Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Internet Explorer very slow / stalls


  • Please log in to reply

#1
scotto62

scotto62

    Member

  • Member
  • PipPip
  • 36 posts
Hello, my internet explorer is sometimes very slow and can stall out alltogether, requiring me to close the brownser and start again. Also, I have messages from Optimizer Pro Performance Monigor asking to clean the computer. This computer was my daughters and I'm not sure what she has loaded prevously. Here is my OTL log. Thanks in advance for you help.

OTL logfile created on: 10/12/2013 4:41:33 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Allen\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 22.71% Memory free
8.10 Gb Paging File | 3.63 Gb Available in Paging File | 44.80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 144.00 Gb Free Space | 48.31% Space Free | Partition Type: NTFS
Drive D: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ALLEN-PC | User Name: Allen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/12 16:40:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Allen\Downloads\OTL.exe
PRC - [2013/10/03 13:00:00 | 000,531,424 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\Install\{A1107A6B-65E7-44B7-A203-500BD56CD4B3}\GoogleToolbarInstaller_updater_signed.exe
PRC - [2013/09/16 07:03:46 | 000,573,952 | ---- | M] () -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe
PRC - [2013/07/10 12:04:45 | 000,114,008 | ---- | M] () -- C:\Users\Allen\AppData\Local\TopArcadeHits\updater.exe
PRC - [2013/07/10 12:01:52 | 000,107,520 | ---- | M] () -- C:\Users\Allen\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
PRC - [2013/06/25 18:53:17 | 000,308,816 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013/05/07 23:18:34 | 002,852,640 | ---- | M] (Conduit) -- C:\Users\Allen\AppData\Roaming\SearchProtect\bin\cltmng.exe
PRC - [2013/05/07 23:18:34 | 000,097,056 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe
PRC - [2012/09/17 13:41:58 | 000,508,336 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/09/15 17:08:24 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe
PRC - [2009/03/05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/06/03 16:54:56 | 000,446,635 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008/05/23 15:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/05/21 01:37:36 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE


========== Modules (No Company Name) ==========

MOD - [2013/07/10 12:04:50 | 000,153,432 | ---- | M] () -- C:\Users\Allen\AppData\Local\TopArcadeHits\Toparcadehits.dll
MOD - [2013/07/10 12:04:45 | 000,114,008 | ---- | M] () -- C:\Users\Allen\AppData\Local\TopArcadeHits\updater.exe
MOD - [2013/06/21 12:51:00 | 001,651,696 | ---- | M] () -- c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2010/12/28 01:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)
SRV:64bit: - [2008/06/02 12:44:18 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/11/02 04:16:05 | 000,046,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
SRV - [2013/09/16 07:03:46 | 000,573,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe -- (DefaultTabSearch)
SRV - [2013/07/10 12:01:52 | 000,107,520 | ---- | M] () [Auto | Running] -- C:\Users\Allen\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe -- (DefaultTabUpdate)
SRV - [2013/05/07 23:18:34 | 000,097,056 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 22:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/29 21:51:19 | 000,049,872 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\azrlrpur.sys -- (azrlrpur)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/29 06:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/09 02:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2008/08/25 02:00:00 | 000,307,456 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys -- (OA009Vid)
DRV:64bit: - [2008/07/24 19:40:26 | 000,199,728 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/07/24 11:03:00 | 000,392,192 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/07/17 17:46:20 | 000,066,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/06/03 18:30:38 | 000,168,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys -- (OA009Ufd)
DRV:64bit: - [2008/06/02 12:44:16 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/06/02 12:44:14 | 001,374,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/05/21 15:14:06 | 007,897,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/01/20 19:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2790392

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...CID=msnHomepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 8E AA 64 6E 78 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {462D332E-E892-46EF-9725-00BD4C732701}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...search&AF=15627
IE - HKCU\..\SearchScopes\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}: "URL" = http://www.bing.com/...015&form=ZGAIDF
IE - HKCU\..\SearchScopes\{462D332E-E892-46EF-9725-00BD4C732701}: "URL" = http://search.condui...5921963221&UM=2
IE - HKCU\..\SearchScopes\{46720353-852B-46E1-AF6B-4A72057AC034}: "URL" = http://search.condui...q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7SKPB_en
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59}: "URL" = http://search.imesh....q={searchTerms}
IE - HKCU\..\SearchScopes\{C0E1E6A2-D5AA-4052-9408-CFB6CE9D884A}: "URL" = http://websearch.ask...D1-EEFC3DC6AC0B
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_38: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Allen\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]te.com: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.636.0\firefox\extensions [2011/01/08 21:46:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Allen\AppData\Roaming\Move Networks [2010/06/01 23:19:16 | 000,000,000 | ---D | M]

[2010/07/09 08:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allen\AppData\Roaming\mozilla\Extensions
[2010/07/09 08:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allen\AppData\Roaming\mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - Extension: No name found = C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.0_0\
CHR - Extension: No name found = C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc\1.1.23_0\

O1 HOSTS File: ([2013/01/06 11:59:35 | 000,444,213 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15284 more lines...
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (WhiteSmoke New Toolbar) - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DefaultTab Browser Helper) - {7F6AFBF1-E065-4627-A2FD-810366367D01} - C:\Users\Allen\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll (Search Results LLC.)
O2 - BHO: (TopArcadeHits Games) - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\Allen\AppData\Local\TopArcadeHits\Toparcadehits.dll ()
O2 - BHO: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (WhiteSmoke New Toolbar) - {739df940-c5ee-4bab-9d7e-270894ae687a} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MediaBar) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - C:\Program Files (x86)\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (WhiteSmoke New Toolbar) - {739DF940-C5EE-4BAB-9D7E-270894AE687A} - C:\Program Files (x86)\WhiteSmoke_New\prxtbWhit.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Babylon Client] "C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe" -AutoStart File not found
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [{7EAFED50-1980-2B27-6F6E-027B40331E85}] C:\Users\Allen\AppData\Roaming\Ehypqe\itokzyi.exe File not found
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe (PC Utilities Pro)
O4 - HKCU..\Run: [SearchProtect] C:\Users\Allen\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8:64bit: - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - Reg Error: Key error. File not found
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([accounts] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} http://lakehousepa4....50/JpegInst.cab (pmjpegaudio Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_38)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ECB6FA0-319C-4E3F-BAE0-46B6ADB9667A}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F119624D-F2A8-4E41-8786-9333AE69C466}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~2\optimi~1\optpro~1.dll) - c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Allen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Allen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{22e5b287-5bd0-11df-ab51-0023ae0a82a9}\Shell - "" = AutoRun
O33 - MountPoints2\{22e5b287-5bd0-11df-ab51-0023ae0a82a9}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{8e192b3e-ceb2-11de-9dad-0023ae0a82a9}\Shell - "" = AutoRun
O33 - MountPoints2\{8e192b3e-ceb2-11de-9dad-0023ae0a82a9}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{9909d23e-cc35-11de-acd9-0023ae0a82a9}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{9909d23e-cc35-11de-acd9-0023ae0a82a9}\Shell\Install\command - "" = E:\Setup.exe
O33 - MountPoints2\{eadf35c8-7180-11e0-bf5d-0023ae0a82a9}\Shell - "" = AutoRun
O33 - MountPoints2\{eadf35c8-7180-11e0-bf5d-0023ae0a82a9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\{eadf3871-7180-11e0-bf5d-0023ae0a82a9}\Shell - "" = AutoRun
O33 - MountPoints2\{eadf3871-7180-11e0-bf5d-0023ae0a82a9}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/30 19:45:16 | 000,051,992 | ---- | C] (cake bake) -- C:\Program Files (x86)\WDesktop.Updater.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/12 16:51:28 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/12 16:35:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/12 15:32:36 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\AmiUpdXp.job
[2013/10/12 15:31:49 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/12 15:31:30 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\TopArcadeHits.job
[2013/10/09 10:35:36 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/09 10:35:36 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/09 09:02:22 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/09 08:40:05 | 004,190,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/09 08:40:04 | 001,385,580 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/09 08:40:03 | 001,442,318 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/02 21:40:16 | 000,000,258 | RHS- | M] () -- C:\Users\Allen\ntuser.pol
[2013/09/14 03:28:28 | 000,340,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/10 12:02:17 | 000,000,258 | RHS- | C] () -- C:\Users\Allen\ntuser.pol
[2013/01/26 11:57:06 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/01/06 12:27:30 | 000,000,519 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/11 23:52:39 | 000,004,096 | -H-- | C] () -- C:\Users\Allen\AppData\Local\keyfile3.drm
[2010/10/30 13:13:41 | 000,000,117 | ---- | C] () -- C:\Users\Allen\jagex_runescape_preferences2.dat
[2010/10/30 13:11:54 | 000,000,046 | ---- | C] () -- C:\Users\Allen\jagex_runescape_preferences.dat
[2010/09/08 09:53:39 | 000,072,080 | ---- | C] () -- C:\Users\Allen\g2mdlhlpx.exe
[2010/07/12 13:26:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/29 03:35:23 | 000,004,130 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\wklnhst.dat
[2010/05/12 19:08:44 | 000,013,312 | ---- | C] () -- C:\Users\Allen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/09 21:00:18 | 000,024,226 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\UserTile.png
[2009/11/07 10:55:27 | 000,006,648 | ---- | C] () -- C:\Users\Allen\AppData\Local\d3d9caps.dat
[2009/11/07 10:44:35 | 000,001,460 | ---- | C] () -- C:\Users\Allen\AppData\Local\d3d9caps64.dat

========== ZeroAccess Check ==========

[2006/11/02 08:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 10:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 01:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 19:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/29 21:51:18 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Betcat
[2013/07/11 03:50:19 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\BitComet
[2013/03/25 18:05:14 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Canon
[2011/01/08 21:46:37 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\ClickPotatoLite
[2011/04/28 18:51:00 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/07/10 12:01:52 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\DefaultTab
[2011/12/16 04:30:09 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Ehypqe
[2012/07/15 23:41:38 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\ooVoo Details
[2013/07/10 12:02:34 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Optimizer Pro
[2009/11/09 21:00:17 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\PeerNetworking
[2011/12/15 23:48:06 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Piompov
[2013/07/10 12:04:54 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\SearchProtect
[2010/05/29 03:35:29 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Template
[2009/11/07 11:28:28 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\TMP
[2013/08/13 21:22:14 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Web Cake
[2013/07/29 20:43:02 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\WebCake

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >

Edited by scotto62, 14 October 2013 - 06:58 PM.

  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Download aswMBR.exe to your desktop.
Run aswMBR.exe (Vista or Win 7 => right click and Run As Administrator)

uncheck trace disk IO calls
Click the "Scan" button to start scan (Accept the Avast Engine)
On completion of the scan if the Fix button is enabled (not the FixMBR button) press it and then run a new scan and click save log, save it to your desktop and post in your next reply
If the Fix button is not enabled then just click save log, save it to your desktop and post in your next reply


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.

(If you do not already have OTL then: Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.)

Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.


Ron
  • 0

#3
scotto62

scotto62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Thanks Ron!

I appreciate your help. Attached to this message are the log files per your directions.

Scotto916

Attached File  AdwCleanerS0.txt   14.64KB   45 downloads
Attached File  JRT.txt   2.06KB   38 downloads
Attached File  aswMBR.txt   1.39KB   41 downloads
Attached File  ALLEN-PC.txt   417.16KB   62 downloads
Attached File  OTL.Txt   161.22KB   40 downloads
Attached File  Extras.Txt   57.17KB   36 downloads
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Looks much better now. How is it running? Is IE still acting up?
  • 0

#5
scotto62

scotto62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Yes! It seems to be running very well now. I really appreciate your help. Let me know if you have any suggestions to keep it this way.

Thanks,

Scotto916
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Copy the following:

:Commands
[CLEARALLRESTOREPOINTS]
[Reboot]

Right click on OTL and Run As Administrator. In the Custom Scans/Fixes box at the bottom, paste in the copied text (Ctrl + v) and then hit Run Fix.

That will get the last of the malware off the system.



You can uninstall or delete any tools we had you download and their logs.

OTL has a cleanup tab but DO NOT USE IT!. There are reports that it leaves the PC unbootable. Instead just delete OTL.exe and the folder c:\_OTL.

To hide hidden files again:

Vista or Win7

# Open the Control Panel menu and click Folder Options.
# After the new window appears select the View tab.
# Remove the check in the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the radio button labeled Do not Show hidden files and folders.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and exit My Computer.

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

Unless you have the latest version of Avast which has its own update checker: To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. Exception is MSN messenger which appears to be part of Windows.)
If you get a blocked program notice after installing updatechecker then change it to not run at start then manually run it once a week.
Seems to work best if Firefox is the default browser. Windows always hides its icon so you need to unhide it. Click on the up arrow to the left of the clock. Then click on Customize. Maximize the window so you can see all of the options. Scroll Down and find the File Hippo UpdateChecker and change its Behaviors to Show Icon and Notifications. OK. When you reboot you should see the icon. It will take it a minute to finish checking then it will put up a bubble if you need to update something. Click on the bubble and it should open in your browser. (Seems to work best if it uses Firefox. If you do not use Firefox as your default browser then right click on the icon and click on Settings. Then on Results. Change the Open Results in Default Browser to Custom Browser and then select the line that has Firefox.exe in it. While there, also check Hide Beta Versions. OK. ) You will see a list of programs that have updates with green down arrows next to them. You do not need to download any Beta Versions. There is an option Settings to Hide Beta Versions. I do not advise updating Windows Messenger unless you really use it so I right click on the Icon and Customize Results then find Microsoft Messenger and change Show All Releases to Hide All Releases. OK.

You can also try Secunia PSI http://secunia.com/v...l/download_psi/ Same kind of info. You don't need both.
If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: http://simple-adblock.com/
The free version only blocks 200 ads a day so another reason to use Firefox or Chrome.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.


If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Special note on Java. Old Java versions should be removed after first clearing the Java Cache by following the instructions in:
http://www.java.com/...lugin_cache.xml
Then remove the old versions by going to Control Panel, Programs and Features and Uninstall all Java programs which are not Java Version 7 update 25 or better. These may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE. Get the latest version from Java.com. They will usually attempt to foist some garbage like the Ask toolbar, Yahoo toolbar or McAfee Security Scan on you as part of the download. Just uncheck the garbage before the download (or install) starts. If you use a 64-bit browser and want the 64-bit version of Java you need to use it to visit java.com.
Due to multiple security problems with Java we are now recommending that it not be installed unless you absolutely know you need it. IF that is the case then go to Control Panel, Java, Security and slide it up to the highest level. OK.

Make sure Windows Updates is turned and that it works. Go to Control panel, Windows Updates and see if it works.

If you are feeling especially paranoid you can install the free firewall called Online Armor:
http://www.online-armor.com/


My help is free but if you wish to show your appreciation, please donate to Kwiaht instead of me. It's a local environmental organization that I volunteer with: http://www.kwiaht.org/donate.htm
(The name means something like "clean place" in one of the local native-American dialects)

Ron
  • 0

#7
scotto62

scotto62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Ron,

Thanks so much for your help! Sorry I went dark - I just got back from a business trip.

I followed your final instructions and everything seems to be in order

One question: there is another user account on this computer; would there be any additional checks I should do or should that one be clean too?

I appreciate it!

Allan
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Expect it's good. You could login and run AdwareCleaner and Junkware Removal Tool just to be sure.
  • 0

#9
scotto62

scotto62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Will do. Thanks again!
  • 0

#10
scotto62

scotto62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Ron, if you are still monitoring this thread, my computer has taked a step backward. Right now, Windows explorer will open a blank frame and either times out or takes several minutes to come up with the page. I installed AVAST for virus protection, put the ad blocker on (but just uninstalled it to see if that made a difference) and followed your other instructions for cleanup. The only other thing I did was download a copy of Quicken from Amazon, and have a SKYPE call (SKYPE, but the way, did have some type of update while I was initiating the call.

Chrome seems to work fine. Any ideas?

Thanks,
Allan
  • 0

Advertisements


#11
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Download OTL from
http://www.geekstogo...timers-list-it/
and Save it to your desktop.


Copy the text in the code box:

DRIVES
nnetsvcs
%SYSTEMDRIVE%\*.exe
%systemroot%\assembly\GAC_32\*.ini
%systemroot%\assembly\GAC_64\*.ini
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.exe
%APPDATA%\*.
/md5start
rsvpsp.dll
pnrpnsp.dll 
nwprovau.dll
nlaapi.dll
napinsp.dll
mswsock.dll
winrnr.dll
wshelper.dll
services.exe
atapi.sys
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
csrss.exe
PrintIsolationHost.exe
consrv.dll
user32.dll
/md5stop
dir C:\ /S /A:L /C
C:\Windows\assembly\tmp\U\*.* /s
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%ProgramFiles%\WINDOWS NT\*.* /s
%systemroot%\system32\drivers\*.sys /lockedfiles
CREATERESTOREPOINT

Run OTL (Vista or Win 7 => right click and Run As Administrator)

Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

Select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.
  • 0

#12
scotto62

scotto62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
The OTL Logs are attached.

Thanks, Allan

OTL logfile created on: 10/28/2013 6:12:21 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Allen\Desktop\Clean1013
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.19 Gb Available Physical Memory | 55.32% Memory free
8.10 Gb Paging File | 5.93 Gb Available in Paging File | 73.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298.09 Gb Total Space | 178.13 Gb Free Space | 59.76% Space Free | Partition Type: NTFS
Drive D: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ALLEN-PC | User Name: Allen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/23 20:18:35 | 003,567,800 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2013/10/23 20:17:05 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/10/19 11:38:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Allen\Desktop\Clean1013\OTL.exe
PRC - [2013/10/12 16:39:45 | 000,310,352 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013/09/05 07:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2011/09/15 17:08:24 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_ActiveX.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/06/03 16:54:56 | 000,446,635 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe
PRC - [2008/05/23 15:06:08 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2007/05/21 01:37:36 | 000,124,512 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE


========== Modules (No Company Name) ==========

MOD - [2013/10/23 20:17:23 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/10/23 20:17:05 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2008/06/02 12:44:18 | 000,031,744 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2008/01/20 19:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2006/11/02 04:16:05 | 000,046,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rundll32.exe -- (yksvc)
SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/09/05 07:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/04/04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/23 13:37:16 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/03/29 22:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/23 20:17:33 | 000,205,320 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/10/23 20:17:33 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/10/23 20:17:33 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/10/23 20:17:32 | 001,032,416 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/10/23 20:17:32 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/10/23 20:17:32 | 000,084,328 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/10/23 20:17:32 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2013/10/23 20:17:31 | 000,064,752 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
DRV:64bit: - [2013/04/04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/02/29 06:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/09/30 17:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009/05/09 02:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2008/08/25 02:00:00 | 000,307,456 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Vid.sys -- (OA009Vid)
DRV:64bit: - [2008/07/24 19:40:26 | 000,199,728 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/07/24 11:03:00 | 000,392,192 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV:64bit: - [2008/07/17 17:46:20 | 000,066,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008/06/03 18:30:38 | 000,168,864 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OA009Ufd.sys -- (OA009Ufd)
DRV:64bit: - [2008/06/02 12:44:16 | 000,022,520 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCM42RLY.sys -- (BCM42RLY)
DRV:64bit: - [2008/06/02 12:44:14 | 001,374,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2008/05/21 15:14:06 | 007,897,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/01/20 19:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...CID=msnHomepage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 8E AA 64 6E 78 CB 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.msn.com/
IE - HKCU\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\..\SearchScopes\{409DD3B4-D1F8-EC6E-EDBD-2367FDA78762}: "URL" = http://www.bing.com/...015&form=ZGAIDF
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...&rlz=1I7SKPB_en
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Allen\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll (Move Networks)

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\Allen\AppData\Roaming\Move Networks [2010/06/01 23:19:16 | 000,000,000 | ---D | M]

[2010/07/09 08:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allen\AppData\Roaming\mozilla\Extensions
[2010/07/09 08:16:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Allen\AppData\Roaming\mozilla\Extensions\[email protected]

========== Chrome ==========

CHR - default_search_provider: Conduit (Enabled)
CHR - default_search_provider: search_url = http://search.condui...M=2&sspv=CHNTR2
CHR - default_search_provider: suggest_url = http://suggest.searc...spv=CHNTR2&UM=2,
CHR - Extension: avast! Online Security = C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: Click to call with Skype = C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Allen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\

O1 HOSTS File: ([2013/01/06 11:59:35 | 000,444,213 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15284 more lines...
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Windows\SysNative\WLTRAY.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [FileHippo.com] C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe (FileHippo.com)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: intuit.com ([accounts] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} http://lakehousepa4....50/JpegInst.cab (pmjpegaudio Class)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} http://images3.pnime...veX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ECB6FA0-319C-4E3F-BAE0-46B6ADB9667A}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F119624D-F2A8-4E41-8786-9333AE69C466}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Allen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Allen\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{22e5b287-5bd0-11df-ab51-0023ae0a82a9}\Shell - "" = AutoRun
O33 - MountPoints2\{22e5b287-5bd0-11df-ab51-0023ae0a82a9}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{8e192b3e-ceb2-11de-9dad-0023ae0a82a9}\Shell - "" = AutoRun
O33 - MountPoints2\{8e192b3e-ceb2-11de-9dad-0023ae0a82a9}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{9909d23e-cc35-11de-acd9-0023ae0a82a9}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{9909d23e-cc35-11de-acd9-0023ae0a82a9}\Shell\Install\command - "" = E:\Setup.exe
O33 - MountPoints2\{eadf35c8-7180-11e0-bf5d-0023ae0a82a9}\Shell - "" = AutoRun
O33 - MountPoints2\{eadf35c8-7180-11e0-bf5d-0023ae0a82a9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\{eadf3871-7180-11e0-bf5d-0023ae0a82a9}\Shell - "" = AutoRun
O33 - MountPoints2\{eadf3871-7180-11e0-bf5d-0023ae0a82a9}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


MsConfig:64bit - StartUpReg: IgfxTray - hkey= - key= - C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: Persistence - hkey= - key= - C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/10/26 03:00:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013/10/23 21:05:41 | 000,000,000 | ---D | C] -- C:\Users\Allen\Documents\Quicken
[2013/10/23 21:05:32 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Local\QuickenWindow
[2013/10/23 21:04:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AnswerWorks 5.0
[2013/10/23 21:04:12 | 004,200,744 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\Windows\SysWow64\cdintf400.dll
[2013/10/23 21:03:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2014
[2013/10/23 21:02:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quicken
[2013/10/23 20:59:33 | 112,168,720 | ---- | C] (Intuit Inc. ) -- C:\Users\Allen\Desktop\QW14DLX.exe
[2013/10/23 20:59:33 | 000,000,000 | ---D | C] -- C:\Users\Allen\Documents\Amazon Downloader Logs
[2013/10/23 20:20:05 | 000,000,000 | ---D | C] -- C:\Users\Allen\AppData\Roaming\AVAST Software
[2013/10/23 20:19:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/10/23 20:17:49 | 000,065,264 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/10/23 20:17:46 | 001,032,416 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/10/23 20:17:45 | 000,409,832 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/10/23 20:17:44 | 000,084,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/10/23 20:17:43 | 000,064,752 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2013/10/23 20:17:43 | 000,038,984 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/10/23 20:17:37 | 000,334,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/10/23 20:17:29 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/10/23 20:15:57 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/10/23 20:15:22 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/10/23 19:56:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2013/10/23 19:32:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/10/19 11:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Speccy
[2013/10/19 07:21:03 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/10/19 07:07:39 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/10/19 07:06:27 | 000,000,000 | ---D | C] -- C:\Users\Allen\Desktop\Clean1013
[2013/10/15 18:40:59 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013/10/15 18:25:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/15 18:25:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/15 18:24:33 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/10/15 18:22:24 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/10/15 18:22:24 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/15 18:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/15 18:22:23 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/10/15 18:21:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/10/13 13:53:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/10/13 13:53:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/10/13 03:11:48 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/10/13 03:11:48 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/10/13 03:11:47 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/10/13 03:11:46 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/10/13 03:11:46 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/10/13 03:11:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/10/13 03:11:46 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/10/13 03:11:46 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/10/13 03:11:44 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/10/13 03:11:44 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/10/13 03:11:44 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/10/13 03:11:44 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/10/13 03:11:43 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/10/13 03:11:43 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/10/13 03:11:43 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/10/12 16:49:10 | 000,047,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013/10/12 16:48:32 | 000,031,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidparse.sys
[2013/10/12 16:48:30 | 000,124,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationCFFRasterizerNative_v0300.dll
[2013/10/12 16:48:30 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
[2013/10/12 16:48:22 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2013/10/12 16:48:13 | 000,259,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2013/10/12 16:48:13 | 000,007,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2013/10/12 16:48:01 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2013/10/12 16:48:00 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2013/10/12 16:48:00 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2013/10/12 16:48:00 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2013/10/12 16:48:00 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2013/10/12 16:47:59 | 001,268,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll
[2013/10/12 16:47:59 | 000,287,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll
[2013/10/12 16:47:59 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2013/10/12 16:47:34 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2013/10/12 16:47:34 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2013/10/12 16:47:33 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2013/10/12 16:47:33 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll

========== Files - Modified Within 30 Days ==========

[2013/10/28 18:10:28 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/28 18:09:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/28 12:32:00 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/28 12:32:00 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/28 08:46:36 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/25 22:41:25 | 004,216,968 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/25 22:41:23 | 001,395,176 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/25 22:41:22 | 001,452,306 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/23 21:03:52 | 000,001,645 | ---- | M] () -- C:\Users\Public\Desktop\Quicken Deluxe 2014.lnk
[2013/10/23 21:03:52 | 000,000,329 | ---- | M] () -- C:\Users\Public\Desktop\View Credit Score.url
[2013/10/23 21:03:29 | 000,000,126 | ---- | M] () -- C:\Windows\QUICKEN.INI
[2013/10/23 21:00:48 | 112,168,720 | ---- | M] (Intuit Inc. ) -- C:\Users\Allen\Desktop\QW14DLX.exe
[2013/10/23 20:19:09 | 000,001,829 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/10/23 20:17:33 | 000,205,320 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/10/23 20:17:33 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/10/23 20:17:33 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/10/23 20:17:32 | 001,032,416 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/10/23 20:17:32 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/10/23 20:17:32 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/10/23 20:17:32 | 000,084,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/10/23 20:17:32 | 000,038,984 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/10/23 20:17:31 | 000,064,752 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2013/10/23 20:17:29 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/10/23 20:07:49 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/10/19 12:04:36 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/15 18:21:58 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013/10/15 18:21:57 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013/10/15 18:21:57 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013/10/15 18:21:57 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013/10/14 09:50:27 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/13 15:31:31 | 000,000,258 | RHS- | M] () -- C:\Users\Allen\ntuser.pol
[2013/10/13 13:53:27 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/10/13 04:07:33 | 000,340,448 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/10/23 21:03:52 | 000,001,645 | ---- | C] () -- C:\Users\Public\Desktop\Quicken Deluxe 2014.lnk
[2013/10/23 21:03:52 | 000,000,329 | ---- | C] () -- C:\Users\Public\Desktop\View Credit Score.url
[2013/10/23 21:02:42 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2013/10/23 20:19:09 | 000,001,829 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/10/23 20:17:48 | 000,205,320 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/10/23 20:17:47 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/10/23 20:07:49 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/10/23 20:07:48 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/10/14 09:50:27 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/10/13 13:53:27 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013/07/10 12:02:17 | 000,000,258 | RHS- | C] () -- C:\Users\Allen\ntuser.pol
[2013/01/26 11:57:06 | 000,000,469 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
[2013/01/06 12:27:30 | 000,000,519 | ---- | C] () -- C:\Windows\wininit.ini
[2011/12/11 23:52:39 | 000,004,096 | -H-- | C] () -- C:\Users\Allen\AppData\Local\keyfile3.drm
[2010/10/30 13:13:41 | 000,000,117 | ---- | C] () -- C:\Users\Allen\jagex_runescape_preferences2.dat
[2010/10/30 13:11:54 | 000,000,046 | ---- | C] () -- C:\Users\Allen\jagex_runescape_preferences.dat
[2010/09/08 09:53:39 | 000,072,080 | ---- | C] () -- C:\Users\Allen\g2mdlhlpx.exe
[2010/07/12 13:26:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/05/29 03:35:23 | 000,004,130 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\wklnhst.dat
[2010/05/12 19:08:44 | 000,013,312 | ---- | C] () -- C:\Users\Allen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/09 21:00:18 | 000,024,226 | ---- | C] () -- C:\Users\Allen\AppData\Roaming\UserTile.png
[2009/11/07 10:55:27 | 000,006,648 | ---- | C] () -- C:\Users\Allen\AppData\Local\d3d9caps.dat
[2009/11/07 10:44:35 | 000,001,460 | ---- | C] () -- C:\Users\Allen\AppData\Local\d3d9caps64.dat

========== ZeroAccess Check ==========

[2006/11/02 08:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 10:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 01:11:16 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 19:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed hard disk media
Interface type: IDE
Media Type: Fixed hard disk media
Model: FUJITSU MJA2320BH G2 ATA Device
Partitions: 1
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 298.00GB
Starting Offset: 1048576
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< %systemroot%\assembly\GAC_32\*.ini >

< %systemroot%\assembly\GAC_64\*.ini >

< %SYSTEMDRIVE%\*.exe >

< %ALLUSERSPROFILE%\Application Data\*.exe >

< %APPDATA%\*. >
[2011/04/28 18:50:57 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Adobe
[2012/11/23 17:56:49 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Apple Computer
[2013/03/25 18:04:57 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\ArcSoft
[2013/10/23 20:20:05 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\AVAST Software
[2013/10/14 11:55:32 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\BitComet
[2013/03/25 18:05:14 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Canon
[2011/04/28 18:51:00 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/07/12 17:24:25 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Creative
[2010/11/23 14:06:32 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\CyberLink
[2011/12/16 04:30:09 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Ehypqe
[2010/07/13 17:20:15 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Google
[2009/11/07 10:44:41 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Identities
[2009/11/07 11:03:02 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\InstallShield
[2013/10/23 21:02:45 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Intuit
[2009/12/14 23:12:34 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Macromedia
[2010/05/09 18:23:07 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Malwarebytes
[2006/11/02 08:07:25 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Media Center Programs
[2012/11/23 18:07:41 | 000,000,000 | --SD | M] -- C:\Users\Allen\AppData\Roaming\Microsoft
[2010/06/01 23:19:16 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Move Networks
[2010/06/05 11:25:26 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Mozilla
[2012/07/15 23:41:38 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\ooVoo Details
[2009/11/09 21:00:17 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\PeerNetworking
[2011/12/15 23:48:06 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Piompov
[2010/07/12 17:47:01 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Reallusion
[2013/10/27 21:06:34 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Skype
[2011/09/23 14:54:02 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\skypePM
[2010/05/29 03:35:29 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\Template
[2009/11/07 11:28:28 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\TMP
[2013/07/10 12:03:29 | 000,000,000 | ---D | M] -- C:\Users\Allen\AppData\Roaming\WinRAR

< MD5 for: ATAPI.SYS >
[2008/01/20 19:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009/04/11 01:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009/04/11 01:15:02 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

< MD5 for: CSRSS.EXE >
[2008/01/20 19:49:57 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=B4ABE68596B173FF2AB2076BC7C35EB4 -- C:\Windows\SysNative\csrss.exe
[2008/01/20 19:49:57 | 000,007,680 | ---- | M] (Microsoft Corporation) MD5=B4ABE68596B173FF2AB2076BC7C35EB4 -- C:\Windows\winsxs\amd64_microsoft-windows-csrss_31bf3856ad364e35_6.0.6001.18000_none_b5027f5b9c731f82\csrss.exe

< MD5 for: EXPLORER.EXE >
[2009/04/11 01:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009/04/11 01:10:18 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008/01/20 19:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008/01/20 19:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe

< MD5 for: MSWSOCK.DLL >
[2008/01/20 19:50:56 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=66306D7E90650EBE667811C1AF010BAC -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_1471f289e5a92fc4\mswsock.dll
[2009/04/11 00:28:24 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\SysWOW64\mswsock.dll
[2009/04/11 00:28:24 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008/01/20 19:48:39 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll
[2009/04/11 01:11:18 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\SysNative\mswsock.dll
[2009/04/11 01:11:18 | 000,304,128 | ---- | M] (Microsoft Corporation) MD5=BB08D93011B82883EC33C7707A9627BE -- C:\Windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_165d6b95e2cafb10\mswsock.dll

< MD5 for: NAPINSP.DLL >
[2008/01/20 19:49:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=062972C53BDC6819CE0BAAAA5382F758 -- C:\Windows\SysNative\NapiNSP.dll
[2008/01/20 19:49:00 | 000,062,976 | ---- | M] (Microsoft Corporation) MD5=062972C53BDC6819CE0BAAAA5382F758 -- C:\Windows\winsxs\amd64_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_083bdc4c478e57f6\NapiNSP.dll
[2008/01/20 19:49:49 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\SysWOW64\NapiNSP.dll
[2008/01/20 19:49:49 | 000,050,176 | ---- | M] (Microsoft Corporation) MD5=FC62A635063B762E1C3C60EA77279378 -- C:\Windows\winsxs\x86_microsoft-windows-n..ider-infrastructure_31bf3856ad364e35_6.0.6001.18000_none_ac1d40c88f30e6c0\NapiNSP.dll

< MD5 for: NLAAPI.DLL >
[2008/01/20 19:50:27 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=C5EDECA7546B009484B23FAD0E9724C1 -- C:\Windows\SysNative\nlaapi.dll
[2008/01/20 19:50:27 | 000,061,440 | ---- | M] (Microsoft Corporation) MD5=C5EDECA7546B009484B23FAD0E9724C1 -- C:\Windows\winsxs\amd64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_c3a4914ac347b69b\nlaapi.dll
[2008/01/20 19:51:08 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\SysWOW64\nlaapi.dll
[2008/01/20 19:51:08 | 000,048,128 | ---- | M] (Microsoft Corporation) MD5=D1A84F7D4CAFCFE2A32149FF418056E5 -- C:\Windows\winsxs\wow64_microsoft-windows-nlasvc_31bf3856ad364e35_6.0.6001.18000_none_cdf93b9cf7a87896\nlaapi.dll

< MD5 for: PNRPNSP.DLL >
[2008/01/20 19:52:02 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\SysWOW64\pnrpnsp.dll
[2008/01/20 19:52:02 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=690D41DF1D555F96D4898A0F54EBA065 -- C:\Windows\winsxs\wow64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_d7f25b890f32c83a\pnrpnsp.dll
[2008/01/20 19:52:02 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=E1BAEEE7949ED5019259E69393367400 -- C:\Windows\SysNative\pnrpnsp.dll
[2008/01/20 19:52:02 | 000,078,848 | ---- | M] (Microsoft Corporation) MD5=E1BAEEE7949ED5019259E69393367400 -- C:\Windows\winsxs\amd64_microsoft-windows-peertopeerpnrp_31bf3856ad364e35_6.0.6001.18000_none_cd9db136dad2063f\pnrpnsp.dll

< MD5 for: SERVICES.EXE >
[2008/01/20 19:50:34 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 01:10:52 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\SysNative\services.exe
[2009/04/11 01:10:52 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=934E0B7D77FF78C18D9F8891221B6DE3 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_2d69d4f782c83d8c\services.exe
[2009/04/11 00:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SysWOW64\services.exe
[2009/04/11 00:28:00 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
[2008/01/20 19:49:44 | 000,384,512 | ---- | M] (Microsoft Corporation) MD5=DFAC660F0F139276CC9299812DE42719 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_2b7e5beb85a67240\services.exe

< MD5 for: SVCHOST.EXE >
[2008/01/20 19:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\SysWOW64\svchost.exe
[2008/01/20 19:48:05 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/01/20 19:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\SysNative\svchost.exe
[2008/01/20 19:50:24 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=CDA9F1373805AF88F6FA4F2064BBA24D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_11d9f524bdab2f1b\svchost.exe

< MD5 for: USER32.DLL >
[2008/01/20 19:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008/01/20 19:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009/04/11 00:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009/04/11 00:26:46 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009/04/11 01:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009/04/11 01:11:28 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll

< MD5 for: USERINIT.EXE >
[2008/01/20 19:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008/01/20 19:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008/01/20 19:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008/01/20 19:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 01:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009/04/11 01:11:10 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008/01/20 19:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009/04/11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009/04/11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2013/04/04 14:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/20 19:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< MD5 for: WINRNR.DLL >
[2008/01/20 19:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\SysNative\winrnr.dll
[2008/01/20 19:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6001.18000_none_b56cee730873a8a0\winrnr.dll
[2008/01/20 19:48:07 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=8449D81B9FB1CCADEC3E64F30E1076C7 -- C:\Windows\winsxs\amd64_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_b758677f059573ec\winrnr.dll
[2009/04/11 00:28:26 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\SysWOW64\winrnr.dll
[2009/04/11 00:28:26 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C411C80F90D6732380352B98B37BBD53 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6002.18005_none_5b39cbfb4d3802b6\winrnr.dll
[2006/11/02 02:46:14 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=FF78B8E67EDCE9FEED651D7858D77A04 -- C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6001.18000_none_594e52ef5016376a\winrnr.dll

< MD5 for: WSHELPER.DLL >
[2006/11/02 02:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\SysWOW64\wshelper.dll
[2006/11/02 02:46:14 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=20614C9F12A3A09A5015C9EBBD4419D2 -- C:\Windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_6af84843e4192e9a\wshelper.dll
[2006/11/02 04:19:11 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\Windows\SysNative\wshelper.dll
[2006/11/02 04:19:11 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=20AEE159BD1CE0664796EDF48AF201B8 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6001.18000_none_60a39df1afb86c9f\wshelper.dll

< dir C:\ /S /A:L /C >
Volume in drive C has no label.
Volume Serial Number is 827A-5E94
Directory of C:\
11/02/2006 08:42 AM <JUNCTION> Documents and Settings [C:\Users]
0 File(s) 0 bytes
Directory of C:\ProgramData
11/02/2006 08:42 AM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 08:42 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 08:42 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 08:42 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 08:42 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 08:42 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users
11/02/2006 08:42 AM <SYMLINKD> All Users [C:\ProgramData]
11/02/2006 08:42 AM <JUNCTION> Default User [C:\Users\Default]
0 File(s) 0 bytes
Directory of C:\Users\Administrator
12/14/2009 11:24 PM <JUNCTION> Application Data [C:\Users\Administrator\AppData\Roaming]
12/14/2009 11:24 PM <JUNCTION> Cookies [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies]
12/14/2009 11:24 PM <JUNCTION> Local Settings [C:\Users\Administrator\AppData\Local]
12/14/2009 11:24 PM <JUNCTION> My Documents [C:\Users\Administrator\Documents]
12/14/2009 11:24 PM <JUNCTION> NetHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
12/14/2009 11:24 PM <JUNCTION> PrintHood [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
12/14/2009 11:24 PM <JUNCTION> Recent [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent]
12/14/2009 11:24 PM <JUNCTION> SendTo [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo]
12/14/2009 11:24 PM <JUNCTION> Start Menu [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu]
12/14/2009 11:24 PM <JUNCTION> Templates [C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Administrator\AppData\Local
12/14/2009 11:24 PM <JUNCTION> Application Data [C:\Users\Administrator\AppData\Local]
12/14/2009 11:24 PM <JUNCTION> History [C:\Users\Administrator\AppData\Local\Microsoft\Windows\History]
12/14/2009 11:24 PM <JUNCTION> Temporary Internet Files [C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Administrator\Documents
12/14/2009 11:24 PM <JUNCTION> My Music [C:\Users\Administrator\Music]
12/14/2009 11:24 PM <JUNCTION> My Pictures [C:\Users\Administrator\Pictures]
12/14/2009 11:24 PM <JUNCTION> My Videos [C:\Users\Administrator\Videos]
0 File(s) 0 bytes
Directory of C:\Users\All Users
11/02/2006 08:42 AM <JUNCTION> Application Data [C:\ProgramData]
11/02/2006 08:42 AM <JUNCTION> Desktop [C:\Users\Public\Desktop]
11/02/2006 08:42 AM <JUNCTION> Documents [C:\Users\Public\Documents]
11/02/2006 08:42 AM <JUNCTION> Favorites [C:\Users\Public\Favorites]
11/02/2006 08:42 AM <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]
11/02/2006 08:42 AM <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Allen
11/07/2009 10:44 AM <JUNCTION> Application Data [C:\Users\Allen\AppData\Roaming]
11/07/2009 10:44 AM <JUNCTION> Cookies [C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Cookies]
11/07/2009 10:44 AM <JUNCTION> Local Settings [C:\Users\Allen\AppData\Local]
11/07/2009 10:44 AM <JUNCTION> My Documents [C:\Users\Allen\Documents]
11/07/2009 10:44 AM <JUNCTION> NetHood [C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/07/2009 10:44 AM <JUNCTION> PrintHood [C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/07/2009 10:44 AM <JUNCTION> Recent [C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Recent]
11/07/2009 10:44 AM <JUNCTION> SendTo [C:\Users\Allen\AppData\Roaming\Microsoft\Windows\SendTo]
11/07/2009 10:44 AM <JUNCTION> Start Menu [C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Start Menu]
11/07/2009 10:44 AM <JUNCTION> Templates [C:\Users\Allen\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Allen\AppData\Local
11/07/2009 10:44 AM <JUNCTION> Application Data [C:\Users\Allen\AppData\Local]
11/07/2009 10:44 AM <JUNCTION> History [C:\Users\Allen\AppData\Local\Microsoft\Windows\History]
11/07/2009 10:44 AM <JUNCTION> Temporary Internet Files [C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Allen\AppData\LocalLow
01/21/2011 04:40 PM <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]
0 File(s) 0 bytes
Directory of C:\Users\Allen\Documents
11/07/2009 10:44 AM <JUNCTION> My Music [C:\Users\Allen\Music]
11/07/2009 10:44 AM <JUNCTION> My Pictures [C:\Users\Allen\Pictures]
11/07/2009 10:44 AM <JUNCTION> My Videos [C:\Users\Allen\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Allison
11/09/2009 09:02 PM <JUNCTION> Application Data [C:\Users\Allison\AppData\Roaming]
11/09/2009 09:02 PM <JUNCTION> Cookies [C:\Users\Allison\AppData\Roaming\Microsoft\Windows\Cookies]
11/09/2009 09:02 PM <JUNCTION> Local Settings [C:\Users\Allison\AppData\Local]
11/09/2009 09:02 PM <JUNCTION> My Documents [C:\Users\Allison\Documents]
11/09/2009 09:02 PM <JUNCTION> NetHood [C:\Users\Allison\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/09/2009 09:02 PM <JUNCTION> PrintHood [C:\Users\Allison\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/09/2009 09:02 PM <JUNCTION> Recent [C:\Users\Allison\AppData\Roaming\Microsoft\Windows\Recent]
11/09/2009 09:02 PM <JUNCTION> SendTo [C:\Users\Allison\AppData\Roaming\Microsoft\Windows\SendTo]
11/09/2009 09:02 PM <JUNCTION> Start Menu [C:\Users\Allison\AppData\Roaming\Microsoft\Windows\Start Menu]
11/09/2009 09:02 PM <JUNCTION> Templates [C:\Users\Allison\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Allison\AppData\Local
11/09/2009 09:02 PM <JUNCTION> Application Data [C:\Users\Allison\AppData\Local]
11/09/2009 09:02 PM <JUNCTION> History [C:\Users\Allison\AppData\Local\Microsoft\Windows\History]
11/09/2009 09:02 PM <JUNCTION> Temporary Internet Files [C:\Users\Allison\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Allison\Documents
11/09/2009 09:02 PM <JUNCTION> My Music [C:\Users\Allison\Music]
11/09/2009 09:02 PM <JUNCTION> My Pictures [C:\Users\Allison\Pictures]
11/09/2009 09:02 PM <JUNCTION> My Videos [C:\Users\Allison\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Default
11/02/2006 08:42 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]
11/02/2006 08:42 AM <JUNCTION> Cookies [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies]
11/02/2006 08:42 AM <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]
11/02/2006 08:42 AM <JUNCTION> My Documents [C:\Users\Default\Documents]
11/02/2006 08:42 AM <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]
11/02/2006 08:42 AM <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]
11/02/2006 08:42 AM <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]
11/02/2006 08:42 AM <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]
11/02/2006 08:42 AM <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]
11/02/2006 08:42 AM <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]
0 File(s) 0 bytes
Directory of C:\Users\Default\AppData\Local
11/02/2006 08:42 AM <JUNCTION> Application Data [C:\Users\Default\AppData\Local]
11/02/2006 08:42 AM <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]
11/02/2006 08:42 AM <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]
0 File(s) 0 bytes
Directory of C:\Users\Default\Documents
11/02/2006 08:42 AM <JUNCTION> My Music [C:\Users\Default\Music]
11/02/2006 08:42 AM <JUNCTION> My Pictures [C:\Users\Default\Pictures]
11/02/2006 08:42 AM <JUNCTION> My Videos [C:\Users\Default\Videos]
0 File(s) 0 bytes
Directory of C:\Users\Public\Documents
11/02/2006 08:42 AM <JUNCTION> My Music [C:\Users\Public\Music]
11/02/2006 08:42 AM <JUNCTION> My Pictures [C:\Users\Public\Pictures]
11/02/2006 08:42 AM <JUNCTION> My Videos [C:\Users\Public\Videos]
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
83 Dir(s) 190,796,701,696 bytes free

< C:\Windows\assembly\tmp\U\*.* /s >

< %systemroot%\*. /mp /s >

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --show-icons [2013/10/08 17:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --hide-icons [2013/10/08 17:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --make-default-browser [2013/10/08 17:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2013/10/08 17:02:45 | 000,844,752 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -hide [2012/03/22 19:14:22 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -show [2012/03/22 19:14:22 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\SysWOW64\ie4uinit.exe" -reinstall [2012/03/22 19:14:22 | 000,074,240 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -extoff [2013/09/22 03:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files (x86)\Internet Explorer\iexplore.exe [2013/09/22 03:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files (x86)\Safari\Safari.exe" /reinstall [2012/07/20 02:48:16 | 002,388,376 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /hideicons [2012/07/20 02:48:16 | 002,388,376 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files (x86)\Safari\Safari.exe" /showicons [2012/07/20 02:48:16 | 002,388,376 | ---- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files (x86)\Safari\Safari.exe" [2012/07/20 02:48:16 | 002,388,376 | ---- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2012/03/22 19:14:19 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2012/03/22 19:14:19 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2012/03/22 19:14:19 | 000,089,088 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013/09/22 03:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE [2013/09/22 03:59:54 | 000,757,400 | ---- | M] (Microsoft Corporation)

< %systemroot%\system32\*.dll /lockedfiles >
[2013/09/22 03:22:17 | 009,739,264 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %ProgramFiles%\WINDOWS NT\*.* /s >
[2010/06/28 07:54:38 | 000,339,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\wordpad.exe
[2006/11/02 08:14:04 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\Accessories\en-US\wordpad.exe.mui
[2009/04/11 00:28:26 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextService.dll
[2006/09/19 04:43:31 | 000,016,212 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceAmharic.txt
[2009/02/18 12:39:58 | 001,272,752 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceArray.txt
[2009/02/18 12:39:58 | 000,980,032 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceDaYi.txt
[2009/02/18 12:40:00 | 001,665,878 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedQuanPin.txt
[2009/02/18 12:40:00 | 001,445,430 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedShuangPin.txt
[2009/02/18 12:40:02 | 001,810,352 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceSimplifiedZhengMa.txt
[2006/09/19 04:43:34 | 000,044,968 | ---- | M] () -- C:\Program Files (x86)\WINDOWS NT\TableTextService\TableTextServiceYi.txt
[2009/04/11 00:23:34 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\WINDOWS NT\TableTextService\en-US\TableTextService.dll.mui

< %systemroot%\system32\drivers\*.sys /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:373E1720

< End of report >

Attached Files


  • 0

#13
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything (and being that it is Vista it will almost certainly say that) then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply. Close nOtepad. Close the Command Window.

Then go on to the next step:

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

I assume you have the latest version of Avast 2014.9.0 If not update Avast then run a boot-time scan:


First mute the speakers so it won't wake you up when Windows loads.
Click on the Orange ball. Click on Scan. Change Quickscan to Boot-time Scan. Click on Settings. Where it says Heuristic Sensitivity click on the last rectangle so that all of them are orange and it says High. Check both boxes. Then change When a threat is found ... to: Move to Chest. OK. Now click on Start. Close the Avast window and then reboot. The scan will start. It will tell you where it will save the report. Usually it's
C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location. When Windows loads Click on the Orange Ball then Maintenance then Scan Logs. Click on the Boot-time scan log and then View Results. IF it found anything then open the saved Report and copy and paste the text into a reply so I can see it.

Ron
  • 0

#14
scotto62

scotto62

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
I went through the instructions. The SFC scan ran without complaint, but I have posted the log here anyway in case it helps:

Junk.txt:

2013-10-29 22:06:50, Info CSI 00000006 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:06:50, Info CSI 00000007 [SR] Beginning Verify and Repair transaction
2013-10-29 22:06:52, Info CSI 00000009 [SR] Verify complete
2013-10-29 22:06:52, Info CSI 0000000a [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:06:52, Info CSI 0000000b [SR] Beginning Verify and Repair transaction
2013-10-29 22:06:54, Info CSI 0000000d [SR] Verify complete
2013-10-29 22:06:55, Info CSI 0000000e [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:06:55, Info CSI 0000000f [SR] Beginning Verify and Repair transaction
2013-10-29 22:06:57, Info CSI 00000011 [SR] Verify complete
2013-10-29 22:06:57, Info CSI 00000012 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:06:57, Info CSI 00000013 [SR] Beginning Verify and Repair transaction
2013-10-29 22:06:59, Info CSI 00000015 [SR] Verify complete
2013-10-29 22:07:00, Info CSI 00000016 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:07:00, Info CSI 00000017 [SR] Beginning Verify and Repair transaction
2013-10-29 22:07:02, Info CSI 00000019 [SR] Verify complete
2013-10-29 22:07:02, Info CSI 0000001a [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:07:02, Info CSI 0000001b [SR] Beginning Verify and Repair transaction
2013-10-29 22:07:04, Info CSI 0000001d [SR] Verify complete
2013-10-29 22:07:04, Info CSI 0000001e [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:07:04, Info CSI 0000001f [SR] Beginning Verify and Repair transaction
2013-10-29 22:07:06, Info CSI 00000021 [SR] Verify complete
2013-10-29 22:07:06, Info CSI 00000022 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:07:06, Info CSI 00000023 [SR] Beginning Verify and Repair transaction
2013-10-29 22:07:08, Info CSI 00000025 [SR] Verify complete
2013-10-29 22:07:09, Info CSI 00000026 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:07:09, Info CSI 00000027 [SR] Beginning Verify and Repair transaction
2013-10-29 22:07:11, Info CSI 00000029 [SR] Verify complete
2013-10-29 22:07:11, Info CSI 0000002a [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:07:11, Info CSI 0000002b [SR] Beginning Verify and Repair transaction
2013-10-29 22:07:13, Info CSI 0000002d [SR] Verify complete
2013-10-29 22:07:13, Info CSI 0000002e [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:07:13, Info CSI 0000002f [SR] Beginning Verify and Repair transaction
2013-10-29 22:07:15, Info CSI 00000031 [SR] Verify complete
2013-10-29 22:07:15, Info CSI 00000032 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:07:15, Info CSI 00000033 [SR] Beginning Verify and Repair transaction
2013-10-29 22:07:17, Info CSI 00000035 [SR] Verify complete
2013-10-29 22:07:17, Info CSI 00000036 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:07:17, Info CSI 00000037 [SR] Beginning Verify and Repair transaction
2013-10-29 22:07:19, Info CSI 00000039 [SR] Verify complete
2013-10-29 22:07:19, Info CSI 0000003a [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:07:19, Info CSI 0000003b [SR] Beginning Verify and Repair transaction
2013-10-29 22:07:21, Info CSI 0000003d [SR] Verify complete
2013-10-29 22:07:21, Info CSI 0000003e [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:07:21, Info CSI 0000003f [SR] Beginning Verify and Repair transaction
2013-10-29 22:07:24, Info CSI 00000041 [SR] Verify complete
2013-10-29 22:07:24, Info CSI 00000042 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:07:24, Info CSI 00000043 [SR] Beginning Verify and Repair transaction
2013-10-29 22:07:27, Info CSI 00000045 [SR] Verify complete
2013-10-29 22:07:28, Info CSI 00000046 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:07:28, Info CSI 00000047 [SR] Beginning Verify and Repair transaction
2013-10-29 22:07:31, Info CSI 00000049 [SR] Verify complete
2013-10-29 22:07:31, Info CSI 0000004a [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:07:31, Info CSI 0000004b [SR] Beginning Verify and Repair transaction
2013-10-29 22:07:33, Info CSI 0000004d [SR] Verify complete
2013-10-29 22:07:33, Info CSI 0000004e [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:07:33, Info CSI 0000004f [SR] Beginning Verify and Repair transaction
2013-10-29 22:07:36, Info CSI 00000051 [SR] Verify complete
2013-10-29 22:07:36, Info CSI 00000052 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:07:36, Info CSI 00000053 [SR] Beginning Verify and Repair transaction
2013-10-29 22:07:39, Info CSI 00000055 [SR] Verify complete
2013-10-29 22:07:39, Info CSI 00000056 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:07:39, Info CSI 00000057 [SR] Beginning Verify and Repair transaction
2013-10-29 22:07:41, Info CSI 00000059 [SR] Verify complete
2013-10-29 22:07:41, Info CSI 0000005a [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:07:41, Info CSI 0000005b [SR] Beginning Verify and Repair transaction
2013-10-29 22:07:44, Info CSI 0000005d [SR] Verify complete
2013-10-29 22:07:44, Info CSI 0000005e [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:07:44, Info CSI 0000005f [SR] Beginning Verify and Repair transaction
2013-10-29 22:07:48, Info CSI 00000061 [SR] Verify complete
2013-10-29 22:07:48, Info CSI 00000062 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:07:48, Info CSI 00000063 [SR] Beginning Verify and Repair transaction
2013-10-29 22:07:53, Info CSI 00000065 [SR] Verify complete
2013-10-29 22:07:54, Info CSI 00000066 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:07:54, Info CSI 00000067 [SR] Beginning Verify and Repair transaction
2013-10-29 22:07:58, Info CSI 0000006b [SR] Verify complete
2013-10-29 22:07:59, Info CSI 0000006c [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:07:59, Info CSI 0000006d [SR] Beginning Verify and Repair transaction
2013-10-29 22:08:06, Info CSI 00000070 [SR] Verify complete
2013-10-29 22:08:06, Info CSI 00000071 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:08:06, Info CSI 00000072 [SR] Beginning Verify and Repair transaction
2013-10-29 22:08:12, Info CSI 00000076 [SR] Verify complete
2013-10-29 22:08:12, Info CSI 00000077 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:08:12, Info CSI 00000078 [SR] Beginning Verify and Repair transaction
2013-10-29 22:08:19, Info CSI 0000007a [SR] Verify complete
2013-10-29 22:08:19, Info CSI 0000007b [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:08:19, Info CSI 0000007c [SR] Beginning Verify and Repair transaction
2013-10-29 22:08:26, Info CSI 0000009e [SR] Verify complete
2013-10-29 22:08:26, Info CSI 0000009f [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:08:26, Info CSI 000000a0 [SR] Beginning Verify and Repair transaction
2013-10-29 22:08:33, Info CSI 000000a5 [SR] Verify complete
2013-10-29 22:08:34, Info CSI 000000a6 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:08:34, Info CSI 000000a7 [SR] Beginning Verify and Repair transaction
2013-10-29 22:08:40, Info CSI 000000a9 [SR] Verify complete
2013-10-29 22:08:40, Info CSI 000000aa [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:08:40, Info CSI 000000ab [SR] Beginning Verify and Repair transaction
2013-10-29 22:08:46, Info CSI 000000ad [SR] Verify complete
2013-10-29 22:08:47, Info CSI 000000ae [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:08:47, Info CSI 000000af [SR] Beginning Verify and Repair transaction
2013-10-29 22:08:55, Info CSI 000000b1 [SR] Verify complete
2013-10-29 22:08:56, Info CSI 000000b2 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:08:56, Info CSI 000000b3 [SR] Beginning Verify and Repair transaction
2013-10-29 22:09:04, Info CSI 000000b7 [SR] Verify complete
2013-10-29 22:09:04, Info CSI 000000b8 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:09:04, Info CSI 000000b9 [SR] Beginning Verify and Repair transaction
2013-10-29 22:09:17, Info CSI 000000cf [SR] Verify complete
2013-10-29 22:09:17, Info CSI 000000d0 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:09:17, Info CSI 000000d1 [SR] Beginning Verify and Repair transaction
2013-10-29 22:09:40, Info CSI 000000d3 [SR] Verify complete
2013-10-29 22:09:40, Info CSI 000000d4 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:09:40, Info CSI 000000d5 [SR] Beginning Verify and Repair transaction
2013-10-29 22:09:47, Info CSI 000000d7 [SR] Verify complete
2013-10-29 22:09:47, Info CSI 000000d8 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:09:47, Info CSI 000000d9 [SR] Beginning Verify and Repair transaction
2013-10-29 22:09:50, Info CSI 000000db [SR] Verify complete
2013-10-29 22:09:50, Info CSI 000000dc [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:09:50, Info CSI 000000dd [SR] Beginning Verify and Repair transaction
2013-10-29 22:09:53, Info CSI 000000df [SR] Verify complete
2013-10-29 22:09:53, Info CSI 000000e0 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:09:53, Info CSI 000000e1 [SR] Beginning Verify and Repair transaction
2013-10-29 22:10:00, Info CSI 000000e9 [SR] Verify complete
2013-10-29 22:10:00, Info CSI 000000ea [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:10:00, Info CSI 000000eb [SR] Beginning Verify and Repair transaction
2013-10-29 22:10:06, Info CSI 000000f8 [SR] Verify complete
2013-10-29 22:10:07, Info CSI 000000f9 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:10:07, Info CSI 000000fa [SR] Beginning Verify and Repair transaction
2013-10-29 22:10:08, Info CSI 000000fc [SR] Verify complete
2013-10-29 22:10:09, Info CSI 000000fd [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:10:09, Info CSI 000000fe [SR] Beginning Verify and Repair transaction
2013-10-29 22:10:13, Info CSI 00000100 [SR] Verify complete
2013-10-29 22:10:13, Info CSI 00000101 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:10:13, Info CSI 00000102 [SR] Beginning Verify and Repair transaction
2013-10-29 22:10:18, Info CSI 00000104 [SR] Verify complete
2013-10-29 22:10:18, Info CSI 00000105 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:10:18, Info CSI 00000106 [SR] Beginning Verify and Repair transaction
2013-10-29 22:10:28, Info CSI 00000109 [SR] Verify complete
2013-10-29 22:10:28, Info CSI 0000010a [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:10:28, Info CSI 0000010b [SR] Beginning Verify and Repair transaction
2013-10-29 22:10:34, Info CSI 0000010d [SR] Verify complete
2013-10-29 22:10:34, Info CSI 0000010e [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:10:34, Info CSI 0000010f [SR] Beginning Verify and Repair transaction
2013-10-29 22:10:37, Info CSI 00000111 [SR] Verify complete
2013-10-29 22:10:37, Info CSI 00000112 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:10:37, Info CSI 00000113 [SR] Beginning Verify and Repair transaction
2013-10-29 22:10:46, Info CSI 00000115 [SR] Verify complete
2013-10-29 22:10:46, Info CSI 00000116 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:10:46, Info CSI 00000117 [SR] Beginning Verify and Repair transaction
2013-10-29 22:10:52, Info CSI 00000119 [SR] Verify complete
2013-10-29 22:10:52, Info CSI 0000011a [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:10:52, Info CSI 0000011b [SR] Beginning Verify and Repair transaction
2013-10-29 22:11:04, Info CSI 00000123 [SR] Verify complete
2013-10-29 22:11:05, Info CSI 00000124 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:11:05, Info CSI 00000125 [SR] Beginning Verify and Repair transaction
2013-10-29 22:11:16, Info CSI 00000137 [SR] Verify complete
2013-10-29 22:11:17, Info CSI 00000138 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:11:17, Info CSI 00000139 [SR] Beginning Verify and Repair transaction
2013-10-29 22:11:39, Info CSI 0000013b [SR] Verify complete
2013-10-29 22:11:40, Info CSI 0000013c [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:11:40, Info CSI 0000013d [SR] Beginning Verify and Repair transaction
2013-10-29 22:11:51, Info CSI 0000013f [SR] Verify complete
2013-10-29 22:11:52, Info CSI 00000140 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:11:52, Info CSI 00000141 [SR] Beginning Verify and Repair transaction
2013-10-29 22:12:06, Info CSI 00000143 [SR] Verify complete
2013-10-29 22:12:06, Info CSI 00000144 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:12:06, Info CSI 00000145 [SR] Beginning Verify and Repair transaction
2013-10-29 22:12:17, Info CSI 00000147 [SR] Verify complete
2013-10-29 22:12:17, Info CSI 00000148 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:12:17, Info CSI 00000149 [SR] Beginning Verify and Repair transaction
2013-10-29 22:12:26, Info CSI 0000014b [SR] Verify complete
2013-10-29 22:12:26, Info CSI 0000014c [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:12:26, Info CSI 0000014d [SR] Beginning Verify and Repair transaction
2013-10-29 22:12:31, Info CSI 0000014f [SR] Verify complete
2013-10-29 22:12:32, Info CSI 00000150 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:12:32, Info CSI 00000151 [SR] Beginning Verify and Repair transaction
2013-10-29 22:12:38, Info CSI 00000155 [SR] Verify complete
2013-10-29 22:12:39, Info CSI 00000156 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:12:39, Info CSI 00000157 [SR] Beginning Verify and Repair transaction
2013-10-29 22:12:56, Info CSI 00000159 [SR] Verify complete
2013-10-29 22:12:56, Info CSI 0000015a [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:12:56, Info CSI 0000015b [SR] Beginning Verify and Repair transaction
2013-10-29 22:13:04, Info CSI 0000015d [SR] Verify complete
2013-10-29 22:13:05, Info CSI 0000015e [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:13:05, Info CSI 0000015f [SR] Beginning Verify and Repair transaction
2013-10-29 22:13:16, Info CSI 00000161 [SR] Verify complete
2013-10-29 22:13:17, Info CSI 00000162 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:13:17, Info CSI 00000163 [SR] Beginning Verify and Repair transaction
2013-10-29 22:13:29, Info CSI 00000165 [SR] Verify complete
2013-10-29 22:13:29, Info CSI 00000166 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:13:29, Info CSI 00000167 [SR] Beginning Verify and Repair transaction
2013-10-29 22:13:37, Info CSI 00000169 [SR] Verify complete
2013-10-29 22:13:38, Info CSI 0000016a [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:13:38, Info CSI 0000016b [SR] Beginning Verify and Repair transaction
2013-10-29 22:13:49, Info CSI 0000016d [SR] Verify complete
2013-10-29 22:13:50, Info CSI 0000016e [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:13:50, Info CSI 0000016f [SR] Beginning Verify and Repair transaction
2013-10-29 22:14:06, Info CSI 00000172 [SR] Verify complete
2013-10-29 22:14:06, Info CSI 00000173 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:14:06, Info CSI 00000174 [SR] Beginning Verify and Repair transaction
2013-10-29 22:14:15, Info CSI 00000176 [SR] Verify complete
2013-10-29 22:14:15, Info CSI 00000177 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:14:15, Info CSI 00000178 [SR] Beginning Verify and Repair transaction
2013-10-29 22:14:24, Info CSI 0000017b [SR] Verify complete
2013-10-29 22:14:24, Info CSI 0000017c [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:14:24, Info CSI 0000017d [SR] Beginning Verify and Repair transaction
2013-10-29 22:14:33, Info CSI 00000180 [SR] Verify complete
2013-10-29 22:14:33, Info CSI 00000181 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:14:33, Info CSI 00000182 [SR] Beginning Verify and Repair transaction
2013-10-29 22:14:40, Info CSI 00000183 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-10-29 22:14:40, Info CSI 00000184 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-10-29 22:14:43, Info CSI 00000189 [SR] Verify complete
2013-10-29 22:14:43, Info CSI 0000018a [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:14:43, Info CSI 0000018b [SR] Beginning Verify and Repair transaction
2013-10-29 22:14:54, Info CSI 0000018d [SR] Verify complete
2013-10-29 22:14:54, Info CSI 0000018e [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:14:54, Info CSI 0000018f [SR] Beginning Verify and Repair transaction
2013-10-29 22:15:01, Info CSI 00000191 [SR] Verify complete
2013-10-29 22:15:01, Info CSI 00000192 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:15:01, Info CSI 00000193 [SR] Beginning Verify and Repair transaction
2013-10-29 22:15:03, Info CSI 00000195 [SR] Verify complete
2013-10-29 22:15:04, Info CSI 00000196 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:15:04, Info CSI 00000197 [SR] Beginning Verify and Repair transaction
2013-10-29 22:15:14, Info CSI 00000199 [SR] Verify complete
2013-10-29 22:15:14, Info CSI 0000019a [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:15:14, Info CSI 0000019b [SR] Beginning Verify and Repair transaction
2013-10-29 22:15:21, Info CSI 0000019d [SR] Verify complete
2013-10-29 22:15:22, Info CSI 0000019e [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:15:22, Info CSI 0000019f [SR] Beginning Verify and Repair transaction
2013-10-29 22:15:29, Info CSI 000001a1 [SR] Verify complete
2013-10-29 22:15:29, Info CSI 000001a2 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:15:29, Info CSI 000001a3 [SR] Beginning Verify and Repair transaction
2013-10-29 22:15:48, Info CSI 000001a5 [SR] Verify complete
2013-10-29 22:15:48, Info CSI 000001a6 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:15:48, Info CSI 000001a7 [SR] Beginning Verify and Repair transaction
2013-10-29 22:15:52, Info CSI 000001a9 [SR] Verify complete
2013-10-29 22:15:52, Info CSI 000001aa [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:15:52, Info CSI 000001ab [SR] Beginning Verify and Repair transaction
2013-10-29 22:15:59, Info CSI 000001ad [SR] Verify complete
2013-10-29 22:15:59, Info CSI 000001ae [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:15:59, Info CSI 000001af [SR] Beginning Verify and Repair transaction
2013-10-29 22:16:11, Info CSI 000001ba [SR] Verify complete
2013-10-29 22:16:11, Info CSI 000001bb [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:16:11, Info CSI 000001bc [SR] Beginning Verify and Repair transaction
2013-10-29 22:16:17, Info CSI 000001be [SR] Verify complete
2013-10-29 22:16:18, Info CSI 000001bf [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:16:18, Info CSI 000001c0 [SR] Beginning Verify and Repair transaction
2013-10-29 22:16:25, Info CSI 000001c2 [SR] Verify complete
2013-10-29 22:16:25, Info CSI 000001c3 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:16:25, Info CSI 000001c4 [SR] Beginning Verify and Repair transaction
2013-10-29 22:16:34, Info CSI 000001c6 [SR] Verify complete
2013-10-29 22:16:34, Info CSI 000001c7 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:16:34, Info CSI 000001c8 [SR] Beginning Verify and Repair transaction
2013-10-29 22:16:43, Info CSI 000001ca [SR] Verify complete
2013-10-29 22:16:43, Info CSI 000001cb [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:16:43, Info CSI 000001cc [SR] Beginning Verify and Repair transaction
2013-10-29 22:16:45, Info CSI 000001ce [SR] Verify complete
2013-10-29 22:16:46, Info CSI 000001cf [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:16:46, Info CSI 000001d0 [SR] Beginning Verify and Repair transaction
2013-10-29 22:16:54, Info CSI 000001d4 [SR] Verify complete
2013-10-29 22:16:55, Info CSI 000001d5 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:16:55, Info CSI 000001d6 [SR] Beginning Verify and Repair transaction
2013-10-29 22:17:03, Info CSI 000001db [SR] Verify complete
2013-10-29 22:17:03, Info CSI 000001dc [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:17:03, Info CSI 000001dd [SR] Beginning Verify and Repair transaction
2013-10-29 22:17:22, Info CSI 000001e7 [SR] Verify complete
2013-10-29 22:17:22, Info CSI 000001e8 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:17:22, Info CSI 000001e9 [SR] Beginning Verify and Repair transaction
2013-10-29 22:17:33, Info CSI 000001f5 [SR] Verify complete
2013-10-29 22:17:33, Info CSI 000001f6 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:17:33, Info CSI 000001f7 [SR] Beginning Verify and Repair transaction
2013-10-29 22:17:39, Info CSI 000001f9 [SR] Verify complete
2013-10-29 22:17:39, Info CSI 000001fa [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:17:39, Info CSI 000001fb [SR] Beginning Verify and Repair transaction
2013-10-29 22:17:43, Info CSI 000001ff [SR] Verify complete
2013-10-29 22:17:44, Info CSI 00000200 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:17:44, Info CSI 00000201 [SR] Beginning Verify and Repair transaction
2013-10-29 22:17:49, Info CSI 00000204 [SR] Verify complete
2013-10-29 22:17:49, Info CSI 00000205 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:17:49, Info CSI 00000206 [SR] Beginning Verify and Repair transaction
2013-10-29 22:17:58, Info CSI 0000022b [SR] Verify complete
2013-10-29 22:17:58, Info CSI 0000022c [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:17:58, Info CSI 0000022d [SR] Beginning Verify and Repair transaction
2013-10-29 22:18:03, Info CSI 0000022f [SR] Verify complete
2013-10-29 22:18:04, Info CSI 00000230 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:18:04, Info CSI 00000231 [SR] Beginning Verify and Repair transaction
2013-10-29 22:18:09, Info CSI 00000233 [SR] Verify complete
2013-10-29 22:18:09, Info CSI 00000234 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:18:09, Info CSI 00000235 [SR] Beginning Verify and Repair transaction
2013-10-29 22:18:15, Info CSI 00000237 [SR] Verify complete
2013-10-29 22:18:16, Info CSI 00000238 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:18:16, Info CSI 00000239 [SR] Beginning Verify and Repair transaction
2013-10-29 22:18:24, Info CSI 0000024a [SR] Verify complete
2013-10-29 22:18:25, Info CSI 0000024b [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:18:25, Info CSI 0000024c [SR] Beginning Verify and Repair transaction
2013-10-29 22:18:43, Info CSI 00000252 [SR] Verify complete
2013-10-29 22:18:44, Info CSI 00000253 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:18:44, Info CSI 00000254 [SR] Beginning Verify and Repair transaction
2013-10-29 22:18:52, Info CSI 0000025e [SR] Verify complete
2013-10-29 22:18:52, Info CSI 0000025f [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:18:52, Info CSI 00000260 [SR] Beginning Verify and Repair transaction
2013-10-29 22:18:56, Info CSI 00000262 [SR] Verify complete
2013-10-29 22:18:56, Info CSI 00000263 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:18:56, Info CSI 00000264 [SR] Beginning Verify and Repair transaction
2013-10-29 22:19:07, Info CSI 00000268 [SR] Verify complete
2013-10-29 22:19:07, Info CSI 00000269 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:19:07, Info CSI 0000026a [SR] Beginning Verify and Repair transaction
2013-10-29 22:19:12, Info CSI 0000026c [SR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
2013-10-29 22:19:13, Info CSI 0000026f [SR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
2013-10-29 22:19:14, Info CSI 00000272 [SR] Verify complete
2013-10-29 22:19:14, Info CSI 00000273 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:19:14, Info CSI 00000274 [SR] Beginning Verify and Repair transaction
2013-10-29 22:19:21, Info CSI 00000276 [SR] Verify complete
2013-10-29 22:19:21, Info CSI 00000277 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:19:21, Info CSI 00000278 [SR] Beginning Verify and Repair transaction
2013-10-29 22:19:27, Info CSI 0000027a [SR] Verify complete
2013-10-29 22:19:27, Info CSI 0000027b [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:19:27, Info CSI 0000027c [SR] Beginning Verify and Repair transaction
2013-10-29 22:19:34, Info CSI 00000280 [SR] Verify complete
2013-10-29 22:19:35, Info CSI 00000281 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:19:35, Info CSI 00000282 [SR] Beginning Verify and Repair transaction
2013-10-29 22:19:46, Info CSI 0000029c [SR] Verify complete
2013-10-29 22:19:46, Info CSI 0000029d [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:19:46, Info CSI 0000029e [SR] Beginning Verify and Repair transaction
2013-10-29 22:20:09, Info CSI 000002a0 [SR] Verify complete
2013-10-29 22:20:09, Info CSI 000002a1 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:20:09, Info CSI 000002a2 [SR] Beginning Verify and Repair transaction
2013-10-29 22:20:16, Info CSI 000002a4 [SR] Verify complete
2013-10-29 22:20:16, Info CSI 000002a5 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:20:16, Info CSI 000002a6 [SR] Beginning Verify and Repair transaction
2013-10-29 22:20:25, Info CSI 000002a8 [SR] Verify complete
2013-10-29 22:20:26, Info CSI 000002a9 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:20:26, Info CSI 000002aa [SR] Beginning Verify and Repair transaction
2013-10-29 22:20:32, Info CSI 000002ac [SR] Verify complete
2013-10-29 22:20:32, Info CSI 000002ad [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:20:32, Info CSI 000002ae [SR] Beginning Verify and Repair transaction
2013-10-29 22:20:38, Info CSI 000002b1 [SR] Verify complete
2013-10-29 22:20:38, Info CSI 000002b2 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:20:38, Info CSI 000002b3 [SR] Beginning Verify and Repair transaction
2013-10-29 22:20:52, Info CSI 000002b5 [SR] Verify complete
2013-10-29 22:20:52, Info CSI 000002b6 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:20:52, Info CSI 000002b7 [SR] Beginning Verify and Repair transaction
2013-10-29 22:20:59, Info CSI 000002b9 [SR] Verify complete
2013-10-29 22:20:59, Info CSI 000002ba [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:20:59, Info CSI 000002bb [SR] Beginning Verify and Repair transaction
2013-10-29 22:21:06, Info CSI 000002bd [SR] Verify complete
2013-10-29 22:21:06, Info CSI 000002be [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:21:06, Info CSI 000002bf [SR] Beginning Verify and Repair transaction
2013-10-29 22:21:13, Info CSI 000002c2 [SR] Verify complete
2013-10-29 22:21:14, Info CSI 000002c3 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:21:14, Info CSI 000002c4 [SR] Beginning Verify and Repair transaction
2013-10-29 22:21:19, Info CSI 000002c6 [SR] Verify complete
2013-10-29 22:21:19, Info CSI 000002c7 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:21:19, Info CSI 000002c8 [SR] Beginning Verify and Repair transaction
2013-10-29 22:21:26, Info CSI 000002ca [SR] Verify complete
2013-10-29 22:21:26, Info CSI 000002cb [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:21:26, Info CSI 000002cc [SR] Beginning Verify and Repair transaction
2013-10-29 22:21:33, Info CSI 000002d1 [SR] Verify complete
2013-10-29 22:21:33, Info CSI 000002d2 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:21:33, Info CSI 000002d3 [SR] Beginning Verify and Repair transaction
2013-10-29 22:21:42, Info CSI 000002d6 [SR] Verify complete
2013-10-29 22:21:42, Info CSI 000002d7 [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:21:42, Info CSI 000002d8 [SR] Beginning Verify and Repair transaction
2013-10-29 22:21:48, Info CSI 000002da [SR] Verify complete
2013-10-29 22:21:48, Info CSI 000002db [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:21:48, Info CSI 000002dc [SR] Beginning Verify and Repair transaction
2013-10-29 22:21:56, Info CSI 000002de [SR] Verify complete
2013-10-29 22:21:56, Info CSI 000002df [SR] Verifying 100 (0x0000000000000064) components
2013-10-29 22:21:56, Info CSI 000002e0 [SR] Beginning Verify and Repair transaction
2013-10-29 22:22:04, Info CSI 000002e2 [SR] Verify complete
2013-10-29 22:22:05, Info CSI 000002e3 [SR] Verifying 51 (0x0000000000000033) components
2013-10-29 22:22:05, Info CSI 000002e4 [SR] Beginning Verify and Repair transaction
2013-10-29 22:22:08, Info CSI 000002e6 [SR] Verify complete
2013-10-29 22:22:08, Info CSI 000002e7 [SR] Repairing 3 components
2013-10-29 22:22:08, Info CSI 000002e8 [SR] Beginning Verify and Repair transaction
2013-10-29 22:22:08, Info CSI 000002e9 [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:42{21}]"Wdf01000Uninstall.mof" from store
2013-10-29 22:22:08, Info CSI 000002ea [SR] Repairing corrupted file [ml:58{29},l:56{28}]"\??\C:\Windows\system32\wbem"\[l:24{12}]"Wdf01000.mof" from store
2013-10-29 22:22:08, Info CSI 000002ec [SR] Repairing corrupted file [ml:520{260},l:64{32}]"\??\C:\Windows\PolicyDefinitions"\[l:24{12}]"inetres.admx" from store
2013-10-29 22:22:08, Info CSI 000002ef [SR] Repairing corrupted file [ml:520{260},l:76{38}]"\??\C:\Windows\PolicyDefinitions\en-US"\[l:24{12}]"InetRes.adml" from store
2013-10-29 22:22:08, Info CSI 000002f2 [SR] Repair complete
2013-10-29 22:22:08, Info CSI 000002f3 [SR] Committing transaction
2013-10-29 22:22:09, Info CSI 000002f7 [SR] Verify and Repair Transaction completed. All files and registry keys listed in this transaction have been successfully repaired


~~~~~~~~~~~~~~~~~~~~~~~
HERE ARE THE VEW SYSTEM AND APPLICATION LOGS:

VEW System.txt:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 29/10/2013 10:30:50 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/10/2013 3:40:12 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Intel® PRO/1000 NDIS 6 Adapter Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Log: 'System' Date/Time: 30/10/2013 3:40:12 AM
Type: Error Category: 0
Event: 7000 Source: Service Control Manager
The Dell Wireless WLAN Card Driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 30/10/2013 1:25:40 AM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.

VEW Application.txt:

Vino's Event Viewer v01c run on Windows Vista in English
Report run at 29/10/2013 10:32:29 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 30/10/2013 3:40:12 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~~~~~~~~~~~~~~~~~
AND FINALLY, HERE IS THE AVAST BOOT SCAN LOG:

aswBoot.txt:
10/29/2013 22:39
Scan of all local drives

File C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\30A2BFIW\index[1].htm is infected by HTML:RedirBA-inf [Trj], Moved to chest
File C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5VSH13G\ARM_1740[1].msi|>Binary.AdobeARM.bin Error 42144 {OLE archive is corrupted.}
File C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E5VSH13G\ARM_1740[1].msi|>01_StringData Error 42144 {OLE archive is corrupted.}
File C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\K9H8L9PS\index[2].htm is infected by HTML:RedirBA-inf [Trj], Moved to chest
File C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W5M3A6AB\ARM_1740[1].msi|>Binary.AdobeARM.bin Error 42144 {OLE archive is corrupted.}
File C:\Users\Allen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\W5M3A6AB\ARM_1740[1].msi|>01_StringData Error 42144 {OLE archive is corrupted.}
Number of searched folders: 36093
Number of tested files: 1108452
Number of infected files: 2


THANKS RON, APPRECIATE THE HELP!

Allan
  • 0

#15
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


Run the Fixit on this page:

http://support.micro...b;en-US;2545227

Are you still having problems?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP