Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help with Avast! Boot scan warnings: Win32: Sirefef_pl , Downloade


  • This topic is locked This topic is locked

#16
Sly_Ry

Sly_Ry

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
OTL logfile created on: 8/12/2012 9:11:25 PM - Run 4
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Harper\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.93 Gb Total Physical Memory | 6.35 Gb Available Physical Memory | 80.00% Memory free
15.87 Gb Paging File | 14.06 Gb Available in Paging File | 88.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 685.64 Gb Total Space | 573.07 Gb Free Space | 83.58% Space Free | Partition Type: NTFS
Drive D: | 5.75 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive E: | 124.33 Mb Total Space | 24.39 Mb Free Space | 19.62% Space Free | Partition Type: FAT

Computer Name: HARPER-PC | User Name: Harper | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/10 12:20:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Harper\Desktop\OTL.exe
PRC - [2012/08/03 21:48:26 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012/08/01 20:22:44 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/07/08 01:56:34 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012/07/08 01:56:25 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/07/03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/07/03 11:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/06/01 18:06:40 | 000,071,432 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
PRC - [2011/06/01 18:06:40 | 000,014,088 | ---- | M] (Memeo) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
PRC - [2011/06/01 11:16:54 | 002,260,992 | ---- | M] (Axentra Corporation) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
PRC - [2011/05/12 18:55:48 | 001,484,000 | ---- | M] (Memeo Inc.) -- C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackup.exe
PRC - [2010/12/23 21:48:02 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/09/24 11:21:20 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/07/29 20:39:24 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/01 20:22:44 | 020,316,496 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/08/01 20:22:43 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/08/01 20:22:43 | 000,900,944 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/08/01 20:22:43 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/08/01 20:22:43 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/07/10 08:58:07 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3eaec5bc57c67c3b24ca2bb281ca249d\Microsoft.VisualBasic.ni.dll
MOD - [2012/07/10 08:56:48 | 000,997,888 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\3f9dee1ce0ccb42145293a5bfcbe7205\System.Management.ni.dll
MOD - [2012/07/10 08:56:39 | 006,618,624 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\294d439cfe959b5528ca81d37d3d502f\System.Data.ni.dll
MOD - [2012/07/10 08:56:35 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\84fbf353f91385690a3e4e982aa6930e\System.Web.ni.dll
MOD - [2012/07/10 08:56:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/07/10 08:56:28 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\73baa23d28d21c7c01e334211330a84e\IAStorUtil.ni.dll
MOD - [2012/07/10 08:56:26 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/07/10 08:56:21 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/07/10 08:56:20 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b7a7f9c607e09bfa03c07b5ff3a8ae3\System.ServiceProcess.ni.dll
MOD - [2012/07/10 08:56:16 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/07/10 08:56:13 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/07/10 08:56:12 | 007,952,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/07/10 08:56:09 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\34f340b0c113f7216a55dd7c82a69cc2\Accessibility.ni.dll
MOD - [2012/07/10 08:56:08 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2011/06/01 18:11:18 | 000,030,984 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll
MOD - [2011/06/01 18:06:34 | 000,108,296 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll
MOD - [2011/06/01 11:16:54 | 000,971,776 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll
MOD - [2011/06/01 11:16:54 | 000,241,664 | ---- | M] () -- C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll
MOD - [2011/05/12 18:56:02 | 002,896,608 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackupPro\Memeo.Client.UI.dll
MOD - [2011/05/12 18:56:00 | 000,027,360 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackupPro\Memeo.Client.DriveDetection.dll
MOD - [2010/09/24 11:21:20 | 000,727,664 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010/03/22 17:59:46 | 000,504,293 | ---- | M] () -- C:\Program Files (x86)\Memeo\AutoBackupPro\sqlite3.dll
MOD - [2009/06/10 16:23:17 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/07/03 11:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/07/29 20:39:24 | 000,951,584 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:64bit: - [2010/03/05 11:26:38 | 001,425,168 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/03/05 11:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/03/05 11:06:22 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV:64bit: - [2009/11/02 13:48:18 | 000,126,352 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2012/08/02 23:41:14 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/01 22:29:31 | 000,131,912 | ---- | M] (Desura Pty Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Desura\desura_service.exe -- (Desura Install Service)
SRV - [2012/08/01 20:22:44 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/08 01:56:34 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012/07/08 01:56:25 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/01 18:06:40 | 000,014,088 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe -- (SeagateDashboardService)
SRV - [2011/05/12 18:55:46 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2010/12/23 21:48:02 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/07/01 10:10:26 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/07/01 10:10:22 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/07/03 11:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/07/03 11:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/07/03 11:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/07/03 11:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/07/03 11:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/03 11:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/03/01 01:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/13 20:46:31 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/02/13 20:46:31 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/02/13 20:46:04 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/12 07:40:50 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/11/10 20:32:20 | 000,172,632 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/08/20 14:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/08/20 09:05:18 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/07/19 20:26:42 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010/07/19 20:26:38 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010/07/19 20:26:34 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010/07/15 15:54:20 | 001,381,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/07/13 13:25:38 | 000,344,616 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010/07/12 21:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010/06/23 20:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/11 12:14:00 | 001,799,808 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AVer7231_x64.sys -- (AVer7231_x64)
DRV:64bit: - [2010/05/31 13:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2010/04/27 21:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/04/27 21:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/03/03 21:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/03/01 20:37:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/11/02 13:48:02 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009/09/17 10:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-218655182-632381778-2820857352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
IE - HKU\S-1-5-21-218655182-632381778-2820857352-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-218655182-632381778-2820857352-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-218655182-632381778-2820857352-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Harper\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Harper\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)



========== Chrome ==========

CHR - homepage: http://www.msn.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.msn.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Harper\AppData\Local\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Harper\AppData\Local\Google\Chrome\Application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Harper\AppData\Local\Google\Chrome\Application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Harper\AppData\Local\Google\Chrome\Application\21.0.1180.75\pdf.dll
CHR - plugin: AmazonMP3DownloaderPlugin (Enabled) = C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java™ Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: avast! WebRep = C:\Users\Harper\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] c:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Memeo Backup Premium] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe (Memeo Inc.)
O4 - HKLM..\Run: [Seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-218655182-632381778-2820857352-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\system32\wshbth.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\system32\wshbth.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell...r/SysProExe.CAB (WMI Class)
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} http://www.dell.com/...t/Ode/pcd86.cab (Launcher Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E42B44A6-00F8-4FF7-8DE7-92B807DEBDDB}: DhcpNameServer = 209.18.47.61 209.18.47.62
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/14 04:29:38 | 000,000,122 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{6b052b7e-573d-11e1-8153-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6b052b7e-573d-11e1-8153-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe -- [2009/07/14 04:29:38 | 000,106,760 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/12 16:02:52 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/12 12:23:38 | 001,439,703 | ---- | C] (Farbar) -- C:\Users\Harper\Desktop\FRST64.exe
[2012/08/10 20:23:35 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/08/10 12:23:47 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Harper\Desktop\aswMBR.exe
[2012/08/10 12:21:55 | 000,693,235 | ---- | C] (Farbar) -- C:\Users\Harper\Desktop\FSS.exe
[2012/08/10 12:20:29 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Harper\Desktop\OTL.exe
[2012/08/10 12:13:38 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/06 21:13:04 | 000,000,000 | ---D | C] -- C:\ProgramData\MemeoCommon
[2012/08/06 21:11:13 | 000,000,000 | ---D | C] -- C:\Users\Harper\AppData\Roaming\Seagate
[2012/08/06 21:07:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
[2012/08/06 21:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\Memeo
[2012/08/06 21:06:47 | 000,000,000 | ---D | C] -- C:\Windows\[SystemFolder]
[2012/08/06 21:06:10 | 000,000,000 | ---D | C] -- C:\Users\Harper\AppData\Roaming\Memeo
[2012/08/06 21:06:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo
[2012/08/06 21:06:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Memeo
[2012/08/06 21:06:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Memeo
[2012/08/06 21:05:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2012/08/06 21:03:50 | 000,000,000 | ---D | C] -- C:\Users\Harper\AppData\Roaming\Leadertech
[2012/08/05 01:24:04 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012/08/05 01:24:04 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012/08/05 01:24:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/08/05 01:24:02 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012/08/05 01:24:01 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012/08/05 01:24:00 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012/08/05 01:24:00 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012/08/05 01:24:00 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012/08/05 01:22:59 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012/08/05 01:22:59 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/08/05 01:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/08/05 01:22:50 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/08/05 01:07:01 | 000,000,000 | ---D | C] -- C:\Users\Harper\AppData\Roaming\Malwarebytes
[2012/08/05 01:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/05 01:06:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/05 01:06:55 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/05 01:06:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/04 23:31:16 | 000,000,000 | ---D | C] -- C:\Users\Harper\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/01 22:29:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Desura
[2012/08/01 22:28:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Desura
[2012/08/01 22:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desura
[2012/08/01 22:28:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Desura
[2012/07/27 20:17:49 | 000,000,000 | ---D | C] -- C:\Users\Harper\Desktop\New folder
[2012/07/23 11:05:37 | 000,000,000 | ---D | C] -- C:\Users\Harper\AppData\Roaming\NVIDIA
[2012/07/23 11:02:55 | 000,000,000 | ---D | C] -- C:\Users\Harper\Documents\Square Enix
[2012/07/23 01:35:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012/07/23 01:35:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2012/07/23 00:09:59 | 000,000,000 | ---D | C] -- C:\Users\Harper\AppData\Roaming\runic games
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/12 21:16:37 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/12 21:16:37 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/12 21:09:55 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/12 21:09:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/12 21:09:06 | 2094,301,183 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/12 17:59:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/12 17:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/12 17:40:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-218655182-632381778-2820857352-1000UA.job
[2012/08/12 17:14:43 | 000,779,092 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/12 17:14:43 | 000,660,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/12 17:14:43 | 000,121,426 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/12 12:24:44 | 001,439,703 | ---- | M] (Farbar) -- C:\Users\Harper\Desktop\FRST64.exe
[2012/08/11 23:40:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-218655182-632381778-2820857352-1000Core.job
[2012/08/10 12:37:59 | 000,000,512 | ---- | M] () -- C:\Users\Harper\Desktop\MBR.dat
[2012/08/10 12:24:34 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Harper\Desktop\aswMBR.exe
[2012/08/10 12:22:02 | 000,693,235 | ---- | M] (Farbar) -- C:\Users\Harper\Desktop\FSS.exe
[2012/08/10 12:20:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Harper\Desktop\OTL.exe
[2012/08/10 04:33:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012/08/09 18:41:00 | 000,002,459 | ---- | M] () -- C:\Users\Harper\Desktop\Google Chrome.lnk
[2012/08/06 21:07:21 | 000,001,283 | ---- | M] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2012/08/05 01:24:04 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/05 01:16:36 | 000,016,160 | ---- | M] () -- C:\Users\Harper\Documents\REG AUGUST 2012- cc_20120805_011542.reg
[2012/08/05 01:01:56 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/05 00:02:48 | 000,796,678 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/16 20:39:48 | 000,275,824 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/10 12:37:59 | 000,000,512 | ---- | C] () -- C:\Users\Harper\Desktop\MBR.dat
[2012/08/06 21:07:21 | 000,001,283 | ---- | C] () -- C:\Users\Public\Desktop\Seagate Dashboard.lnk
[2012/08/05 01:24:04 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/08/05 01:24:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012/08/05 01:16:09 | 000,016,160 | ---- | C] () -- C:\Users\Harper\Documents\REG AUGUST 2012- cc_20120805_011542.reg
[2012/08/05 00:03:04 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/08/04 23:31:18 | 000,002,459 | ---- | C] () -- C:\Users\Harper\Desktop\Google Chrome.lnk
[2012/08/04 23:30:40 | 000,000,912 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-218655182-632381778-2820857352-1000UA.job
[2012/08/04 23:30:38 | 000,000,860 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-218655182-632381778-2820857352-1000Core.job
[2012/07/08 01:58:10 | 000,796,678 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/08 01:56:26 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/07/08 01:56:25 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/07/08 01:56:24 | 003,130,440 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_blr.exe
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_89001461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_49001461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_33011461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_ca.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2B071461_8a.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A0F1461_ca.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_ca.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_2A071461_8a.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_14001461_61.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_13011461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_ca.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_110F1461_8a.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_11071461_8a.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_ca.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0B071461_8a.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A0F1461_ca.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_ca.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A071461_8a.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_ca.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A031461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_ca.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_0A011461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_09001461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_08071461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_060F1461_ca.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_06071461_8a.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_03011461_8a.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_02011461_8a.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_ca.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_010F1461_8a.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_aa.bin
[2012/02/13 20:40:17 | 000,000,502 | ---- | C] () -- C:\Windows\11317231_01071461_8a.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_ca.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_aa.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_A3031461_8a.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_ca.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_aa.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_83231461_8a.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_07031461_aa.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_ca.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_aa.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03231461_8a.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03131461_8a.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_03031461_aa.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_ca.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_aa.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_02031461_8a.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_aa.bin
[2012/02/13 20:40:17 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_00000000_8a.bin
[2012/02/13 20:40:17 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_890F1461_ca.bin
[2012/02/13 20:40:17 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_2B0f1461_ca.bin
[2012/02/13 20:40:17 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_29001461_ca.bin
[2012/02/13 20:40:17 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_0B0f1461_ca.bin
[2012/02/13 20:40:17 | 000,000,434 | ---- | C] () -- C:\Windows\11317231_090F1461_ca.bin
[2012/02/13 20:40:17 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_180F1461_ca.bin
[2012/02/13 20:40:17 | 000,000,412 | ---- | C] () -- C:\Windows\11317231_18071461_aa.bin
[2012/02/13 20:40:17 | 000,000,376 | ---- | C] () -- C:\Windows\11317231_03131461_aa.bin

========== LOP Check ==========

[2012/06/28 00:55:38 | 000,000,000 | ---D | M] -- C:\Users\Harper\AppData\Roaming\Amazon
[2012/06/15 21:52:05 | 000,000,000 | ---D | M] -- C:\Users\Harper\AppData\Roaming\Babylon
[2012/08/06 21:03:50 | 000,000,000 | ---D | M] -- C:\Users\Harper\AppData\Roaming\Leadertech
[2012/08/07 18:40:24 | 000,000,000 | ---D | M] -- C:\Users\Harper\AppData\Roaming\Memeo
[2012/05/19 20:29:38 | 000,000,000 | ---D | M] -- C:\Users\Harper\AppData\Roaming\PCDr
[2012/07/23 00:09:59 | 000,000,000 | ---D | M] -- C:\Users\Harper\AppData\Roaming\runic games
[2012/08/06 21:11:13 | 000,000,000 | ---D | M] -- C:\Users\Harper\AppData\Roaming\Seagate
[2012/07/24 10:22:34 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: SERVICES.EXE >
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=014A9CB92514E27C0107614DF764BC06 -- C:\FRST\Quarantine\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009/07/13 20:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

< End of report >
  • 0

Advertisements


#17
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Please download Farbar Service Scanner and run it on the computer.
Posted Image
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


  • 0

#18
Sly_Ry

Sly_Ry

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Farbar Service Scanner Version: 06-08-2012
Ran by Harper (administrator) on 13-08-2012 at 12:20:15
Running from "C:\Users\Harper\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open bfe registry key. The service key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wuauserv registry key. The service key does not exist.

BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open BITS registry key. The service key does not exist.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to open SharedAccess registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 21:01] - [2011-12-27 22:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 18:32] - [2012-03-30 06:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-12 19:01] - [2012-04-24 00:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#19
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Please, check if Windows Update is working.

NEXT

Download the following regfiles and run.
THEN
Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Files
    Net Start mpsdrv /c
    Net Start MpsSvc /c
    Net Start bfe /c
    Net Start wscsvc /c
    Net Start wuauserv /c
    Net Start WinDefend /c
    Net Start SharedAccess /c
    Net Start BITS /c
    
    :Commands
    [CREATERESTOREPOINT]
    [EMPTYTEMP]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
FINALLY

Run Farbar Service Scanner again and post the log (FSS.txt)
  • 0

#20
Sly_Ry

Sly_Ry

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
All processes killed
========== FILES ==========
< Net Start mpsdrv /c >
The Windows Firewall Authorization Driver service was started successfully.
C:\Users\Harper\Desktop\cmd.bat deleted successfully.
C:\Users\Harper\Desktop\cmd.txt deleted successfully.
< Net Start MpsSvc /c >
C:\Users\Harper\Desktop\cmd.bat deleted successfully.
C:\Users\Harper\Desktop\cmd.txt deleted successfully.
< Net Start bfe /c >
C:\Users\Harper\Desktop\cmd.bat deleted successfully.
C:\Users\Harper\Desktop\cmd.txt deleted successfully.
< Net Start wscsvc /c >
C:\Users\Harper\Desktop\cmd.bat deleted successfully.
C:\Users\Harper\Desktop\cmd.txt deleted successfully.
< Net Start wuauserv /c >
C:\Users\Harper\Desktop\cmd.bat deleted successfully.
C:\Users\Harper\Desktop\cmd.txt deleted successfully.
< Net Start WinDefend /c >
C:\Users\Harper\Desktop\cmd.bat deleted successfully.
C:\Users\Harper\Desktop\cmd.txt deleted successfully.
< Net Start SharedAccess /c >
C:\Users\Harper\Desktop\cmd.bat deleted successfully.
C:\Users\Harper\Desktop\cmd.txt deleted successfully.
< Net Start BITS /c >
C:\Users\Harper\Desktop\cmd.bat deleted successfully.
C:\Users\Harper\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Harper
->Temp folder emptied: 14706406 bytes
->Temporary Internet Files folder emptied: 317948484 bytes
->Java cache emptied: 407484 bytes
->Google Chrome cache emptied: 51074195 bytes
->Flash cache emptied: 20079 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14331259 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 99084 bytes

Total Files Cleaned = 380.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08132012_195508

Files\Folders moved on Reboot...
C:\Users\Harper\AppData\Local\Temp\{4D8E9191-0555-408B-A2F8-E2785F21E459}\fpb.tmp moved successfully.
C:\Users\Harper\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Harper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\56AOP66X\fastbutton[8].htm moved successfully.
C:\Users\Harper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\56AOP66X\page__st__15[1].htm moved successfully.
C:\Users\Harper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Harper\AppData\Local\Temp\{4D8E9191-0555-408B-A2F8-E2785F21E459}\fpb.tmp not found!
File C:\Users\Harper\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Harper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\56AOP66X\fastbutton[8].htm not found!
File C:\Users\Harper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\56AOP66X\page__st__15[1].htm not found!
File C:\Users\Harper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!
[2012/08/13 20:00:00 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...




Farbar Service Scanner Version: 06-08-2012
Ran by Harper (administrator) on 13-08-2012 at 20:02:47
Running from "C:\Users\Harper\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 21:01] - [2011-12-27 22:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 18:32] - [2012-03-30 06:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-12 19:01] - [2012-04-24 00:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#21
Sly_Ry

Sly_Ry

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Windows Update services weren't working until after I followed the registry instructions with OTL and then FSS. Now, it's asking to install 2 new updates. Should I?
  • 0

#22
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts

Should I?

No problem but wait until we finish.

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :Files
    Net Stop MpsSvc /c
    Net Start MpsSvc /c
    Net Stop bfe /c
    Net Start bfe /c
    
    :Commands
    [CREATERESTOREPOINT]
    [EMPTYTEMP]
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

NEXT

Run Farbar Service Scanner again and post the log (FSS.txt)
  • 0

#23
Sly_Ry

Sly_Ry

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
All processes killed
========== FILES ==========
< Net Stop MpsSvc /c >
C:\Users\Harper\Desktop\cmd.bat deleted successfully.
C:\Users\Harper\Desktop\cmd.txt deleted successfully.
< Net Start MpsSvc /c >
C:\Users\Harper\Desktop\cmd.bat deleted successfully.
C:\Users\Harper\Desktop\cmd.txt deleted successfully.
< Net Stop bfe /c >
C:\Users\Harper\Desktop\cmd.bat deleted successfully.
C:\Users\Harper\Desktop\cmd.txt deleted successfully.
< Net Start bfe /c >
The Base Filtering Engine service is starting.
C:\Users\Harper\Desktop\cmd.bat deleted successfully.
C:\Users\Harper\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Harper
->Temp folder emptied: 559757 bytes
->Temporary Internet Files folder emptied: 127416746 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2129 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5708 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 122.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08142012_121315

Files\Folders moved on Reboot...
C:\Users\Harper\AppData\Local\Temp\{8B314375-BB5E-45C8-B590-4537BDC07F04}\fpb.tmp moved successfully.
C:\Users\Harper\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Harper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2B7532KH\fastbutton[7].htm moved successfully.
C:\Users\Harper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
File C:\Users\Harper\AppData\Local\Temp\{8B314375-BB5E-45C8-B590-4537BDC07F04}\fpb.tmp not found!
File C:\Users\Harper\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Harper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\2B7532KH\fastbutton[7].htm not found!
File C:\Users\Harper\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT not found!
[2012/08/14 12:17:28 | 000,000,000 | ---- | M] () C:\Windows\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...



Farbar Service Scanner Version: 06-08-2012
Ran by Harper (administrator) on 14-08-2012 at 12:19:29
Running from "C:\Users\Harper\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 21:01] - [2011-12-27 22:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 18:32] - [2012-03-30 06:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-12 19:01] - [2012-04-24 00:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#24
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Download Windows Repair (all in one) from this site

Install the program then run

Posted Image

Go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab click start
Posted Image

Select the following items and tick restart system when finished
Posted Image

NEXT

Run Farbar Service Scanner and post the log (FSS.txt)
  • 0

#25
Sly_Ry

Sly_Ry

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Sorry it took me so long to respond this time. I'm working from 1pm - 11pm US Central this week so I have to respond around those times :/ Anyway thank you for your help so far!


Farbar Service Scanner Version: 06-08-2012
Ran by Harper (administrator) on 15-08-2012 at 00:33:22
Running from "C:\Users\Harper\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 21:01] - [2011-12-27 22:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 18:32] - [2012-03-30 06:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 19:09] - [2009-07-13 20:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 18:36] - [2009-07-13 20:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-06-12 19:01] - [2012-04-24 00:59] - 0182272 ____A (Microsoft Corporation) F02786B66375292E58C8777082D4396D

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

Advertisements


#26
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

How is your computer?

Run ESET Online Scan

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#27
Sly_Ry

Sly_Ry

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Computer is doing very well! No sign's of the infections that I can see. I haven't run any new Avast scans since we started. Just following your instructions.

I have noticed Internet Explorer can run slower and crashes webpages in tabs very often: "Internet Explorer Has Stopped Working" "The Webpage Cannot be Restored" etc. Probably not a big deal. I'm not sure if a CCleaner scan or update can fix but it wasn't doing this before the recent fixes. Other than that it's running great! Thanks!

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-16 07:20:24
# local_time=2012-08-16 02:20:24 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=5893 16776573 100 94 0 96641219 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=209467
# found=1
# cleaned=1
# scan_time=3667
C:\_OTL\MovedFiles\08102012_121338\C_Windows\Installer\{81797575-4c4d-ed00-3382-fd1e9655e904}\U\[email protected] Win64/Agent.BA trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Edited by Sly_Ry, 16 August 2012 - 01:25 AM.

  • 0

#28
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts

I have noticed Internet Explorer can run slower and crashes webpages in tabs very often: "Internet Explorer Has Stopped Working" "The Webpage Cannot be Restored" etc. Probably not a big deal. I'm not sure if a CCleaner scan or update can fix but it wasn't doing this before the recent fixes

Ok, do the steps below and tell me if the IE problem is solved.

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean

The following will implement some cleanup procedures as well as reset System Restore points:

Remove OTL

Run OTL and hit the Posted Image cleanup button. It will remove all the programmes we have used plus itself.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • (If you use Windows 7/Vista)
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

  • (If you use Windows XP)
  • Go to Start > All Programs > Acessories > System Tools > System Restore.
  • Select the option Create a restore point and click in Next.
  • Type in a name i.e. Clean
  • Select Create

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place??

Keep safe.


  • 0

#29
Sly_Ry

Sly_Ry

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Thank you so much! I am very grateful for all your help and the time you spent :)

If I notice anything in the next day or so I will let you know. So far it's running great. I downloaded and updated those programs and will have them running as well for future safety.

Again, thank you for all your help Whitehat and take care!
  • 0

#30
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP