Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

A Virus still messing up my computer


  • Please log in to reply

#1
Beetrix

Beetrix

    Member

  • Member
  • PipPipPip
  • 128 posts
The computer works fine for a few days, then yesterday, My Facebook page said "This page cannot be found." Today, my Yahoo page became a text only page and my mail is not available. In Charter, my email page cannot be displayed. I don't know what keeps happening.
here is a copy of my log. You will notice hundreds of photo files, which are ok.
Thank you in advance, Beetrix

OTL logfile created on: 7/16/2013 12:11:14 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bee\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.72 Gb Available Physical Memory | 69.55% Memory free
7.82 Gb Paging File | 6.45 Gb Available in Paging File | 82.42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 684.84 Gb Total Space | 633.41 Gb Free Space | 92.49% Space Free | Partition Type: NTFS
Drive D: | 13.70 Gb Total Space | 1.27 Gb Free Space | 9.26% Space Free | Partition Type: NTFS

Computer Name: BEE | User Name: Bee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/07/06 08:16:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bee\Desktop\OTL.exe
PRC - [2013/06/27 05:37:03 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013/06/27 05:35:03 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013/06/27 05:35:03 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2011/03/09 17:06:48 | 000,129,648 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
PRC - [2011/03/09 14:47:08 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
PRC - [2011/02/01 01:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2010/12/03 10:03:44 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
PRC - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
PRC - [2010/08/05 16:08:52 | 000,020,480 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
PRC - [2010/08/05 16:08:38 | 000,016,384 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
PRC - [2010/02/11 10:07:54 | 000,710,656 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE
PRC - [2009/07/02 14:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe
PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2013/07/11 05:53:08 | 001,078,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\1489265c93f726f72f59fa268b99af37\System.IdentityModel.ni.dll
MOD - [2013/07/11 05:53:07 | 018,101,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\1fd03dbce5fb842598861bcc46d549a2\System.ServiceModel.ni.dll
MOD - [2013/07/11 05:52:08 | 002,906,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\ReachFramework\f3709da966cecb427dc9a5bac3587c09\ReachFramework.ni.dll
MOD - [2013/07/11 05:51:55 | 001,021,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Dura#\da2cc25eb270a9d8607ab7486f3ce890\System.Runtime.DurableInstancing.ni.dll
MOD - [2013/07/11 05:51:54 | 002,647,552 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\6b3adc90b6f811b557d290e1436e7ff8\System.Runtime.Serialization.ni.dll
MOD - [2013/07/11 05:51:54 | 000,143,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\8a26ba5b45d30874fbebb0a475b22a75\SMDiagnostics.ni.dll
MOD - [2013/07/10 18:47:10 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\6ea5ee4386d67f4b432a27c40fbff93c\System.Windows.Forms.ni.dll
MOD - [2013/07/10 18:47:10 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\8d9db55b1eef7728c04fb1ec500089c6\PresentationCore.ni.dll
MOD - [2013/07/10 18:47:04 | 007,070,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a1c174e579c9ad4e5b6eeed8a58a721b\System.Core.ni.dll
MOD - [2013/07/10 18:47:01 | 005,628,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\91c185bd043af039dcdc93e3fcf87f3d\System.Xml.ni.dll
MOD - [2013/07/10 18:47:01 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4787bb699ed4291859fb86f15d793add\System.Drawing.ni.dll
MOD - [2013/07/10 18:47:00 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\d3c944049319ebe51e939c9342f0bcc2\WindowsBase.ni.dll
MOD - [2013/07/10 18:46:58 | 001,013,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\256b7bb1216345c5a66ced50c1cf239d\System.Configuration.ni.dll
MOD - [2013/07/10 18:46:57 | 009,099,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\8a6d1c8abeb8eb82f06c7d075130cc67\System.ni.dll
MOD - [2013/07/10 18:41:21 | 014,416,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\cf58670896c5313b9b52f026f4455a5d\mscorlib.ni.dll
MOD - [2009/07/02 14:58:40 | 000,406,016 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\Keystatus.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/04/24 21:38:30 | 000,318,464 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2009/03/02 19:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2013/06/27 05:37:03 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/06/27 05:35:03 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/06/11 15:19:07 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/11 10:50:04 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\afasrv64.exe -- (AfaService)
SRV - [2012/09/27 12:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0)
SRV - [2011/03/09 17:06:48 | 000,129,648 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -- (DTSRVC)
SRV - [2011/03/09 14:47:08 | 000,109,168 | ---- | M] (Portrait Displays, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe -- (PdiService)
SRV - [2011/02/01 01:49:44 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Running] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/08/05 16:08:38 | 000,016,384 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe -- (CalendarSynchService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 13:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/25 05:40:17 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013/03/25 05:40:17 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013/03/25 05:40:17 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013/02/05 22:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/08/23 07:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 07:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 07:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/07/05 14:21:30 | 001,874,016 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/04/24 21:38:30 | 000,536,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/04/21 19:17:04 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/27 09:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/12/03 10:04:10 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/06 01:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/07/13 05:57:08 | 000,069,736 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/26 16:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/11/02 10:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009/09/21 01:43:52 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdm.sys -- (ss_mdm)
DRV:64bit: - [2009/09/21 01:43:52 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bus.sys -- (ss_bus)
DRV:64bit: - [2009/09/21 01:43:52 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [1999/03/07 20:15:00 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\pmemnt.sys -- (PMEM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{47A5A5E7-3576-4944-B7E3-7BDB7A067DF9}: "URL" = http://www.amazon.co...s={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{47A5A5E7-3576-4944-B7E3-7BDB7A067DF9}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Recovery\New folder\New folder
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 9A B4 C5 E4 2A CE 01 [binary data]
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn5\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {43FF024B-B6D4-477D-AFF6-FF1D0923410A}
IE - HKCU\..\SearchScopes\{43FF024B-B6D4-477D-AFF6-FF1D0923410A}: "URL" = http://search.yahoo....ms}&fr=chr-tyc9
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: c:\Program Files (x86)\Virtual Earth 3D\ File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@hulu.com/Hulu Desktop: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll ()

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\UnfriendApp\Firefox\ [2012/11/18 23:45:25 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/11/24 07:21:20 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe (Hewlett-Packard )
O4:64bit: - HKLM..\Run: [EKAIO2StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKAiO2MUI.exe (Eastman Kodak Company)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [USBestCR] C:\Program Files (x86)\USIM Editor\iconcs1818160.exe RunFromReg File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EKAiO2StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe File not found
O4 - HKLM..\Run: [HP KEYBOARDx] C:\Program Files (x86)\Hewlett-Packard\HP Desktop Keyboard\HPKEYBOARDx.EXE (Hewlett-Packard)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.190.192.35 71.9.127.107 24.205.224.36
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67BFE14F-B49D-407E-A7F2-CCB31337931D}: DhcpNameServer = 68.190.192.35 71.9.127.107 24.205.224.36
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/14 17:03:47 | 000,000,000 | ---D | C] -- C:\Users\Bee\Documents\New folder
[2013/07/14 16:57:32 | 000,000,000 | ---D | C] -- C:\Windows\en
[2013/07/14 16:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2013/07/14 16:53:15 | 000,000,000 | R--D | C] -- C:\Users\Bee\SkyDrive
[2013/07/14 16:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013/07/14 16:53:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013/07/14 14:11:28 | 000,000,000 | ---D | C] -- C:\Users\Bee\Documents\Webcam
[2013/07/14 14:11:26 | 000,000,000 | ---D | C] -- C:\Users\Bee\AppData\Roaming\CyberLink
[2013/07/14 02:08:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LG Electronics
[2013/07/12 05:07:12 | 000,000,000 | ---D | C] -- C:\Users\Bee\AppData\Local\{F2DBE9B5-3686-46A4-A4B0-BD0084D26ED8}
[2013/07/12 04:47:53 | 000,000,000 | ---D | C] -- C:\Users\Bee\Documents\PDF Files
[2013/07/06 14:27:08 | 000,000,000 | ---D | C] -- C:\Users\Bee\AppData\Local\{4769C059-1B93-43DB-AAE6-EFFAAF1D390D}
[2013/07/06 14:12:19 | 000,000,000 | ---D | C] -- C:\Users\Bee\AppData\Local\{20527C00-7EF1-41B3-B801-80DA79FD4953}
[2013/07/06 11:05:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/06 08:16:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bee\Desktop\OTL.exe
[2013/07/03 05:53:58 | 000,000,000 | ---D | C] -- C:\Users\Bee\Documents\Northwest Adm
[2013/06/27 12:05:56 | 000,000,000 | ---D | C] -- C:\Users\Bee\AppData\Local\{5D4E765F-7164-4926-9E1A-DFE740F4297E}
[2013/06/22 09:02:06 | 000,000,000 | ---D | C] -- C:\Users\Bee\AppData\Local\{7D4C937A-B276-4EC4-9F74-6C4550C97714}
[2013/06/21 06:18:38 | 000,000,000 | ---D | C] -- C:\Users\Bee\AppData\Local\{F9246003-D4FC-4173-8CB5-3D77BDA5C376}
[2013/06/16 12:30:11 | 000,000,000 | ---D | C] -- C:\Users\Bee\AppData\Local\{5E313202-6127-48CB-98C0-74EC9D10DE32}
[2012/10/12 11:38:53 | 009,842,040 | ---- | C] (Webroot Software, Inc.) -- C:\Program Files (x86)\Common Files\wruninstall.exe

========== Files - Modified Within 30 Days ==========

[2013/07/16 12:15:50 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/16 12:15:50 | 000,024,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/16 12:14:30 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/16 12:14:30 | 000,660,068 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/16 12:14:30 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/07/16 12:08:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/16 12:08:23 | 3151,044,608 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/15 18:37:02 | 000,001,409 | ---- | M] () -- C:\Users\Bee\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/15 15:54:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBEE-HP$.job
[2013/07/14 07:15:15 | 000,016,729 | ---- | M] () -- C:\Users\Bee\Documents\Omegle screenshot 23072.jpg.jpg
[2013/07/14 07:14:58 | 000,017,356 | ---- | M] () -- C:\Users\Bee\Documents\Omegle screenshot 42065.jpg.jpg
[2013/07/11 15:24:58 | 000,250,792 | ---- | M] () -- C:\Users\Bee\Documents\Doc1.pdf-2.pdf
[2013/07/11 05:32:49 | 000,001,931 | ---- | M] () -- C:\Users\Bee\Desktop\Update Checker.lnk
[2013/07/11 04:38:58 | 000,000,324 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBee.job
[2013/07/11 04:38:55 | 000,348,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/10 18:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/10 17:52:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3969357861-245451301-220097965-1004UA.job
[2013/07/06 13:26:15 | 000,057,549 | ---- | M] () -- C:\Users\Bee\Documents\Bob and Maria-1.jpg
[2013/07/06 13:26:15 | 000,021,679 | ---- | M] () -- C:\Users\Bee\Documents\Family Bands.htm
[2013/07/06 13:26:15 | 000,005,468 | ---- | M] () -- C:\Users\Bee\Documents\Bob and Maria-1_thumb.jpg
[2013/07/06 13:26:11 | 000,021,460 | ---- | M] () -- C:\Users\Bee\Documents\Family Bands.bak
[2013/07/06 13:17:42 | 000,019,612 | ---- | M] () -- C:\Users\Bee\Documents\index.htm
[2013/07/06 13:17:42 | 000,019,612 | ---- | M] () -- C:\Users\Bee\Documents\index.bak
[2013/07/06 11:31:45 | 000,650,027 | ---- | M] () -- C:\Users\Bee\Desktop\adwcleaner.exe
[2013/07/06 08:16:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bee\Desktop\OTL.exe
[2013/07/06 08:08:28 | 000,000,000 | ---- | M] () -- C:\Users\Bee\Desktop\Setup.exe.zaggd6l.partial
[2013/07/06 07:14:23 | 000,000,632 | RHS- | M] () -- C:\Users\Bee\ntuser.pol
[2013/07/04 22:52:00 | 000,000,866 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3969357861-245451301-220097965-1004Core.job
[2013/06/27 05:37:13 | 000,083,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013/06/22 12:40:46 | 000,070,284 | ---- | M] () -- C:\Users\Bee\Documents\Linda and Brett Strayer May.jpg
[2013/06/22 12:40:46 | 000,014,728 | ---- | M] () -- C:\Users\Bee\Documents\Linda's Page.htm
[2013/06/22 12:40:46 | 000,007,676 | ---- | M] () -- C:\Users\Bee\Documents\Linda and Brett Strayer May_thumb.jpg
[2013/06/22 12:40:36 | 000,014,566 | ---- | M] () -- C:\Users\Bee\Documents\Linda's Page.bak
[2013/06/22 12:35:01 | 000,015,296 | ---- | M] () -- C:\Users\Bee\Documents\Introduction.htm
[2013/06/22 12:35:01 | 000,015,292 | ---- | M] () -- C:\Users\Bee\Documents\Introduction.bak
[2013/06/22 12:05:35 | 000,056,547 | ---- | M] () -- C:\Users\Bee\Documents\Duane Keith 1971 001.jpg
[2013/06/22 12:05:35 | 000,006,654 | ---- | M] () -- C:\Users\Bee\Documents\Duane Keith 1971 001_thumb.jpg
[2013/06/22 11:53:01 | 000,034,751 | ---- | M] () -- C:\Users\Bee\Documents\Faces 8.bak
[2013/06/22 11:53:01 | 000,033,000 | ---- | M] () -- C:\Users\Bee\Documents\Faces 8.htm
[2013/06/22 11:41:20 | 000,097,839 | ---- | M] () -- C:\Users\Bee\Documents\600x400 12~25~08 001.jpg
[2013/06/22 11:41:20 | 000,006,397 | ---- | M] () -- C:\Users\Bee\Documents\600x400 12~25~08 001_thumb.jpg
[2013/06/22 11:29:49 | 000,081,665 | ---- | M] () -- C:\Users\Bee\Documents\Faces 14.htm
[2013/06/22 11:29:48 | 000,081,676 | ---- | M] () -- C:\Users\Bee\Documents\Faces 14.bak
[2013/06/21 10:26:31 | 000,260,459 | ---- | M] () -- C:\Users\Bee\Documents\Mark Anthony 1.JPG
[2013/06/21 10:26:31 | 000,074,326 | ---- | M] () -- C:\Users\Bee\Documents\Mark Anthony 3.JPG
[2013/06/21 10:26:31 | 000,016,559 | ---- | M] () -- C:\Users\Bee\Documents\Mark Anthony KINKS TOUR 2_thumb.JPG
[2013/06/21 10:26:31 | 000,014,714 | ---- | M] () -- C:\Users\Bee\Documents\Mark Anthony 4_thumb.JPG
[2013/06/21 10:26:31 | 000,013,573 | ---- | M] () -- C:\Users\Bee\Documents\Mark Anthony 6_thumb.JPG
[2013/06/21 10:26:31 | 000,012,886 | ---- | M] () -- C:\Users\Bee\Documents\Mark Anthony 1_thumb.JPG
[2013/06/21 10:26:31 | 000,012,595 | ---- | M] () -- C:\Users\Bee\Documents\Mark Anthony 5_thumb.JPG
[2013/06/21 10:26:31 | 000,012,419 | ---- | M] () -- C:\Users\Bee\Documents\Mark Anthony 3_thumb.JPG
[2013/06/21 10:17:51 | 000,044,257 | ---- | M] () -- C:\Users\Bee\Documents\Lee Michaels 1.jpg
[2013/06/21 10:17:51 | 000,003,089 | ---- | M] () -- C:\Users\Bee\Documents\Lee Michaels 1_thumb.jpg
[2013/06/21 09:56:50 | 000,046,173 | ---- | M] () -- C:\Users\Bee\Documents\Faces 5.htm
[2013/06/21 09:56:50 | 000,046,173 | ---- | M] () -- C:\Users\Bee\Documents\Faces 5.bak
[2013/06/21 09:53:32 | 000,140,968 | ---- | M] () -- C:\Users\Bee\Documents\Caroline Morrow McElroy in the chair-1.jpg
[2013/06/21 09:53:32 | 000,106,003 | ---- | M] () -- C:\Users\Bee\Documents\Caroline M McElroy in stripes-1.jpg
[2013/06/21 09:53:32 | 000,012,270 | ---- | M] () -- C:\Users\Bee\Documents\Caroline Morrow McElroy in the chair-1_thumb.jpg
[2013/06/21 09:53:32 | 000,009,758 | ---- | M] () -- C:\Users\Bee\Documents\Caroline M McElroy in stripes-1_thumb.jpg

========== Files Created - No Company Name ==========

[2013/07/15 18:37:03 | 000,002,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Center.lnk
[2013/07/15 18:37:03 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013/07/15 18:37:02 | 000,001,415 | ---- | C] () -- C:\Users\Bee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/07/15 18:37:02 | 000,001,409 | ---- | C] () -- C:\Users\Bee\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/07/14 16:57:17 | 000,001,267 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2013/07/14 16:57:07 | 000,001,336 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2013/07/14 16:53:14 | 000,002,149 | ---- | C] () -- C:\Users\Bee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2013/07/14 07:15:15 | 000,016,729 | ---- | C] () -- C:\Users\Bee\Documents\Omegle screenshot 23072.jpg.jpg
[2013/07/14 07:14:58 | 000,017,356 | ---- | C] () -- C:\Users\Bee\Documents\Omegle screenshot 42065.jpg.jpg
[2013/07/11 15:24:57 | 000,250,792 | ---- | C] () -- C:\Users\Bee\Documents\Doc1.pdf-2.pdf
[2013/07/11 05:32:49 | 000,001,961 | ---- | C] () -- C:\Users\Bee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
[2013/07/11 05:32:49 | 000,001,931 | ---- | C] () -- C:\Users\Bee\Desktop\Update Checker.lnk
[2013/07/06 13:26:15 | 000,057,549 | ---- | C] () -- C:\Users\Bee\Documents\Bob and Maria-1.jpg
[2013/07/06 13:26:15 | 000,005,468 | ---- | C] () -- C:\Users\Bee\Documents\Bob and Maria-1_thumb.jpg
[2013/07/06 11:31:45 | 000,650,027 | ---- | C] () -- C:\Users\Bee\Desktop\adwcleaner.exe
[2013/07/06 08:08:28 | 000,000,000 | ---- | C] () -- C:\Users\Bee\Desktop\Setup.exe.zaggd6l.partial
[2013/06/22 12:40:46 | 000,070,284 | ---- | C] () -- C:\Users\Bee\Documents\Linda and Brett Strayer May.jpg
[2013/06/22 12:40:46 | 000,007,676 | ---- | C] () -- C:\Users\Bee\Documents\Linda and Brett Strayer May_thumb.jpg
[2013/06/22 12:05:35 | 000,056,547 | ---- | C] () -- C:\Users\Bee\Documents\Duane Keith 1971 001.jpg
[2013/06/22 12:05:35 | 000,006,654 | ---- | C] () -- C:\Users\Bee\Documents\Duane Keith 1971 001_thumb.jpg
[2013/06/22 11:41:20 | 000,006,397 | ---- | C] () -- C:\Users\Bee\Documents\600x400 12~25~08 001_thumb.jpg
[2013/06/21 10:26:31 | 000,260,459 | ---- | C] () -- C:\Users\Bee\Documents\Mark Anthony 1.JPG
[2013/06/21 10:26:31 | 000,074,326 | ---- | C] () -- C:\Users\Bee\Documents\Mark Anthony 3.JPG
[2013/06/21 10:26:31 | 000,016,559 | ---- | C] () -- C:\Users\Bee\Documents\Mark Anthony KINKS TOUR 2_thumb.JPG
[2013/06/21 10:26:31 | 000,014,714 | ---- | C] () -- C:\Users\Bee\Documents\Mark Anthony 4_thumb.JPG
[2013/06/21 10:26:31 | 000,013,573 | ---- | C] () -- C:\Users\Bee\Documents\Mark Anthony 6_thumb.JPG
[2013/06/21 10:26:31 | 000,012,886 | ---- | C] () -- C:\Users\Bee\Documents\Mark Anthony 1_thumb.JPG
[2013/06/21 10:26:31 | 000,012,595 | ---- | C] () -- C:\Users\Bee\Documents\Mark Anthony 5_thumb.JPG
[2013/06/21 10:26:31 | 000,012,419 | ---- | C] () -- C:\Users\Bee\Documents\Mark Anthony 3_thumb.JPG
[2013/06/21 10:17:51 | 000,044,257 | ---- | C] () -- C:\Users\Bee\Documents\Lee Michaels 1.jpg
[2013/06/21 10:17:51 | 000,003,089 | ---- | C] () -- C:\Users\Bee\Documents\Lee Michaels 1_thumb.jpg
[2013/06/21 09:53:32 | 000,140,968 | ---- | C] () -- C:\Users\Bee\Documents\Caroline Morrow McElroy in the chair-1.jpg
[2013/06/21 09:53:32 | 000,106,003 | ---- | C] () -- C:\Users\Bee\Documents\Caroline M McElroy in stripes-1.jpg
[2013/06/21 09:53:32 | 000,012,270 | ---- | C] () -- C:\Users\Bee\Documents\Caroline Morrow McElroy in the chair-1_thumb.jpg
[2013/06/21 09:53:32 | 000,009,758 | ---- | C] () -- C:\Users\Bee\Documents\Caroline M McElroy in stripes-1_thumb.jpg
[2012/07/13 11:28:42 | 000,000,632 | RHS- | C] () -- C:\Users\Bee\ntuser.pol
[2012/05/27 15:38:31 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\afasrv64.exe
[2011/07/27 00:14:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/07/21 05:16:35 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\Affixa
[2012/11/20 05:19:48 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\Blio
[2012/07/25 11:38:50 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012/12/02 07:06:05 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\Cyberduck
[2012/05/14 14:31:24 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\DisplayTune
[2012/06/21 16:03:47 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\IBM
[2013/07/12 10:09:55 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\Mapi2Xml
[2012/05/15 17:41:55 | 000,000,000 | ---D | M] -- C:\Users\Bee\AppData\Roaming\WinBatch
[2012/12/02 07:02:54 | 000,000,000 | -HSD | M] -- C:\Users\Bee\AppData\Roaming\wyUpdate AU

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Looks pretty clean.

Let's check your Internet speed:

Go to http://www.speedtest.net/ and click on Begin Test

When the Test finishes click on Share This Result and then select Forum then Copy then move to a reply and Ctrl + v



Now let's look at your CPU usage:

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Let's check essential services:


Download, Save and Run (win 7 or Vista => Right click and Run as Admin.) farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.


Finally a quick check for errors:

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#3
Beetrix

Beetrix

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
Hi Ron,
When I clicked on the link to speedtest.net it had a scan button, that took me to another scan button that did nothing and the name of the site was different.
Then I went back and tried again, and it took me to the Speedy PCPro download with a fix it button. Now, there are no scan buttons available on speedtest.net.
Hope this makes sense!
Thank you,
Beetrix

Edited by Beetrix, 17 July 2013 - 11:30 AM.

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Not supposed to be a Scan button. Should say Begin Test. Just ran it on mine. Was a little slow loading today but worked fine.

Posted Image
  • 0

#5
Beetrix

Beetrix

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
When I click on that box, it opens a window and says:


Welcome to Speedtest.net! If you are seeing this error message it could be due to one or more of the problems listed below, together with potential solutions.

◾Be sure to enable JavaScript. Here's how: http://enable-javascript.com/.
◾Have Flash v.10+? If you do, try uninstalling Flash. Either way, get the latest Flash client here.
◾Still no luck? Sorry. You can either visit our Support section to troubleshoot further or try our non-JavaScript site. Unfortunately you still need Flash v10+ and there is no guarantee everything will work correctly!
Please visit again when you are able to use Flash (v.10+) and JavaScript but take a moment to learn more about Speedtest.net.

I do have JavaScript enabled and have Flash.
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Can you try another browser?
  • 0

#7
Beetrix

Beetrix

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
How do I do that? I like Internet Explorer. I can't lose my favorites, so not sure what to do.

Edited by Beetrix, 17 July 2013 - 03:17 PM.

  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
It looks like you have Firefox on your computer. Just start it up and go to http://www.speedtest.net/

IF Firefox asks if you want it to be your default just say no. If you haven't used Firefox before it will ask if you want it to use your IE favorites. You can tell it yes. If you don't have Firefox then get it from http://www.mozilla.o...US/firefox/new/ , Download it, Save and install it (win 7 and Vista, right click and Run As Admin).
  • 0

#9
Beetrix

Beetrix

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
Hi Ron,

I followed your advise and downloaded Firefox. This is the link http://www.mozilla.o.../23.0/firstrun/
I am a little confused about the page. I went to the google search bar at the top right and typed in http://www.speedtest.net/.
It took me to the site lists and I clicked on the site. When I opened the site and clicked on the button to run it, it said this page cannot be displayed.
I tried it again and it came up with the same page that I copied and pasted to you before with the error information.
Oh, I uploaded the new Flash 11 also to see if that would help, but no luck.

My computer is about 1 1/2 years old. I haven't had any problems with the speed so far.
I just hope I don't lose Geeks to Go page! I will wait for your reply.
Thanks again, Beetrix

Edited by Beetrix, 19 July 2013 - 05:48 AM.

  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
I see it requires Flash. Did you visit Adobe.com with your new Firefox browser and get Flash? There are two Flash programs. One for IE and one for all other browsers. Which one you get depends on which browser you use.

Is this what you see when you go to speedtest.net?



If you can't get it to work then go on with the other steps in my original post (#2).
  • 0

Advertisements


#11
Beetrix

Beetrix

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
I downloaded the Flash from Firefox and it opened up my Yahoo and Charter with my emails opening. I haven't tried anything else yet, but it looks good. I ran speedtest.net and here is the result along with the CPU log. Hope this is correct!

Posted Image




Here is the CPU usage log.

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
AESTSr64.exe 1,300 K 2,904 K 1260 Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
afasrv64.exe 1,252 K 2,832 K 1280 (No signature was present in the subject)
audiodg.exe 17,624 K 17,948 K 400 Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
avnotify.exe 10,904 K 31,744 K 2248 Avira Notification Tool Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
avshadow.exe 2,160 K 4,336 K 3244 Avira Shadow Copy Service Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
beats64.exe 2,168 K 5,632 K 2344 HP Beats Hewlett-Packard (Verified) Microsoft Windows Hardware Compatibility Publisher
dllhost.exe 3,452 K 6,948 K 3500 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
DTSRVC.exe 980 K 3,364 K 2280 DTSRVC Portrait Displays, Inc. (Verified) Portrait Displays
GCalService.exe 17,308 K 13,724 K 4624 HP TouchSmart Calendar Hewlett-Packard (No signature was present in the subject) Hewlett-Packard
GoogleToolbarUser_32.exe 5,660 K 12,012 K 4272 Google Toolbar Broker Google Inc. (Verified) Google Inc
hkcmd.exe 2,476 K 6,516 K 2560 hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
HPClientServices.exe 3,904 K 7,956 K 2308 HP Client Services Hewlett-Packard Company (Verified) Hewlett-Packard Company
HPKEYBOARDx.EXE 7,660 K 11,492 K 2368 HP Keyboard Kit OSD Hewlett-Packard (No signature was present in the subject) Hewlett-Packard
hpsysdrv.exe 1,036 K 3,808 K 2352 hpsysdrv Hewlett-Packard (Verified) Hewlett-Packard Company
HPTouchSmartSyncCalReminderApp.exe 28,204 K 26,876 K 5012 HP TouchSmart Calendar Service Hewlett-Packard (No signature was present in the subject) Hewlett-Packard
igfxpers.exe 3,696 K 9,912 K 2608 persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
InputPersonalization.exe 2,852 K 1,016 K 4580 Input Personalization Server Microsoft Corporation (Verified) Microsoft Windows
lsass.exe 4,564 K 11,100 K 580 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
mDNSResponder.exe 2,256 K 5,624 K 2212 Bonjour Service Apple Inc. (Verified) Apple Inc.
pdfsvc.exe 2,212 K 6,960 K 2420 Dispatcher PDF Complete Inc (Verified) PDF Complete
pdisrvc.exe 1,056 K 3,660 K 2504 pdisrvc Portrait Displays, Inc. (Verified) Portrait Displays
procexp.exe 2,444 K 7,524 K 3368 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
sched.exe 3,428 K 1,892 K 1564 Avira Scheduler Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
smss.exe 552 K 1,212 K 320 Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
spoolsv.exe 8,360 K 14,160 K 1496 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
sttray64.exe 9,152 K 19,892 K 2536 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe 1,688 K 4,320 K 2180 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,464 K 5,808 K 3420 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,028 K 5,584 K 2720 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2,332 K 5,520 K 968 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5,480 K 9,496 K 1540 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 5,528 K 9,232 K 804 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 4,904 K 9,980 K 716 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 17,348 K 20,308 K 888 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
TabTip.exe 5,772 K 13,792 K 1752 Tablet PC Input Panel Accessory Microsoft Corporation (Verified) Microsoft Windows
TabTip32.exe 804 K 2,824 K 1816 Tablet PC Input Panel Helper Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 2,632 K 6,572 K 3552 Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 1,708 K 4,592 K 476 Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 3,424 K 7,816 K 568 Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
wisptis.exe 3,724 K 9,068 K 1348 Microsoft Pen and Touch Input Component Microsoft Corporation (Verified) Microsoft Windows
wisptis.exe 4,324 K 10,800 K 1740 Microsoft Pen and Touch Input Component Microsoft Corporation (Verified) Microsoft Windows
WLIDSVC.EXE 5,808 K 12,072 K 2776 Microsoft® Windows Live ID Service Microsoft Corp. (Verified) Microsoft Corporation
WLIDSVCM.EXE 1,504 K 3,464 K 2944 Microsoft® Windows Live ID Service Monitor Microsoft Corp. (Verified) Microsoft Corporation
WmiPrvSE.exe 2,792 K 6,368 K 3780 WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
YahooAUService.exe 3,984 K 9,408 K 2876 AutoUpater Service Module Yahoo! Inc. (Verified) Yahoo! Inc.
PhotoshopElementsFileAgent.exe < 0.01 2,692 K 992 K 4556 Adobe Photoshop Elements 10.0 (component) Adobe Systems Incorporated (Verified) Adobe Systems Incorporated
avguard.exe < 0.01 144,568 K 36,052 K 1468 Avira On-Access Service Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
stacsv64.exe < 0.01 13,020 K 9,676 K 344 IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
HPSA_Service.exe < 0.01 30,392 K 22,400 K 4480 HP Support Assistant Service Hewlett-Packard Company (No signature was present in the subject) Hewlett-Packard Company
wmpnetwk.exe < 0.01 4,144 K 2,248 K 3844 Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 114,236 K 120,656 K 932 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
UpdateChecker.exe < 0.01 36,732 K 36,400 K 2712 FileHippo.com Update Checker FileHippo.com (No signature was present in the subject) FileHippo.com
Magnify.exe < 0.01 26,304 K 15,224 K 3632 Microsoft Screen Magnifier Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe < 0.01 20,256 K 12,072 K 3276 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
YCMMirage.exe < 0.01 1,748 K 864 K 3792 YouCam Mirage CyberLink (Verified) CyberLink
svchost.exe < 0.01 28,476 K 45,888 K 1016 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
csrss.exe < 0.01 2,292 K 4,652 K 420 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
taskhost.exe < 0.01 13,360 K 17,508 K 1688 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
lsm.exe < 0.01 2,816 K 4,516 K 588 Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 10,692 K 18,748 K 980 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
avgnt.exe < 0.01 6,884 K 9,356 K 1244 Avira System Tray Tool Avira Operations GmbH & Co. KG (Verified) Avira Operations GmbH & Co. KG
iexplore.exe < 0.01 20,952 K 45,024 K 4076 Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 13,412 K 15,016 K 1584 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
Narrator.exe < 0.01 58,776 K 59,632 K 5032 Narrator Microsoft Corporation (Verified) Microsoft Windows
services.exe < 0.01 5,448 K 10,972 K 544 Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 16,904 K 18,344 K 1152 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 0.01 27,032 K 46,248 K 2000 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
Keystatus.exe 0.02 1,416 K 5,856 K 2268 Caps Lock | Num Lock | Scroll Lock State (No signature was present in the subject)
iexplore.exe 0.02 71,756 K 119,464 K 4124 Internet Explorer Microsoft Corporation (Verified) Microsoft Windows
AppleMobileDeviceService.exe 0.02 2,944 K 9,188 K 1092 MobileDeviceService Apple Inc. (Verified) Apple Inc.
RNowSvc.exe 0.03 1,384 K 4,104 K 2568 Windows Service App Roxio (Verified) Sonic Solutions
System 0.03 224 K 1,876 K 4
csrss.exe 0.10 2,796 K 34,780 K 500 Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 0.13 64,380 K 53,564 K 1928 Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
Interrupts 0.29 0 K 0 K n/a Hardware Interrupts and DPCs
procexp64.exe 1.34 28,096 K 49,304 K 3560 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
System Idle Process 97.97 0 K 24 K 0

Here is Essential services

Farbar Service Scanner Version: 13-07-2013
Ran by Bee (administrator) on 20-07-2013 at 05:39:34
Running from "C:\Users\Bee\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



I followed your instructions to check for errors. Here is results. (I can't get it to copy and paste to notepad).
Here is what it says:Windows Resourse Protection found corrupt files and successfully repaired them.
Details are included in the CBS.Log windir/logs/CBS/CBS.log. For example C:/windows/logs/CBS/CBS.log
Can you show me how to get to this log if you need me to copy and paste it.





Here is the log for the event Viewer Tool for System.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 20/07/2013 6:36:57 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/07/2013 12:51:15 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The PMEM service failed to start due to the following error: This driver has been blocked from loading

Log: 'System' Date/Time: 20/07/2013 12:51:15 PM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\??\C:\Windows\SysWow64\drivers\pmemnt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Log: 'System' Date/Time: 20/07/2013 12:51:08 PM
Type: Error Category: 403
Event: 413 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/07/2013 12:50:40 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

Here is the log for Application:

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 20/07/2013 6:42:48 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 20/07/2013 12:52:56 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 20/07/2013 12:50:39 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3969357861-245451301-220097965-1000:
Process 1468 (\Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon


Sorry I had to keep editing. Hope I did this all correctly.

Edited by Beetrix, 20 July 2013 - 08:17 AM.

  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
It appears you have a problem just with IE. Since you are so worried about your favorites (and maybe your cookies) let's back them up. Follow Option 2 on
http://www.sevenforu...-favorites.html - select both Favorites and Cookies then just keep hitting the Next button until it saves both the favorites and the cookies. Once you have done that (In IE) Tools, Internet Options, Advanced and Click on the RESET button. The next page has an option to also delete your private stuff but don't check it this time just hit Reset again. Close IE and then reopen it and see if things have improved.

You did exactly right on SFC. Since it was able to fix the files there is no point in looking at the log.

You have some minor issues in your logs.

This error:

Log: 'Application' Date/Time: 20/07/2013 12:52:56 PM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


Has a Fixit on:

http://support.micro....com/kb/2545227

Just go to the page and click on FixIt and follow the instructions.

Log: 'Application' Date/Time: 20/07/2013 12:50:39 PM
Type: Warning Category: 0
Event: 1530 Source: Microsoft-Windows-User Profiles Service
Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards. DETAIL - 1 user registry handles leaked from \Registry\User\S-1-5-21-3969357861-245451301-220097965-1000:
Process 1468 (\Device\HarddiskVolume2\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe) has opened key \REGISTRY\USER\S-1-5-21-3969357861-245451301-220097965-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon


This is an indication that Avira is not working quite like it should. Check and see if there is a new version if not consider replacing it with the free Avast. http://www.avast.com/index (They will offer you the pay version but the free one is what you want.)

Log: 'System' Date/Time: 20/07/2013 12:51:15 PM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The PMEM service failed to start due to the following error: This driver has been blocked from loading

Log: 'System' Date/Time: 20/07/2013 12:51:15 PM
Type: Error Category: 0
Event: 1060 Source: Application Popup
\??\C:\Windows\SysWow64\drivers\pmemnt.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.


Not sure why it is trying to load pmemnt.sys. It hasn't been used since Windows 2000. We can tell it not to:

Copy the next line:

sc config pmem start= disabled

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Yes. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Does it give you an error? Close the command window.

Finally we have this one:

Log: 'System' Date/Time: 20/07/2013 12:51:08 PM
Type: Error Category: 403
Event: 413 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.


This is going to take a little more work.

Copy the next 4 lines:

dir /a C:\Windows\System32\Tasks > "%userprofile%\Desktop\junk.txt"
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule" /s >> "%userprofile%\Desktop\junk.txt"
reg query "HKLM\System\CurrentControlSet\Services\Schedule" /s >> "%userprofile%\Desktop\junk.txt"
net start >> "%userprofile%\Desktop\junk.txt"

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied lines should appear.
Hit Enter. Close the command window. You should have a file junk.txt on your desktop. Attach the file to your next post.




Now clear the alarms as before:

Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.

Reboot and then run Vew again as before:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

If all went well then the only error left should be the scheduler error (and the WLAN error which really isn't an error).
  • 0

#13
Beetrix

Beetrix

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
Hi Ron,
I followed all of your instructions. I wasn't sure what version of Avira I had. I downloaded it last year from File Hippo.
So, I removed it and downloaded Avast from there also. I had forgotten you had a link for it from their own site. (Hope that is OK)

On IE, Yahoo is a text only page. I can't get to my email. Twitter also, but that is about the only two that I found. If you think
this problem can't be solved, then I will probably have to switch over to Firefox, which I don't have a problem with however, I do
need to be walked through it again, so I can switch my favorites to their bookmarks.

My one question is that when I downloaded it, there was a start page, but now when I click on the icon on my desktop the page looks
just like the Google page with a large search bar in the center. I did want to get to the help forum, etc.
Thank you again, Beetrix


Here is the event viewer for System.

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/07/2013 1:25:44 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/07/2013 8:17:17 PM
Type: Error Category: 403
Event: 413 Source: Microsoft-Windows-TaskScheduler
Task Scheduler service failed to load tasks at service startup. Additional Data: Error Value: 2147549183.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 21/07/2013 8:16:34 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.


Here is for Application

Vino's Event Viewer v01c run on Windows 2008 in English
Report run at 21/07/2013 1:31:21 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Critical Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
If IE can't see yahoo or twitter but everything else is working then I would suspect something with the cookies for those two sites. Let's try IECookiesView

http://nirsoft.net/utils/iecv.zip

Download and Save the file (IF using Firefox, Click on the download arrow after it flashes green. Then right click on the file and Open Containing Folder) and then right click on the saved file and select Extract All. That will create a folder of the same name (without the .zip) in the same location. Inside the folder will be three files. (Make sure IE is closed) Right click on iecv.exe and Run As Admin. Give it a minute to load the cookies then scroll down in the top screen until you find yahoo.com, www.yahoo.com, twitter.com, www.twitter.com. Check all that you find then Edit, Delete Selected Cookie files. Then close the program. Now try IE again.

I don't see the junk.txt file that I asked for last time.

IF you want this:
http://www.mozilla.o...0.0.3/firstrun/

as your home page then go to the above link. Grab the ball (world?) icon to the immediate left of http... and drag it to the little house picture and let go. IT should ask you if you want it to be your home page. Just say Yes.
  • 0

#15
Beetrix

Beetrix

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 128 posts
Hi Ron,

I used IE, because I am viewing this page under IE.
Twitter and Yahoo were not on the list. I did delete the Cookies that were there.

I didn't make Firefox as my Homepage yet, because I haven't made it my default. But will switch
over if you think I will continue to have problems with IE. I did once before.

I don't see the attach icon for my junk.txt file. Not sure how to add it since it is on my desktop.

I need help with a problem if possible.

In my Docs, I seem to have 2 folders for Pictures, Music, and Videos. There had been a lock on
three of them which I removed. (not sure how they got there, but my son what making some changes
and may have done something. Anyway, when I click on each one, it tells me that they are not
accessible.

Thank you, Beetrix

Edited by Beetrix, 22 July 2013 - 07:51 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP