09:20 - 2012-08-10 09:20 - 00596480 ____A (OldTimer Tools) C:\Users\Harper\Downloads\OTL (1).exe
2012-08-10 09:20 - 2012-08-10 09:20 - 00596480 ____A (OldTimer Tools) C:\Users\Harper\Desktop\OTL.exe
2012-08-10 09:13 - 2012-08-10 09:13 - 00000000 ____D C:\_OTL
2012-08-10 07:51 - 2012-08-10 07:56 - 00096170 ____A C:\Users\Harper\Desktop\OTL.Txt
2012-08-09 17:00 - 2012-08-09 17:00 - 00035548 ____A C:\Users\Harper\Downloads\Extras.Txt
2012-08-09 16:51 - 2012-08-09 16:51 - 00596480 ____A (OldTimer Tools) C:\Users\Harper\Downloads\OTL.exe
2012-08-06 18:13 - 2012-08-06 18:13 - 00000000 ____D C:\Users\All Users\MemeoCommon
2012-08-06 18:11 - 2012-08-06 18:11 - 00000000 ____D C:\Users\Harper\AppData\Roaming\Seagate
2012-08-06 18:07 - 2012-08-06 18:07 - 00001283 ____A C:\Users\Public\Desktop\Seagate Dashboard.lnk
2012-08-06 18:06 - 2012-08-07 15:40 - 00000000 ____D C:\Users\Harper\AppData\Roaming\Memeo
2012-08-06 18:06 - 2012-08-06 18:07 - 00000000 ____D C:\Program Files (x86)\Memeo
2012-08-06 18:06 - 2012-08-06 18:06 - 00000000 ____D C:\Windows\[SystemFolder]
2012-08-06 18:06 - 2012-08-06 18:06 - 00000000 ____D C:\Program Files\Memeo
2012-08-06 18:05 - 2012-08-06 18:05 - 00000000 ____D C:\Program Files (x86)\Seagate
2012-08-06 18:03 - 2012-08-06 18:03 - 00000000 ____D C:\Users\Harper\AppData\Roaming\Leadertech
2012-08-06 17:58 - 2012-08-06 17:58 - 00001071 ____A C:\Windows\WindowsUpdate.log
2012-08-05 00:01 - 2012-08-12 09:47 - 00003528 ____A C:\Windows\setupact.log
2012-08-05 00:01 - 2012-08-05 00:01 - 00000000 ____A C:\Windows\setuperr.log
2012-08-04 22:24 - 2012-08-10 01:33 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-08-04 22:24 - 2012-08-04 22:24 - 00001924 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-08-04 22:24 - 2012-07-03 08:21 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-08-04 22:24 - 2012-07-03 08:21 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-08-04 22:24 - 2012-07-03 08:21 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-08-04 22:24 - 2012-07-03 08:21 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-08-04 22:24 - 2012-07-03 08:21 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-08-04 22:24 - 2012-07-03 08:21 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-08-04 22:24 - 2012-07-03 08:21 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-08-04 22:22 - 2012-08-04 22:22 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-08-04 22:22 - 2012-08-04 22:22 - 00000000 ____D C:\Program Files\AVAST Software
2012-08-04 22:22 - 2012-07-03 08:21 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-08-04 22:22 - 2012-07-03 08:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-08-04 22:20 - 2012-08-04 22:22 - 89340632 ____A C:\Users\Harper\Downloads\avast_free_antivirus_setup.exe
2012-08-04 22:16 - 2012-08-04 22:16 - 00016160 ____A C:\Users\Harper\Documents\REG AUGUST 2012- cc_20120805_011542.reg
2012-08-04 22:07 - 2012-08-04 22:07 - 00000000 ____D C:\Users\Harper\AppData\Roaming\Malwarebytes
2012-08-04 22:06 - 2012-08-04 22:06 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Harper\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-04 22:06 - 2012-08-04 22:06 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-04 22:06 - 2012-08-04 22:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-04 22:06 - 2012-07-03 10:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-04 21:58 - 2012-08-04 21:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3CC5FC484099936C
2012-08-04 21:54 - 2012-08-04 21:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D6DB60E2F04889DF
2012-08-04 21:48 - 2012-08-04 21:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4496F0D6AAF62816
2012-08-04 21:34 - 2012-08-04 21:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C1B4CFA0D2898AD7
2012-08-04 21:31 - 2012-08-04 21:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.57D9919D7803B7C9
2012-08-04 21:28 - 2012-08-04 21:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CB3989A15EA6EDF8
2012-08-04 21:25 - 2012-08-04 21:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C2BAE204594AC9B3
2012-08-04 21:22 - 2012-08-04 21:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D499747628E69C93
2012-08-04 21:18 - 2012-08-04 21:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0ECAE4AB9B8DA063
2012-08-04 21:15 - 2012-08-04 21:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.492864AA046A07CB
2012-08-04 21:09 - 2012-08-04 21:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F10044C53CA095E
2012-08-04 21:03 - 2012-08-04 22:01 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-04 20:31 - 2012-08-09 15:41 - 00002459 ____A C:\Users\Harper\Desktop\Google Chrome.lnk
2012-08-04 20:30 - 2012-08-12 09:40 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-218655182-632381778-2820857352-1000UA.job
2012-08-04 20:30 - 2012-08-11 20:40 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-218655182-632381778-2820857352-1000Core.job
2012-08-04 20:30 - 2012-08-04 20:30 - 00739840 ____A (Google Inc.) C:\Users\Harper\Downloads\ChromeSetup.exe
2012-08-01 19:28 - 2012-08-02 17:35 - 00000000 ____D C:\Program Files (x86)\Desura
2012-08-01 19:28 - 2012-08-01 19:28 - 01252424 ____A C:\Users\Harper\Downloads\DesuraInstaller.exe
2012-08-01 19:28 - 2012-08-01 19:28 - 00000000 ____D C:\Users\All Users\Desura
2012-07-27 17:17 - 2012-08-04 22:11 - 00000000 ____D C:\Users\Harper\Desktop\New folder
2012-07-25 20:55 - 2012-07-25 22:14 - 00000000 ____D C:\Users\Harper\Downloads\Just Cause 2 MODS
2012-07-23 08:05 - 2012-07-23 08:05 - 00000000 ____D C:\Users\Harper\AppData\Roaming\NVIDIA
2012-07-23 08:02 - 2012-07-23 08:02 - 00000000 ____D C:\Users\Harper\Documents\Square Enix
2012-07-22 22:39 - 2010-06-02 01:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2012-07-22 22:39 - 2010-06-02 01:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll
2012-07-22 22:39 - 2010-06-02 01:55 - 00239960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2012-07-22 22:39 - 2010-06-02 01:55 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_7.dll
2012-07-22 22:39 - 2010-06-02 01:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll
2012-07-22 22:39 - 2010-06-02 01:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2012-07-22 22:39 - 2010-05-26 08:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll
2012-07-22 22:39 - 2010-05-26 08:41 - 02401112 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_43.dll
2012-07-22 22:39 - 2010-05-26 08:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2012-07-22 22:39 - 2010-05-26 08:41 - 01998168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2012-07-22 22:39 - 2010-05-26 08:41 - 01907552 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_43.dll
2012-07-22 22:39 - 2010-05-26 08:41 - 01868128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2012-07-22 22:39 - 2010-05-26 08:41 - 00511328 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_43.dll
2012-07-22 22:39 - 2010-05-26 08:41 - 00470880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2012-07-22 22:39 - 2010-05-26 08:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll
2012-07-22 22:39 - 2010-05-26 08:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2012-07-22 22:39 - 2010-02-04 07:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll
2012-07-22 22:39 - 2010-02-04 07:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2012-07-22 22:39 - 2010-02-04 07:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2012-07-22 22:39 - 2010-02-04 07:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll
2012-07-22 22:39 - 2010-02-04 07:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll
2012-07-22 22:39 - 2010-02-04 07:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2012-07-22 22:39 - 2010-02-04 07:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll
2012-07-22 22:39 - 2010-02-04 07:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2012-07-22 22:39 - 2009-09-04 14:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll
2012-07-22 22:39 - 2009-09-04 14:44 - 00515416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2012-07-22 22:39 - 2009-09-04 14:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2012-07-22 22:39 - 2009-09-04 14:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll
2012-07-22 22:39 - 2009-09-04 14:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll
2012-07-22 22:39 - 2009-09-04 14:44 - 00069464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2012-07-22 22:39 - 2009-09-04 14:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll
2012-07-22 22:39 - 2009-09-04 14:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2012-07-22 22:39 - 2009-09-04 14:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll
2012-07-22 22:39 - 2009-09-04 14:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll
2012-07-22 22:39 - 2009-09-04 14:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2012-07-22 22:39 - 2009-09-04 14:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2012-07-22 22:39 - 2009-09-04 14:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll
2012-07-22 22:39 - 2009-09-04 14:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2012-07-22 22:39 - 2009-09-04 14:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll
2012-07-22 22:39 - 2009-09-04 14:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2012-07-22 22:38 - 2008-10-27 07:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll
2012-07-22 22:38 - 2008-10-27 07:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2012-07-22 22:38 - 2008-10-27 07:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2012-07-22 22:38 - 2008-10-27 07:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll
2012-07-22 22:38 - 2008-10-27 07:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll
2012-07-22 22:38 - 2008-10-27 07:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2012-07-22 22:38 - 2008-10-27 07:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll
2012-07-22 22:38 - 2008-10-27 07:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2012-07-22 22:38 - 2008-07-31 07:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2012-07-22 22:38 - 2008-07-31 07:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll
2012-07-22 22:38 - 2008-07-31 07:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll
2012-07-22 22:38 - 2008-07-31 07:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2012-07-22 22:38 - 2008-07-31 07:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll
2012-07-22 22:38 - 2008-07-31 07:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2012-07-22 22:35 - 2012-07-22 22:39 - 00000000 ____D C:\Windows\SysWOW64\directx
2012-07-22 22:35 - 2012-07-22 22:38 - 00000000 ___HD C:\Windows\msdownld.tmp
2012-07-22 22:35 - 2012-07-22 22:35 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2012-07-22 21:09 - 2012-07-22 21:09 - 00000000 ____D C:\Users\Harper\AppData\Roaming\runic games
2012-07-22 21:09 - 2009-03-16 11:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll
2012-07-22 21:09 - 2009-03-16 11:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2012-07-22 21:09 - 2009-03-16 11:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2012-07-22 21:09 - 2009-03-16 11:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll
2012-07-22 21:09 - 2009-03-16 11:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll
2012-07-22 21:09 - 2009-03-16 11:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2012-07-22 21:09 - 2009-03-09 12:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll
2012-07-22 21:09 - 2009-03-09 12:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2012-07-22 21:09 - 2009-03-09 12:27 - 02430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll
2012-07-22 21:09 - 2009-03-09 12:27 - 01846632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2012-07-22 21:09 - 2009-03-09 12:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll
2012-07-22 21:09 - 2009-03-09 12:27 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2012-07-22 21:09 - 2008-10-15 03:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2012-07-22 21:09 - 2008-10-15 03:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2012-07-22 21:09 - 2008-10-15 03:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2012-07-22 21:09 - 2008-10-15 03:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2012-07-22 21:09 - 2008-10-15 03:22 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2012-07-22 21:09 - 2008-10-15 03:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2012-07-22 21:09 - 2008-07-10 08:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2012-07-22 21:09 - 2008-07-10 08:00 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll
2012-07-22 21:09 - 2008-07-10 08:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2012-07-22 21:09 - 2008-07-10 08:00 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll
2012-07-22 21:09 - 2008-07-10 08:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2012-07-22 21:09 - 2008-07-10 08:00 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll
2012-07-22 21:09 - 2008-05-30 11:19 - 00511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll
2012-07-22 21:09 - 2008-05-30 11:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2012-07-22 21:09 - 2008-05-30 11:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2012-07-22 21:09 - 2008-05-30 11:18 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll
2012-07-22 21:09 - 2008-05-30 11:17 - 00068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll
2012-07-22 21:09 - 2008-05-30 11:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2012-07-22 21:09 - 2008-05-30 11:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2012-07-22 21:09 - 2008-05-30 11:16 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll
2012-07-22 21:09 - 2008-05-30 11:11 - 04991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll
2012-07-22 21:09 - 2008-05-30 11:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2012-07-22 21:09 - 2008-05-30 11:11 - 01941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll
2012-07-22 21:09 - 2008-05-30 11:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2012-07-22 21:09 - 2008-05-30 11:11 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll
2012-07-22 21:09 - 2008-05-30 11:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2012-07-22 21:09 - 2008-03-05 13:04 - 00489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll
2012-07-22 21:09 - 2008-03-05 13:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2012-07-22 21:09 - 2008-03-05 13:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2012-07-22 21:09 - 2008-03-05 13:03 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll
2012-07-22 21:09 - 2008-03-05 13:00 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll
2012-07-22 21:09 - 2008-03-05 13:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2012-07-22 21:09 - 2008-03-05 12:56 - 04910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll
2012-07-22 21:09 - 2008-03-05 12:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2012-07-22 21:09 - 2008-03-05 12:56 - 01860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll
2012-07-22 21:09 - 2008-03-05 12:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2012-07-22 21:09 - 2008-02-05 20:07 - 00529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll
2012-07-22 21:09 - 2008-02-05 20:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2012-07-22 21:09 - 2007-10-22 00:40 - 00411656 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll
2012-07-22 21:09 - 2007-10-22 00:39 - 00267272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2012-07-22 21:09 - 2007-10-22 00:37 - 00021000 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll
2012-07-22 21:09 - 2007-10-22 00:37 - 00017928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2012-07-22 21:09 - 2007-10-12 12:14 - 05081608 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll
2012-07-22 21:09 - 2007-10-12 12:14 - 03734536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2012-07-22 21:09 - 2007-10-12 12:14 - 02006552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll
2012-07-22 21:09 - 2007-10-12 12:14 - 01374232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2012-07-22 21:09 - 2007-10-02 06:56 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll
2012-07-22 21:09 - 2007-10-02 06:56 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2012-07-22 21:09 - 2007-07-19 21:57 - 00411496 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll
2012-07-22 21:09 - 2007-07-19 21:57 - 00267112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2012-07-22 21:09 - 2007-07-19 15:14 - 05073256 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll
2012-07-22 21:09 - 2007-07-19 15:14 - 03727720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2012-07-22 21:09 - 2007-07-19 15:14 - 01985904 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll
2012-07-22 21:09 - 2007-07-19 15:14 - 01358192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2012-07-22 21:09 - 2007-07-19 15:14 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll
2012-07-22 21:09 - 2007-07-19 15:14 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2012-07-22 21:09 - 2007-06-20 17:49 - 00409960 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll
2012-07-22 21:09 - 2007-06-20 17:46 - 00266088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2012-07-22 21:09 - 2007-05-16 13:45 - 04496232 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll
2012-07-22 21:09 - 2007-05-16 13:45 - 03497832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2012-07-22 21:09 - 2007-05-16 13:45 - 01401200 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll
2012-07-22 21:09 - 2007-05-16 13:45 - 01124720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2012-07-22 21:09 - 2007-05-16 13:45 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll
2012-07-22 21:09 - 2007-05-16 13:45 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2012-07-22 21:09 - 2007-04-04 15:55 - 00403304 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll
2012-07-22 21:09 - 2007-04-04 15:55 - 00261480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2012-07-22 21:09 - 2007-04-04 15:54 - 00107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll
2012-07-22 21:09 - 2007-04-04 15:53 - 00081768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2012-07-22 21:09 - 2007-03-15 13:57 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll
2012-07-22 21:09 - 2007-03-15 13:57 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2012-07-22 21:09 - 2007-03-12 13:42 - 04494184 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll
2012-07-22 21:09 - 2007-03-12 13:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2012-07-22 21:09 - 2007-03-12 13:42 - 01400176 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll
2012-07-22 21:09 - 2007-03-12 13:42 - 01123696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2012-07-22 21:09 - 2007-03-05 09:42 - 00017688 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll
2012-07-22 21:09 - 2007-03-05 09:42 - 00015128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2012-07-22 21:09 - 2007-01-24 12:27 - 00393576 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll
2012-07-22 21:09 - 2007-01-24 12:27 - 00255848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2012-07-22 21:09 - 2006-12-08 09:02 - 00251672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2012-07-22 21:09 - 2006-12-08 09:00 - 00390424 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll
2012-07-22 21:09 - 2006-11-29 10:06 - 04398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll
2012-07-22 21:09 - 2006-11-29 10:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2012-07-22 21:09 - 2006-11-29 10:06 - 00469264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10.dll
2012-07-22 21:09 - 2006-11-29 10:06 - 00440080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2012-07-22 21:09 - 2006-09-28 13:05 - 03977496 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll
2012-07-22 21:09 - 2006-09-28 13:05 - 02414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2012-07-22 21:09 - 2006-09-28 13:05 - 00237848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2012-07-22 21:09 - 2006-09-28 13:04 - 00364824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll
2012-07-22 21:09 - 2006-07-28 06:31 - 00083736 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll
2012-07-22 21:09 - 2006-07-28 06:30 - 00363288 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll
2012-07-22 21:09 - 2006-07-28 06:30 - 00236824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2012-07-22 21:09 - 2006-07-28 06:30 - 00062744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2012-07-22 21:09 - 2006-05-31 04:24 - 00230168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2012-07-22 21:09 - 2006-05-31 04:22 - 00354072 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll
2012-07-22 21:09 - 2006-03-31 09:41 - 03927248 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll
2012-07-22 21:09 - 2006-03-31 09:40 - 02388176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2012-07-22 21:09 - 2006-03-31 09:40 - 00352464 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll
2012-07-22 21:09 - 2006-03-31 09:39 - 00229584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2012-07-22 21:09 - 2006-03-31 09:39 - 00083664 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll
2012-07-22 21:09 - 2006-03-31 09:39 - 00062672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2012-07-22 21:09 - 2006-02-03 05:42 - 00355536 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll
2012-07-22 21:09 - 2006-02-03 05:42 - 00230096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2012-07-22 21:09 - 2006-02-03 05:41 - 00016592 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll
2012-07-22 21:09 - 2006-02-03 05:41 - 00014032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2012-07-22 21:08 - 2006-02-03 05:43 - 03830992 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll
2012-07-22 21:08 - 2006-02-03 05:43 - 02332368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2012-07-22 21:08 - 2005-12-05 15:09 - 03815120 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll
2012-07-22 21:08 - 2005-12-05 15:09 - 02323664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2012-07-22 21:08 - 2005-07-22 16:59 - 03807440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll
2012-07-22 21:08 - 2005-07-22 16:59 - 02319568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2012-07-22 21:08 - 2005-05-26 12:34 - 03767504 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll
2012-07-22 21:08 - 2005-05-26 12:34 - 02297552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2012-07-22 21:08 - 2005-03-18 14:19 - 03823312 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll
2012-07-22 21:08 - 2005-03-18 14:19 - 02337488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2012-07-22 21:08 - 2005-02-05 16:45 - 03544272 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll
2012-07-22 21:08 - 2005-02-05 16:45 - 02222800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll

============ 3 Months Modified Files ========================

2012-08-12 09:47 - 2012-08-05 00:01 - 00003528 ____A C:\Windows\setupact.log
2012-08-12 09:47 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-12 09:44 - 2009-07-13 21:13 - 00779092 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-12 09:41 - 2012-04-04 17:56 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-12 09:40 - 2012-08-04 20:30 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-218655182-632381778-2820857352-1000UA.job
2012-08-12 09:24 - 2012-08-12 09:23 - 01439703 ____A (Farbar) C:\Users\Harper\Desktop\FRST64.exe
2012-08-12 08:59 - 2012-04-22 16:44 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-12 07:04 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-12 07:04 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-12 06:58 - 2012-04-22 16:44 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-11 21:24 - 2012-08-11 21:24 - 00000638 ____A C:\Windows\PFRO.log
2012-08-11 20:40 - 2012-08-04 20:30 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-218655182-632381778-2820857352-1000Core.job
2012-08-10 09:37 - 2012-08-10 09:37 - 00002199 ____A C:\Users\Harper\Desktop\aswMBR.txt
2012-08-10 09:37 - 2012-08-10 09:37 - 00000512 ____A C:\Users\Harper\Desktop\MBR.dat
2012-08-10 09:24 - 2012-08-10 09:23 - 04731392 ____A (AVAST Software) C:\Users\Harper\Desktop\aswMBR.exe
2012-08-10 09:22 - 2012-08-10 09:22 - 00005389 ____A C:\Users\Harper\Desktop\FSS.txt
2012-08-10 09:22 - 2012-08-10 09:21 - 00693235 ____A (Farbar) C:\Users\Harper\Desktop\FSS.exe
2012-08-10 09:20 - 2012-08-10 09:20 - 00596480 ____A (OldTimer Tools) C:\Users\Harper\Downloads\OTL (1).exe
2012-08-10 09:20 - 2012-08-10 09:20 - 00596480 ____A (OldTimer Tools) C:\Users\Harper\Desktop\OTL.exe
2012-08-10 07:56 - 2012-08-10 07:51 - 00096170 ____A C:\Users\Harper\Desktop\OTL.Txt
2012-08-10 01:33 - 2012-08-04 22:24 - 00000000 ____A C:\Windows\SysWOW64\config.nt
2012-08-09 17:00 - 2012-08-09 17:00 - 00035548 ____A C:\Users\Harper\Downloads\Extras.Txt
2012-08-09 16:51 - 2012-08-09 16:51 - 00596480 ____A (OldTimer Tools) C:\Users\Harper\Downloads\OTL.exe
2012-08-09 15:41 - 2012-08-04 20:31 - 00002459 ____A C:\Users\Harper\Desktop\Google Chrome.lnk
2012-08-06 18:07 - 2012-08-06 18:07 - 00001283 ____A C:\Users\Public\Desktop\Seagate Dashboard.lnk
2012-08-06 17:58 - 2012-08-06 17:58 - 00001071 ____A C:\Windows\WindowsUpdate.log
2012-08-05 00:01 - 2012-08-05 00:01 - 00000000 ____A C:\Windows\setuperr.log
2012-08-04 22:24 - 2012-08-04 22:24 - 00001924 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-08-04 22:22 - 2012-08-04 22:20 - 89340632 ____A C:\Users\Harper\Downloads\avast_free_antivirus_setup.exe
2012-08-04 22:16 - 2012-08-04 22:16 - 00016160 ____A C:\Users\Harper\Documents\REG AUGUST 2012- cc_20120805_011542.reg
2012-08-04 22:06 - 2012-08-04 22:06 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Harper\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-04 22:01 - 2012-08-04 21:03 - 00001945 ____A C:\Windows\epplauncher.mif
2012-08-04 21:58 - 2012-08-04 21:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3CC5FC484099936C
2012-08-04 21:54 - 2012-08-04 21:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D6DB60E2F04889DF
2012-08-04 21:48 - 2012-08-04 21:48 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4496F0D6AAF62816
2012-08-04 21:34 - 2012-08-04 21:34 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C1B4CFA0D2898AD7
2012-08-04 21:31 - 2012-08-04 21:31 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.57D9919D7803B7C9
2012-08-04 21:28 - 2012-08-04 21:28 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.CB3989A15EA6EDF8
2012-08-04 21:25 - 2012-08-04 21:25 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C2BAE204594AC9B3
2012-08-04 21:22 - 2012-08-04 21:22 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D499747628E69C93
2012-08-04 21:18 - 2012-08-04 21:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0ECAE4AB9B8DA063
2012-08-04 21:15 - 2012-08-04 21:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.492864AA046A07CB
2012-08-04 21:09 - 2012-08-04 21:09 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1F10044C53CA095E
2012-08-04 21:02 - 2012-07-07 22:58 - 00796678 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-08-04 20:30 - 2012-08-04 20:30 - 00739840 ____A (Google Inc.) C:\Users\Harper\Downloads\ChromeSetup.exe
2012-08-02 20:41 - 2012-04-04 17:56 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-02 20:41 - 2012-02-14 09:23 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-01 19:28 - 2012-08-01 19:28 - 01252424 ____A C:\Users\Harper\Downloads\DesuraInstaller.exe
2012-07-24 07:22 - 2009-07-13 21:08 - 00032640 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-16 17:39 - 2009-07-13 20:45 - 00275824 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-07 22:56 - 2012-07-07 22:56 - 00189248 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2012-07-07 22:56 - 2012-07-07 22:56 - 00189248 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2012-07-07 22:56 - 2012-07-07 22:56 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe
2012-07-07 22:27 - 2012-07-07 22:56 - 03130440 ____A C:\Windows\SysWOW64\pbsvc_blr.exe
2012-07-03 10:46 - 2012-08-04 22:06 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-03 08:21 - 2012-08-04 22:24 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-03 08:21 - 2012-08-04 22:24 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-03 08:21 - 2012-08-04 22:24 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 08:21 - 2012-08-04 22:24 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-07-03 08:21 - 2012-08-04 22:24 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-07-03 08:21 - 2012-08-04 22:24 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-07-03 08:21 - 2012-08-04 22:24 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-07-03 08:21 - 2012-08-04 22:22 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe
2012-07-03 08:21 - 2012-08-04 22:22 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-06-27 21:55 - 2012-06-27 21:55 - 00002213 ____A C:\Users\Public\Desktop\Amazon Cloud Player.lnk
2012-06-27 21:54 - 2012-06-27 21:54 - 01637016 ____A C:\Users\Harper\Downloads\AmazonMP3DownloaderInstall.exe
2012-06-17 18:51 - 2012-06-17 18:51 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-06-17 18:51 - 2012-06-17 18:51 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-06-15 18:52 - 2012-06-15 18:52 - 00001531 ____A C:\user.js
2012-06-11 19:02 - 2012-07-11 21:45 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-10 18:51 - 2012-06-10 18:51 - 00001598 ____A C:\Users\Public\Desktop\Divine Divinity.lnk
2012-06-08 21:30 - 2012-07-11 19:23 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:46 - 2012-07-11 19:23 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-08 10:05 - 2012-02-14 09:42 - 00058376 ____A C:\Users\Harper\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-07 20:04 - 2012-06-07 20:04 - 03742480 ____A (GOG.com ) C:\Users\Harper\Downloads\Setup_Downloader_3.0.51.exe
2012-06-05 21:50 - 2012-07-11 19:23 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:50 - 2012-07-11 19:23 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:09 - 2012-07-11 19:23 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:09 - 2012-07-11 19:23 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-02 14:19 - 2012-06-08 15:37 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-08 15:37 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-08 15:37 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-08 15:37 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-08 15:37 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-08 15:37 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-08 15:37 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-08 15:37 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-08 15:37 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-11 21:43 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 21:43 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 21:43 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 21:43 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 21:43 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 21:43 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 21:43 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 21:43 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 21:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 21:43 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 21:43 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 21:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 21:43 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 21:43 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 21:43 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 21:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 21:43 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 21:43 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 21:43 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 21:43 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 21:43 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 21:43 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 21:43 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 21:43 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 21:43 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 21:43 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 21:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 21:43 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:38 - 2012-07-11 19:23 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:38 - 2012-07-11 19:23 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:37 - 2012-07-11 19:23 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:27 - 2012-07-11 19:23 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:27 - 2012-07-11 19:23 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:48 - 2012-07-11 19:23 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:48 - 2012-07-11 19:23 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:47 - 2012-07-11 19:23 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:42 - 2012-07-11 19:23 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 09:25 - 2012-02-14 17:00 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-19 17:46 - 2012-05-19 17:46 - 01732960 ____A C:\Users\Harper\Documents\DELL_SUPPORT-CENTER-3-0_A01_R289543.exe
2012-05-19 17:22 - 2012-05-19 17:22 - 01711840 ____A C:\Users\Harper\Documents\R277344.exe


ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 12%
Total physical RAM: 8124.38 MB
Available physical RAM: 7125.92 MB
Total Pagefile: 8122.53 MB
Available Pagefile: 7126.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:685.64 GB) (Free:573.42 GB) NTFS
2 Drive e: (WIN_7_HOMEPREMIUM) (CDROM) (Total:5.75 GB) (Free:0 GB) UDF
3 Drive f: () (Removable) (Total:0.12 GB) (Free:0.02 GB) FAT
4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
5 Drive y: (RECOVERY) (Fixed) (Total:12.96 GB) (Free:8.54 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 3072 KB
Disk 1 Online 124 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 12 GB 40 MB
Partition 3 Primary 685 GB 12 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 FAT Partition 39 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 12 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 685 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 124 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FAT Removable 124 MB Healthy

==================================================================================

Last Boot: 2012-08-07 17:02

======================= End Of Log ==========================
  • 0

Advertisements


#11
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Restart your computer and enter in System Recovery Options.

Posted Image

Select the Command Prompt option and run FRST (Farbar Recovery Scan Tool).

In the Farbar Recovery Scan Tool.
  • Type the following in the edit box after "Search:" Services.exe
  • Click the Search button
  • It will make a log (Search.txt)
Post the Search.txt log in your next reply.
  • 0

#12
Sly_Ry

Sly_Ry

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 2012-08-12 16:41:44
Running from F:\

================== Search: "Services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======
  • 0

#13
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste.
  • Save it on the flashdrive as fixlist.txt
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7

Now please enter System Recovery Options and select Command prompt
Posted Image

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt) please post it in your next reply.
  • 0

#14
Sly_Ry

Sly_Ry

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012
Ran by SYSTEM at 2012-08-12 17:08:55 Run:1
Running from F:\

==============================================

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====
  • 0

#15
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
  • Run OTL
  • Select All Users
  • Copy the lines under the Code.
    /md5start
    services.exe
    /md5stop
  • Back to the program and paste the text in red in the text box "Custom Scan / Fixes"
  • Click on Quick Scan button
  • The examination takes a while, be patient.
  • Copy the entire contents of the log OTL.txt and post in your next reply

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP