Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

BSOD after restore, virus still present? [Solved]


  • This topic is locked This topic is locked

#1
qwiksilvertrav

qwiksilvertrav

    Member

  • Member
  • PipPip
  • 13 posts
Hello,
I'm helping a friend and fixing his laptop...so I got it and he said it was crashing a lot. So I ran Avast to do a full scan. Well stupid me...I decided to open internet explorer and it crashed on me. Last I looked at the scan it was at 12% with 8 infected files found.I went to reboot and it seemed the system files were basically corrupted. Window boot fix couldn't fix it...system restore couldn't restore either. It's a HP laptop so I used the Factory restore option in the HP tool and backed up all his files (basically a wipe).
So now I can it to boot up but it's only stable now in safe mood. It crashes with the fault code IRQL_Not_Less_or_Equal blue screen. It's pretty random when it crashed but usually within 5 minutes of running in normal it'll crash.

I ran avast again and it found 1 infection and cleaned it. I however cannot seem to run a boot time scan. I also cannot keep it running long enough to install windows updates etc. And I can't seem to get windows updates running at all in safe mode.

Not sure if this is due to a virus still or if it's just the PC itself. Since I know it was infected (this guy does NOT take care of his pc) I figured I'd post in this section.

OTL Extras logfile created on: 10/25/2013 11:35:42 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tommy Mega\Desktop\VirusScanners
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 6.98 Gb Available Physical Memory | 87.75% Memory free
15.90 Gb Paging File | 14.92 Gb Available in Paging File | 93.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.95 Gb Total Space | 634.84 Gb Free Space | 92.82% Space Free | Partition Type: NTFS
Drive D: | 14.39 Gb Total Space | 1.60 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive F: | 7.20 Gb Total Space | 1.87 Gb Free Space | 25.91% Space Free | Partition Type: FAT32

Computer Name: TOMMYMEGA-HP | User Name: Tommy Mega | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3A027150-1368-4FE4-A8B8-9B6AF833E2C2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{A4434578-0F65-4073-9D0D-96CF7A796ADF}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0824E7A1-FDE1-4263-B0F4-DA02BCA62663}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |
"{54E8B167-0B45-44C1-8DF3-9500776B81A0}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{5C5F3B24-B805-46A1-BAEA-F88B8BB968F4}" = protocol=17 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{77D7C794-AE1D-4E44-95B4-A6DFBA3D7E63}" = protocol=6 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{9EDA278D-1263-47F1-AC93-0AE70F780010}" = protocol=17 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{C88C4660-EAD3-4475-9C3D-C6B89EECE449}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe |
"{CC5D95D7-37D7-4264-A94B-AC1064E2F8D5}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\dmagent.exe |
"{D2EE4647-263B-4861-8645-C6F1E0EFCB42}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{D7776677-CD4C-465A-8017-7F99230EFD62}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E248442D-ACB2-4DE2-B52E-625F57627040}" = dir=in | app=c:\windows\system32\ezsharedsvchost.exe |
"{E8E4F810-9E4B-4680-9169-7CC3E414DE06}" = dir=in | app=c:\program files (x86)\easybits for kids\ezdesktop.exe |
"{F71749C3-08D7-4928-B4D4-F7026F59FE7D}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{F81DB3FF-48CF-4B03-9E61-EA74B9BCE4E9}" = protocol=17 | dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\roxionow\rnow.exe |
"{F9C300F8-DF28-4FE0-AFFE-718F8E01D2AC}" = protocol=6 | dir=in | app=c:\program files (x86)\roxio\roxionow player\rnowshell.exe |
"{FFA6A819-D12D-4B8E-87B0-FB0D27BC428F}" = protocol=6 | dir=in | app=c:\program files\intel\wimax\bin\appsrv.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0128D231-B23B-409C-A531-39D8D8774BA1}" = HP 3D DriveGuard
"{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}" = AuthenTec TrueAPI
"{18A6B663-A646-457B-A314-5CF58AECB06A}" = Intel® PROSet/Wireless WiMAX Software
"{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}" = Intel® PROSet/Wireless WiFi Software
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java™ 6 Update 24 (64-bit)
"{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}" = HP Client Services
"{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel® Wireless Display
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4F26C164-9373-4974-8F43-E0F2176AF937}" = Intel WiMAX Tutorial
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{7A33B9B4-0C40-53B4-CCA0-D469A83DE142}" = ccc-utility64
"{7C54D017-21BB-43AE-9746-33E78AF4A425}" = Validity WBF DDK
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}" = HP Auto
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{DA0D8FDA-D538-1145-8BA2-6F22C4EB4F75}" = ATI Catalyst Install Manager
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00CCB6C5-DD11-F614-5955-FACAFA2C80F7}" = CCC Help Turkish
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0372849C-A9C1-A7BF-7180-9DB15334D778}" = Catalyst Control Center
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BB68729-BD8E-76E0-A357-9685790987F1}" = Catalyst Control Center Profiles Mobile
"{0EDEB615-1A60-425E-8306-0E10519C7B55}" = RoxioNow Player
"{115BAB0B-AB04-E481-76F5-82D90C3049A6}" = CCC Help Danish
"{120262A6-7A4B-4889-AE85-F5E5688D3683}" = HP MovieStore
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19F2D706-4834-2DD2-D12E-C10E75A57C81}" = CCC Help French
"{1AA895E9-B751-408B-BB9C-527C04E52C91}" = Catalyst Control Center - Branding
"{1C34B2AF-0D61-1784-8BC8-219F969BEFD6}" = PX Profile Update
"{1CB8B169-534E-6F89-CDF9-0B812FBACF9A}" = CCC Help Hungarian
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210A03F5-B2ED-4947-B27E-516F50CBB292}" = HP Setup
"{228CDD95-4069-8D94-7584-82BDE9A68B63}" = CCC Help Japanese
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{28CA24E3-D323-3900-9519-4FFE9984EC53}" = CCC Help Polish
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{49799BCA-8E53-63CD-D2D4-BAC6AB782DEE}" = Catalyst Control Center Graphics Previews Common
"{49FD3CE5-1839-7EEA-D7D3-17A23826B859}" = CCC Help Greek
"{49FE4B97-0E1E-F9EC-2123-4DFA80064694}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55B013D5-14E7-C0B1-CE42-9C567AAEE3C9}" = CCC Help Dutch
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}" = Intel® Wireless Display
"{5E2C8F1A-AC86-FBCD-B3E4-EBF9E747BC4D}" = CCC Help Korean
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{795AADBF-58C2-42D0-B779-E730702A247E}" = HP Connection Manager
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{81EDA038-2320-B7E2-4D78-E12C2D55CE75}" = CCC Help German
"{83A375B6-6FC2-4F8A-948E-E506DB9DCDF0}" = HP Documentation
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{872B1C80-38EC-4A31-A25C-980820593900}" = HP Power Manager
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89A6150B-0CE8-AA44-F24B-FD8DCC058ACC}" = CCC Help Norwegian
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B619E05-80B3-20A1-5C1C-FDCDEC394344}" = CCC Help Chinese Standard
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8EFC331E-07A7-B196-7EA7-549A0CFE07CB}" = CCC Help Swedish
"{9008D736-35CA-40DB-A2BE-5F32D954E5AA}" = HP MovieStore
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}" = Blio
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}" = HP On Screen Display
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A7F248B5-B784-E149-124F-ABE878BC725F}" = CCC Help Portuguese
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X MUI
"{ADBCAA59-C242-4B31-FF51-354159417118}" = CCC Help Thai
"{AE856388-AFAD-4753-81DF-D96B19D0A17C}" = HP Setup Manager
"{AEF3AB2B-0B52-E47E-CA66-55E11D41EA04}" = CCC Help Finnish
"{BCFAA37D-A6DB-43BF-A351-43F183E52D07}" = HP SimplePass 2011
"{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}" = Energy Star Digital Logo
"{C118B9C6-BCE5-629D-F9CF-F61BCAD285D9}" = CCC Help Spanish
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C51EF224-3786-5566-3B32-251BDEC5C8E7}" = Catalyst Control Center InstallProxy
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D814C606-0199-4A7D-D517-79DC2B3EB7F0}" = CCC Help Russian
"{DA05AADA-6407-9E45-7843-45F7393F7A15}" = CCC Help Italian
"{DBCD5E64-7379-4648-9444-8A6558DCB614}" = Recovery Manager
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6041920-6D08-2466-E672-A15B040B5004}" = CCC Help English
"{E8EE10CF-31E4-CA63-BD94-B0157BBB2444}" = CCC Help Chinese Traditional
"{E92D47A1-D27D-430A-8368-0BAFD956507D}" = HP Support Assistant
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB58480C-0721-483C-B354-9D35A147999F}" = HP Quick Launch
"{EDD14387-FE5E-48A3-6B2B-E61DD88FC69E}" = CCC Help Czech
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Display Audio Driver
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote v. 4.2.2
"{F8070C51-4B1D-430C-8BCF-19696368366F}" = HP Software Framework
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avast" = avast! Free Antivirus
"EasyBits Magic Desktop" = Magic Desktop
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"NIS" = Norton Internet Security
"WildTangent hp Master Uninstall" = HP Games
"WinLiveSuite" = Windows Live Essentials
"WT087328" = Blackhawk Striker 2
"WT087330" = Bounce Symphony
"WT087335" = Build-a-lot 2
"WT087343" = Dora's World Adventure
"WT087393" = Mah Jong Medley
"WT087394" = Penguins!
"WT087395" = Poker Superstars III
"WT087396" = Polar Bowler
"WT087397" = Polar Golfer
"WT087415" = Wheel of Fortune 2
"WT087536" = Diner Dash 2 Restaurant Rescue
"WT089307" = Virtual Villagers 4 - The Tree of Life
"WT089308" = Blasterball 3
"WT089328" = Farm Frenzy
"WT089359" = Cake Mania
"WT089362" = Agatha Christie - Peril at End House
"WT089453" = Bejeweled 2 Deluxe
"WT089454" = Chuzzle Deluxe
"WT089455" = Zuma Deluxe
"WT089457" = Slingo Supreme
"WT089458" = Plants vs. Zombies - Game of the Year
"WT089470" = FATE - The Traitor Soul
"WT089484" = Namco All-Stars PAC-MAN
"WT089496" = Mystery P.I. - Stolen in San Francisco
"WT089498" = Bejeweled 3

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/24/2013 3:04:42 AM | Computer Name = TommyMega-HP | Source = WinMgmt | ID = 10
Description =

Error - 10/24/2013 3:10:13 AM | Computer Name = TommyMega-HP | Source = WinMgmt | ID = 10
Description =

Error - 10/24/2013 1:44:00 PM | Computer Name = TommyMega-HP | Source = WinMgmt | ID = 10
Description =

Error - 10/24/2013 1:54:34 PM | Computer Name = TommyMega-HP | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab>
with error: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 10/24/2013 2:05:34 PM | Computer Name = TommyMega-HP | Source = WinMgmt | ID = 10
Description =

Error - 10/25/2013 2:06:26 PM | Computer Name = TommyMega-HP | Source = WinMgmt | ID = 10
Description =

Error - 10/25/2013 2:12:19 PM | Computer Name = TommyMega-HP | Source = WinMgmt | ID = 10
Description =

Error - 10/25/2013 2:16:28 PM | Computer Name = TommyMega-HP | Source = WinMgmt | ID = 10
Description =

Error - 10/25/2013 2:27:44 PM | Computer Name = TommyMega-HP | Source = WinMgmt | ID = 10
Description =

Error - 10/25/2013 2:33:46 PM | Computer Name = TommyMega-HP | Source = WinMgmt | ID = 10
Description =

[ HP Connection Manager Events ]
Error - 10/24/2013 2:00:16 AM | Computer Name = TommyMega-HP | Source = hpCMSrv | ID = 5
Description = 2013/10/23 23:00:16.536|00001764|Error |CWLAN::SignalStrengthChanged|Fire_SignalStrengthChanged
failed [hr:0x800706BA]

[ System Events ]
Error - 10/25/2013 2:32:18 PM | Computer Name = TommyMega-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
aswRvrt aswSnx aswSP aswTdi aswVmm BHDrvx64 discache IDSVia64 spldr SRTSPX SymIRON SymNetS
Wanarpv6

Error - 10/25/2013 2:32:20 PM | Computer Name = TommyMega-HP | Source = BugCheck | ID = 1005
Description =

Error - 10/25/2013 2:32:20 PM | Computer Name = TommyMega-HP | Source = BugCheck | ID = 1001
Description =

Error - 10/25/2013 2:32:34 PM | Computer Name = TommyMega-HP | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll
Error
Code: 21

Error - 10/25/2013 2:32:38 PM | Computer Name = TommyMega-HP | Source = DCOM | ID = 10005
Description =

Error - 10/25/2013 2:32:45 PM | Computer Name = TommyMega-HP | Source = DCOM | ID = 10005
Description =

Error - 10/25/2013 2:32:50 PM | Computer Name = TommyMega-HP | Source = DCOM | ID = 10005
Description =

Error - 10/25/2013 2:32:51 PM | Computer Name = TommyMega-HP | Source = DCOM | ID = 10005
Description =

Error - 10/25/2013 2:32:50 PM | Computer Name = TommyMega-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 10/25/2013 2:32:50 PM | Computer Name = TommyMega-HP | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >
  • 0

Advertisements


#2
qwiksilvertrav

qwiksilvertrav

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Just a quick bump. Is there anymore information that is needed to get started?
  • 0

#3
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

You posted the extras log, but forgot the main log. Could you please post OTL.txt from C:\Users\Tommy Mega\Desktop\VirusScanners.

It is most likely not malware-related if you did a complete wipe and reinstall. Can you tell me what AVAST found?

I can take a look, but might end up having to send you over to the OS forum, where they are more competent in troubleshooting BSODs. Also, please be aware that you should use the Waiting Room forum instead of bumping your topic, because this often causes it to be overlooked (we look for 0 replies).
  • 0

#4
qwiksilvertrav

qwiksilvertrav

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Sorry about forgetting the log!

And sorry about the bump, I'll make sure to use the waiting room next time.

Here is the log:
OTL logfile created on: 10/25/2013 11:35:42 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Tommy Mega\Desktop\VirusScanners
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.95 Gb Total Physical Memory | 6.98 Gb Available Physical Memory | 87.75% Memory free
15.90 Gb Paging File | 14.92 Gb Available in Paging File | 93.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 683.95 Gb Total Space | 634.84 Gb Free Space | 92.82% Space Free | Partition Type: NTFS
Drive D: | 14.39 Gb Total Space | 1.60 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive F: | 7.20 Gb Total Space | 1.87 Gb Free Space | 25.91% Space Free | Partition Type: FAT32

Computer Name: TOMMYMEGA-HP | User Name: Tommy Mega | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/25 11:35:06 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Tommy Mega\Desktop\VirusScanners\OTL.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV:64bit: - [2013/10/23 23:26:47 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2011/03/15 10:58:38 | 000,203,776 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/03/11 03:23:16 | 000,297,984 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/02/16 22:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2011/01/30 19:22:58 | 000,499,200 | ---- | M] (Red Bend Ltd.) [Auto | Stopped] -- C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent)
SRV:64bit: - [2011/01/30 19:17:08 | 000,885,248 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv)
SRV:64bit: - [2011/01/26 16:01:00 | 000,030,520 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2011/01/05 13:41:38 | 001,515,792 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2011/01/05 13:28:50 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2011/01/05 13:26:56 | 000,836,880 | ---- | M] (Intel® Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2010/10/11 02:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/03/03 03:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2011/03/01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/28 15:08:30 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011/02/17 22:48:24 | 000,265,544 | ---- | M] (HP) [Auto | Stopped] -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe -- (FPLService)
SRV - [2011/02/15 15:48:52 | 001,071,160 | ---- | M] (Hewlett-Packard Development Company L.P.) [On_Demand | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe -- (hpCMSrv)
SRV - [2011/01/12 19:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/12/22 13:25:02 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/22 13:24:58 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/26 07:09:12 | 000,399,344 | ---- | M] (Roxio) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/11/23 19:21:18 | 000,130,000 | R--- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe -- (NIS)
SRV - [2010/11/09 15:20:34 | 000,026,680 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Auto | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/10/23 23:26:47 | 001,032,416 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/10/23 23:26:47 | 000,409,832 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/10/23 23:26:47 | 000,205,320 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/10/23 23:26:47 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/10/23 23:26:47 | 000,084,328 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/10/23 23:26:47 | 000,065,776 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2013/10/23 23:26:47 | 000,065,264 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2013/10/23 23:26:47 | 000,038,984 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2011/09/03 08:52:21 | 000,174,640 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/03/15 11:28:58 | 009,259,520 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/03/15 10:24:40 | 000,301,056 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/11 03:23:16 | 000,521,728 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/02/16 18:11:08 | 000,428,136 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/16 17:46:36 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2011/01/27 09:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdpmd64.sys -- (intelkmd)
DRV:64bit: - [2011/01/26 16:01:00 | 000,043,320 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2011/01/26 16:01:00 | 000,030,008 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2011/01/18 11:16:12 | 000,173,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bpmp.sys -- (bpmp)
DRV:64bit: - [2011/01/18 11:16:06 | 000,081,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bpusb.sys -- (bpusb)
DRV:64bit: - [2011/01/18 11:16:04 | 000,075,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum)
DRV:64bit: - [2011/01/12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011/01/12 17:10:44 | 000,333,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/01/04 11:29:46 | 008,507,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/12/16 19:28:38 | 001,403,440 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/10 14:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/12/10 14:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/30 22:24:00 | 000,382,072 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\symnets.sys -- (SymNetS)
DRV:64bit: - [2010/11/22 21:08:32 | 000,735,864 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/11/22 21:08:32 | 000,040,568 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 20:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/17 19:59:55 | 000,802,864 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2010/11/15 18:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/10/20 19:28:36 | 000,450,608 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1205000.07D\SymDS64.sys -- (SymDS)
DRV:64bit: - [2010/10/19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 02:28:16 | 000,317,440 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/07/28 09:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 14:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 14:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 14:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 13:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 13:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2011/01/06 01:00:00 | 001,791,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110106.003\ex64.sys -- (NAVEX15)
DRV - [2011/01/06 01:00:00 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20110106.003\eng64.sys -- (NAVENG)
DRV - [2010/11/22 21:21:16 | 000,953,904 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/11/10 18:46:29 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20101201.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKLM\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.co...s={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.co...&l=dis&o=HPNTDF
IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo....psg&type=HPNTDF
IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia....h={searchTerms}
IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.co...w={searchTerms}
IE - HKCU\..\SearchScopes\{DD065C6A-C257-4F8A-B51E-6FB5B03F698F}: "URL" = http://www.amazon.co...s={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2013/10/24 00:32:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn\ [2011/09/03 08:52:05 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - Extension: Website Logon = C:\Users\Tommy Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\aepeildmfnnehghlknddebgjghlompfe\1.0_0\
CHR - Extension: Google Docs = C:\Users\Tommy Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\
CHR - Extension: Google Docs = C:\Users\Tommy Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Tommy Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: Google Drive = C:\Users\Tommy Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Tommy Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: YouTube = C:\Users\Tommy Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Tommy Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Search = C:\Users\Tommy Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\Tommy Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Tommy Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Gmail = C:\Users\Tommy Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Gmail = C:\Users\Tommy Mega\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.)
O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24A019DB-F799-4160-AA63-F9C0F4B3E3A7}: DhcpNameServer = 150.100.2.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{434274D5-FBE5-416E-9078-0BE106CEA463}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/25 11:34:57 | 000,000,000 | ---D | C] -- C:\Users\Tommy Mega\Desktop\VirusScanners
[2013/10/24 10:37:40 | 000,000,000 | --SD | C] -- C:\Windows\SysWow64\Microsoft
[2013/10/24 00:34:40 | 000,000,000 | ---D | C] -- C:\Users\Tommy Mega\AppData\Roaming\Hewlett-Packard
[2013/10/24 00:34:22 | 000,000,000 | ---D | C] -- C:\Users\Tommy Mega\AppData\Local\Hewlett-Packard
[2013/10/24 00:34:02 | 000,000,000 | ---D | C] -- C:\Users\Tommy Mega\AppData\Local\Hewlett-Packard_Company
[2013/10/24 00:32:21 | 000,000,000 | ---D | C] -- C:\Users\Tommy Mega\AppData\Local\VirtualStore
[2013/10/24 00:31:50 | 000,000,000 | ---D | C] -- C:\Users\Tommy Mega\AppData\Roaming\Intel
[2013/10/24 00:31:45 | 000,000,000 | --SD | C] -- C:\Users\Tommy Mega\AppData\Roaming\Microsoft
[2013/10/24 00:31:45 | 000,000,000 | R--D | C] -- C:\Users\Tommy Mega\Videos
[2013/10/24 00:31:45 | 000,000,000 | R--D | C] -- C:\Users\Tommy Mega\Saved Games
[2013/10/24 00:31:45 | 000,000,000 | R--D | C] -- C:\Users\Tommy Mega\Pictures
[2013/10/24 00:31:45 | 000,000,000 | R--D | C] -- C:\Users\Tommy Mega\Music
[2013/10/24 00:31:45 | 000,000,000 | R--D | C] -- C:\Users\Tommy Mega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/10/24 00:31:45 | 000,000,000 | R--D | C] -- C:\Users\Tommy Mega\Links
[2013/10/24 00:31:45 | 000,000,000 | R--D | C] -- C:\Users\Tommy Mega\Favorites
[2013/10/24 00:31:45 | 000,000,000 | R--D | C] -- C:\Users\Tommy Mega\Downloads
[2013/10/24 00:31:45 | 000,000,000 | R--D | C] -- C:\Users\Tommy Mega\Documents
[2013/10/24 00:31:45 | 000,000,000 | R--D | C] -- C:\Users\Tommy Mega\Desktop
[2013/10/24 00:31:45 | 000,000,000 | R--D | C] -- C:\Users\Tommy Mega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/10/24 00:31:45 | 000,000,000 | -HSD | C] -- C:\Users\Tommy Mega\AppData\Local\Temporary Internet Files
[2013/10/24 00:31:45 | 000,000,000 | -HSD | C] -- C:\Users\Tommy Mega\Templates
[2013/10/24 00:31:45 | 000,000,000 | -HSD | C] -- C:\Users\Tommy Mega\Start Menu
[2013/10/24 00:31:45 | 000,000,000 | -HSD | C] -- C:\Users\Tommy Mega\SendTo
[2013/10/24 00:31:45 | 000,000,000 | -HSD | C] -- C:\Users\Tommy Mega\Recent
[2013/10/24 00:31:45 | 000,000,000 | -HSD | C] -- C:\Users\Tommy Mega\PrintHood
[2013/10/24 00:31:45 | 000,000,000 | -HSD | C] -- C:\Users\Tommy Mega\NetHood
[2013/10/24 00:31:45 | 000,000,000 | -HSD | C] -- C:\Users\Tommy Mega\Documents\My Videos
[2013/10/24 00:31:45 | 000,000,000 | -HSD | C] -- C:\Users\Tommy Mega\Documents\My Pictures
[2013/10/24 00:31:45 | 000,000,000 | -HSD | C] -- C:\Users\Tommy Mega\Documents\My Music
[2013/10/24 00:31:45 | 000,000,000 | -HSD | C] -- C:\Users\Tommy Mega\My Documents
[2013/10/24 00:31:45 | 000,000,000 | -HSD | C] -- C:\Users\Tommy Mega\Local Settings
[2013/10/24 00:31:45 | 000,000,000 | -HSD | C] -- C:\Users\Tommy Mega\AppData\Local\History
[2013/10/24 00:31:45 | 000,000,000 | -HSD | C] -- C:\Users\Tommy Mega\Cookies
[2013/10/24 00:31:45 | 000,000,000 | -HSD | C] -- C:\Users\Tommy Mega\Application Data
[2013/10/24 00:31:45 | 000,000,000 | -HSD | C] -- C:\Users\Tommy Mega\AppData\Local\Application Data
[2013/10/24 00:31:45 | 000,000,000 | -H-D | C] -- C:\Users\Tommy Mega\AppData
[2013/10/24 00:31:45 | 000,000,000 | ---D | C] -- C:\Users\Tommy Mega\AppData\Local\Temp
[2013/10/24 00:31:45 | 000,000,000 | ---D | C] -- C:\Users\Tommy Mega\Roaming
[2013/10/24 00:31:45 | 000,000,000 | ---D | C] -- C:\Users\Tommy Mega\AppData\Local\Microsoft
[2013/10/24 00:31:45 | 000,000,000 | ---D | C] -- C:\Users\Tommy Mega\AppData\Roaming\Media Center Programs
[2013/10/24 00:29:23 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/10/23 23:36:41 | 000,000,000 | ---D | C] -- C:\Users\Tommy Mega\AppData\Roaming\AVAST Software
[2013/10/23 23:34:34 | 000,409,832 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\kenydmaj.sys
[2013/10/23 23:31:06 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/10/23 23:28:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2013/10/23 23:28:05 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2013/10/23 23:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2013/10/23 23:27:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/10/23 23:27:03 | 000,000,000 | ---D | C] -- C:\Users\Tommy Mega\AppData\Local\Google
[2013/10/23 23:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/10/23 23:26:55 | 001,032,416 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/10/23 23:26:55 | 000,065,264 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/10/23 23:26:54 | 000,409,832 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/10/23 23:26:54 | 000,084,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/10/23 23:26:54 | 000,038,984 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/10/23 23:26:53 | 000,092,544 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/10/23 23:26:49 | 000,334,648 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/10/23 23:26:47 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/10/23 23:26:35 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/10/23 23:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/10/23 23:23:12 | 000,000,000 | ---D | C] -- C:\Users\Tommy Mega\AppData\Roaming\Macromedia
[2013/10/23 23:23:10 | 000,000,000 | ---D | C] -- C:\Users\Tommy Mega\AppData\Roaming\Adobe
[2013/10/23 23:11:49 | 000,000,000 | ---D | C] -- C:\System Recovery Files
[2013/10/23 23:05:14 | 000,000,000 | ---D | C] -- C:\Users\Tommy Mega\Desktop\Backup_2013-10-23 225943
[2013/10/23 23:00:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013/10/23 23:00:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/10/23 22:59:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013/10/23 22:59:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/10/23 22:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2013/10/23 22:49:58 | 000,000,000 | ---D | C] -- C:\Users\Tommy Mega\AppData\Roaming\ATI
[2013/10/23 22:49:58 | 000,000,000 | ---D | C] -- C:\Users\Tommy Mega\AppData\Local\ATI
[2013/10/23 22:48:57 | 000,000,000 | ---D | C] -- C:\Users\Tommy Mega\AppData\Roaming\hpqLog
[2013/10/23 22:48:56 | 000,000,000 | ---D | C] -- C:\Users\Tommy Mega\AppData\Roaming\Intel Corporation
[2013/10/23 22:48:55 | 000,000,000 | ---D | C] -- C:\Users\Tommy Mega\AppData\Roaming\Synaptics
[2013/10/23 22:48:41 | 000,000,000 | R--D | C] -- C:\Users\Tommy Mega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/10/23 22:48:41 | 000,000,000 | R--D | C] -- C:\Users\Tommy Mega\Searches
[2013/10/23 22:48:41 | 000,000,000 | R--D | C] -- C:\Users\Tommy Mega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/10/23 22:48:41 | 000,000,000 | -H-D | C] -- C:\Users\Tommy Mega\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/10/23 22:48:35 | 000,000,000 | ---D | C] -- C:\Users\Tommy Mega\AppData\Roaming\Identities
[2013/10/23 22:48:33 | 000,000,000 | R--D | C] -- C:\Users\Tommy Mega\Contacts
[2013/10/23 22:48:18 | 000,000,000 | ---D | C] -- C:\Users\Tommy Mega\AppData\Local\RemEngine

========== Files - Modified Within 30 Days ==========

[2013/10/25 11:32:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/10/25 11:32:00 | 492,840,918 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/10/25 11:31:56 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/25 11:27:09 | 000,002,279 | ---- | M] () -- C:\Users\Tommy Mega\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/25 11:27:05 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/24 11:00:10 | 000,002,208 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/10/24 10:46:43 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/24 10:46:43 | 000,615,122 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/24 10:46:43 | 000,103,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/24 00:31:54 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2013/10/24 00:31:06 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/10/24 00:30:57 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/10/24 00:30:57 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/10/24 00:04:38 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/23 23:35:31 | 000,000,350 | -H-- | M] () -- C:\Windows\tasks\avast! Emergency Update.job
[2013/10/23 23:34:34 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\kenydmaj.sys
[2013/10/23 23:27:44 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/23 23:26:47 | 001,032,416 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/10/23 23:26:47 | 000,409,832 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/10/23 23:26:47 | 000,334,648 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/10/23 23:26:47 | 000,205,320 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/10/23 23:26:47 | 000,092,544 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2013/10/23 23:26:47 | 000,084,328 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/10/23 23:26:47 | 000,065,776 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/10/23 23:26:47 | 000,065,264 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/10/23 23:26:47 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/10/23 23:26:47 | 000,038,984 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/10/23 23:20:37 | 000,000,554 | ---- | M] () -- C:\Users\Tommy Mega\Desktop\System Recovery Files.lnk
[2013/10/23 23:09:08 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/10/23 23:09:08 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/10/23 23:00:09 | 000,001,437 | ---- | M] () -- C:\Users\Tommy Mega\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

========== Files Created - No Company Name ==========

[2013/10/24 00:34:06 | 000,002,312 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Download Store.lnk
[2013/10/24 00:34:06 | 000,002,278 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk
[2013/10/24 00:34:05 | 000,002,260 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk
[2013/10/24 00:34:05 | 000,002,124 | ---- | C] () -- C:\Users\Public\Desktop\Snapfish.lnk
[2013/10/24 00:31:45 | 000,000,290 | ---- | C] () -- C:\Users\Tommy Mega\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/10/24 00:31:45 | 000,000,272 | ---- | C] () -- C:\Users\Tommy Mega\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/10/24 00:31:06 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/10/24 00:29:16 | 2106,478,591 | -HS- | C] () -- C:\hiberfil.sys
[2013/10/23 23:35:31 | 000,000,350 | -H-- | C] () -- C:\Windows\tasks\avast! Emergency Update.job
[2013/10/23 23:30:58 | 492,840,918 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/10/23 23:28:22 | 000,002,208 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/10/23 23:27:44 | 000,002,279 | ---- | C] () -- C:\Users\Tommy Mega\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/10/23 23:27:44 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/10/23 23:27:11 | 000,000,906 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/10/23 23:27:10 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/10/23 23:26:55 | 000,205,320 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013/10/23 23:26:55 | 000,065,776 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013/10/23 23:20:37 | 000,000,554 | ---- | C] () -- C:\Users\Tommy Mega\Desktop\System Recovery Files.lnk
[2013/10/23 23:00:09 | 000,001,437 | ---- | C] () -- C:\Users\Tommy Mega\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/10/23 22:48:51 | 000,001,409 | ---- | C] () -- C:\Users\Tommy Mega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/10/23 22:48:42 | 000,001,443 | ---- | C] () -- C:\Users\Tommy Mega\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/11/20 20:23:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/11/20 20:24:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/10/23 23:36:41 | 000,000,000 | ---D | M] -- C:\Users\Tommy Mega\AppData\Roaming\AVAST Software
[2013/10/23 22:48:55 | 000,000,000 | ---D | M] -- C:\Users\Tommy Mega\AppData\Roaming\Synaptics

========== Purity Check ==========



< End of report >
  • 0

#5
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
While I review the log, can you tell me what infection AVAST found? Also, have you visited the HP website and updated all the drivers after you reformatted (as well as any drivers for any new hardware that may have been added since the PC was purchased)?

Also, please run this one more scan:


Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#6
qwiksilvertrav

qwiksilvertrav

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
After the wipe I ran a full system scan and it found JS:ScriptIP-inf[Trj] which I had it delete.

No new hardware has been added to the machine since it's been purchased.

And my problem is it will only run stable while in safemode which leads me to believe it's a driver obviously. But when I'm in safemode I'm unable to download and install programs etc I'll have to get them on a memory stick and install that way I guess?

Here is the scan from aswmbr.exe
aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-11-07 11:09:53
-----------------------------
11:09:53.118 OS Version: Windows x64 6.1.7601 Service Pack 1
11:09:53.118 Number of processors: 4 586 0x2A07
11:09:53.118 ComputerName: TOMMYMEGA-HP UserName: Tommy Mega
11:09:55.115 Initialize success
11:09:55.224 AVAST engine defs: 13101500
11:10:03.867 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
11:10:03.867 Disk 0 Vendor: Hitachi_ JE4O Size: 715404MB BusType: 3
11:10:03.976 Disk 0 MBR read successfully
11:10:03.976 Disk 0 MBR scan
11:10:03.976 Disk 0 Windows 7 default MBR code
11:10:03.992 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
11:10:03.992 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 700363 MB offset 409600
11:10:04.023 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14738 MB offset 1434753024
11:10:04.038 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 102 MB offset 1464936448
11:10:04.163 Disk 0 scanning C:\Windows\system32\drivers
11:10:08.188 Service scanning
11:10:29.576 Modules scanning
11:10:29.576 Disk 0 trace - called modules:
11:10:29.607 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys iaStor.sys hal.dll
11:10:29.607 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80082f0060]
11:10:29.607 3 CLASSPNP.SYS[fffff88001a5143f] -> nt!IofCallDriver -> [0xfffffa80081d99c0]
11:10:29.622 5 hpdskflt.sys[fffff88001ddd361] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80080d4050]
11:10:30.964 AVAST engine scan C:\Windows
11:10:33.132 AVAST engine scan C:\Windows\system32
11:11:31.399 AVAST engine scan C:\Windows\system32\drivers
11:11:37.124 AVAST engine scan C:\Users\Tommy Mega
11:12:14.096 Disk 0 MBR has been saved successfully to "C:\Users\Tommy Mega\Desktop\VirusScanners\MBR.dat"
11:12:14.096 The log file has been saved successfully to "C:\Users\Tommy Mega\Desktop\VirusScanners\aswMBR.txt"
  • 0

#7
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Ok. One of the main problems might be that you are running two AVs. This can cause a system to be unstable. The free trial of Norton probably came back with the reinstall, and I would recommend that you remove it. First, uninstall it from the Control Panel -> Programs/Features menu. Then download and run the Norton Removal Tool.

Let me know how it goes.

Also, you should be able to connect to the internet and download drivers in Safe Mode with Networking. However, I think the above may solve the issue.
  • 0

#8
qwiksilvertrav

qwiksilvertrav

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
So far so good!!! Removed Norton completely and it's been installing windows updates in regular mode. Thanks!! I'll post back if it acts up.
  • 0

#9
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Posted Image
  • 0

#10
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP