Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32:Alureon-AXW trojan and Win32:Malware-gen


  • Please log in to reply

#16
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
This is the error we are trying to fix:

Log: 'Application' Date/Time: 19/01/2013 12:19:22 AM
Type: Error Category: 0
Event: 10 Source: Microsoft-Windows-WMI
Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


I see MS took the link down. Let's try this:

Right click on (My) Computer and select Manage (continue) then Services and Applications then Services. Find:

Windows Management Instrumentation Service
Right click on it and select Properties.
Stop the service.

Minimize the services window.

Copy the next 6 lines:

c:
md \backupres
cd \windows\system32\wbem\repository
move *.* \backupres
move * \backupres
exit


Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Close the command window if it doesn't close itself.

Go back to the services window. Start Windows Management Instrumentation Service

Also start Security Center, and IP Helper. Close the services window then clear the alarms and reboot:


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.


2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* Application
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply.

I would install the latest reader regardless of what the download called itself. Sometimes the programers get lazy and reuse the labels.

How is it running now?
  • 0

Advertisements


#17
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Something happened after I copied the log from adwcleaner. My computer went to a blue screen saying it had to shut down. I choose safe mode. I think it was saying something about a driver IRQ maybe. I couldn't read it fast enough.
  • 0

#18
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Download BlueScreenView
http://www.nirsoft.n...creen_view.html

Double click on BlueScreenView.exe file to run the program.
When scanning is done, go Edit, Select All.

Go File, Save Selected Items, and save the report as BSOD.txt.
Open BSOD.txt in Notepad, copy all content, and paste it into your next reply.
  • 0

#19
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
==================================================
Dump File : Mini011813-02.dmp
Crash Time : 1/18/2013 9:06:01 PM
Bug Check String : DRIVER_IRQL_NOT_LESS_OR_EQUAL
Bug Check Code : 0x000000d1
Parameter 1 : 00000000`00000028
Parameter 2 : 00000000`00000002
Parameter 3 : 00000000`00000000
Parameter 4 : fffffa60`0187b65f
Caused By Driver : tcpip.sys
Caused By Address : tcpip.sys+7965f
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+57ad0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini011813-02.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 274,576
==================================================

==================================================
Dump File : Mini011813-01.dmp
Crash Time : 1/18/2013 4:06:54 PM
Bug Check String : SYSTEM_THREAD_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x1000007e
Parameter 1 : ffffffff`c0000005
Parameter 2 : fffff800`023913a0
Parameter 3 : fffffa60`021e0908
Parameter 4 : fffffa60`021e02e0
Caused By Driver : CLFS.SYS
Caused By Address : CLFS.SYS+1b85b40
File Description :
Product Name :
Company :
File Version :
Processor : x64
Crash Address : ntoskrnl.exe+1353a0
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\Mini011813-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 6002
Dump File Size : 274,576
==================================================
  • 0

#20
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Copy the text in the code box:

/md5start
clfs.sys
tcpip.sys
ntoskrnl.exe
/md5stop



Paste (Ctrl + v) the copied text in the box where it says Custom Scan/Fixes

then Run Scan.

You should get 1 log. Please copy and paste it.
  • 0

#21
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
OTL logfile created on: 1/18/2013 10:10:07 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Jeannene\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.90 Gb Total Physical Memory | 2.22 Gb Available Physical Memory | 56.80% Memory free
8.01 Gb Paging File | 6.01 Gb Available in Paging File | 75.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 286.41 Gb Total Space | 152.77 Gb Free Space | 53.34% Space Free | Partition Type: NTFS
Drive D: | 11.68 Gb Total Space | 1.90 Gb Free Space | 16.25% Space Free | Partition Type: NTFS
Drive G: | 3.68 Gb Total Space | 3.58 Gb Free Space | 97.38% Space Free | Partition Type: FAT32

Computer Name: LAPTOP2 | User Name: Jeannene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/01/18 13:59:59 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/01/13 08:42:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeannene\Desktop\OTL.exe
PRC - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/10/30 17:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/09/26 07:37:44 | 000,060,512 | ---- | M] (NirSoft) -- C:\Program Files (x86)\NirSoft\BlueScreenView\BlueScreenView.exe
PRC - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/03/09 18:54:12 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2009/01/29 16:20:49 | 000,057,344 | ---- | M] (SlySoft, Inc.) -- C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/18 13:59:58 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/07/28 17:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 17:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/01/06 23:35:13 | 005,971,408 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2012/07/11 12:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)
SRV:64bit: - [2009/01/28 07:15:24 | 000,290,304 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_7477fb4c\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008/11/17 13:22:44 | 000,088,576 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_7477fb4c\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2008/08/26 08:02:20 | 000,016,896 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
SRV:64bit: - [2008/03/18 17:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV:64bit: - [2008/01/20 20:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/01/18 20:22:43 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/18 13:59:58 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/18 08:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009/03/29 22:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/09 18:54:12 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2009/02/24 16:04:52 | 000,116,104 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2009/02/04 16:57:06 | 000,296,320 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/10/30 17:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012/10/30 17:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012/10/30 17:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012/10/30 17:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/10/30 17:51:55 | 000,044,272 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (AswRdr)
DRV:64bit: - [2012/10/30 17:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012/08/27 15:05:45 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012/02/29 07:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/07/22 10:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 15:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2010/06/30 02:27:08 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2009/09/08 02:40:28 | 000,152,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssecmdm.sys -- (ssecmdm)
DRV:64bit: - [2009/09/08 02:40:28 | 000,113,664 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssecbus.sys -- (ssecbus)
DRV:64bit: - [2009/09/08 02:40:28 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssecmdfl.sys -- (ssecmdfl)
DRV:64bit: - [2009/06/27 14:42:27 | 002,041,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys -- (BCM43XX)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/05/09 01:14:20 | 000,015,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NuidFltr.sys -- (NuidFltr)
DRV:64bit: - [2009/02/25 07:53:26 | 000,137,056 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2009/02/17 11:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009/01/28 07:16:06 | 000,473,088 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008/12/30 06:18:40 | 000,068,608 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008/12/03 07:21:52 | 000,184,832 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2008/11/21 11:05:22 | 001,253,376 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2008/10/28 03:33:30 | 008,039,808 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys -- (igfx)
DRV:64bit: - [2008/06/04 11:55:16 | 000,129,536 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2008/03/27 13:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008/03/27 13:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008/01/31 17:23:14 | 000,195,120 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2008/01/20 20:47:28 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/20 20:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:64bit: - [2008/01/20 20:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007/06/18 17:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2007/02/15 18:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:64bit: - [2006/10/03 19:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2007/02/15 18:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2003/09/15 10:57:35 | 000,009,728 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDIO.sys -- (ElbyCDIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{66D6D3B3-3F04-4A04-B274-6301C0874A87}: "URL" = http://search.live.c...ms}&FORM=HPNTDF
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...avilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{66D6D3B3-3F04-4A04-B274-6301C0874A87}: "URL" = http://search.live.c...ms}&FORM=HPNTDF

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.startpage.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{018FD540-75AB-4000-A206-65664BBD9E54}: "URL" = http://search.avg.co...e}&iy=&ychte=us
IE - HKCU\..\SearchScopes\{3730E888-30A1-43FA-A6D2-509427C0CB46}: "URL" = http://www.amazon.co...y={searchTerms}
IE - HKCU\..\SearchScopes\{66D6D3B3-3F04-4A04-B274-6301C0874A87}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jeannene\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jeannene\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2009/06/01 00:24:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/18 19:10:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/01/13 12:06:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/18 14:00:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/16 16:03:32 | 000,000,000 | ---D | M]

[2012/12/28 22:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeannene\AppData\Roaming\Mozilla\Extensions
[2013/01/18 15:15:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions
[2011/09/22 14:00:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jeannene\AppData\Roaming\Mozilla\Firefox\Profiles\02xbszlb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/12/28 22:41:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/01/13 12:06:23 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013/01/18 14:00:00 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013/01/18 13:59:56 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/01/18 13:59:56 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url =
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jeannene\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jeannene\AppData\Local\Google\Chrome\Application\24.0.1312.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jeannene\AppData\Local\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jeannene\AppData\Local\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jeannene\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Entanglement = C:\Users\Jeannene\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.7.9_0\
CHR - Extension: avast! WebRep = C:\Users\Jeannene\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Poppit = C:\Users\Jeannene\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Jeannene\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2013/01/18 17:16:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: amazon.com ([payments] https in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{36E75DF6-6745-4FA5-953C-181729413414}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B7054C4-04E4-4870-8ED3-5CC837DC262C}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Jeannene\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jeannene\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/01/18 21:41:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NirSoft
[2013/01/18 21:30:17 | 000,000,000 | ---D | C] -- C:\backupres
[2013/01/18 20:02:35 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/01/18 18:33:00 | 000,350,915 | ---- | C] (Farbar) -- C:\Users\Jeannene\Desktop\FSS.exe
[2013/01/18 18:19:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/01/18 17:45:00 | 000,000,000 | ---D | C] -- C:\Users\Jeannene\AppData\Roaming\Malwarebytes
[2013/01/18 17:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/01/18 17:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/01/18 17:44:45 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/01/18 17:44:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/01/18 17:42:21 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jeannene\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/18 17:22:40 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jeannene\Desktop\tdsskiller.exe
[2013/01/18 17:19:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/01/18 17:04:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/01/18 17:04:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/01/18 17:04:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/01/18 16:57:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/01/18 16:57:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/01/18 16:55:12 | 005,023,971 | R--- | C] (Swearware) -- C:\Users\Jeannene\Desktop\ComboFix.exe
[2013/01/18 15:08:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/01/18 14:00:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/01/18 14:00:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/01/16 19:20:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EMET
[2013/01/13 16:33:52 | 000,000,000 | ---D | C] -- C:\Users\Jeannene\AppData\Roaming\SUPERAntiSpyware.com
[2013/01/13 16:33:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/01/13 16:33:41 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/01/13 12:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013/01/13 12:06:40 | 000,370,288 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2013/01/13 12:06:40 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2013/01/13 12:06:38 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2013/01/13 12:06:38 | 000,044,272 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2013/01/13 12:06:37 | 000,984,144 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2013/01/13 12:06:36 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013/01/13 12:06:36 | 000,071,600 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2013/01/13 12:06:16 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2013/01/13 12:06:16 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013/01/13 12:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013/01/13 12:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/01/13 08:41:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jeannene\Desktop\OTL.exe
[2013/01/11 21:33:14 | 000,000,000 | ---D | C] -- C:\Users\Jeannene\AppData\Local\MFAData
[2013/01/11 21:33:14 | 000,000,000 | ---D | C] -- C:\Users\Jeannene\AppData\Local\Avg2013
[2012/12/27 06:21:12 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/27 06:21:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012/12/25 20:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012/12/25 17:42:35 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll
[2012/12/25 17:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Wincert
[2012/12/21 03:00:49 | 000,368,128 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/21 03:00:49 | 000,048,128 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/21 03:00:49 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/21 03:00:48 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/01/18 21:41:09 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/01/18 21:41:09 | 000,595,684 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/01/18 21:41:09 | 000,101,350 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/01/18 21:33:14 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/18 21:33:14 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/18 21:33:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/01/18 21:33:04 | 4193,210,368 | -HS- | M] () -- C:\hiberfil.sys
[2013/01/18 21:05:39 | 460,698,381 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/01/18 20:58:37 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/18 20:52:20 | 000,574,677 | ---- | M] () -- C:\Users\Jeannene\Desktop\adwcleaner.exe
[2013/01/18 20:22:43 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/18 20:22:42 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/18 20:19:01 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3282985124-3251388849-2966862995-1000UA.job
[2013/01/18 20:03:27 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/01/18 18:33:01 | 000,350,915 | ---- | M] (Farbar) -- C:\Users\Jeannene\Desktop\FSS.exe
[2013/01/18 18:24:01 | 000,061,440 | ---- | M] ( ) -- C:\Users\Jeannene\Desktop\VEW.exe
[2013/01/18 18:18:53 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJeannene.job
[2013/01/18 17:44:46 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/18 17:42:41 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jeannene\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/18 17:22:49 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jeannene\Desktop\tdsskiller.exe
[2013/01/18 17:16:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/01/18 16:55:22 | 005,023,971 | R--- | M] (Swearware) -- C:\Users\Jeannene\Desktop\ComboFix.exe
[2013/01/18 15:14:07 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/01/18 15:14:01 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/01/17 17:40:07 | 000,000,732 | ---- | M] () -- C:\Users\Jeannene\AppData\Local\d3d9caps64.dat
[2013/01/16 16:22:16 | 000,002,059 | ---- | M] () -- C:\Users\Jeannene\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/16 16:22:16 | 000,002,057 | ---- | M] () -- C:\Users\Jeannene\Desktop\Google Chrome.lnk
[2013/01/13 16:52:40 | 005,636,096 | ---- | M] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2013/01/13 16:52:39 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2013/01/13 16:52:39 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2013/01/13 16:33:49 | 000,001,655 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/01/13 12:06:41 | 000,006,756 | ---- | M] () -- C:\Users\Jeannene\AppData\Local\d3d9caps.dat
[2013/01/13 08:42:38 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jeannene\Desktop\OTL.exe
[2013/01/11 21:14:37 | 000,313,648 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/09 14:04:59 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3282985124-3251388849-2966862995-1000Core.job
[2013/01/07 21:29:06 | 000,010,258 | ---- | M] () -- C:\Users\Jeannene\AppData\Roaming\wklnhst.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/01/18 21:33:04 | 4193,210,368 | -HS- | C] () -- C:\hiberfil.sys
[2013/01/18 20:52:18 | 000,574,677 | ---- | C] () -- C:\Users\Jeannene\Desktop\adwcleaner.exe
[2013/01/18 20:22:44 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/01/18 18:23:41 | 000,061,440 | ---- | C] ( ) -- C:\Users\Jeannene\Desktop\VEW.exe
[2013/01/18 17:44:46 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/01/18 17:04:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/01/18 17:04:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/01/18 17:04:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/01/18 17:04:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/01/18 17:04:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/01/18 16:06:08 | 460,698,381 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/01/13 16:51:24 | 005,636,096 | ---- | C] () -- C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
[2013/01/13 16:51:24 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
[2013/01/13 16:51:24 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
[2013/01/13 16:33:49 | 000,001,655 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/01/13 12:06:41 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/01/13 12:06:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013/01/11 17:11:51 | 000,000,732 | ---- | C] () -- C:\Users\Jeannene\AppData\Local\d3d9caps64.dat
[2012/08/27 15:38:00 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009/09/17 23:03:21 | 000,010,258 | ---- | C] () -- C:\Users\Jeannene\AppData\Roaming\wklnhst.dat
[2009/08/23 18:17:12 | 003,110,453 | ---- | C] () -- C:\Users\Jeannene\Burning CDGs From Any Drive.zip
[2009/08/17 23:22:08 | 000,006,756 | ---- | C] () -- C:\Users\Jeannene\AppData\Local\d3d9caps.dat
[2009/07/26 14:34:25 | 000,020,480 | ---- | C] () -- C:\Users\Jeannene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2006/11/02 09:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 11:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 01:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 20:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll

========== Custom Scans ==========

< MD5 for: CLFS.SYS >
[2009/05/31 23:02:20 | 000,333,368 | ---- | M] (Microsoft Corporation) MD5=27F30303FC02E12A0FCE16645DEED45F -- C:\Windows\winsxs\amd64_microsoft-windows-commonlog_31bf3856ad364e35_6.0.6000.20788_none_d8f61745fc1a3044\clfs.sys
[2009/04/11 01:15:33 | 000,361,448 | ---- | M] (Microsoft Corporation) MD5=3DCA9A18B204939CFB24BEA53E31EB48 -- C:\Windows\SysNative\clfs.sys
[2009/04/11 01:15:33 | 000,361,448 | ---- | M] (Microsoft Corporation) MD5=3DCA9A18B204939CFB24BEA53E31EB48 -- C:\Windows\winsxs\amd64_microsoft-windows-commonlog_31bf3856ad364e35_6.0.6002.18005_none_dc8caf3cdd0b4277\clfs.sys
[2008/01/20 20:24:56 | 000,333,368 | ---- | M] (Microsoft Corporation) MD5=684DE0791D989A03F7CFF7DFAE58539F -- C:\Windows\winsxs\amd64_microsoft-windows-commonlog_31bf3856ad364e35_6.0.6000.16609_none_d8c3fa24e2baca49\clfs.sys
[2008/01/20 20:24:56 | 000,333,368 | ---- | M] (Microsoft Corporation) MD5=A78E7CE7FA65AA85C6F920E0E1D45A5B -- C:\Windows\winsxs\amd64_microsoft-windows-commonlog_31bf3856ad364e35_6.0.6000.20734_none_d92825b9fbf53f33\clfs.sys
[2009/05/31 23:02:20 | 000,363,064 | ---- | M] (Microsoft Corporation) MD5=C12C4EE07843B595036DA0BAA6317936 -- C:\Windows\winsxs\amd64_microsoft-windows-commonlog_31bf3856ad364e35_6.0.6001.22132_none_db0c63cbf91d9d76\clfs.sys
[2008/01/20 20:50:46 | 000,363,064 | ---- | M] (Microsoft Corporation) MD5=CAEDA2572B7042B11062F327F099251D -- C:\Windows\winsxs\amd64_microsoft-windows-commonlog_31bf3856ad364e35_6.0.6001.18000_none_daa13630dfe9772b\clfs.sys

< MD5 for: NTOSKRNL.EXE >
[2009/08/05 08:12:46 | 004,682,824 | ---- | M] (Microsoft Corporation) MD5=0170600F2A613CE3E8CC2B66A6DC7885 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22489_none_c88b22db85d6de74\ntoskrnl.exe
[2009/08/05 08:56:15 | 004,691,016 | ---- | M] (Microsoft Corporation) MD5=043EB4B7C74C189E06584411B2C9EB8F -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18304_none_c85303fe6c7ce06f\ntoskrnl.exe
[2010/06/08 12:10:22 | 004,688,256 | ---- | M] (Microsoft Corporation) MD5=04C706018E9F0A2C835A427A8AB6EBA1 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22420_none_caa9776382d49f58\ntoskrnl.exe
[2009/08/05 08:09:23 | 004,693,576 | ---- | M] (Microsoft Corporation) MD5=0DD0FCFB9609403352FF75656826E82F -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22191_none_ca5ec287830c84d1\ntoskrnl.exe
[2012/08/29 05:40:01 | 004,699,520 | ---- | M] (Microsoft Corporation) MD5=1A14913D51571403CF8A3941BDC3BA67 -- C:\Windows\erdnt\cache64\ntoskrnl.exe
[2012/08/29 05:40:01 | 004,699,520 | ---- | M] (Microsoft Corporation) MD5=1A14913D51571403CF8A3941BDC3BA67 -- C:\Windows\SysNative\ntoskrnl.exe
[2012/08/29 05:40:01 | 004,699,520 | ---- | M] (Microsoft Corporation) MD5=1A14913D51571403CF8A3941BDC3BA67 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18686_none_c9e5027e69e236b3\ntoskrnl.exe
[2009/04/11 01:15:36 | 004,699,608 | ---- | M] (Microsoft Corporation) MD5=1B60CCC70788044404EEFBBB389FC111 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18005_none_ca3a763069a24eea\ntoskrnl.exe
[2009/05/31 23:15:42 | 004,694,584 | ---- | M] (Microsoft Corporation) MD5=247A2AAF7E5189716192EE19EC6EC6FB -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18145_none_c828c0cc6c9c6f3c\ntoskrnl.exe
[2010/10/15 08:02:22 | 004,689,808 | ---- | M] (Microsoft Corporation) MD5=255A6D981139EFEF605A88E003D1B2A2 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22505_none_cac41a9382bfe350\ntoskrnl.exe
[2009/05/31 23:17:33 | 004,694,584 | ---- | M] (Microsoft Corporation) MD5=2850680962ECC6C6D26EEE9F2FA58BE6 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22258_none_c8aa8e8985bf76fc\ntoskrnl.exe
[2009/05/31 23:15:43 | 004,429,368 | ---- | M] (Microsoft Corporation) MD5=2A87B3D380E3800BF247D82E58F0FCBA -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16754_none_c636b1f06f7ee0e5\ntoskrnl.exe
[2010/06/08 11:18:30 | 004,675,976 | ---- | M] (Microsoft Corporation) MD5=31F137EEB5121654A9448904D89209A2 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22707_none_c8dfa7598597c3b3\ntoskrnl.exe
[2012/08/29 05:40:01 | 004,686,208 | ---- | M] (Microsoft Corporation) MD5=34C970A45CCC0D65A4A0F8D306E12844 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22920_none_caa980e182d4911b\ntoskrnl.exe
[2010/10/15 08:02:22 | 004,678,032 | ---- | M] (Microsoft Corporation) MD5=3A22B135BC4341025E19B9ADFB26C02A -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22777_none_c893f7e585d0874a\ntoskrnl.exe
[2010/10/15 08:02:22 | 004,699,024 | ---- | M] (Microsoft Corporation) MD5=4065E920FB6ED05B5F62A1FB6908C6C5 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18327_none_ca26dc9e69b0b0ef\ntoskrnl.exe
[2010/02/18 09:01:52 | 004,690,832 | ---- | M] (Microsoft Corporation) MD5=413D579C2CDEF19CD842F4DF4A90C4ED -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18427_none_c84066ea6c8a617d\ntoskrnl.exe
[2009/12/08 15:05:14 | 004,412,504 | ---- | M] (Microsoft Corporation) MD5=46B167601033C2DB4E1A727569A8CA31 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21175_none_c6ab8b1b88abff78\ntoskrnl.exe
[2009/12/08 15:09:06 | 004,425,304 | ---- | M] (Microsoft Corporation) MD5=5183EBE8114DA62A532E275CFB3729CC -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16973_none_c620159a6f8ff9be\ntoskrnl.exe
[2009/05/31 23:15:42 | 004,694,584 | ---- | M] (Microsoft Corporation) MD5=5E31190EF331709EAB9FB66C3683540B -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22269_none_c8a0bee785c6ac44\ntoskrnl.exe
[2009/08/05 09:14:15 | 004,412,488 | ---- | M] (Microsoft Corporation) MD5=5E99FFD02816FF54247294C7C9C003B9 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21101_none_c6f339678876d685\ntoskrnl.exe
[2009/06/27 15:28:26 | 004,691,424 | ---- | M] (Microsoft Corporation) MD5=65252FED486E5BF1E384CA65C16148C7 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22389_none_c88b20f585d6e14d\ntoskrnl.exe
[2008/01/20 20:49:27 | 004,694,072 | ---- | M] (Microsoft Corporation) MD5=6760643D6400CA78640E9DD3824115B1 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18000_none_c84efd246c80839e\ntoskrnl.exe
[2009/12/08 15:13:24 | 004,678,232 | ---- | M] (Microsoft Corporation) MD5=6DC7FC9EB17EF1CB809AED351DE91DB9 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22577_none_c893f41985d08cfc\ntoskrnl.exe
[2009/05/31 23:08:26 | 004,694,584 | ---- | M] (Microsoft Corporation) MD5=6DEA6827709FC6F047580111651DFF02 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18063_none_c8111e7a6cae7749\ntoskrnl.exe
[2012/04/03 02:22:15 | 004,699,520 | ---- | M] (Microsoft Corporation) MD5=7180984A68411B9D2F2495E03561B47E -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18607_none_ca3c822869a07082\ntoskrnl.exe
[2010/02/18 08:28:01 | 004,697,992 | ---- | M] (Microsoft Corporation) MD5=72FD908E7D1F176C00F1EF8F3D1445B0 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18209_none_ca3e7b24699eae94\ntoskrnl.exe
[2010/10/15 08:02:22 | 004,692,368 | ---- | M] (Microsoft Corporation) MD5=760A67A51D409EB396D1942D5555435C -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18538_none_c836992e6c9193ec\ntoskrnl.exe
[2010/06/08 12:00:36 | 004,697,992 | ---- | M] (Microsoft Corporation) MD5=825926D6AD714A529F4069D9EBBD1D3B -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18267_none_c9fb9b0869d1238c\ntoskrnl.exe
[2009/06/27 15:28:28 | 004,427,232 | ---- | M] (Microsoft Corporation) MD5=8B3095B00E832ABFC7047A04E681CCDE -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16830_none_c64852866f7240ce\ntoskrnl.exe
[2010/02/18 09:05:21 | 004,424,072 | ---- | M] (Microsoft Corporation) MD5=8E3658ABC4A2053DBEA37C84E416DEB5 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.17021_none_c653fcc46f696e9d\ntoskrnl.exe
[2009/08/04 06:47:29 | 004,698,168 | ---- | M] (Microsoft Corporation) MD5=8E43DA6C8040C68446AA4B5D84C8127A -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18082_none_c9e0f5f269e5e26d\ntoskrnl.exe
[2009/12/08 14:22:09 | 004,698,184 | ---- | M] (Microsoft Corporation) MD5=9668520760E72E1B1B9EDFB7BFB6A691 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18160_none_c9f4971c69d77504\ntoskrnl.exe
[2009/05/31 23:08:26 | 004,694,584 | ---- | M] (Microsoft Corporation) MD5=A1DC0EFF401FE35688F1046F10BEE5BF -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22167_none_c89ebc6d85c87c6f\ntoskrnl.exe
[2011/06/20 02:45:17 | 004,699,536 | ---- | M] (Microsoft Corporation) MD5=A26DE9288D67E4EAC2D1205043AFD430 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.18484_none_c9e2fe1e69e409b7\ntoskrnl.exe
[2010/02/18 08:22:01 | 004,690,304 | ---- | M] (Microsoft Corporation) MD5=AE0C10C55347383C0CD6CFF3F4794FD7 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22341_none_ca94d5ef82e3f36a\ntoskrnl.exe
[2010/02/18 09:10:08 | 004,411,272 | ---- | M] (Microsoft Corporation) MD5=AF706D838B59A6C30D8B46C5C2D9D2FD -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21226_none_c6e29ce788828a41\ntoskrnl.exe
[2012/04/03 02:22:16 | 004,687,232 | ---- | M] (Microsoft Corporation) MD5=B59E026F49BF06B435795F867AD46009 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22831_none_ca9faf5982dbc93c\ntoskrnl.exe
[2010/02/18 09:04:01 | 004,678,032 | ---- | M] (Microsoft Corporation) MD5=C0EC74895F90E5E788061C7F305F57D1 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.22636_none_c8be356585b10108\ntoskrnl.exe
[2009/08/05 09:07:10 | 004,425,288 | ---- | M] (Microsoft Corporation) MD5=C53B06CB817845873A3D32C1BAD33727 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.16901_none_c669c47a6f590379\ntoskrnl.exe
[2009/12/08 14:05:33 | 004,691,528 | ---- | M] (Microsoft Corporation) MD5=CBA7366E93C4DCAA62005A177EEC2FCE -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22283_none_ca6b94ed830298b5\ntoskrnl.exe
[2009/06/27 15:28:28 | 004,413,936 | ---- | M] (Microsoft Corporation) MD5=CC172711FF2FCE0673321A951B02C379 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.21023_none_c6df983d888543ee\ntoskrnl.exe
[2010/06/08 11:47:14 | 004,690,832 | ---- | M] (Microsoft Corporation) MD5=CCCD9EE56C92778385A3E715DC3D5ABF -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18488_none_c80087ac6cba227a\ntoskrnl.exe
[2011/06/20 02:45:17 | 004,688,784 | ---- | M] (Microsoft Corporation) MD5=D14B8C4AB6C05B89D430D3911FE2833B -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6002.22662_none_ca803c1382f33c18\ntoskrnl.exe
[2009/12/08 14:59:29 | 004,691,032 | ---- | M] (Microsoft Corporation) MD5=E50C900C7F479886F26FA60ADBEE5852 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18377_none_c80a55686cb2f00b\ntoskrnl.exe
[2009/06/27 15:28:26 | 004,692,448 | ---- | M] (Microsoft Corporation) MD5=ED97E8551F0B1844250ED1B07393B10D -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6001.18226_none_c83f62d46c8b4dd8\ntoskrnl.exe
[2009/05/31 23:15:42 | 004,416,056 | ---- | M] (Microsoft Corporation) MD5=EFAAC7A874B65DF3F26B5092291D4859 -- C:\Windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.0.6000.20921_none_c6ddbf878886ddfe\ntoskrnl.exe

< MD5 for: TCPIP.SYS >
[2010/06/16 11:14:29 | 001,424,264 | ---- | M] (Microsoft Corporation) MD5=0011810B5211FDACD784DE585262ECFE -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22425_none_119c298735134c99\tcpip.sys
[2010/04/06 02:35:06 | 001,423,752 | ---- | M] (Microsoft Corporation) MD5=150C1A66A7094F84560519261A309BC6 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22377_none_11681899353a0dd5\tcpip.sys
[2011/06/17 14:14:30 | 001,424,272 | ---- | M] (Microsoft Corporation) MD5=19A7321E3A5F1DDB215D2815DCC8F8E4 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22662_none_116decc535366aa6\tcpip.sys
[2011/09/20 15:06:18 | 001,426,304 | ---- | M] (Microsoft Corporation) MD5=2CC45D932BD193CD4117321D469AD6B2 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18519_none_1121619c1be9f088\tcpip.sys
[2009/12/08 12:22:57 | 001,199,616 | ---- | M] (Microsoft Corporation) MD5=2F822AF5E70467F827F5B4010A7FD57F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16973_none_bb7549d64ac6920e\tcpip.sys
[2010/02/18 09:01:57 | 001,420,688 | ---- | M] (Microsoft Corporation) MD5=30C4ABC8075DEA44D7E775D434AF1753 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18427_none_0f2e179c1ecd900b\tcpip.sys
[2009/08/14 08:44:27 | 001,200,640 | ---- | M] (Microsoft Corporation) MD5=34B30202AECCB530FDDC6C6CCFA2FB46 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.16908_none_bbc5fabc4a894d2a\tcpip.sys
[2010/02/18 06:25:21 | 001,200,640 | ---- | M] (Microsoft Corporation) MD5=396CF3FD8D2A4FDF55570C01894DB9DF -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.17021_none_bba931004aa006ed\tcpip.sys
[2009/08/14 12:05:16 | 001,418,840 | ---- | M] (Microsoft Corporation) MD5=3BCD46BE9988B09D3510A0EF54F0D65B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18311_none_0f32e3e61ecadee9\tcpip.sys
[2010/02/18 09:04:06 | 001,414,032 | ---- | M] (Microsoft Corporation) MD5=4680D08A2E8A2509CD9B751D7AF59606 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys
[2012/03/30 06:45:03 | 001,423,744 | ---- | M] (Microsoft Corporation) MD5=46D448E9117464E4D3BBF36D7E3FA48E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18604_none_112731fc1be6530b\tcpip.sys
[2010/02/18 08:22:15 | 001,423,752 | ---- | M] (Microsoft Corporation) MD5=4AD4600DF1F09EE7462152C061B683C8 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22341_none_118286a1352721f8\tcpip.sys
[2011/06/17 14:14:30 | 001,427,344 | ---- | M] (Microsoft Corporation) MD5=4DAD14118FBCF7C609F2A4CE21FBCC5F -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18484_none_10d0aed01c273845\tcpip.sys
[2011/09/20 15:06:18 | 001,423,744 | ---- | M] (Microsoft Corporation) MD5=73BED5067ED53A9DF05FA8EAB42578D0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22719_none_11ab004d35078d79\tcpip.sys
[2009/08/14 10:42:31 | 001,413,208 | ---- | M] (Microsoft Corporation) MD5=74B776CA1B328095FE23A3306B1613A3 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_0f6c030d3823f645\tcpip.sys
[2008/01/20 20:51:16 | 001,421,368 | ---- | M] (Microsoft Corporation) MD5=7A1183FBB802F5ABAD7FA18BC67E0858 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18000_none_0f3cadd61ec3b22c\tcpip.sys
[2010/02/18 06:27:40 | 001,198,080 | ---- | M] (Microsoft Corporation) MD5=7B0B928E318CADC23C87226BE0A1097D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21226_none_bc37d12363b92291\tcpip.sys
[2010/06/16 10:40:37 | 001,420,176 | ---- | M] (Microsoft Corporation) MD5=7D86275FB640011B372FD566C0EAFA8D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18493_none_0ede67001f09ee46\tcpip.sys
[2009/12/08 14:59:37 | 001,418,840 | ---- | M] (Microsoft Corporation) MD5=8C94F5E4F9DE14A495BAA86F643CF31D -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18377_none_0ef8061a1ef61e99\tcpip.sys
[2009/05/31 23:08:26 | 001,421,368 | ---- | M] (Microsoft Corporation) MD5=8E041924441FF8755E5B4F135C8C3767 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_0efecf2c1ef1a5d7\tcpip.sys
[2010/04/05 11:13:35 | 001,414,024 | ---- | M] (Microsoft Corporation) MD5=8E7CD6BA2F09B46CE72D308F166C0B12 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22665_none_0f8a7609380d6a12\tcpip.sys
[2010/06/16 11:11:35 | 001,426,816 | ---- | M] (Microsoft Corporation) MD5=973658A2EA9C06B2976884B9046DFC6C -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18272_none_10d97a5c1c20ef58\tcpip.sys
[2009/04/11 01:15:48 | 001,426,408 | ---- | M] (Microsoft Corporation) MD5=99D07AD0EF2C535610F6573C29BC045E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18005_none_112826e21be57d78\tcpip.sys
[2009/08/14 10:39:38 | 001,425,992 | ---- | M] (Microsoft Corporation) MD5=A7BFF59C2F610F62E6C292074FF36A1E -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18091_none_10c2d66e1c321395\tcpip.sys
[2012/03/30 06:45:03 | 001,422,720 | ---- | M] (Microsoft Corporation) MD5=AC8D5728E6AD6A7C4819D9A67008337A -- C:\Windows\erdnt\cache64\tcpip.sys
[2012/03/30 06:45:03 | 001,422,720 | ---- | M] (Microsoft Corporation) MD5=AC8D5728E6AD6A7C4819D9A67008337A -- C:\Windows\SysNative\drivers\tcpip.sys
[2012/03/30 06:45:03 | 001,422,720 | ---- | M] (Microsoft Corporation) MD5=AC8D5728E6AD6A7C4819D9A67008337A -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22828_none_119f31fd35108d3a\tcpip.sys
[2010/02/18 08:28:06 | 001,427,336 | ---- | M] (Microsoft Corporation) MD5=B4B7B375FDD672AF79B0CBE9B9A48B47 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18209_none_112c2bd61be1dd22\tcpip.sys
[2009/12/08 12:21:46 | 001,196,032 | ---- | M] (Microsoft Corporation) MD5=BB6FB43B431CCAD6FC367648C87205C0 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21175_none_bc00bf5763e297c8\tcpip.sys
[2009/12/08 15:13:33 | 001,411,656 | ---- | M] (Microsoft Corporation) MD5=D1A6D398865E0686533E13DD2558D64B -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22577_none_0f81a4cb3813bb8a\tcpip.sys
[2010/06/16 17:28:33 | 001,414,544 | ---- | M] (Microsoft Corporation) MD5=D43D5336BE9DD93E02EE124297295713 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys
[2009/08/14 10:32:21 | 001,424,952 | ---- | M] (Microsoft Corporation) MD5=D45D67A18C9FD4CC637BC9D4585C0646 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22200_none_11acc42135079bb6\tcpip.sys
[2009/08/15 16:55:23 | 001,196,032 | ---- | M] (Microsoft Corporation) MD5=D4E30E6BADFF21865C3A075457CF9C00 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip_31bf3856ad364e35_6.0.6000.21108_none_bc4f6fa963a72036\tcpip.sys
[2009/12/08 14:22:19 | 001,425,480 | ---- | M] (Microsoft Corporation) MD5=E52F99B1160A1A1DE83223379D2C1828 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.18160_none_10e247ce1c1aa392\tcpip.sys
[2009/12/08 14:04:59 | 001,423,944 | ---- | M] (Microsoft Corporation) MD5=EE84432AD7DCADE2931528C319C55097 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6002.22283_none_1159459f3545c743\tcpip.sys
[2009/05/31 23:08:26 | 001,421,368 | ---- | M] (Microsoft Corporation) MD5=F10A60005FB50698E33A1940C6EBB010 -- C:\Windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_0f8c6d1f380baafd\tcpip.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:13D63198
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
  • 0

#22
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Uninstall
Bonjour

then

Copy the next 4 lines:

netsh winsock reset catalog
netsh int ip reset %userprofile%\Desktop\reset4.log
netsh int ipv4 reset %userprofile%\Desktop\reset4.log
NetSH WinHTTP reset proxy


Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Close the command window.

Reboot.

Let's see if the bluescreen comes back.
  • 0

#23
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Avast Boot-time scan

01/18/2013 23:13
Scan of all local drives

File C:\Program Files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe is infected by Win32:InstallBrain-F [PUP], Moved to chest
File C:\Program Files (x86)\Uninstall Information\ib_uninst_566\uninstall.exe is infected by Win32:InstallBrain-F [PUP], Moved to chest
File C:\Program Files (x86)\Uninstall Information\ib_uninst_569\uninstall.exe is infected by Win32:InstallBrain-F [PUP], Moved to chest
Number of searched folders: 39812
Number of tested files: 1341383
Number of infected files: 3


No blue screen.

PC was running faster last night. It's a little slower this morning but much better than it has been. I really appreciate all the time you have given me! I can't thank you enough.
  • 0

#24
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute then:

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.


Get the free version of Speccy:

http://www.filehippo...download_speccy (Look in the upper right for the Download
Latest Version button) Download, Save and Install it. Run Speccy. When it finishes (the little icon in the bottom left will stop moving), File, Save as Text File, (to your desktop) note the name it gives. OK. Open the file in notepad and delete the line that gives the serial number of your Operating System. (It will be near the top about 10 lines down.) Attach the file to your next post.


Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application.

Reboot.

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(Does this finish without complaining?)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#25
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
rocess PID CPU Private Bytes Working Set Description Company Name Verified Signer
AESTSr64.exe 1508 732 K 2,236 K Andrea filters APO access service (64-bit) Andrea Electronics Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
agr64svc.exe 1932 1,208 K 3,036 K Agere Soft Modem Call Progress Service Agere Systems (Verified) Microsoft Windows Hardware Compatibility Publisher
ApntEx.exe 4080 2,680 K 5,600 K Alps Pointing-device Driver for Windows NT/2000/XP/Vista Alps Electric Co., Ltd. (Verified) Microsoft Windows Hardware Compatibility Publisher
AppleMobileDeviceService.exe 928 2,568 K 4,836 K Apple Mobile Device Service Apple Inc. (Verified) Apple Inc.
armsvc.exe 1004 2,432 K 4,776 K Adobe Acrobat Update Service Adobe Systems Incorporated (Verified) Adobe Systems
audiodg.exe 1068 15,184 K 19,044 K Windows Audio Device Graph Isolation Microsoft Corporation (Verified) Microsoft Windows
BLService.exe 2072 1,564 K 4,936 K STServices (Verified) SoftThinks
CloneCDTray.exe 3684 1,648 K 5,568 K CloneCD Tray SlySoft, Inc. (Unable to verify) SlySoft, Inc.
DivXUpdate.exe 3388 11,700 K 19,748 K DivX Update (Verified) DivX
ehmsas.exe 3524 2,564 K 6,596 K Media Center Media Status Aggregator Service Microsoft Corporation (Verified) Microsoft Windows
ehtray.exe 3500 3,572 K 2,464 K Media Center Tray Applet Microsoft Corporation (Verified) Microsoft Windows
HPHC_Service.exe 4312 23,756 K 15,308 K HP Health Check Service Hewlett-Packard (Unable to verify) Hewlett-Packard
hpqWmiEx.exe 908 3,388 K 7,032 K hpqwmiex Module Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company
HPWAMain.exe 3920 36,324 K 34,408 K HP Wireless Assistant main program Hewlett-Packard (Verified) Hewlett-Packard Company
hpwuschd2.exe 3940 1,532 K 4,792 K hpwuSchd Application Hewlett-Packard (Verified) Hewlett-Packard Company
igfxpers.exe 3332 2,780 K 6,864 K persistence Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
lsass.exe 744 4,632 K 4,008 K Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows
lsm.exe 752 3,092 K 5,336 K Local Session Manager Service Microsoft Corporation (Verified) Microsoft Windows
notepad.exe 4732 2,644 K 8,412 K Notepad Microsoft Corporation (Verified) Microsoft Windows
procexp.exe 3860 2,740 K 8,172 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
RichVideo.exe 2220 1,616 K 5,196 K RichVideo Module (Verified) CyberLink
SDWinSec.exe 2544 5,784 K 9,844 K Spybot-S&D Security Center integration Safer Networking Ltd. (Verified) Safer Networking Ltd.
services.exe 732 3,192 K 8,288 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows
SLsvc.exe 1124 8,800 K 13,764 K Microsoft Software Licensing Service Microsoft Corporation (Verified) Microsoft Windows
smss.exe 504 472 K 988 K Windows Session Manager Microsoft Corporation (Verified) Microsoft Windows
sttray64.exe 3492 8,956 K 16,840 K IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe 2388 1,132 K 2,896 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 3756 2,712 K 16,212 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1108 2,508 K 6,036 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 936 3,528 K 7,564 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 2300 6,388 K 9,812 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1972 23,600 K 28,964 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1752 3,196 K 7,232 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 3060 3,356 K 8,272 K Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
wininit.exe 676 1,772 K 5,280 K Windows Start-Up Application Microsoft Corporation (Verified) Microsoft Windows
winlogon.exe 832 2,932 K 7,564 K Windows Logon Application Microsoft Corporation (Verified) Microsoft Windows
WmiPrvSE.exe 3424 4,612 K 9,052 K WMI Provider Host Microsoft Corporation (Verified) Microsoft Windows
wmpnscfg.exe 2244 2,988 K 7,556 K Windows Media Player Network Sharing Service Configuration Application Microsoft Corporation (Verified) Microsoft Windows
WUDFHost.exe 2596 5,392 K 11,400 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation (Verified) Microsoft Windows
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
hpservice.exe 1260 < 0.01 3,320 K 5,720 K HpService Hewlett-Packard Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
spoolsv.exe 1936 < 0.01 8,936 K 15,512 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
taskeng.exe 1948 < 0.01 10,984 K 13,692 K Task Scheduler Engine Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 384 < 0.01 152,804 K 160,472 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1156 < 0.01 12,628 K 19,692 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
SASCore64.exe 1568 < 0.01 2,484 K 4,800 K Core Service SUPERAntiSpyware.com (Verified) SuperAdBlocker.com
ApMsgFwd.exe 3844 < 0.01 2,040 K 4,328 K ApMsgFwd Alps Electric Co., Ltd. (Verified) Microsoft Windows Hardware Compatibility Publisher
csrss.exe 640 < 0.01 2,996 K 7,652 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
SearchIndexer.exe 2416 < 0.01 108,044 K 23,344 K Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
Apoint.exe 3468 < 0.01 10,072 K 15,768 K Alps Pointing-device Driver Alps Electric Co., Ltd. (Verified) Microsoft Windows Hardware Compatibility Publisher
AvastSvc.exe 1672 < 0.01 33,876 K 20,796 K avast! Service AVAST Software (Verified) AVAST Software
SUPERAntiSpyware.exe 3616 < 0.01 207,136 K 1,960 K SUPERAntiSpyware Application SUPERAntiSpyware.com (Verified) SuperAdBlocker.com
hkcmd.exe 3324 < 0.01 3,296 K 7,428 K hkcmd Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
svchost.exe 524 < 0.01 88,232 K 101,704 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
wmpnetwk.exe 3148 < 0.01 7,668 K 14,148 K Windows Media Player Network Sharing Service Microsoft Corporation (Verified) Microsoft Windows
wlanext.exe 1772 < 0.01 2,564 K 6,556 K Windows Wireless LAN 802.11 Extensibility Framework Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 1012 < 0.01 5,980 K 9,664 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
stacsv64.exe 596 < 0.01 9,632 K 8,936 K IDT PC Audio IDT, Inc. (Verified) Microsoft Windows Hardware Compatibility Publisher
AvastUI.exe 3780 < 0.01 16,704 K 22,880 K avast! Antivirus AVAST Software (Verified) AVAST Software
csrss.exe 696 < 0.01 3,028 K 8,080 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows
explorer.exe 1724 < 0.01 55,132 K 72,612 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 328 < 0.01 17,008 K 16,748 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
System 4 < 0.01 0 K 35,764 K
igfxsrvc.exe 3360 < 0.01 3,724 K 8,144 K igfxsrvc Module Intel Corporation (Verified) Microsoft Windows Hardware Compatibility Publisher
firefox.exe 3168 < 0.01 110,484 K 133,096 K Firefox Mozilla Corporation (Verified) Mozilla Corporation
svchost.exe 1440 0.77 19,828 K 22,056 K Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows
dwm.exe 1680 2.31 39,240 K 47,236 K Desktop Window Manager Microsoft Corporation (Verified) Microsoft Windows
procexp64.exe 4688 3.08 28,284 K 44,980 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Sysinternals
System Idle Process 0 93.85 0 K 24 K
  • 0

Advertisements


#26
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
When I started the setup for Speccy? a message "Your preference file is corrupt or invalid. Google Chrome is unable to recover your settings." It then opened Piriform.com with a Redirect to Google. Then I got a blue screen. Went into safe mode and tried to run it again. Same thing only instead of a blue screen it gave me an erroe "CPU dll init failed (error 2)" "Some information will not be displayed!"

On the Piriform.com site it said Google Chrome didn't shut down correctly.
  • 0

#27
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Speccy can't really run in Safe Mode. It has to load some drivers that safe mode blocks.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

The disk check will run and will probably take an hour or more to finish.

Start, Run, sfc /scannow, OK

SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP.

Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron

Vista
Is it still running slow?

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. Does this finish without complaint?)

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:

2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Ron
  • 0

#28
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
Vino's Event Viewer v01c run on Windows Vista in English
Report run at 19/01/2013 3:15:24 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/01/2013 8:48:55 PM
Type: Error Category: 0
Event: 7026 Source: Service Control Manager
The following boot-start or system-start driver(s) failed to load: Beep

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 19/01/2013 6:28:32 PM
Type: Warning Category: 0
Event: 4001 Source: Microsoft-Windows-WLAN-AutoConfig
WLAN AutoConfig service has successfully stopped.




Vino's Event Viewer v01c run on Windows Vista in English
Report run at 19/01/2013 3:26:54 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - Warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 19/01/2013 6:28:30 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.

Log: 'Application' Date/Time: 19/01/2013 6:28:30 PM
Type: Warning Category: 0
Event: 6000 Source: Microsoft-Windows-Winlogon
The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
  • 0

#29
beejee

beejee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
sfc scan

"Windows Resource Protection found corrupt flies but was unable to fix some of them"
  • 0

#30
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,701 posts
  • MVP
Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Notepad should open with a lot of text. Edit, Select All then Copy and paste the text from notepad to a reply.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP