Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Very overactive hard drive, sometimes to the point I cant access opera


  • Please log in to reply

#1
hattrick1

hattrick1

    Member

  • Member
  • PipPip
  • 45 posts
Hi,


In the past month I have been having trouble with this new pc, it was fine up to about a month ago. Now I have run spyware bot, avg, Microsoft security essentials and malware bytes and after every scan the past couple weeks nothing has turned up. I have done scan disk two or three times and have defragged the hard drive twice. Nothing has solved the problem, I dont know if its malware or the hard drive could be bad. If nothing turns up I will call the manufacturer because its still on warranty. The culprits are from what I see in the resource monitor is SVC host exe and perfmon.exe, also when I cant access it at all its because of system interrupts. Now when it does the Interrupts it revs for about 10-15 minutes and then it goes back to normal. At first I was thinking this was some system error now I dont know what it is. I have done everything I can think of on my end to resolve the problem so I came here to ask for help.

Thanks!

here is my log

OTL logfile created on: 4/25/2013 2:38:28 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jeff\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.20 Gb Available Physical Memory | 77.66% Memory free
15.96 Gb Paging File | 14.24 Gb Available in Paging File | 89.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 681.84 Gb Total Space | 478.09 Gb Free Space | 70.12% Space Free | Partition Type: NTFS
Drive D: | 16.69 Gb Total Space | 2.08 Gb Free Space | 12.49% Space Free | Partition Type: NTFS
Drive H: | 3.74 Gb Total Space | 1.49 Gb Free Space | 39.89% Space Free | Partition Type: FAT32

Computer Name: JEFF-HP | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/04/25 14:36:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
PRC - [2013/04/25 13:32:59 | 000,280,792 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/20 16:55:59 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/10/16 11:37:16 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2011/08/03 09:55:11 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/08/03 09:54:41 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012/12/19 14:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/25 13:32:59 | 000,280,792 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2013/04/19 16:10:50 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/03/13 01:35:19 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/07 14:26:31 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/20 16:55:59 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/10/16 11:37:16 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/03 09:55:11 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/08/03 09:54:41 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/12/19 15:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 14:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/06 06:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/06/06 21:16:42 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2012/06/06 20:48:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/06/06 20:48:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/19 03:02:35 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2011/09/19 02:52:26 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/09/14 05:35:45 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/04 06:25:16 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/08/03 09:51:56 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{9CE0EE08-F073-4A9F-840E-7ED33612B8B3}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKLM\..\SearchScopes\{9CE0EE08-F073-4A9F-840E-7ED33612B8B3}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF
IE - HKCU\..\SearchScopes\{9CE0EE08-F073-4A9F-840E-7ED33612B8B3}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/07 14:26:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/07 14:26:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/12/06 16:35:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Extensions
[2012/12/20 22:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\ktvgm7eg.default\extensions
[2013/02/07 14:26:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/07 14:26:31 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/07 14:26:30 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/04/05 01:26:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jeff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F73906CC-5585-4BF6-ABA9-777B258EC385}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/25 14:38:19 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
[2013/04/13 01:01:25 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/04/09 16:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NWS SAI CAMPAIGN EXPANSION
[2013/04/09 01:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NWS Steam and Iron
[2013/04/09 01:08:24 | 000,000,000 | ---D | C] -- C:\NWS
[2013/04/06 11:48:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/04/06 11:48:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/04/06 11:48:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/04/05 01:46:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/04/05 01:46:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/04/05 01:45:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/04/05 01:04:32 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/04/05 00:53:51 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Local\Avg2013
[2013/03/27 21:50:03 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced Tactics Gold
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/25 14:36:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
[2013/04/25 14:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/25 13:32:59 | 000,280,792 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/04/25 13:32:59 | 000,280,792 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/04/25 13:32:21 | 000,281,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/04/25 13:13:30 | 000,007,599 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Resmon.ResmonCfg
[2013/04/25 13:13:22 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/25 13:13:22 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/25 13:06:14 | 000,001,361 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2013/04/25 13:06:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/25 13:05:59 | 2133,745,663 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/25 00:26:17 | 000,003,072 | ---- | M] () -- C:\Users\Jeff\AppData\Local\file__0.localstorage
[2013/04/24 23:42:05 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJeff.job
[2013/04/24 02:48:41 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/24 02:48:41 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/24 02:48:41 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/13 01:08:48 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/13 01:06:42 | 000,772,558 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/09 16:51:03 | 000,001,609 | ---- | M] () -- C:\Users\Public\Desktop\SAI CAMPAIGN EXPANSION.lnk
[2013/04/09 01:08:29 | 000,001,567 | ---- | M] () -- C:\Users\Public\Desktop\NWS Steam and Iron.lnk
[2013/04/06 11:51:12 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/06 11:51:11 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/04/05 01:47:00 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/04/05 01:26:40 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/04/03 21:01:39 | 000,000,222 | ---- | M] () -- C:\Users\Jeff\Desktop\Orcs Must Die! 2.url
[2013/03/27 21:50:06 | 000,001,739 | ---- | M] () -- C:\Users\Jeff\Desktop\Advanced Tactis Gold (Game Menu).lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/13 01:03:32 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/04/13 01:02:35 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/04/09 16:51:03 | 000,001,609 | ---- | C] () -- C:\Users\Public\Desktop\SAI CAMPAIGN EXPANSION.lnk
[2013/04/09 01:08:29 | 000,001,567 | ---- | C] () -- C:\Users\Public\Desktop\NWS Steam and Iron.lnk
[2013/04/06 11:51:12 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/04/06 11:51:11 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/04/06 11:29:41 | 000,007,599 | ---- | C] () -- C:\Users\Jeff\AppData\Local\Resmon.ResmonCfg
[2013/04/05 01:47:00 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/04/05 01:46:33 | 000,002,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/04/03 21:01:39 | 000,000,222 | ---- | C] () -- C:\Users\Jeff\Desktop\Orcs Must Die! 2.url
[2013/03/27 21:50:06 | 000,001,739 | ---- | C] () -- C:\Users\Jeff\Desktop\Advanced Tactis Gold (Game Menu).lnk
[2012/12/14 11:47:05 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012/12/11 12:59:29 | 000,003,072 | ---- | C] () -- C:\Users\Jeff\AppData\Local\file__0.localstorage
[2012/11/08 23:17:55 | 000,006,656 | -HS- | C] () -- C:\ProgramData\nt408nt.coff
[2012/10/20 15:52:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/10/20 08:15:30 | 000,280,792 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/10/20 08:15:28 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/10/16 11:37:16 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2012/10/16 11:37:16 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2012/10/16 11:37:16 | 000,001,361 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2012/10/16 10:54:36 | 000,007,680 | -HS- | C] () -- C:\ProgramData\reg441tiff.lib
[2012/07/27 20:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/27 20:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/06/06 20:48:36 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/06/06 20:48:35 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/06/06 20:48:34 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/10/12 17:33:22 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/25 13:06:35 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Dropbox
[2012/12/08 12:55:43 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\GameFly
[2012/12/30 18:38:08 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\Mount&Blade Warband
[2013/01/08 19:24:46 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\SoftGrid Client
[2012/11/23 13:27:21 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\The Creative Assembly
[2013/01/02 01:41:24 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\TP
[2012/10/16 11:22:35 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\TuneUp Software
[2012/10/17 15:55:59 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\wargaming.net
[2012/10/17 18:44:50 | 000,000,000 | ---D | M] -- C:\Users\Jeff\AppData\Roaming\WinBatch

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 5632 bytes -> C:\ProgramData:gs5sys
@Alternate Data Stream - 4096 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 3584 bytes -> C:\Users\Jeff\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 3584 bytes -> C:\Users\Jeff\Desktop\desktop.ini:gs5sys

< End of report >
  • 0

Advertisements


#2
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello hattrick1,

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right click JRT.exe and "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
After that

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. In your case that will be the 64bit version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
So when you return please post
  • JRT.txt
  • FRST.txt

  • 0

#3
hattrick1

hattrick1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hi emeraldnzl,

Thanks for the help! I was thinking that it was not malware and that it might be a windows corruption issue. I was going to reinstall windows, its a major hassle but I need to get this resolved. I will await your opinion on the matter.

Here are those logs you asked for.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Home Premium x64
Ran by Jeff on Tue 05/07/2013 at 19:58:01.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9CE0EE08-F073-4A9F-840E-7ED33612B8B3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{9CE0EE08-F073-4A9F-840E-7ED33612B8B3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 05/07/2013 at 20:00:35.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2013
Ran by Jeff (administrator) on 07-05-2013 20:03:20
Running from C:\Users\Jeff\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
() C:\Windows\runservice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Farbar) C:\Users\Jeff\Desktop\FRST64.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKCU\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1635752 2013-05-03] (Valve Corporation)
HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642808 2012-12-19] (Advanced Micro Devices, Inc.)
Startup: C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Jeff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM - {9CE0EE08-F073-4A9F-840E-7ED33612B8B3} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia....h={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\ktvgm7eg.default
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

R3 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356376 2013-05-01] (Kaspersky Lab ZAO)
R2 LicCtrlService; C:\Windows\runservice.exe [2560 2012-10-16] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-10-20] ()

==================== Drivers (Whitelisted) ====================

R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620128 2013-05-01] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [28504 2012-08-02] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29016 2012-10-25] (Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29528 2012-10-25] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55056 2013-05-01] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-05-01] (Kaspersky Lab ZAO)
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [31152 2012-06-06] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S4 NVHDA; system32\drivers\nvhda64v.sys [x]
S4 nvlddmkm; system32\DRIVERS\nvlddmkm.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-07 20:03 - 2013-05-07 20:03 - 00000000 ____D C:\FRST
2013-05-07 19:58 - 2013-05-07 19:58 - 00000000 ____D C:\Windows\ERUNT
2013-05-07 19:57 - 2013-05-07 19:57 - 00000000 ____D C:\JRT
2013-05-07 19:56 - 2013-05-07 19:52 - 01874784 ____A (Farbar) C:\Users\Jeff\Desktop\FRST64.exe
2013-05-07 19:56 - 2013-05-07 19:51 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Jeff\Desktop\JRT.exe
2013-05-07 10:30 - 2013-05-07 10:30 - 00000056 ____A C:\Windows\setupact.log
2013-05-07 10:30 - 2013-05-07 10:30 - 00000000 ____A C:\Windows\setuperr.log
2013-05-06 20:14 - 2013-05-06 20:14 - 00000221 ____A C:\Users\Jeff\Desktop\Wargame European Escalation.url
2013-05-06 19:55 - 2013-05-06 19:55 - 00000879 ____A C:\Users\Public\Desktop\Steam.lnk
2013-05-06 19:53 - 2013-05-07 14:18 - 00000000 ____D C:\Program Files (x86)\Steam
2013-05-05 15:41 - 2013-05-07 13:30 - 00080153 ____A C:\Windows\WindowsUpdate.log
2013-05-05 15:20 - 2013-05-05 15:25 - 00000000 ____D C:\ProgramData\Package Cache
2013-05-01 21:39 - 2013-05-07 19:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-05-01 21:39 - 2013-05-01 21:52 - 00620128 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klif.sys
2013-05-01 21:39 - 2013-05-01 21:52 - 00090208 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klflt.sys
2013-05-01 21:39 - 2013-05-01 21:39 - 00001108 ____A C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
2013-05-01 21:39 - 2013-05-01 21:39 - 00000000 ____D C:\Windows\ELAMBKUP
2013-05-01 21:39 - 2013-05-01 21:39 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-05-01 21:39 - 2012-07-11 17:09 - 00064856 ____A (Kaspersky Lab) C:\Windows\System32\klfphc.dll
2013-04-28 20:55 - 2013-04-28 20:55 - 00000000 ____D C:\Users\Jeff\Documents\Shiner
2013-04-28 20:39 - 2013-04-28 20:40 - 00000000 ____D C:\Users\Jeff\Documents\BFBC2
2013-04-26 20:38 - 2013-04-26 20:40 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\Unity of Command
2013-04-26 20:28 - 2013-04-26 20:28 - 00001889 ____A C:\Users\Jeff\Desktop\Scenario Editor for Unity of Command.lnk
2013-04-26 20:28 - 2013-04-26 20:28 - 00001864 ____A C:\Users\Jeff\Desktop\Unity of Command.lnk
2013-04-26 20:28 - 2013-04-26 20:28 - 00000000 ____D C:\Program Files (x86)\Unity of Command
2013-04-23 16:21 - 2013-04-12 09:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-13 01:03 - 2012-08-23 09:13 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2013-04-13 01:03 - 2012-08-23 09:10 - 00019456 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2013-04-13 01:03 - 2012-08-23 09:08 - 00030208 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbGD.sys
2013-04-13 01:03 - 2012-08-23 09:07 - 00057856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2013-04-13 01:03 - 2012-08-23 08:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2013-04-13 01:03 - 2012-08-23 08:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2013-04-13 01:03 - 2012-08-23 08:41 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-04-13 01:03 - 2012-08-23 08:40 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-04-13 01:03 - 2012-08-23 08:24 - 00015360 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-04-13 01:03 - 2012-08-23 08:20 - 00054272 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2013-04-13 01:03 - 2012-08-23 08:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-04-13 01:03 - 2012-08-23 08:17 - 00018432 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2013-04-13 01:03 - 2012-08-23 08:06 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-04-13 01:03 - 2012-08-23 07:52 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-13 01:03 - 2012-08-23 06:20 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2013-04-13 01:03 - 2012-08-23 06:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-04-13 01:03 - 2012-08-23 06:14 - 00384000 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2013-04-13 01:03 - 2012-08-23 06:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2013-04-13 01:03 - 2012-08-23 05:54 - 00322560 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-13 01:03 - 2012-08-23 05:51 - 00228864 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2013-04-13 01:03 - 2012-08-23 05:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2013-04-13 01:03 - 2012-08-23 05:22 - 01123840 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2013-04-13 01:03 - 2012-08-23 04:51 - 03174912 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2013-04-13 01:03 - 2012-08-23 03:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-13 01:03 - 2012-08-23 03:13 - 05773824 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-13 01:03 - 2012-07-25 23:55 - 00785512 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-04-13 01:03 - 2012-07-25 23:55 - 00054376 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-04-13 01:03 - 2012-07-25 21:36 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2013-04-13 01:03 - 2012-06-02 09:35 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-04-13 01:02 - 2012-07-25 22:08 - 00744448 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2013-04-13 01:02 - 2012-07-25 22:08 - 00229888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2013-04-13 01:02 - 2012-07-25 22:08 - 00194048 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2013-04-13 01:02 - 2012-07-25 22:08 - 00084992 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2013-04-13 01:02 - 2012-07-25 22:08 - 00045056 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2013-04-13 01:02 - 2012-07-25 21:26 - 00198656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2013-04-13 01:02 - 2012-07-25 21:26 - 00087040 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2013-04-13 01:02 - 2012-06-02 09:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-04-13 00:51 - 2012-12-07 08:20 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\Wpc.dll
2013-04-13 00:51 - 2012-12-07 08:15 - 02746368 ____A (Microsoft Corporation) C:\Windows\System32\gameux.dll
2013-04-13 00:51 - 2012-12-07 07:26 - 00308736 ____A (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-04-13 00:51 - 2012-12-07 07:20 - 02576384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-04-13 00:51 - 2012-12-07 06:20 - 00045568 ____A (Microsoft) C:\Windows\System32\oflc-nz.rs
2013-04-13 00:51 - 2012-12-07 06:20 - 00044544 ____A (Microsoft) C:\Windows\System32\pegibbfc.rs
2013-04-13 00:51 - 2012-12-07 06:20 - 00043520 ____A (Microsoft) C:\Windows\System32\csrr.rs
2013-04-13 00:51 - 2012-12-07 06:20 - 00030720 ____A (Microsoft) C:\Windows\System32\usk.rs
2013-04-13 00:51 - 2012-12-07 06:20 - 00023552 ____A (Microsoft) C:\Windows\System32\oflc.rs
2013-04-13 00:51 - 2012-12-07 06:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-pt.rs
2013-04-13 00:51 - 2012-12-07 06:20 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi-fi.rs
2013-04-13 00:51 - 2012-12-07 06:19 - 00055296 ____A (Microsoft) C:\Windows\System32\cero.rs
2013-04-13 00:51 - 2012-12-07 06:19 - 00051712 ____A (Microsoft) C:\Windows\System32\esrb.rs
2013-04-13 00:51 - 2012-12-07 06:19 - 00046592 ____A (Microsoft) C:\Windows\System32\fpb.rs
2013-04-13 00:51 - 2012-12-07 06:19 - 00040960 ____A (Microsoft) C:\Windows\System32\cob-au.rs
2013-04-13 00:51 - 2012-12-07 06:19 - 00021504 ____A (Microsoft) C:\Windows\System32\grb.rs
2013-04-13 00:51 - 2012-12-07 06:19 - 00020480 ____A (Microsoft) C:\Windows\System32\pegi.rs
2013-04-13 00:51 - 2012-12-07 06:19 - 00015360 ____A (Microsoft) C:\Windows\System32\djctq.rs
2013-04-13 00:51 - 2012-12-07 05:46 - 00055296 ____A (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-04-13 00:51 - 2012-12-07 05:46 - 00051712 ____A (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-04-13 00:51 - 2012-12-07 05:46 - 00046592 ____A (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-04-13 00:51 - 2012-12-07 05:46 - 00045568 ____A (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-04-13 00:51 - 2012-12-07 05:46 - 00044544 ____A (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-04-13 00:51 - 2012-12-07 05:46 - 00043520 ____A (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-04-13 00:51 - 2012-12-07 05:46 - 00040960 ____A (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-04-13 00:51 - 2012-12-07 05:46 - 00030720 ____A (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-04-13 00:51 - 2012-12-07 05:46 - 00023552 ____A (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-04-13 00:51 - 2012-12-07 05:46 - 00021504 ____A (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-04-13 00:51 - 2012-12-07 05:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-04-13 00:51 - 2012-12-07 05:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-04-13 00:51 - 2012-12-07 05:46 - 00020480 ____A (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-04-13 00:51 - 2012-12-07 05:46 - 00015360 ____A (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-04-13 00:51 - 2012-11-30 00:45 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2013-04-13 00:51 - 2012-11-30 00:45 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2013-04-13 00:51 - 2012-11-30 00:45 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2013-04-13 00:51 - 2012-11-30 00:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2013-04-13 00:51 - 2012-11-30 00:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-04-13 00:51 - 2012-11-30 00:41 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2013-04-13 00:51 - 2012-11-30 00:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 23:53 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-04-13 00:51 - 2012-11-29 23:53 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-04-13 00:51 - 2012-11-29 23:45 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 23:45 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 23:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 23:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 23:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 23:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 23:45 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 23:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 23:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 23:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 23:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 23:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 23:45 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 23:45 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 22:23 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2013-04-13 00:51 - 2012-11-29 21:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 21:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 21:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 21:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-04-13 00:51 - 2012-11-29 18:17 - 00420064 ____A C:\Windows\SysWOW64\locale.nls
2013-04-13 00:51 - 2012-11-29 18:15 - 00420064 ____A C:\Windows\System32\locale.nls
2013-04-13 00:50 - 2012-10-09 13:17 - 00226816 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2013-04-13 00:50 - 2012-10-09 13:17 - 00055296 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2013-04-13 00:50 - 2012-10-09 12:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-04-13 00:50 - 2012-10-09 12:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-04-13 00:50 - 2012-10-03 12:44 - 00303104 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2013-04-13 00:50 - 2012-10-03 12:44 - 00246272 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2013-04-13 00:50 - 2012-10-03 12:44 - 00216576 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2013-04-13 00:50 - 2012-10-03 12:44 - 00070656 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2013-04-13 00:50 - 2012-10-03 12:44 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2013-04-13 00:50 - 2012-10-03 12:42 - 00569344 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2013-04-13 00:50 - 2012-10-03 11:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-04-13 00:50 - 2012-10-03 11:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-04-13 00:50 - 2012-10-03 11:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-04-13 00:50 - 2012-10-03 11:07 - 00045568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-04-13 00:50 - 2012-08-24 13:13 - 00154480 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-04-13 00:50 - 2012-08-24 13:09 - 00458712 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2013-04-13 00:50 - 2012-08-24 13:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-04-13 00:50 - 2012-08-24 13:03 - 01448448 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-04-13 00:50 - 2012-08-24 11:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-04-13 00:50 - 2012-08-24 11:57 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-04-13 00:50 - 2012-08-24 11:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-04-13 00:50 - 2012-01-13 02:12 - 00052224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-04-13 00:49 - 2013-01-24 01:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-04-13 00:49 - 2012-11-22 00:44 - 00800768 ____A (Microsoft Corporation) C:\Windows\System32\usp10.dll
2013-04-13 00:49 - 2012-11-21 23:45 - 00626688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-04-13 00:49 - 2012-05-04 06:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll
2013-04-13 00:49 - 2012-05-04 04:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2013-04-10 20:37 - 2013-02-21 05:30 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-10 20:37 - 2013-02-21 05:30 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-10 20:37 - 2013-02-21 05:29 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-10 20:37 - 2013-02-21 05:29 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-10 20:37 - 2013-02-21 05:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-10 20:37 - 2013-02-21 05:29 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-10 20:37 - 2013-02-21 05:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-10 20:37 - 2013-02-21 05:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-10 20:37 - 2013-02-21 05:29 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-10 20:37 - 2013-02-21 05:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-04-10 20:37 - 2013-02-21 05:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-04-10 20:37 - 2013-02-21 05:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-10 20:37 - 2013-02-21 05:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-04-10 20:37 - 2013-02-21 05:15 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-10 20:37 - 2013-02-21 05:15 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-04-10 20:37 - 2013-02-21 05:14 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-10 20:37 - 2013-02-21 05:14 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-10 20:37 - 2013-02-21 05:14 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-10 20:37 - 2013-02-21 05:14 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-10 20:37 - 2013-02-21 05:14 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-10 20:37 - 2013-02-21 05:14 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-10 20:37 - 2013-02-21 05:14 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-10 20:37 - 2013-02-21 05:14 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-10 20:37 - 2013-02-21 05:14 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-04-10 20:37 - 2013-02-21 05:14 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-04-10 20:37 - 2013-02-21 05:14 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-10 20:37 - 2013-02-21 05:14 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-04-10 20:37 - 2013-02-19 07:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-10 20:37 - 2013-02-19 06:42 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-10 20:37 - 2013-02-19 06:10 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-04-10 20:37 - 2013-02-19 05:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-10 20:12 - 2013-03-19 01:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-10 20:12 - 2013-03-19 00:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-10 20:12 - 2013-03-19 00:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-10 20:12 - 2013-03-19 00:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-10 20:12 - 2013-03-18 23:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-04-10 20:12 - 2013-03-18 22:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-10 20:12 - 2013-02-28 22:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-09 16:51 - 2013-04-09 16:51 - 00001609 ____A C:\Users\Public\Desktop\SAI CAMPAIGN EXPANSION.lnk
2013-04-09 01:08 - 2013-04-09 01:08 - 00001567 ____A C:\Users\Public\Desktop\NWS Steam and Iron.lnk
2013-04-09 01:08 - 2013-04-09 01:08 - 00000000 ____D C:\NWS

==================== One Month Modified Files and Folders =======

2013-05-07 20:03 - 2013-05-07 20:03 - 00000000 ____D C:\FRST
2013-05-07 19:58 - 2013-05-07 19:58 - 00000000 ____D C:\Windows\ERUNT
2013-05-07 19:57 - 2013-05-07 19:57 - 00000000 ____D C:\JRT
2013-05-07 19:55 - 2013-05-05 15:41 - 00080153 ____A C:\Windows\WindowsUpdate.log
2013-05-07 19:54 - 2009-07-14 00:13 - 00778834 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-07 19:52 - 2013-05-07 19:56 - 01874784 ____A (Farbar) C:\Users\Jeff\Desktop\FRST64.exe
2013-05-07 19:51 - 2013-05-07 19:56 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\Jeff\Desktop\JRT.exe
2013-05-07 19:34 - 2012-11-25 11:25 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-07 19:08 - 2013-05-01 21:39 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-05-07 14:18 - 2013-05-06 19:53 - 00000000 ____D C:\Program Files (x86)\Steam
2013-05-07 10:38 - 2009-07-13 23:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-07 10:38 - 2009-07-13 23:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-07 10:31 - 2012-10-22 12:55 - 00000000 ___RD C:\Users\Jeff\Dropbox
2013-05-07 10:31 - 2012-10-22 12:54 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\Dropbox
2013-05-07 10:30 - 2013-05-07 10:30 - 00000056 ____A C:\Windows\setupact.log
2013-05-07 10:30 - 2013-05-07 10:30 - 00000000 ____A C:\Windows\setuperr.log
2013-05-07 10:30 - 2012-10-16 11:37 - 00001361 __ASH C:\Windows\SysWOW64\mmf.sys
2013-05-07 10:30 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-06 23:15 - 2012-12-11 12:59 - 00003072 ____A C:\Users\Jeff\AppData\Local\file__0.localstorage
2013-05-06 20:14 - 2013-05-06 20:14 - 00000221 ____A C:\Users\Jeff\Desktop\Wargame European Escalation.url
2013-05-06 19:56 - 2012-10-16 07:09 - 00000000 ___AD C:\users\Jeff
2013-05-06 19:55 - 2013-05-06 19:55 - 00000879 ____A C:\Users\Public\Desktop\Steam.lnk
2013-05-06 19:51 - 2013-04-06 11:29 - 00007599 ____A C:\Users\Jeff\AppData\Local\Resmon.ResmonCfg
2013-05-06 11:25 - 2012-10-20 08:16 - 00000000 ____D C:\Users\Jeff\Documents\My Games
2013-05-05 15:49 - 2012-10-20 08:17 - 00280792 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-05-05 15:49 - 2012-10-20 08:15 - 00281032 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2013-05-05 15:49 - 2012-10-20 08:15 - 00280792 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-05-05 15:25 - 2013-05-05 15:20 - 00000000 ____D C:\ProgramData\Package Cache
2013-05-03 16:59 - 2013-01-08 14:45 - 00000000 ____D C:\ProgramData\Recovery
2013-05-02 02:06 - 2010-11-20 22:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-01 21:52 - 2013-05-01 21:39 - 00620128 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klif.sys
2013-05-01 21:52 - 2013-05-01 21:39 - 00090208 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\klflt.sys
2013-05-01 21:52 - 2012-08-13 16:49 - 00178448 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kneps.sys
2013-05-01 21:52 - 2012-06-08 11:38 - 00055056 ____A (Kaspersky Lab ZAO) C:\Windows\System32\Drivers\kltdi.sys
2013-05-01 21:39 - 2013-05-01 21:39 - 00001108 ____A C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
2013-05-01 21:39 - 2013-05-01 21:39 - 00000000 ____D C:\Windows\ELAMBKUP
2013-05-01 21:39 - 2013-05-01 21:39 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2013-05-01 21:23 - 2012-10-24 18:17 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForJeff.job
2013-05-01 21:22 - 2013-04-05 01:47 - 00001945 ____A C:\Windows\epplauncher.mif
2013-05-01 19:33 - 2012-12-05 23:00 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-05-01 19:33 - 2012-10-17 18:23 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2013-05-01 19:19 - 2012-10-17 18:22 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\HP Support Assistant
2013-05-01 19:19 - 2012-10-17 12:45 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\HpUpdate
2013-04-28 20:55 - 2013-04-28 20:55 - 00000000 ____D C:\Users\Jeff\Documents\Shiner
2013-04-28 20:40 - 2013-04-28 20:39 - 00000000 ____D C:\Users\Jeff\Documents\BFBC2
2013-04-26 20:40 - 2013-04-26 20:38 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\Unity of Command
2013-04-26 20:28 - 2013-04-26 20:28 - 00001889 ____A C:\Users\Jeff\Desktop\Scenario Editor for Unity of Command.lnk
2013-04-26 20:28 - 2013-04-26 20:28 - 00001864 ____A C:\Users\Jeff\Desktop\Unity of Command.lnk
2013-04-26 20:28 - 2013-04-26 20:28 - 00000000 ____D C:\Program Files (x86)\Unity of Command
2013-04-25 20:11 - 2012-10-26 21:47 - 00000000 ____D C:\Backups
2013-04-13 02:51 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-04-13 01:09 - 2012-10-16 10:57 - 00058016 ____A C:\Users\Jeff\AppData\Local\GDIPFONTCACHEV1.DAT
2013-04-13 01:08 - 2009-07-13 23:45 - 00275712 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-13 01:08 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-04-13 01:06 - 2011-02-11 12:15 - 00772558 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2013-04-12 09:45 - 2013-04-23 16:21 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-11 14:42 - 2012-10-17 15:46 - 00000000 ____D C:\Windows\Minidump
2013-04-10 20:56 - 2011-02-11 12:00 - 00000000 ____D C:\Windows\Panther
2013-04-10 20:37 - 2012-10-17 16:25 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-09 16:51 - 2013-04-09 16:51 - 00001609 ____A C:\Users\Public\Desktop\SAI CAMPAIGN EXPANSION.lnk
2013-04-09 01:08 - 2013-04-09 01:08 - 00001567 ____A C:\Users\Public\Desktop\NWS Steam and Iron.lnk
2013-04-09 01:08 - 2013-04-09 01:08 - 00000000 ____D C:\NWS

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-05-04 20:20

==================== End Of Log ============================

Attached Files


  • 0

#4
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again hattrick1,

I was going to reinstall windows, its a major hassle but I need to get this resolved. I will await your opinion on the matter.


Up to you really. Some people format and reinstall on a regular basis to get the best performance.

Let's see what we can find with these scans first though.

By the way have you run Chkdsk. Might be worth doing. ;)

Also, I see you have run ComboFix. Should be a log saved for that.

Click on Start > Search programs and files and navigate to:

:\Qoobox folder (most likely C:\Qoobox\ComboFix.txt) and pasting the contents of the text file back here.

Note: ComboFix.txt are numbered so if there was more than one run for instance you might find C:\Qoobox\ComboFix2.txt. etc.

Copy and paste the contents back here.

For now though

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, copy and paste the content of the quote box below:

    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPDTDF

    :Files
    ipconfig /flushdns /c

    :Commands
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.

  • 0

#5
hattrick1

hattrick1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hello again emeraldnzl,

Yes I have done check disk 3 times, I know excessive. Last time I did was after I removed Steam and all its games. I have no clue what the issue is, is it malware? I dont even surf the internet on the rig in question, if it was on the internet it was through online games. I keep it as clean as I can. Also when I transfer files from the internet pc to this pc I use a flash drive. SO the only way it got infected was through the flashdrives or through gaming servers. Whats your opinion on this? Thanks for the help again! I even tried the secutiry software that came with the pc, Kapersky labs etc.. That did not find anything either.. Also about three days ago the folder returned on my desktop it had my name on it and a figure, like a drop box folder. This folder had like 10 folder in it and it also put a my computer desk top icon on my pc. This happened twice so far.. Sorry I was going to take a screenshot and show the person that was going to help but I gave up on that because of the waiting time.. I shouldve waited longer.. I was getting ready to document everything I have on it for the reinstall.

Sorry but I uninstalled Combofix, if you want I will run it again..? I could not find the file.

Here is the log from OTL.

All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}\ not found.
File ptytemp] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 05072013_215820

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Edited by hattrick1, 07 May 2013 - 09:24 PM.

  • 0

#6
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Whats your opinion on this?


I am not seeing serious malware at this stage.

Might be some corruption there, especially if you have removed some things you shouldn't have, or run say a registry cleaner that has messed with the registry.

Also about three days ago the folder returned on my desktop it had my name on it and a figure


Was the folder absolutely clear to see, or was it a bit like a ghost? In other words, I am wondering if you have "show hidden files" checked? To look and see, open Windows Explorer (left bottom on task bar) and go to Organize (top left) > Folder and search options > View tab and see if "Show hidden files, folders, or drives" is checked. Tell me if it is.

OTL automatically displays hidden files when it runs. Your computer will stay at that setting until OTL CleanUp is run. We give you the instruction to do this at the end of working with you to clean your machine.

Now

Please download Security Check by screen317 from here .

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
After that

  • Close all windows and open OTL again.
  • Click Run Scan and let the program run uninterrupted
  • It will produce a log for you. Post the log here.
Note: If the log doesn't appear where you saved OTL when you downloaded it, then a copy of the OTL log is saved in a text file at

:\_OTL\MovedFiles
in most cases this will be C:\_OTL\MovedFiles

When you return please post
  • checkup.txt
  • OTL.txt

  • 0

#7
hattrick1

hattrick1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hi emeraldnzl,


Well if there is no malware as of yet I guess its good news. I dont recall removing anything important on my part, nor do I recall using any software that would cause this to thebest of my knowledge. I used CC cleaner for registry cleaning, maybe twice a month if that. I checked to see if that was checked regarding showing hidden files and folders and I have under hidden files and folders dont show hidden files or folders or drives selected. I have attached a picture that looks close to the folder I saw on my desktop. The difference between the one I am showing you in the picture and the one that was on my desk is this. There was just 1 guy on the folder in orange instead of the two and it didnt have hte white arrow on it and it just said Jeff underneath it. Now the folders inside were my documents and a bunch of others that I cant recall now, they worked and went to where they were supposed to go with files in them. Im doing my best to give you the all the info I can, I dont understand any of this nor can I explain it. I have had pc's for fifteen years now and never saw this before. Is the hard drive going bad, I dont see any other errors or effects from any other times I use it. After the scans I was surprised to find that my firewall was shutoff, now I did not shut this off. I was thinking that maybe the Kaspersky labs shut it down when I disabled it for the scans but that didnt happen. I cant say how long it has been this way either. If I recall I would get some kind of warning that the firewall was down, no notice or anything..

Here are those reports..

Results of screen317's Security Check version 0.99.63
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Kaspersky Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader XI
Mozilla Firefox 15.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Kaspersky Lab Kaspersky Internet Security 2013 avp.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

OTL logfile created on: 5/8/2013 1:59:28 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jeff\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.98 Gb Total Physical Memory | 6.59 Gb Available Physical Memory | 82.58% Memory free
15.96 Gb Paging File | 14.03 Gb Available in Paging File | 87.86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 681.84 Gb Total Space | 545.18 Gb Free Space | 79.96% Space Free | Partition Type: NTFS
Drive D: | 16.69 Gb Total Space | 2.08 Gb Free Space | 12.49% Space Free | Partition Type: NTFS
Drive G: | 14.74 Gb Total Space | 11.16 Gb Free Space | 75.69% Space Free | Partition Type: FAT32

Computer Name: JEFF-HP | User Name: Jeff | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/01 21:42:57 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2013/04/25 14:36:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
PRC - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/20 16:55:59 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/10/16 11:37:16 | 000,002,560 | ---- | M] () -- C:\Windows\Runservice.exe
PRC - [2011/08/03 09:55:11 | 002,656,536 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/08/03 09:54:41 | 000,326,424 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2008/11/20 12:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/12/19 14:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/11 04:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/03 18:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013/05/01 21:42:57 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2013/03/13 01:35:19 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/07 14:26:31 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/18 14:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/20 16:55:59 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/10/16 11:37:16 | 000,002,560 | ---- | M] () [Auto | Running] -- C:\Windows\Runservice.exe -- (LicCtrlService)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/08/03 09:55:11 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/08/03 09:54:41 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011/02/24 02:10:24 | 000,212,944 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010/03/18 16:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/01 21:52:37 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013/05/01 21:52:36 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2013/05/01 21:52:36 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2012/12/19 15:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 14:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/11/06 06:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/10/25 17:23:06 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012/10/25 17:23:06 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012/06/19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012/06/06 21:16:42 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:64bit: - [2012/06/06 20:48:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/06/06 20:48:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/19 03:02:35 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2011/09/19 02:52:26 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/09/14 05:35:45 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/08/04 06:25:16 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/08/03 09:51:56 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9CE0EE08-F073-4A9F-840E-7ED33612B8B3}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/05/01 21:52:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/05/01 21:52:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/05/01 21:52:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/05/01 21:52:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected] [2013/05/01 21:52:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/07 14:26:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/07 14:26:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/12/06 16:35:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Extensions
[2012/12/20 22:27:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\ktvgm7eg.default\extensions
[2013/02/07 14:26:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/02/07 14:26:31 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/05 20:26:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/02/07 14:26:30 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2013/04/05 01:26:40 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jeff\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionAction = http://hp.digitalriv..._US&keywords=%w
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\SearchExtensions: InternetExtensionName = Find Software on HP Download Store (Microsoft Corporation)
O8:64bit: - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F73906CC-5585-4BF6-ABA9-777B258EC385}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/07 21:58:20 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/07 21:52:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
[2013/05/07 20:03:14 | 000,000,000 | ---D | C] -- C:\FRST
[2013/05/07 19:58:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/05/07 19:57:17 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/07 19:56:18 | 001,874,784 | ---- | C] (Farbar) -- C:\Users\Jeff\Desktop\FRST64.exe
[2013/05/07 19:56:13 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Jeff\Desktop\JRT.exe
[2013/05/06 20:14:41 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013/05/06 19:54:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2013/05/06 19:53:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2013/05/05 15:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2013/05/01 21:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
[2013/05/01 21:39:30 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll
[2013/05/01 21:39:12 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP
[2013/05/01 21:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013/05/01 21:39:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2013/05/01 21:39:07 | 000,620,128 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/05/01 21:39:07 | 000,090,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/04/28 20:55:56 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Documents\Shiner
[2013/04/28 20:39:56 | 000,000,000 | ---D | C] -- C:\Users\Jeff\Documents\BFBC2
[2013/04/26 20:38:32 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Roaming\Unity of Command
[2013/04/26 20:28:56 | 000,000,000 | ---D | C] -- C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unity of Command
[2013/04/26 20:28:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unity of Command
[2013/04/13 01:03:30 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2013/04/13 01:03:30 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll
[2013/04/13 01:03:13 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013/04/13 01:03:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013/04/13 01:03:13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013/04/13 01:03:12 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013/04/13 01:03:12 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbGD.sys
[2013/04/13 01:03:12 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013/04/13 01:03:11 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013/04/13 01:03:11 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013/04/13 01:03:11 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013/04/13 01:03:11 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013/04/13 01:03:11 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/04/13 01:03:11 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/04/13 01:03:11 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013/04/13 01:03:11 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013/04/13 01:03:11 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013/04/13 01:03:11 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013/04/13 01:03:11 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013/04/13 01:03:11 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013/04/13 01:03:11 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/04/13 01:03:11 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013/04/13 01:03:11 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/04/13 01:03:11 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013/04/13 01:03:11 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013/04/13 01:03:10 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/04/13 01:03:10 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/04/13 01:02:36 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll
[2013/04/13 01:02:35 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll
[2013/04/13 01:02:35 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe
[2013/04/13 01:02:35 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll
[2013/04/13 00:51:21 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/04/13 00:51:20 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/04/13 00:51:20 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/04/13 00:51:19 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/04/13 00:51:19 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/04/13 00:51:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/04/13 00:51:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/04/13 00:51:19 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/04/13 00:51:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/04/13 00:51:19 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/04/13 00:51:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/04/13 00:51:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/04/13 00:51:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/04/13 00:51:19 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/04/13 00:51:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/04/13 00:51:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/04/13 00:51:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/04/13 00:51:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/04/13 00:51:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/04/13 00:51:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/04/13 00:51:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/04/13 00:51:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/04/13 00:51:19 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/04/13 00:51:18 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/04/13 00:51:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/04/13 00:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/04/13 00:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/04/13 00:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/04/13 00:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/04/13 00:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/04/13 00:51:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/04/13 00:51:12 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013/04/13 00:51:12 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013/04/13 00:51:12 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013/04/13 00:51:12 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013/04/13 00:51:12 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013/04/13 00:51:12 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013/04/13 00:51:12 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013/04/13 00:51:12 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013/04/13 00:51:12 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013/04/13 00:51:12 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013/04/13 00:51:12 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013/04/13 00:51:12 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013/04/13 00:51:12 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013/04/13 00:51:12 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013/04/13 00:51:12 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013/04/13 00:51:12 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013/04/13 00:51:12 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013/04/13 00:51:12 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013/04/13 00:51:12 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013/04/13 00:51:12 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013/04/13 00:51:12 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013/04/13 00:51:12 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013/04/13 00:51:12 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013/04/13 00:51:12 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013/04/13 00:51:12 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013/04/13 00:51:12 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013/04/13 00:51:12 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013/04/13 00:51:12 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013/04/13 00:51:12 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013/04/13 00:51:12 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013/04/13 00:51:12 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013/04/13 00:51:12 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013/04/13 00:50:33 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013/04/13 00:50:33 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2013/04/13 00:50:32 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2013/04/13 00:50:32 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2013/04/13 00:50:32 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2013/04/13 00:50:32 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2013/04/13 00:50:29 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2013/04/13 00:50:29 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2013/04/13 00:50:29 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2013/04/13 00:50:10 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/04/13 00:49:37 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013/04/13 00:49:37 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013/04/13 00:49:36 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013/04/10 20:37:19 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/10 20:37:19 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/10 20:37:19 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/04/10 20:37:18 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/10 20:37:18 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/04/10 20:37:18 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/04/10 20:37:18 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/04/10 20:37:18 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/04/10 20:37:18 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/04/10 20:37:18 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/04/10 20:37:18 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/04/10 20:37:18 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/04/10 20:37:16 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/10 20:37:16 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/10 20:37:16 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/10 20:12:44 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/10 20:12:42 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 20:12:42 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 20:12:42 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/10 20:12:42 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/10 20:12:41 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/04/09 16:51:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NWS SAI CAMPAIGN EXPANSION
[2013/04/09 01:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NWS Steam and Iron
[2013/04/09 01:08:24 | 000,000,000 | ---D | C] -- C:\NWS
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/08 01:42:11 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/08 01:42:11 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/08 01:42:10 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/08 01:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/05/08 01:32:18 | 000,890,825 | ---- | M] () -- C:\Users\Jeff\Desktop\SecurityCheck.exe
[2013/05/07 22:06:14 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/07 22:06:14 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/07 21:58:59 | 000,001,361 | -HS- | M] () -- C:\Windows\SysWow64\mmf.sys
[2013/05/07 21:58:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/07 21:58:50 | 2133,745,663 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/07 20:33:57 | 000,007,599 | ---- | M] () -- C:\Users\Jeff\AppData\Local\Resmon.ResmonCfg
[2013/05/07 19:52:24 | 001,874,784 | ---- | M] (Farbar) -- C:\Users\Jeff\Desktop\FRST64.exe
[2013/05/07 19:51:20 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Jeff\Desktop\JRT.exe
[2013/05/06 23:15:15 | 000,003,072 | ---- | M] () -- C:\Users\Jeff\AppData\Local\file__0.localstorage
[2013/05/06 20:14:41 | 000,000,221 | ---- | M] () -- C:\Users\Jeff\Desktop\Wargame European Escalation.url
[2013/05/06 19:55:54 | 000,000,879 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/05/05 15:49:58 | 000,280,792 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013/05/05 15:49:58 | 000,280,792 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013/05/05 15:49:35 | 000,281,032 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013/05/01 21:52:37 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2013/05/01 21:52:36 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013/05/01 21:52:36 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys
[2013/05/01 21:52:36 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013/05/01 21:39:30 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013/05/01 21:23:35 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJeff.job
[2013/05/01 21:22:29 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/04/26 20:28:56 | 000,001,889 | ---- | M] () -- C:\Users\Jeff\Desktop\Scenario Editor for Unity of Command.lnk
[2013/04/26 20:28:56 | 000,001,864 | ---- | M] () -- C:\Users\Jeff\Desktop\Unity of Command.lnk
[2013/04/25 14:36:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeff\Desktop\OTL.exe
[2013/04/13 01:08:48 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/13 01:06:42 | 000,772,558 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/04/09 16:51:03 | 000,001,609 | ---- | M] () -- C:\Users\Public\Desktop\SAI CAMPAIGN EXPANSION.lnk
[2013/04/09 01:08:29 | 000,001,567 | ---- | M] () -- C:\Users\Public\Desktop\NWS Steam and Iron.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/08 01:43:05 | 000,890,825 | ---- | C] () -- C:\Users\Jeff\Desktop\SecurityCheck.exe
[2013/05/06 20:14:41 | 000,000,221 | ---- | C] () -- C:\Users\Jeff\Desktop\Wargame European Escalation.url
[2013/05/06 19:55:54 | 000,000,879 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2013/05/01 21:39:39 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
[2013/04/26 20:28:56 | 000,001,889 | ---- | C] () -- C:\Users\Jeff\Desktop\Scenario Editor for Unity of Command.lnk
[2013/04/26 20:28:56 | 000,001,864 | ---- | C] () -- C:\Users\Jeff\Desktop\Unity of Command.lnk
[2013/04/13 01:03:32 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/04/13 01:02:35 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/04/09 16:51:03 | 000,001,609 | ---- | C] () -- C:\Users\Public\Desktop\SAI CAMPAIGN EXPANSION.lnk
[2013/04/09 01:08:29 | 000,001,567 | ---- | C] () -- C:\Users\Public\Desktop\NWS Steam and Iron.lnk
[2013/04/06 11:29:41 | 000,007,599 | ---- | C] () -- C:\Users\Jeff\AppData\Local\Resmon.ResmonCfg
[2012/12/14 11:47:05 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012/12/11 12:59:29 | 000,003,072 | ---- | C] () -- C:\Users\Jeff\AppData\Local\file__0.localstorage
[2012/11/08 23:17:55 | 000,006,656 | -HS- | C] () -- C:\ProgramData\nt408nt.coff
[2012/10/20 15:52:36 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/10/20 08:15:30 | 000,280,792 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/10/20 08:15:28 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/10/16 11:37:16 | 000,048,640 | ---- | C] () -- C:\Windows\mmfs.dll
[2012/10/16 11:37:16 | 000,002,560 | ---- | C] () -- C:\Windows\Runservice.exe
[2012/10/16 11:37:16 | 000,001,361 | -HS- | C] () -- C:\Windows\SysWow64\mmf.sys
[2012/10/16 10:54:36 | 000,007,680 | -HS- | C] () -- C:\ProgramData\reg441tiff.lib
[2012/07/27 20:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/07/27 20:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/06/06 20:48:36 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/06/06 20:48:35 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/06/06 20:48:34 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/10/12 17:33:22 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 5632 bytes -> C:\ProgramData:gs5sys
@Alternate Data Stream - 4096 bytes -> C:\Users\Jeff\Desktop\desktop.ini:gs5sys
@Alternate Data Stream - 3584 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 3584 bytes -> C:\Users\Jeff\Documents\desktop.ini:gs5sys

< End of report >

Have a good evening, thanks again for the help.

Attached Thumbnails

  • desk top.jpg

  • 0

#8
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Well if there is no malware as of yet I guess its good news.


While I haven't seen anything serious I haven't completely discounted it yet. Still running some tools - see actions below. Just want to make sure before we give you a completely clean bill of health lol.

I used CC cleaner for registry cleaning, maybe twice a month if that.


Registry cleaners are notorious for causing problems on peoples computers. Often the problem doesn't appear until well down the track. A small change to the registry can go unnoticed until one day you call on that function and find it won't work anymore or alternatively an associated utility doesn't work properly.

Actually, for all intents and purposes it is not necessary to clean your registry.

If you are looking for something to optimise your registry then NTREGOPT would be a way to go.

Having said that CCleaner does come with the option to backup your registry before you clean it and I would recommend anyone who does use the registry cleaning facility to do just that, back up their registry before using it.

After the scans I was surprised to find that my firewall was shutoff, now I did not shut this off.


Kaspersky will have turned it off when it was installed so that it wouldn't conflict with it's own firewall.

I have attached a picture that looks close to the folder I saw on my desktop.


That relates to a Battlefront game CM Normandy. Do you play that game? See link below:

http://en.wikipedia....le_for_Normandy

Now

Please run OTL.exe

  • Under the Custom Scans/Fixes box at the bottom, copy and paste the content of the quote box below:

    :OTL
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
    @Alternate Data Stream - 5632 bytes -> C:\ProgramData:gs5sys
    @Alternate Data Stream - 4096 bytes -> C:\Users\Jeff\Desktop\desktop.ini:gs5sys
    @Alternate Data Stream - 3584 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
    @Alternate Data Stream - 3584 bytes -> C:\Users\Jeff\Documents\desktop.ini:gs5sys

    :Commands
    [emptytemp]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.The log is saved in the same location as OTL.
After that

Please download ComboFix from this location:

Link

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.

  • Double click on ComboFix.exe & follow the prompts.
  • If you have an older Operating System you may be asked whether you want to install the Recovery Console. Click yes and follow any prompts.
  • Your desktop may go blank. This is normal.
  • ComboFix may appear to be doing nothing for quite long periods, this is normal, just leave it to do it's job.
  • ComboFix may reboot your machine. This is normal too.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

When you return please post
  • OTL.txt
  • ComboFix.txt

  • 0

#9
hattrick1

hattrick1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hello emeraldnzl,

Ok no more registry cleaners for me then, not worth the risk involved. Good news about the firewall and that makes sense.

Now regarding the picture I sent, yes that is a drop box folder that I use for the Game Combat Mission Normandy. Now the reason I posted it was that the folder that was created on my desktop was similar to that one. The difference was that instead of there being two guys on the folder ( two characters in front of folder) there was only one. There was also no arrow that I could remember and the folder had my name on the bottom of it. What was inside of it was ten ot twelve other folders with files in them.

Here are those logs.

All processes killed
========== OTL ==========
C:\Windows\msdownld.tmp folder deleted successfully.
ADS C:\ProgramData:gs5sys deleted successfully.
ADS C:\Users\Jeff\Desktop\desktop.ini:gs5sys deleted successfully.
ADS C:\Users\Public\Documents\desktop.ini:gs5sys deleted successfully.
ADS C:\Users\Jeff\Documents\desktop.ini:gs5sys deleted successfully.
File ptytemp] not found.

OTL by OldTimer - Version 3.2.69.0 log created on 05082013_194227

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


ComboFix 13-05-08.02 - Jeff 05/08/2013 20:01:52.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6659 [GMT -5:00]
Running from: c:\users\Jeff\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2013-04-09 to 2013-05-09 )))))))))))))))))))))))))))))))
.
.
2013-05-09 01:06 . 2013-05-09 01:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-05-09 01:06 . 2013-05-09 01:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-08 02:58 . 2013-05-08 02:58 -------- d-----w- C:\_OTL
2013-05-08 01:03 . 2013-05-08 01:03 -------- d-----w- C:\FRST
2013-05-08 00:58 . 2013-05-08 00:58 -------- d-----w- c:\windows\ERUNT
2013-05-08 00:57 . 2013-05-08 00:57 -------- d-----w- C:\JRT
2013-05-07 08:21 . 2013-04-17 11:31 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{97411363-5CF4-4686-99CB-BC5A66CBD1D9}\mpengine.dll
2013-05-07 00:53 . 2013-05-09 00:44 -------- d-----w- c:\program files (x86)\Steam
2013-05-05 20:20 . 2013-05-05 20:25 -------- d-----w- c:\programdata\Package Cache
2013-05-02 02:39 . 2012-07-11 22:09 64856 ----a-w- c:\windows\system32\klfphc.dll
2013-05-02 02:39 . 2013-05-02 02:39 -------- d-----w- c:\windows\ELAMBKUP
2013-05-02 02:39 . 2013-05-09 00:43 -------- d-----w- c:\programdata\Kaspersky Lab
2013-05-02 02:39 . 2013-05-02 02:39 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2013-05-02 02:39 . 2013-05-02 02:52 90208 ----a-w- c:\windows\system32\drivers\klflt.sys
2013-05-02 02:39 . 2013-05-02 02:52 620128 ----a-w- c:\windows\system32\drivers\klif.sys
2013-04-27 01:38 . 2013-04-27 01:40 -------- d-----w- c:\users\Jeff\AppData\Roaming\Unity of Command
2013-04-27 01:28 . 2013-04-27 01:28 -------- d-----w- c:\program files (x86)\Unity of Command
2013-04-23 21:21 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-13 06:02 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-04-13 06:02 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-04-13 06:02 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-04-13 06:02 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-04-13 06:02 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2013-04-13 06:02 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2013-04-13 06:02 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-04-13 05:50 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll
2013-04-13 05:49 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-04-13 05:49 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-04-13 05:49 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2013-04-13 05:49 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2013-04-13 05:49 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-11 01:12 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-11 01:12 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-04-11 01:12 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-11 01:12 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-04-11 01:12 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-04-11 01:12 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-04-11 01:12 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-04-09 06:08 . 2013-04-09 06:08 -------- d-----w- C:\NWS
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-05 20:49 . 2012-10-20 13:17 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-05-05 20:49 . 2012-10-20 13:15 280792 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-05-05 20:49 . 2012-10-20 13:15 281032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-05-02 07:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-05-02 02:52 . 2012-08-13 21:49 178448 ----a-w- c:\windows\system32\drivers\kneps.sys
2013-05-02 02:52 . 2012-06-08 16:38 55056 ----a-w- c:\windows\system32\drivers\kltdi.sys
2013-04-11 01:37 . 2012-10-17 21:25 72702784 ----a-w- c:\windows\system32\MRT.exe
2013-04-06 16:51 . 2013-04-06 16:51 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-06 16:51 . 2013-04-06 16:51 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-06 16:51 . 2013-04-06 16:51 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-06 16:51 . 2013-04-06 16:51 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-06 16:51 . 2013-04-06 16:51 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-06 16:51 . 2013-04-06 16:51 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-06 16:51 . 2013-04-06 16:51 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-06 16:51 . 2013-04-06 16:51 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-06 16:51 . 2013-04-06 16:51 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-06 16:51 . 2013-04-06 16:51 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-06 16:51 . 2013-04-06 16:51 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-06 16:51 . 2013-04-06 16:51 441856 ----a-w- c:\windows\system32\html.iec
2013-04-06 16:51 . 2013-04-06 16:51 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-06 16:51 . 2013-04-06 16:51 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-06 16:51 . 2013-04-06 16:51 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-06 16:51 . 2013-04-06 16:51 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-06 16:51 . 2013-04-06 16:51 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-06 16:51 . 2013-04-06 16:51 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-06 16:51 . 2013-04-06 16:51 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-06 16:51 . 2013-04-06 16:51 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-06 16:51 . 2013-04-06 16:51 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-06 16:51 . 2013-04-06 16:51 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-06 16:51 . 2013-04-06 16:51 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-06 16:51 . 2013-04-06 16:51 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-06 16:51 . 2013-04-06 16:51 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-06 16:51 . 2013-04-06 16:51 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-06 16:51 . 2013-04-06 16:51 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-06 16:51 . 2013-04-06 16:51 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-06 16:51 . 2013-04-06 16:51 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-06 16:51 . 2013-04-06 16:51 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-06 16:51 . 2013-04-06 16:51 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-06 16:51 . 2013-04-06 16:51 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-06 16:51 . 2013-04-06 16:51 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-06 16:51 . 2013-04-06 16:51 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-06 16:51 . 2013-04-06 16:51 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-06 16:51 . 2013-04-06 16:51 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-06 16:51 . 2013-04-06 16:51 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-06 16:51 . 2013-04-06 16:51 235008 ----a-w- c:\windows\system32\url.dll
2013-04-06 16:51 . 2013-04-06 16:51 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-06 16:51 . 2013-04-06 16:51 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-06 16:51 . 2013-04-06 16:51 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-06 16:51 . 2013-04-06 16:51 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-06 16:51 . 2013-04-06 16:51 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-06 16:51 . 2013-04-06 16:51 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-06 16:51 . 2013-04-06 16:51 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-06 16:51 . 2013-04-06 16:51 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-06 16:51 . 2013-04-06 16:51 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-06 16:51 . 2013-04-06 16:51 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-06 16:51 . 2013-04-06 16:51 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-06 16:49 . 2013-04-06 16:49 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-06 16:49 . 2013-04-06 16:49 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-06 16:49 . 2013-04-06 16:49 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-06 16:49 . 2013-04-06 16:49 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-06 16:49 . 2013-04-06 16:49 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-06 16:49 . 2013-04-06 16:49 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-06 16:49 . 2013-04-06 16:49 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-06 16:49 . 2013-04-06 16:49 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-06 16:49 . 2013-04-06 16:49 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-06 16:49 . 2013-04-06 16:49 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-06 16:49 . 2013-04-06 16:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-06 16:49 . 2013-04-06 16:49 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-06 16:49 . 2013-04-06 16:49 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-06 16:49 . 2013-04-06 16:49 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-06 16:49 . 2013-04-06 16:49 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-06 16:49 . 2013-04-06 16:49 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-06 16:49 . 2013-04-06 16:49 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-06 16:49 . 2013-04-06 16:49 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-06 16:49 . 2013-04-06 16:49 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2013-04-06 16:49 . 2013-04-06 16:49 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-04-06 16:49 . 2013-04-06 16:49 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-04-06 16:49 . 2013-04-06 16:49 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-04-06 16:49 . 2013-04-06 16:49 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-04-06 16:49 . 2013-04-06 16:49 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-04-06 16:49 . 2013-04-06 16:49 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-04-06 16:49 . 2013-04-06 16:49 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-06 16:49 . 2013-04-06 16:49 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-04-06 16:49 . 2013-04-06 16:49 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-04-06 16:49 . 2013-04-06 16:49 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-04-06 16:49 . 2013-04-06 16:49 296960 ----a-w- c:\windows\system32\d3d10core.dll
2013-04-06 16:49 . 2013-04-06 16:49 293376 ----a-w- c:\windows\SysWow64\dxgi.dll
2013-04-06 16:49 . 2013-04-06 16:49 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-04-06 16:49 . 2013-04-06 16:49 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2013-04-06 16:49 . 2013-04-06 16:49 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2013-04-06 16:49 . 2013-04-06 16:49 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-04-06 16:49 . 2013-04-06 16:49 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2013-04-06 16:49 . 2013-04-06 16:49 221184 ----a-w- c:\windows\system32\UIAnimation.dll
2013-04-06 16:49 . 2013-04-06 16:49 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll
2013-04-06 16:49 . 2013-04-06 16:49 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll
2013-04-06 16:49 . 2013-04-06 16:49 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2013-04-06 16:49 . 2013-04-06 16:49 194560 ----a-w- c:\windows\system32\d3d10_1.dll
2013-04-06 16:49 . 2013-04-06 16:49 1887232 ----a-w- c:\windows\system32\d3d11.dll
2013-04-06 16:49 . 2013-04-06 16:49 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
2013-04-06 16:49 . 2013-04-06 16:49 1682432 ----a-w- c:\windows\system32\XpsPrint.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-05-03 1635752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-05-02 356376]
.
c:\users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Jeff\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2012-10-16 2560]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2011-09-19 158976]
R3 pmxdrv;pmxdrv;c:\windows\system32\drivers\pmxdrv.sys [2012-06-07 31152]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-17 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-05-02 55056]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2013-05-02 178448]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-08-03 2656536]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-10-25 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-10-25 29528]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-09-14 533096]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-25 06:35]
.
2013-05-09 c:\windows\Tasks\HPCeeScheduleForJeff.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Jeff\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-19 168216]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-19 418584]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\ktvgm7eg.default\
FF - ExtSQL: 2013-05-01 21:52; [email protected]; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF - ExtSQL: 2013-05-01 21:52; [email protected]; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF - ExtSQL: 2013-05-01 21:52; [email protected]; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF - ExtSQL: 2013-05-01 21:52; [email protected]; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
FF - ExtSQL: 2013-05-01 21:52; [email protected]; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
AddRemove-The Sith Lords Restored Content Mod_is1 - c:\program files (x86)\Steam\steamapps\common\Knights of the Old Republic II\unins000.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1926310346-3535073341-514525309-1000\Software\SecuROM\License information*]
"datasecu"=hex:0d,56,a8,37,b9,29,1b,82,cc,77,f2,64,53,8d,53,c4,51,e2,12,e5,16,
c4,f0,a3,ba,3b,9b,58,1c,54,c4,f9,c7,ec,f0,d4,2a,99,36,ab,6c,60,27,79,0d,40,\
"rkeysecu"=hex:92,e5,c8,bc,78,2b,4a,77,c3,18,59,0a,0e,6a,0a,42
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-08 20:07:38
ComboFix-quarantined-files.txt 2013-05-09 01:07
ComboFix2.txt 2013-04-05 06:28
.
Pre-Run: 584,730,066,944 bytes free
Post-Run: 585,194,336,256 bytes free
.
- - End Of File - - 461E45EBAD65BA56B4EAF3C5BE3BAB27
  • 0

#10
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

Now the reason I posted it was that the folder that was created on my desktop was similar to that one. The difference was that instead of there being two guys on the folder ( two characters in front of folder) there was only one. There was also no arrow that I could remember and the folder had my name on the bottom of it. What was inside of it was ten ot twelve other folders with files in them.


Hmm... well not much I can say without seeing it.

Now

Another check.

Please download and run ListParts by Farbar (for 32-bit system)

Please download and run ListParts64 by Farbar (for 64-bit system)

Click on Scan button.

Scan result will open in Notepad.

Post post the log (Result.txt) in your next reply.
  • 0

Advertisements


#11
hattrick1

hattrick1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hi,

So on that Combo fix scan there was nothing found?

Here is that log you asked for.

ListParts by Farbar Version: 29-04-2013
Ran by Jeff (administrator) on 08-05-2013 at 21:41:42
Windows 7 (X64)
Running From: C:\Users\Jeff\Desktop
Language: 0409
************************************************************

========================= Memory info ======================

Percentage of memory in use: 22%
Total physical RAM: 8174.53 MB
Available physical RAM: 6370.25 MB
Total Pagefile: 16347.25 MB
Available Pagefile: 14274.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:681.84 GB) (Free:545.08 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:16.69 GB) (Free:2.08 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: (USB20FD) (Removable) (Total:14.74 GB) (Free:11.13 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 698 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 14 GB 0 B

Partitions of Disk 0:
===============

Disk ID: 651D50B7

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 681 GB 101 MB
Partition 3 Primary 16 GB 681 GB

======================================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 SYSTEM NTFS Partition 100 MB Healthy System (partition with boot components)

======================================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 681 GB Healthy Boot

======================================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D HP_RECOVERY NTFS Partition 16 GB Healthy

======================================================================================================

Partitions of Disk 2:
===============

Disk ID: 6C133D99

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 1244 KB

======================================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 G USB20FD FAT32 Removable 14 GB Healthy

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 651D50B7
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=682 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=17 GB) - (Type=07 NTFS)

==============================
Partitions of Disk 2:
===============
Disk ID: 6C133D99
Partition 1: (Not Active) - (Size=15 GB) - (Type=0B)


****** End Of Log ******
  • 0

#12
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

So on that Combo fix scan there was nothing found?


Nothing bad unless I am missing something.

Everything looks good so far.

Please download Event Viewer by Vino Rosso and save it to your desktop.
  • Double-click VEW.exe (with Vista or later right click and run as administrator)
  • Under 'Select log to query', Check the System box
  • Under 'Select type to list', Check Error & Warning boxes
  • Under Number or date of Events > 'Number of events' Type 20 in the 1 to 20 box
  • Click the Run button.
Notepad will open with a log. Please post the log back here.
  • 0

#13
hattrick1

hattrick1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hi,


Thats good news. At least I can say that my attempts to keep the pc clean are working.


Here is that log.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 08/05/2013 10:56:05 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/05/2013 3:12:04 AM
Type: Error Category: 2
Event: 137 Source: Ntfs
The default transaction resource manager on volume OS encountered a non-retryable error and could not start. The data contains the error code.

Log: 'System' Date/Time: 09/05/2013 3:12:04 AM
Type: Error Category: 0
Event: 14 Source: volsnap
The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Log: 'System' Date/Time: 09/05/2013 1:06:25 AM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 09/05/2013 1:04:48 AM
Type: Error Category: 0
Event: 7030 Source: Service Control Manager
The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Log: 'System' Date/Time: 09/05/2013 1:01:51 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The LicCtrl Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 09/05/2013 1:01:33 AM
Type: Error Category: 0
Event: 14 Source: volsnap
The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Log: 'System' Date/Time: 09/05/2013 12:42:27 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 08/05/2013 3:33:04 AM
Type: Error Category: 2
Event: 137 Source: Ntfs
The default transaction resource manager on volume OS encountered a non-retryable error and could not start. The data contains the error code.

Log: 'System' Date/Time: 08/05/2013 3:33:04 AM
Type: Error Category: 0
Event: 14 Source: volsnap
The shadow copies of volume C: were aborted because of an IO failure on volume C:.

Log: 'System' Date/Time: 08/05/2013 2:58:21 AM
Type: Error Category: 0
Event: 7034 Source: Service Control Manager
The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Log: 'System' Date/Time: 08/05/2013 2:52:01 AM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk2\DR3.

Log: 'System' Date/Time: 08/05/2013 2:52:01 AM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk2\DR3.

Log: 'System' Date/Time: 08/05/2013 2:52:00 AM
Type: Error Category: 0
Event: 11 Source: Disk
The driver detected a controller error on \Device\Harddisk2\DR3.

Log: 'System' Date/Time: 08/05/2013 1:06:13 AM
Type: Error Category: 0
Event: 10010 Source: Microsoft-Windows-DistributedCOM
The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 09/05/2013 3:45:31 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk2\DR3 during a paging operation.

Log: 'System' Date/Time: 09/05/2013 3:45:31 AM
Type: Warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk2\DR3 during a paging operation.

Log: 'System' Date/Time: 09/05/2013 3:12:04 AM
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 09/05/2013 3:12:04 AM
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 09/05/2013 3:12:04 AM
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 08/05/2013 3:33:04 AM
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 08/05/2013 3:33:04 AM
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.

Log: 'System' Date/Time: 08/05/2013 3:33:04 AM
Type: Warning Category: 2
Event: 136 Source: Ntfs
The default transaction resource manager on volume OS encountered an error while starting and its metadata was reset. The data contains the error code.
  • 0

#14
emeraldnzl

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

The default transaction resource manager on volume OS encountered a non-retryable error and could not start. The data contains the error code.


The shadow copies of volume C: were aborted because of an IO failure on volume C:.


I am not a techie but I think the forgoing are signs of corruption in your system.

You could try System File Checker if you haven't already done so:

1.Open an elevated command prompt. To do this, go to Start > All Programs > Accessories right-click Command Prompt and click Run as administrator. If you are prompted for an administrator password or for a confirmation, type the password, or click Allow.
2.At the command prompt, type the following command, and then press ENTER:

sfc /scannow

The sfc /scannow command scans all protected system files and replaces incorrect versions with correct Microsoft versions.

and this one:

Log: 'System' Date/Time: 09/05/2013 3:12:04 AM
Type: Warning Category: 2
Event: 57 Source: Ntfs
The system failed to flush data to the transaction log. Corruption may occur.


See the link below:

http://support.microsoft.com/kb/885688

As far as malware is concerned we will run one last check and then clear away the tools we have been using.

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

  • 0

#15
hattrick1

hattrick1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 45 posts
Hello,

Thank you very much for your time and assistance in this matter. I would like to in some way pay you for your services or donate to Geeks to go in some way.

Also I either use AVG for security or Microsoft Security Essentials, what do you recommend?

Here is that log.

SETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8d804de7513f2948a658fdfda7c22106
# engine=13793
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-05-09 05:52:10
# local_time=2013-05-09 12:52:10 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1286 16777213 100 98 0 21945052 0 0
# compatibility_mode=5893 16776573 100 94 0 119665380 0 0
# scanned=293045
# found=0
# cleaned=0
# scan_time=5065
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP