Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Started with Live Security Platinum and now can't run Firewall or


  • This topic is locked This topic is locked

#16
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
  • Run the OTL.exe. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad windows contains OTL.Txt. This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post him in your topic


  • 0

Advertisements


#17
thirstyscholar

thirstyscholar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
OTL Quick Scan:

OTL logfile created on: 8/13/2012 2:42:48 PM - Run 4
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Matt\Documents
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 2.28 Gb Available Physical Memory | 60.70% Memory free
7.50 Gb Paging File | 5.81 Gb Available in Paging File | 77.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 913.83 Gb Total Space | 829.98 Gb Free Space | 90.82% Space Free | Partition Type: NTFS

Computer Name: BRATT | User Name: Matt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\Users\Matt\My Documents\OTL.exe
PRC - [2012/08/13 14:05:36 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/30 18:01:02 | 003,075,920 | ---- | M] (Emsisoft GmbH) -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
PRC - [2012/07/12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/07/12 18:32:18 | 018,832,264 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Ad-Aware Antivirus\Adaware.exe
PRC - [2012/05/24 14:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2011/10/21 05:09:36 | 000,198,032 | ---- | M] (Lavasoft) -- C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
PRC - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/22 13:02:16 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/02/22 13:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/02/18 19:21:22 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011/01/31 16:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/01/26 20:48:52 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011/01/18 21:08:08 | 000,620,136 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/10/29 19:43:54 | 001,167,360 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtWLan.exe
PRC - [2010/09/27 22:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
PRC - [2010/09/17 19:10:16 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/09/17 19:10:02 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/05/04 15:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/04/16 20:10:58 | 000,036,864 | ---- | M] (Realtek) -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe
PRC - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/09/25 14:57:38 | 000,245,248 | ---- | M] () -- C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
PRC - [2009/08/12 18:20:28 | 000,615,720 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/13 14:05:36 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/02/22 13:01:38 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/02/22 13:01:38 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011/01/26 20:48:38 | 000,237,160 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011/01/18 21:08:08 | 000,620,136 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2011/01/18 21:08:04 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2009/09/25 14:57:38 | 000,245,248 | ---- | M] () -- C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/31 16:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/08/10 19:01:06 | 000,206,880 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2009/08/10 19:01:04 | 000,626,208 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV - [2012/08/13 14:05:36 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/03 13:50:36 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/02 06:55:58 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/30 18:01:02 | 003,075,920 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2012/07/12 18:32:22 | 001,239,952 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Running] -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2011/08/25 18:53:00 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2011/03/02 00:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 13:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/01/26 20:48:52 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/27 21:09:54 | 000,172,912 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/06/01 18:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/05/04 15:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/04/16 20:10:58 | 000,036,864 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files (x86)\Realtek\11n USB Wireless LAN Utility\RtlService.exe -- (Realtek11nCU)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/08 09:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/08/12 18:20:28 | 000,615,720 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/19 12:44:24 | 000,060,536 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sbhips.sys -- (sbhips)
DRV:64bit: - [2011/11/29 06:59:46 | 000,074,872 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\sbapifs.sys -- (sbapifs)
DRV:64bit: - [2011/10/26 14:23:36 | 000,057,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\sbredrv.sys -- (SBRE)
DRV:64bit: - [2011/04/13 05:27:35 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/04/13 05:27:35 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/04/13 05:27:35 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/09/17 06:16:38 | 000,823,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192cu.sys -- (RTL8192cu)
DRV:64bit: - [2010/06/21 05:56:20 | 000,027,240 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtlss.sys -- (rtlss)
DRV:64bit: - [2009/08/12 18:07:02 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2009/07/30 05:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/04/30 18:45:28 | 000,066,320 | ---- | M] (Emsisoft GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2accx64.sys -- (a2acc)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/05/19 14:10:34 | 000,023,208 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys -- (A2DDA)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2806936779-1468336107-667646960-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKU\S-1-5-21-2806936779-1468336107-667646960-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2806936779-1468336107-667646960-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2806936779-1468336107-667646960-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 A7 48 82 66 75 CD 01 [binary data]
IE - HKU\S-1-5-21-2806936779-1468336107-667646960-1001\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2806936779-1468336107-667646960-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2806936779-1468336107-667646960-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7GGIH_en
IE - HKU\S-1-5-21-2806936779-1468336107-667646960-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/13 14:05:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{285C746A-E158-11E1-8270-B8AC6F996F26}: C:\Users\Matt\AppData\Local\{285C746A-E158-11E1-8270-B8AC6F996F26}\

[2012/04/15 20:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2012/08/02 21:46:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\6camowp7.default\extensions
[2012/04/20 09:35:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\6camowp7.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/04/20 09:35:40 | 000,000,000 | ---D | M] (MouseZoom) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\6camowp7.default\extensions\{28FAD68E-4001-48d5-B994-68069F7CFB1D}
[2012/04/20 09:35:41 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\6camowp7.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2012/06/28 22:49:56 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\6camowp7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012/08/02 21:46:07 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\6camowp7.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012/04/15 19:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/05/05 10:04:56 | 000,002,964 | ---- | M] () (No name found) -- C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6CAMOWP7.DEFAULT\EXTENSIONS\{D618933B-9EB4-1C04-949D-0F9B1A39EBB9}.XPI
[2012/06/25 17:24:23 | 000,637,327 | ---- | M] () (No name found) -- C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6CAMOWP7.DEFAULT\EXTENSIONS\[email protected]
[2012/04/20 15:38:32 | 000,258,434 | ---- | M] () (No name found) -- C:\USERS\MATT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6CAMOWP7.DEFAULT\EXTENSIONS\[email protected]
[2012/08/13 14:05:37 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/13 14:05:34 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/13 14:05:34 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = c:\program files (x86)\google\chrome\application\21.0.1180.75\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = c:\program files (x86)\google\chrome\application\21.0.1180.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = c:\program files (x86)\google\chrome\application\21.0.1180.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = c:\program files (x86)\google\chrome\application\21.0.1180.75\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Java™ Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Google Search = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
CHR - Extension: Gmail = C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/28 01:42:59 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [emsisoft anti-malware] C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe (Microsoft)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2806936779-1468336107-667646960-1001..\Run: [mcbuvate] rundll32 "C:\windows\system32\InfDSTAT64.dll",CreateProcessNotify File not found
O4 - HKU\S-1-5-21-2806936779-1468336107-667646960-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKU\S-1-5-21-2806936779-1468336107-667646960-1001..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Matt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\newchecklist.ahk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2806936779-1468336107-667646960-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2806936779-1468336107-667646960-1001\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{870409B4-C5B2-4B01-8D2C-8BCAD7BE3500}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/13 14:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/08/13 14:05:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/08/13 13:53:21 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matt\Desktop\tdsskiller(1).exe
[2012/08/12 21:06:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/12 10:19:11 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\ApplicationHistory
[2012/08/12 10:15:44 | 000,000,000 | ---D | C] -- C:\MGtools
[2012/08/12 09:22:49 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\RK_Quarantine
[2012/08/11 12:06:46 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Skype
[2012/08/11 12:06:28 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2012/08/11 09:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2012/08/11 07:56:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/08/11 07:56:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/08/11 07:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/08/10 21:45:28 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\adaware
[2012/08/10 21:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection
[2012/08/10 21:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus
[2012/08/10 21:45:20 | 000,060,536 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\sbhips.sys
[2012/08/10 21:45:19 | 000,057,976 | ---- | C] (GFI Software) -- C:\windows\SysNative\drivers\sbredrv.sys
[2012/08/10 21:45:19 | 000,045,936 | ---- | C] (GFI Software) -- C:\windows\SysNative\sbbd.exe
[2012/08/10 21:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/08/10 21:45:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/08/10 21:44:01 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Ad-Aware Antivirus
[2012/08/10 21:18:55 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\WildTangent
[2012/08/10 19:07:04 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\texstudio
[2012/08/10 16:20:11 | 000,000,000 | ---D | C] -- C:\Users\Matt\Desktop\GooredFix Backups
[2012/08/09 14:35:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeXstudio
[2012/08/09 14:35:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeXstudio
[2012/08/09 11:39:36 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Documents\OTL.exe
[2012/08/09 09:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2012/08/09 09:19:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012/08/08 20:16:17 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\Anti-Malware
[2012/08/08 17:38:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/08/08 17:38:29 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/08/08 17:38:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/08/08 09:29:29 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Malwarebytes
[2012/08/08 09:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/08 09:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/08 09:29:21 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012/08/08 09:29:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/08 09:15:50 | 000,457,632 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Matt\FixExec64.com
[2012/08/08 09:15:44 | 000,883,616 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Matt\FixExec.com
[2012/08/08 08:59:26 | 000,000,000 | -HSD | C] -- C:\windows\SysNative\%APPDATA%
[2012/08/02 07:52:04 | 000,000,000 | ---D | C] -- C:\Users\Matt\.pdfsam
[2012/08/02 07:40:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfsam
[2012/08/02 07:40:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Split And Merge
[2012/07/30 12:01:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Citrix
[2012/07/28 21:34:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\2012_07_28
[2012/07/28 21:31:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2012/07/28 21:27:15 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Canon
[2012/07/28 21:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon CanoScan LiDE 200 User Registration
[2012/07/28 21:23:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2012/07/28 21:22:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon CanoScan LiDE 200 Manual
[2012/07/28 21:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan LiDE 200
[2012/07/28 21:22:42 | 000,000,000 | -H-D | C] -- C:\windows\SysNative\CanonIJ Uninstaller Information
[2012/07/28 21:22:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2012/07/20 15:11:32 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Genstein
[2012/07/20 15:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trizbort
[2012/07/20 15:10:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trizbort
[2012/07/20 15:09:57 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\URTTEMP
[2012/07/18 18:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Juniper Networks
[2012/07/18 18:39:46 | 000,579,880 | ---- | C] (Juniper Networks) -- C:\windows\SysNative\dsNcSmartCardProv.dll
[2012/07/18 18:39:46 | 000,405,288 | ---- | C] (Juniper Networks) -- C:\windows\SysNative\dsNcCredProv.dll
[2012/07/18 18:39:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Juniper Networks
[2012/07/16 22:46:34 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Microsoft Games
[2012/07/16 15:12:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

========== Files - Modified Within 30 Days ==========

[2012/08/13 14:18:00 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/13 14:09:57 | 000,016,976 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/13 14:09:57 | 000,016,976 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/13 14:06:53 | 000,739,790 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/08/13 14:06:53 | 000,632,708 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/08/13 14:06:53 | 000,110,342 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/08/13 14:05:39 | 000,002,072 | ---- | M] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/08/13 14:02:54 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/08/13 14:02:53 | 000,000,890 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/13 14:02:43 | 000,473,560 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/08/13 14:02:36 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/08/13 14:02:28 | 3019,399,168 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/13 13:53:28 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matt\Desktop\tdsskiller(1).exe
[2012/08/13 13:50:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/08/13 08:49:51 | 103,696,573 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
[2012/08/12 11:01:51 | 224,958,768 | ---- | M] () -- C:\Users\Matt\Desktop\regbackup.reg
[2012/08/12 10:19:13 | 000,318,730 | ---- | M] () -- C:\MGlogs.zip
[2012/08/12 09:54:47 | 000,000,942 | ---- | M] () -- C:\windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/08/11 12:06:31 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/08/10 21:19:00 | 000,002,550 | ---- | M] () -- C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
[2012/08/10 19:22:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Documents\OTL.exe
[2012/08/09 21:27:50 | 000,000,000 | -H-- | M] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/08/09 17:30:39 | 000,271,544 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\iavichjg.avm
[2012/08/09 09:19:55 | 000,001,119 | ---- | M] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/08/09 09:19:55 | 000,001,095 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/08/08 18:19:35 | 000,002,344 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/08/08 17:49:21 | 000,055,960 | ---- | M] () -- C:\windows\SysNative\drivers\fsbts.sys
[2012/08/08 17:38:29 | 000,003,201 | ---- | M] () -- C:\Users\Matt\Desktop\Sophos Virus Removal Tool.lnk
[2012/08/08 09:15:50 | 000,457,632 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Matt\FixExec64.com
[2012/08/08 09:15:47 | 000,883,616 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Matt\FixExec.com
[2012/08/08 09:13:52 | 000,000,335 | ---- | M] () -- C:\Users\Matt\FixExe.reg
[2012/08/04 07:47:02 | 000,110,017 | ---- | M] () -- C:\Users\Public\Documents\Phonelist Scanned.pdf
[2012/07/30 12:00:47 | 000,060,304 | ---- | M] () -- C:\Users\Matt\g2mdlhlpx.exe
[2012/07/30 09:31:00 | 000,232,468 | ---- | M] () -- C:\Users\Public\Documents\MasoniteWood Doors.png
[2012/07/28 21:24:03 | 000,002,093 | ---- | M] () -- C:\Users\Public\Desktop\Canon CanoScan LiDE 200 User Registration.LNK
[2012/07/28 21:23:55 | 000,002,099 | ---- | M] () -- C:\Users\Public\Desktop\MP Navigator EX 2.0.lnk
[2012/07/28 21:23:04 | 000,002,354 | ---- | M] () -- C:\Users\Public\Desktop\CanoScan LiDE 200 On-screen Manual.lnk
[2012/07/27 12:41:28 | 000,000,344 | ---- | M] () -- C:\windows\wininit.ini
[2012/07/20 15:10:27 | 000,755,554 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/07/17 22:20:41 | 000,188,545 | ---- | M] () -- C:\Users\Matt\Documents\Interactive Fiction tutorial.pdf
[2012/07/17 21:35:53 | 001,170,251 | ---- | M] () -- C:\Users\Matt\Documents\radiator_springs_playset_1-4.pdf

========== Files Created - No Company Name ==========

[2012/08/12 11:01:44 | 224,958,768 | ---- | C] () -- C:\Users\Matt\Desktop\regbackup.reg
[2012/08/12 10:15:44 | 000,318,730 | ---- | C] () -- C:\MGlogs.zip
[2012/08/12 09:54:47 | 000,000,942 | ---- | C] () -- C:\windows\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2012/08/10 21:45:23 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
[2012/08/10 21:18:38 | 000,002,550 | ---- | C] () -- C:\Users\Public\Desktop\WildTangent Games App - acer.lnk
[2012/08/09 21:27:50 | 000,000,000 | -H-- | C] () -- C:\windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012/08/09 09:19:55 | 000,001,119 | ---- | C] () -- C:\Users\Matt\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/08/09 09:19:55 | 000,001,095 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
[2012/08/08 17:49:21 | 000,055,960 | ---- | C] () -- C:\windows\SysNative\drivers\fsbts.sys
[2012/08/08 17:38:29 | 000,003,201 | ---- | C] () -- C:\Users\Matt\Desktop\Sophos Virus Removal Tool.lnk
[2012/08/08 09:12:11 | 000,000,335 | ---- | C] () -- C:\Users\Matt\FixExe.reg
[2012/08/04 07:41:17 | 000,110,017 | ---- | C] () -- C:\Users\Public\Documents\Phonelist Scanned.pdf
[2012/07/30 12:00:47 | 000,060,304 | ---- | C] () -- C:\Users\Matt\g2mdlhlpx.exe
[2012/07/30 09:30:58 | 000,232,468 | ---- | C] () -- C:\Users\Public\Documents\MasoniteWood Doors.png
[2012/07/28 21:24:03 | 000,002,093 | ---- | C] () -- C:\Users\Public\Desktop\Canon CanoScan LiDE 200 User Registration.LNK
[2012/07/28 21:23:55 | 000,002,099 | ---- | C] () -- C:\Users\Public\Desktop\MP Navigator EX 2.0.lnk
[2012/07/28 21:23:04 | 000,002,354 | ---- | C] () -- C:\Users\Public\Desktop\CanoScan LiDE 200 On-screen Manual.lnk
[2012/07/20 15:10:25 | 000,755,554 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/07/17 22:20:41 | 000,188,545 | ---- | C] () -- C:\Users\Matt\Documents\Interactive Fiction tutorial.pdf
[2012/07/17 21:35:53 | 001,170,251 | ---- | C] () -- C:\Users\Matt\Documents\radiator_springs_playset_1-4.pdf
[2012/06/22 19:43:04 | 000,000,218 | ---- | C] () -- C:\Users\Matt\.recently-used.xbel
[2012/05/08 19:16:10 | 000,000,344 | ---- | C] () -- C:\windows\wininit.ini
[2012/01/20 22:40:58 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2012/01/19 00:14:54 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2009/01/25 13:14:57 | 000,000,094 | ---- | C] () -- C:\Users\Matt\couponmanager.properties

========== LOP Check ==========

[2012/06/20 16:42:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator.Bratt\AppData\Roaming\AVG2012
[2012/06/20 16:42:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator.Bratt\AppData\Roaming\OEM
[2012/08/12 11:07:27 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Ad-Aware Antivirus
[2012/04/15 22:48:48 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\AVG2012
[2012/07/28 21:31:07 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Canon
[2012/08/13 14:03:03 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Dropbox
[2012/06/21 11:31:52 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\inkscape
[2012/01/18 21:22:08 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\OEM
[2012/06/16 10:15:49 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\PowerCinema
[2012/08/10 19:17:41 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\QuickScan
[2012/08/10 19:07:07 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\texstudio
[2012/08/10 21:18:56 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\WildTangent
[2012/06/28 09:27:17 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Windows Live Writer
[2012/08/12 09:20:22 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\Ad-Aware Antivirus
[2012/04/20 10:27:39 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\AVG2012
[2012/07/18 18:40:14 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\Juniper Networks
[2012/04/20 10:27:37 | 000,000,000 | ---D | M] -- C:\Users\Michelle\AppData\Roaming\OEM
[2012/08/12 09:54:47 | 000,000,942 | ---- | M] () -- C:\windows\Tasks\Ad-Aware Antivirus Scheduled Scan.job
[2009/07/14 01:08:49 | 000,032,336 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#18
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

Please, check if Windows Update is working.

Please reopen Posted Image on your desktop.
  • Under the Posted Image box at the bottom, paste in the following

    :OTL
    [2012/08/08 08:59:26 | 000,000,000 | -HSD | C] -- C:\windows\SysNative\%APPDATA%
    
    :Commands
    [CREATERESTOREPOINT]
    [EMPTYTEMP]
    
  • Then click the Posted Image button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

NEXT

Download Windows Repair (all in one) from this site

Install the program then run

Posted Image

Go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab click start
Posted Image

Select the following items and tick restart system when finished
Posted Image
  • 0

#19
thirstyscholar

thirstyscholar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks. Windows Update appears to be working- it's listed in the control panel and says "No important updates available." As a side I'm also no longer seeing multiple instances of wmpnscfg.exe running.

Here is the OTL log after running the latest fix- I use CCleaner normally- I was surprised how much temp data was deleted by OTL. I will run Windows Repair next:

All processes killed
========== OTL ==========
C:\windows\SysNative\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
C:\windows\SysNative\%APPDATA%\Microsoft\Windows folder moved successfully.
C:\windows\SysNative\%APPDATA%\Microsoft folder moved successfully.
C:\windows\SysNative\%APPDATA% folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Administrator

User: Administrator.Bratt
->Temp folder emptied: 397902 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 51915706 bytes
->Flash cache emptied: 56996 bytes

User: All Users

User: All Users.WINDOWS

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56825 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Matt
->Temp folder emptied: 24745004 bytes
->Temporary Internet Files folder emptied: 2250873 bytes
->Java cache emptied: 3527725 bytes
->FireFox cache emptied: 61335095 bytes
->Google Chrome cache emptied: 6572524 bytes
->Flash cache emptied: 57027 bytes

User: Michelle
->Temp folder emptied: 30753955 bytes
->Temporary Internet Files folder emptied: 4419562 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 28491725 bytes
->Google Chrome cache emptied: 458159778 bytes
->Flash cache emptied: 61804 bytes

User: Michelle.FRODO

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26230 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 54949121 bytes
RecycleBin emptied: 1188386 bytes

Total Files Cleaned = 695.00 mb


OTL by OldTimer - Version 3.2.56.0 log created on 08132012_204253

Files\Folders moved on Reboot...
C:\Users\Matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Michelle\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\Matt\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
File C:\Users\Michelle\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
  • 0

#20
thirstyscholar

thirstyscholar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
After running Windows Repair Firewall appears to be running once again. Great work!
  • 0

#21
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

After running Windows Repair Firewall appears to be running once again

I'm glad to hear this.

Just to check. Run Farbar Service Scanner again and post the log (FSS.txt)
  • 0

#22
thirstyscholar

thirstyscholar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Thanks. Here's the Farbar log:

Farbar Service Scanner Version: 06-08-2012
Ran by Matt (administrator) on 14-08-2012 at 13:18:19
Running from "C:\Users\Matt\Downloads"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#23
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Remove OTL:

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • (If you use Windows 7/Vista)
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

  • (If you use Windows XP)
  • Go to Start > All Programs > Acessories > System Tools > System Restore.
  • Select the option Create a restore point and click in Next.
  • Type in a name i.e. Clean
  • Select Create

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place??

Keep safe.
  • 0

#24
thirstyscholar

thirstyscholar

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Will do. Thanks again for your time and expertise, I really appreciate it! On a final note- As I said in my initial e-mail I believe I can trace the infection back to browsing a page on digimind.com - if so I want to alert them to it but I'm wary of getting re-infected. Should I just advise them that they may be infected or is there a way to check if that's the case safely?

Thanks!
  • 0

#25
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Hi,

I don't think the digimond.com was responsible. The these reports:
VirusTotal
Norton Safeweb
  • 0

Advertisements


#26
WhiteHat

WhiteHat

    Trusted Helper

  • Retired Staff
  • 1,925 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP