TruePerception
-
Posts
57 -
Joined
-
Last visited
-
Hey, this "Backups" folder created on the desktop from the 21st: Can I delete that now that I've Refreshed?
-
Defender full scan came back clean. MBAM quick scan clean. I'm done for the night.
-
Okay. Important stuff is back up. No noticeable issues. Just need to re-install my Steam stuff.
-
So far, so good. Resetting my bookmarks (so time consuming, I think I need to shave some down...) while running Defender. After that, I'll be adding back in all the removed applications. It's gonna be a long night, I think...
-
I did a quick search on the differences, and I'm gonna give Refresh a go, just to try and save myself some hassle. I'll kept you apprised of things.
-
Shouof I try Refresh first, or go straight to reset?
-
Yes. Same problems.
-
So, you see a next step, or are we nearing "back to factory" territory?
-
Addition: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-07-2013 01 Ran by Billy at 2013-07-22 23:02:30 Running from C:\Users\Billy\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe AIR (x32 Version: 3.6.0.6090) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Alan Wake (x32) Alan Wake's American Nightmare (x32) Apple Application Support (x32 Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) Back to the Future: Ep 1 - It's About Time (x32) Back to the Future: Ep 2 - Get Tannen! (x32) Back to the Future: Ep 3 - Citizen Brown (x32) Back to the Future: Ep 4 - Double Visions (x32) Back to the Future: Ep 5 - OUTATIME (x32) Bastion (x32) Bonjour (Version: 3.0.0.10) Costume Quest (x32) CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3103_44819) CyberLink PowerDVD 10 (x32 Version: 10.0.4220.52) eBay Worldwide (x32 Version: 2.3.0630) el® Network Connections Drivers (Version: 17.2) Gateway Power Management (Version: 7.00.3006) Gateway Recovery Management (Version: 6.00.3011) Google Earth Plug-in (x32 Version: 7.0.3.8542) Google Update Helper (x32 Version: 1.3.21.153) Hector: Ep 1 (x32) Hector: Ep 2 (x32) Hector: Ep 3 (x32) Hotkey Utility (x32 Version: 3.00.3001) Identity Card (x32 Version: 2.00.3004) Intel® Management Engine Components (x32 Version: 8.1.0.1252) Intel® Processor Graphics (x32 Version: 9.17.10.2792) Intel® SDK for OpenCL - CPU Only Runtime Package (x32) Intel® Trusted Connect Service Client (Version: 1.24.388.1) iTunes (Version: 11.0.4.4) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Live Updater (x32 Version: 2.00.3003) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) Microsoft Office (x32 Version: 14.0.6120.5004) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0) MotioninJoy DS3 driver version 0.6.0005 (Version: 0.6.0005) Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0) Mozilla Maintenance Service (x32 Version: 22.0) Nero 12 Essentials OEM.a01 (x32 Version: 12.5.00000) Nero BackItUp (x32 Version: 12.0.0016) Nero BackItUp 12 Essentials OEM.a01 (x32 Version: 12.5.00000) Nero BackItUp Help (CHM) (x32 Version: 12.0.1000) Nero ControlCenter (x32 Version: 11.0.14500.0.45) Nero ControlCenter Help (CHM) (x32 Version: 12.0.0003) Nero Core Components (x32 Version: 11.0.16900.1.27) Nero Express (x32 Version: 12.0.16001) Nero Express Help (CHM) (x32 Version: 12.0.1000) Nero Launcher (x32 Version: 12.0.3000) Nero RescueAgent (x32 Version: 12.0.3001) Nero RescueAgent Help (CHM) (x32 Version: 12.0.1000) Nero Update (x32 Version: 11.0.11500.28.0) On the Rain-Slick Precipice of Darkness, Episode One (x32) On the Rain-Slick Precipice of Darkness, Episode Two (x32) Penny Arcade's On the Rain-Slick Precipice of Darkness 3 (x32) Poker Night at the Inventory (x32) Prerequisite installer (x32 Version: 12.0.0002) Psychonauts (x32) Puzzle Agent (x32) Puzzle Agent 2 (x32) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6680) Realtek USB 2.0 Card Reader (x32 Version: 6.2.8400.30137) Recettear: An Item Shop's Tale - Demo (x32) Retro City Rampage™ (x32) Sam & Max 301: The Penal Zone (x32) Sam & Max 302: The Tomb of Sammun-Mak (x32) Sam & Max 303: They Stole Max's Brain! (x32) Sam & Max 304: Beyond the Alley of the Dolls (x32) Sam & Max 305: The City that Dares not Sleep (x32) Spotify (x32 Version: 0.8.4.99.ga249b5f1) Stacking (x32) Steam (x32 Version: 1.0.0.0) The Walking Dead (x32) To the Moon (x32) Unity Web Player (HKCU Version: ) Wallace & Gromit Ep 1: Fright of the Bumblebees (x32) Wallace & Gromit Ep 2: The Last Resort (x32) Wallace & Gromit Ep 3: Muzzled! (x32) Wallace & Gromit Ep 4: The Bogey Man (x32) ==================== Restore Points ========================= 23-07-2013 04:49:34 ComboFix created restore point ==================== Hosts content: ========================== 2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {00CECD27-B6EF-4983-B683-5F8F1A639B73} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-15] (Google Inc.) Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-25] (Microsoft Corporation) Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler Task: {17A6C48B-2069-4E23-A496-463FD8C5DD19} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation) Task: {1D57499D-00A8-4E37-B36D-351C2215C654} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-25] (Microsoft Corporation) Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator Task: {38B4A9B7-755F-406F-B2AF-AEE3C2ECEF36} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-01-28] (Microsoft Corporation) Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation) Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-25] (Microsoft Corporation) Task: {6D9FBB05-9432-4068-A639-F62E3635A351} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-01-28] (Microsoft Corporation) Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-19] (Microsoft Corporation) Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Task: {71B60A08-1930-499C-B306-3BD9B4D5C349} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink) Task: {73B72DD2-B77C-4EC2-87B8-8C06AE2D81F7} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2012-06-21] () Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance Task: {834D7FF8-4B35-4BCA-ACB5-09E562DD6EE5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode) Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic Task: {9C648850-9FF9-41A6-A6BC-6F7431B33B32} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-13] (Adobe Systems Incorporated) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-25] (Microsoft Corporation) Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan Task: {B8D3D5E8-B409-4600-917C-B1AF4ED8ED22} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-827136099-3339073498-3526168419-1001 Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan Task: {C4593385-0610-4B91-931D-CEAFF05E225B} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-827136099-3339073498-3526168419-500 Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation) Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork Task: {CF4F6A2F-FD2A-42E7-89FB-430BDF0A6C07} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-01-28] (Microsoft Corporation) Task: {D0CD7C4C-C829-48A0-AF20-2C0835D05B6F} - System32\Tasks\Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe [2012-07-05] (Acer Incorporated) Task: {D10650DC-4BAC-4B36-8003-BDF6388ED2D9} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated) Task: {D2219CEE-785B-4D44-81EB-16739DD47370} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2012-08-24] () Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-19] (Microsoft Corporation) Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation) Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM Task: {EDA24C0F-67A3-4C5D-BF94-DB46A1D30381} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-15] (Google Inc.) Task: {F7E904FE-33B0-490B-A653-B5457967C089} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect Task: {FC2E1709-A3A5-4B99-8808-FDDA2D814D52} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\MpCmdRun.exe [2013-01-28] (Microsoft Corporation) Task: {FE75FB29-ABFC-4246-9C86-CB885E9A9898} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-25] (Microsoft Corporation) Task: {FF183A5C-CC9B-4B2E-87BD-9DBB4B4D6478} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/22/2013 11:00:00 PM) (Source: ESENT) (User: ) Description: svchost (1196) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\SRU\SRU00004.log. Error: (07/22/2013 07:00:00 PM) (Source: ESENT) (User: ) Description: svchost (1124) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\SRU\SRU00013.log. Error: (07/21/2013 11:01:57 PM) (Source: MsiInstaller) (User: Billys_PC) Description: Product: Microsoft Fix it 50195 -- This Microsoft Fix it does not apply to your operating system or application version. Error: (07/21/2013 10:54:11 PM) (Source: MsiInstaller) (User: Billys_PC) Description: Product: Microsoft Fix it 50195 -- This Microsoft Fix it does not apply to your operating system or application version. Error: (07/21/2013 09:31:06 PM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (07/20/2013 07:29:18 AM) (Source: Application Hang) (User: ) Description: The program firefox.exe version 22.0.0.4917 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: ae4 Start Time: 01ce85555757e8e4 Termination Time: 0 Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Report Id: b41079e3-f148-11e2-bf09-eca86bd363db Faulting package full name: Faulting package-relative application ID: Error: (07/20/2013 07:25:53 AM) (Source: Microsoft-Windows-CAPI2) (User: ) Description: The Cryptographic Services service failed to initialize the Catalog Database. The ESENT error was: -528. Error: (07/20/2013 07:25:53 AM) (Source: ESENT) (User: ) Description: Catalog Database (660) Catalog Database: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Windows\system32\CatRoot2\edb000D5.log. System errors: ============= Error: (07/21/2013 10:31:09 AM) (Source: Service Control Manager) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (07/21/2013 10:29:38 AM) (Source: Service Control Manager) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (07/20/2013 08:13:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80246007: Update for Windows 8 for x64-based Systems (KB2855336). Error: (07/20/2013 08:13:32 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x800f082f: Update for Windows 8 for x64-based Systems (KB2822241). Error: (07/20/2013 04:03:31 AM) (Source: DCOM) (User: Billys_PC) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (07/20/2013 04:03:23 AM) (Source: DCOM) (User: Billys_PC) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (07/20/2013 04:03:16 AM) (Source: DCOM) (User: Billys_PC) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (07/20/2013 04:02:27 AM) (Source: DCOM) (User: Billys_PC) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (07/20/2013 03:57:01 AM) (Source: DCOM) (User: Billys_PC) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (07/20/2013 03:54:34 AM) (Source: DCOM) (User: Billys_PC) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Microsoft Office Sessions: ========================= Error: (07/22/2013 11:00:00 PM) (Source: ESENT)(User: ) Description: svchost1196SRUJet: C:\Windows\system32\SRU\SRU00004.log-1811 (0xfffff8ed) Error: (07/22/2013 07:00:00 PM) (Source: ESENT)(User: ) Description: svchost1124SRUJet: C:\Windows\system32\SRU\SRU00013.log-1811 (0xfffff8ed) Error: (07/21/2013 11:01:57 PM) (Source: MsiInstaller)(User: Billys_PC) Description: Product: Microsoft Fix it 50195 -- This Microsoft Fix it does not apply to your operating system or application version.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/21/2013 10:54:11 PM) (Source: MsiInstaller)(User: Billys_PC) Description: Product: Microsoft Fix it 50195 -- This Microsoft Fix it does not apply to your operating system or application version.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (07/21/2013 09:31:06 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Billy\AppData\Local\temp\IDC2.tmp\ESETSmartInstaller.exe Error: (07/20/2013 07:29:18 AM) (Source: Application Hang)(User: ) Description: firefox.exe22.0.0.4917ae401ce85555757e8e40C:\Program Files (x86)\Mozilla Firefox\firefox.exeb41079e3-f148-11e2-bf09-eca86bd363db Error: (07/20/2013 07:25:53 AM) (Source: Microsoft-Windows-CAPI2)(User: ) Description: -528 Error: (07/20/2013 07:25:53 AM) (Source: ESENT)(User: ) Description: Catalog Database660Catalog Database: C:\Windows\system32\CatRoot2\edb000D5.log-1811 (0xfffff8ed) ==================== Memory info =========================== Percentage of memory in use: 28% Total physical RAM: 4010.37 MB Available physical RAM: 2856.68 MB Total Pagefile: 4714.37 MB Available Pagefile: 3419.86 MB Total Virtual: 8192 MB Available Virtual: 8191.78 MB ==================== Drives ================================ Drive c: (Gateway) (Fixed) (Total:444.95 GB) (Free:360.97 GB) NTFS (Disk=0 Partition=4) ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 1301D5A4) Partition: GPT Partition Type ==================== End Of Log ============================
-
FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-07-2013 01 Ran by Billy (administrator) on 22-07-2013 23:01:59 Running from C:\Users\Billy\Downloads Windows 8 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Windows\system32\msiexec.exe (Acer Incorporated) C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Microsoft Corporation) C:\Windows\system32\calc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe (Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-01] (Realtek Semiconductor) HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe [51712 2012-07-25] (Microsoft Corporation) HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1672616 2013-07-09] (Valve Corporation) HKLM-x32\...\Run: [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-31] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {2BF08FB6-06ED-4F1A-91DF-D3D00EEF4DE3} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS SearchScopes: HKLM-x32 - {2BF08FB6-06ED-4F1A-91DF-D3D00EEF4DE3} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS SearchScopes: HKCU - {2BF08FB6-06ED-4F1A-91DF-D3D00EEF4DE3} URL = BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\am8ae10f.default FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Billy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Extension: No Name - C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\am8ae10f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} Chrome: ======= ==================== Services (Whitelisted) ================= R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [14920 2013-01-28] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [498032 2012-07-12] (Intel Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-22 23:01 - 2013-07-22 23:01 - 00000000 ____D C:\FRST 2013-07-22 23:00 - 2013-07-22 23:00 - 01779447 _____ (Farbar) C:\Users\Billy\Downloads\FRST64.exe 2013-07-22 21:49 - 2013-07-22 23:53 - 00000000 ___SD C:\ComboFix 2013-07-22 20:26 - 2013-07-22 20:26 - 00602112 _____ (OldTimer Tools) C:\Users\Billy\Downloads\OTL.exe 2013-07-22 18:40 - 2013-06-01 04:54 - 00194816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys 2013-07-22 18:40 - 2013-06-01 04:54 - 00125184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys 2013-07-22 18:40 - 2013-06-01 04:34 - 02391280 _____ (Microsoft Corporation) C:\Windows\explorer.exe 2013-07-22 18:40 - 2013-06-01 04:33 - 02233600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-07-22 18:40 - 2013-06-01 04:29 - 00337152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS 2013-07-22 18:40 - 2013-06-01 04:29 - 00213248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS 2013-07-22 18:40 - 2013-06-01 04:26 - 06987008 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-07-22 18:40 - 2013-06-01 04:26 - 00327936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys 2013-07-22 18:40 - 2013-06-01 03:24 - 02106176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe 2013-07-22 18:40 - 2013-06-01 02:25 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2013-07-22 18:40 - 2013-06-01 02:25 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll 2013-07-22 18:40 - 2013-06-01 02:24 - 01453568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll 2013-07-22 18:40 - 2013-06-01 02:24 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll 2013-07-22 18:40 - 2013-06-01 02:24 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscms.dll 2013-07-22 18:40 - 2013-06-01 02:23 - 01842176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll 2013-07-22 18:40 - 2013-06-01 02:23 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe 2013-07-22 18:40 - 2013-06-01 02:22 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2013-07-22 18:40 - 2013-06-01 02:22 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2013-07-22 18:40 - 2013-06-01 02:22 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll 2013-07-22 18:40 - 2013-06-01 02:22 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe 2013-07-22 18:40 - 2013-06-01 02:21 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll 2013-07-22 18:40 - 2013-06-01 02:21 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll 2013-07-22 18:40 - 2013-06-01 02:20 - 02219520 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll 2013-07-22 18:40 - 2013-06-01 02:20 - 01527808 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll 2013-07-22 18:40 - 2013-06-01 02:20 - 01048576 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll 2013-07-22 18:40 - 2013-06-01 02:20 - 00583168 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll 2013-07-22 18:40 - 2013-06-01 02:19 - 00785408 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2013-07-22 18:40 - 2013-06-01 02:19 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupManager.dll 2013-07-22 18:40 - 2013-05-31 20:08 - 00037632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthAvrcpTg.sys 2013-07-22 18:40 - 2013-05-24 15:09 - 01403296 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2013-07-22 18:40 - 2013-05-24 15:09 - 01271584 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2013-07-22 18:40 - 2013-05-24 15:09 - 01217352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2013-07-22 18:40 - 2013-05-24 15:09 - 01093904 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2013-07-22 18:40 - 2013-05-19 17:08 - 00386642 _____ C:\Windows\system32\ApnDatabase.xml 2013-07-22 18:39 - 2013-06-16 15:41 - 00997632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys 2013-07-22 18:06 - 2013-07-22 18:06 - 00000546 _____ C:\Windows\PFRO.log 2013-07-21 21:31 - 2013-07-21 21:31 - 00000000 ____D C:\Program Files (x86)\ESET 2013-07-21 21:24 - 2013-07-21 21:24 - 00000000 ____D C:\Users\Billy\Desktop\backups 2013-07-21 12:01 - 2013-07-22 22:58 - 00678463 _____ C:\Windows\WindowsUpdate.log 2013-07-21 11:18 - 2013-07-21 21:19 - 00006876 _____ C:\Users\Billy\Desktop\hijackthis.log 2013-07-21 10:25 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-07-20 21:02 - 2013-07-22 23:53 - 00000000 ____D C:\_OTL 2013-07-20 07:33 - 2013-05-15 15:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\tssdisai.dll 2013-07-19 11:32 - 2013-07-22 21:49 - 00000000 ____D C:\Windows\erdnt 2013-07-18 23:12 - 2013-07-18 23:12 - 00002159 _____ C:\Users\Billy\Desktop\AdwCleaner[s7].txt 2013-07-18 23:08 - 2013-07-18 23:08 - 00002159 _____ C:\AdwCleaner[s7].txt 2013-07-18 23:07 - 2013-07-18 23:07 - 00002100 _____ C:\AdwCleaner[R14].txt 2013-07-18 22:13 - 2013-07-18 22:13 - 00005345 _____ C:\Users\Billy\Desktop\attach.txt 2013-07-18 13:36 - 2013-07-18 13:36 - 00000000 _____ C:\Recovery.txt 2013-07-18 12:41 - 2013-07-18 12:41 - 00001935 _____ C:\AdwCleaner[R13].txt 2013-07-18 12:40 - 2013-07-18 12:40 - 00001961 _____ C:\AdwCleaner[R12].txt 2013-07-15 12:09 - 2013-07-15 12:09 - 00001838 _____ C:\AdwCleaner[R11].txt 2013-07-15 12:09 - 2013-07-15 12:09 - 00000307 _____ C:\AdwCleaner[s6].txt 2013-07-12 19:02 - 2013-07-12 19:02 - 00281088 _____ C:\Windows\system32\FNTCACHE.DAT 2013-07-11 12:35 - 2013-06-11 16:25 - 19238912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-11 12:35 - 2013-06-11 16:25 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-11 12:35 - 2013-06-11 16:25 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-11 12:35 - 2013-06-01 02:25 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2013-07-11 12:35 - 2013-06-01 02:21 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-07-11 12:35 - 2013-05-30 16:14 - 04036096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-07-11 12:35 - 2013-04-11 15:30 - 01421312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll 2013-07-11 12:35 - 2013-04-11 15:22 - 01838080 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-07-11 12:34 - 2013-06-11 16:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-07-11 12:34 - 2013-06-11 16:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-07-11 12:34 - 2013-06-11 16:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-07-11 12:34 - 2013-06-11 16:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-07-11 12:34 - 2013-06-11 16:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-07-11 12:34 - 2013-06-11 16:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-07-11 12:34 - 2013-06-11 16:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-07-11 12:34 - 2013-06-11 16:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-07-11 12:34 - 2013-06-11 16:26 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-11 12:34 - 2013-06-11 16:26 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-11 12:34 - 2013-06-11 16:26 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-07-11 12:34 - 2013-06-11 16:25 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-11 12:34 - 2013-06-11 16:25 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-11 12:34 - 2013-06-11 16:25 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-11 12:34 - 2013-05-03 23:59 - 02842112 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-11 12:34 - 2013-05-03 21:57 - 02620928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-07-10 14:56 - 2013-07-10 14:56 - 00000000 ____D C:\Users\Billy\Documents\Telltale Games 2013-07-02 13:05 - 2013-07-02 13:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-07-01 00:54 - 2013-07-01 00:54 - 00001777 _____ C:\AdwCleaner[R10].txt 2013-06-25 23:55 - 2013-06-25 23:55 - 00000307 _____ C:\AdwCleaner[s5].txt 2013-06-25 23:54 - 2013-06-25 23:54 - 00001657 _____ C:\AdwCleaner[R9].txt 2013-06-25 11:18 - 2013-06-25 11:18 - 00001538 _____ C:\AdwCleaner[R8].txt 2013-06-25 11:18 - 2013-06-25 11:18 - 00000307 _____ C:\AdwCleaner[s4].txt 2013-06-25 00:23 - 2013-06-25 00:23 - 00001478 _____ C:\AdwCleaner[R7].txt 2013-06-24 23:25 - 2013-06-24 23:25 - 00001418 _____ C:\AdwCleaner[R6].txt 2013-06-24 01:33 - 2013-06-24 01:33 - 00001358 _____ C:\AdwCleaner[s3].txt 2013-06-24 01:32 - 2013-06-24 01:32 - 00001298 _____ C:\AdwCleaner[R5].txt 2013-06-22 10:07 - 2013-06-22 10:07 - 00001237 _____ C:\AdwCleaner[R4].txt 2013-06-22 01:31 - 2013-06-22 01:31 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-22 01:31 - 2013-06-22 01:31 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-22 01:31 - 2013-06-22 01:31 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-22 01:31 - 2013-06-22 01:31 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-22 01:31 - 2013-06-22 01:31 - 00000000 ____D C:\Program Files (x86)\Java ==================== One Month Modified Files and Folders ======= 2013-07-22 23:53 - 2013-07-22 21:49 - 00000000 ___SD C:\ComboFix 2013-07-22 23:53 - 2013-07-20 21:02 - 00000000 ____D C:\_OTL 2013-07-22 23:53 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\registration 2013-07-22 23:53 - 2012-07-25 22:38 - 00000000 ____D C:\Windows\system32\Sysprep 2013-07-22 23:01 - 2013-07-22 23:01 - 00000000 ____D C:\FRST 2013-07-22 23:00 - 2013-07-22 23:00 - 01779447 _____ (Farbar) C:\Users\Billy\Downloads\FRST64.exe 2013-07-22 23:00 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\system32\sru 2013-07-22 22:58 - 2013-07-21 12:01 - 00678463 _____ C:\Windows\WindowsUpdate.log 2013-07-22 22:56 - 2013-03-20 14:34 - 00000000 ____D C:\Program Files (x86)\Steam 2013-07-22 22:56 - 2013-02-15 22:45 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-07-22 22:56 - 2013-02-13 14:24 - 00000000 ____D C:\Users\Billy 2013-07-22 22:56 - 2012-07-26 00:22 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-07-22 21:49 - 2013-07-19 11:32 - 00000000 ____D C:\Windows\erdnt 2013-07-22 21:49 - 2013-06-21 23:36 - 00000000 ____D C:\Users\Billy\Desktop\AntiVirusStuff 2013-07-22 21:18 - 2013-02-13 14:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-22 21:05 - 2013-02-15 22:45 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-07-22 20:26 - 2013-07-22 20:26 - 00602112 _____ (OldTimer Tools) C:\Users\Billy\Downloads\OTL.exe 2013-07-22 19:23 - 2013-03-02 08:55 - 00000000 ____D C:\Windows\Minidump 2013-07-22 18:43 - 2013-02-13 14:32 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-827136099-3339073498-3526168419-1001 2013-07-22 18:43 - 2012-07-25 22:38 - 00000000 ____D C:\Windows\system32\oobe 2013-07-22 18:33 - 2012-07-26 00:28 - 00848230 _____ C:\Windows\system32\PerfStringBackup.INI 2013-07-22 18:06 - 2013-07-22 18:06 - 00000546 _____ C:\Windows\PFRO.log 2013-07-22 15:07 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\AUInstallAgent 2013-07-21 21:31 - 2013-07-21 21:31 - 00000000 ____D C:\Program Files (x86)\ESET 2013-07-21 21:24 - 2013-07-21 21:24 - 00000000 ____D C:\Users\Billy\Desktop\backups 2013-07-21 21:19 - 2013-07-21 11:18 - 00006876 _____ C:\Users\Billy\Desktop\hijackthis.log 2013-07-21 11:07 - 2013-04-04 14:00 - 00000000 ____D C:\Users\Billy\AppData\Local\CrashDumps 2013-07-21 11:07 - 2012-08-24 05:22 - 00000000 ____D C:\Windows\Panther 2013-07-20 21:03 - 2012-07-25 22:37 - 00000000 ____D C:\Windows\servicing 2013-07-20 21:03 - 2012-07-25 22:26 - 00262144 ___SH C:\Windows\system32\config\BBI 2013-07-20 21:02 - 2013-02-13 14:26 - 00000000 ___RD C:\Users\Billy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-07-20 08:23 - 2012-07-26 01:12 - 00000000 ____D C:\Windows\L2Schemas 2013-07-20 08:17 - 2013-06-21 23:35 - 00000000 ____D C:\JRT 2013-07-20 08:12 - 2012-07-25 22:37 - 00000000 __RHD C:\Users\Default 2013-07-20 08:00 - 2013-02-15 22:45 - 00003888 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2013-07-20 08:00 - 2013-02-15 22:45 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2013-07-18 23:12 - 2013-07-18 23:12 - 00002159 _____ C:\Users\Billy\Desktop\AdwCleaner[s7].txt 2013-07-18 23:08 - 2013-07-18 23:08 - 00002159 _____ C:\AdwCleaner[s7].txt 2013-07-18 23:07 - 2013-07-18 23:07 - 00002100 _____ C:\AdwCleaner[R14].txt 2013-07-18 22:13 - 2013-07-18 22:13 - 00005345 _____ C:\Users\Billy\Desktop\attach.txt 2013-07-18 13:36 - 2013-07-18 13:36 - 00000000 _____ C:\Recovery.txt 2013-07-18 12:41 - 2013-07-18 12:41 - 00001935 _____ C:\AdwCleaner[R13].txt 2013-07-18 12:40 - 2013-07-18 12:40 - 00001961 _____ C:\AdwCleaner[R12].txt 2013-07-15 12:09 - 2013-07-15 12:09 - 00001838 _____ C:\AdwCleaner[R11].txt 2013-07-15 12:09 - 2013-07-15 12:09 - 00000307 _____ C:\AdwCleaner[s6].txt 2013-07-13 08:37 - 2013-03-29 17:06 - 00000000 ____D C:\Users\Billy\AppData\Local\Adobe 2013-07-13 08:35 - 2013-02-13 14:59 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-07-12 19:02 - 2013-07-12 19:02 - 00281088 _____ C:\Windows\system32\FNTCACHE.DAT 2013-07-12 02:33 - 2012-07-26 00:52 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-11 13:22 - 2013-02-14 09:52 - 78185248 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-07-10 14:56 - 2013-07-10 14:56 - 00000000 ____D C:\Users\Billy\Documents\Telltale Games 2013-07-03 13:21 - 2013-02-13 14:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-07-02 13:05 - 2013-07-02 13:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-07-01 01:42 - 2013-02-14 01:54 - 00000000 ____D C:\Users\Billy\AppData\Roaming\Spotify 2013-07-01 00:54 - 2013-07-01 00:54 - 00001777 _____ C:\AdwCleaner[R10].txt 2013-07-01 00:07 - 2013-02-14 01:54 - 00000000 ____D C:\Users\Billy\AppData\Local\Spotify 2013-06-27 15:04 - 2012-07-26 01:14 - 00693112 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-06-27 15:04 - 2012-07-26 01:14 - 00078200 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-06-25 23:55 - 2013-06-25 23:55 - 00000307 _____ C:\AdwCleaner[s5].txt 2013-06-25 23:54 - 2013-06-25 23:54 - 00001657 _____ C:\AdwCleaner[R9].txt 2013-06-25 11:18 - 2013-06-25 11:18 - 00001538 _____ C:\AdwCleaner[R8].txt 2013-06-25 11:18 - 2013-06-25 11:18 - 00000307 _____ C:\AdwCleaner[s4].txt 2013-06-25 00:23 - 2013-06-25 00:23 - 00001478 _____ C:\AdwCleaner[R7].txt 2013-06-24 23:25 - 2013-06-24 23:25 - 00001418 _____ C:\AdwCleaner[R6].txt 2013-06-24 01:33 - 2013-06-24 01:33 - 00001358 _____ C:\AdwCleaner[s3].txt 2013-06-24 01:32 - 2013-06-24 01:32 - 00001298 _____ C:\AdwCleaner[R5].txt 2013-06-22 10:07 - 2013-06-22 10:07 - 00001237 _____ C:\AdwCleaner[R4].txt 2013-06-22 01:31 - 2013-06-22 01:31 - 00263592 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-06-22 01:31 - 2013-06-22 01:31 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-06-22 01:31 - 2013-06-22 01:31 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-06-22 01:31 - 2013-06-22 01:31 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-06-22 01:31 - 2013-06-22 01:31 - 00000000 ____D C:\Program Files (x86)\Java 2013-06-22 01:31 - 2013-05-22 12:04 - 00867240 _____ (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2013-06-22 01:31 - 2013-05-22 12:04 - 00789416 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe [2013-07-22 18:40] - [2013-06-01 04:34] - 2391280 ____A (Microsoft Corporation) 0E8E6463F81C80AFBED533E0F1F8895D C:\Windows\SysWOW64\explorer.exe [2013-07-22 18:40] - [2013-06-01 03:24] - 2106176 ____A (Microsoft Corporation) EAFE46B0292D2BD2467835E2ACF717CC C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys [2013-07-22 18:40] - [2013-06-01 04:26] - 0327936 ____A (Microsoft Corporation) 78A5BBA3819FFFC62FFEC3E2220D102D LastRegBack: 2013-07-21 12:26 ==================== End Of Log ============================
-
Nope. No mouse. Keyboard issues. It automatically did TWO Windows Updates upon Restore. I'll try the scan if I can manage with keyboard alone...
-
Sigh. On reboot, the mouse and keyboard are again down. The notification noise is also back. ePowerButton is working.
-
Okay. Should I run through the cleanup?
-
OTL logfile created on: 7/22/2013 8:28:11 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Billy\Downloads 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.92 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 63.80% Memory free 4.60 Gb Paging File | 3.02 Gb Available in Paging File | 65.56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 444.95 Gb Total Space | 354.02 Gb Free Space | 79.56% Space Free | Partition Type: NTFS Computer Name: BILLYS_PC | User Name: Billy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Billy\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe (Acer Incorporated) PRC - C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe (CyberLink) PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () MOD - C:\Program Files (x86)\Steam\bin\chromehtml.dll () MOD - C:\Program Files (x86)\Steam\bin\libcef.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Steam\SDL2.dll () MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll () MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () ========== Services (SafeList) ========== SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (ePowerSvc) -- C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe (Acer Incorporated) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (Intel® -- C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel® Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) ========== Driver Services (SafeList) ========== DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\Drivers\e1c63x64.sys (Intel Corporation) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\Drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\Drivers\IntcDAud.sys (Intel® Corporation) DRV:64bit: - (e1iexpress) -- C:\Windows\SysNative\Drivers\e1i63x64.sys (Intel Corporation) DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\Drivers\MijXfilt.sys (MotioninJoy) DRV:64bit: - (xusb21) -- C:\Windows\SysNative\Drivers\xusb21.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{2BF08FB6-06ED-4F1A-91DF-D3D00EEF4DE3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{2BF08FB6-06ED-4F1A-91DF-D3D00EEF4DE3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-827136099-3339073498-3526168419-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com IE - HKU\S-1-5-21-827136099-3339073498-3526168419-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com IE - HKU\S-1-5-21-827136099-3339073498-3526168419-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-827136099-3339073498-3526168419-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-827136099-3339073498-3526168419-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.startup.homepage: "http://caffeine-fueled.com/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Billy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/13 14:46:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Billy\AppData\Roaming\Mozilla\Extensions [2013/07/22 15:13:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\am8ae10f.default\extensions [2013/07/22 15:13:43 | 000,818,491 | ---- | M] () (No name found) -- C:\Users\Billy\AppData\Roaming\Mozilla\Firefox\Profiles\am8ae10f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/07/02 13:05:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions [2013/07/02 13:05:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== O1 HOSTS File: ([2012/07/25 22:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKU\S-1-5-21-827136099-3339073498-3526168419-1001..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57D23DE8-3A3C-43EC-A9C2-83343EE421AB}: DhcpNameServer = 192.168.1.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/07/22 18:27:16 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/07/21 21:31:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013/07/21 21:24:36 | 000,000,000 | ---D | C] -- C:\Users\Billy\Desktop\backups [2013/07/21 10:32:42 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/07/21 10:25:53 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/07/21 10:25:53 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/07/21 10:25:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2013/07/21 10:25:53 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/07/21 10:25:51 | 000,000,000 | --SD | C] -- C:\ComboFix [2013/07/20 21:02:28 | 000,000,000 | ---D | C] -- C:\_OTL [2013/07/20 07:33:53 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tssdisai.dll [2013/07/19 11:32:38 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/07/19 11:32:28 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/07/11 12:35:12 | 001,838,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013/07/11 12:35:05 | 000,595,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll [2013/07/11 12:35:05 | 000,496,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll [2013/07/11 12:35:00 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/07/11 12:34:54 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/07/11 12:34:52 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/07/11 12:34:51 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/07/11 12:34:51 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013/07/11 12:34:40 | 002,842,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2013/07/11 12:34:39 | 002,620,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2013/07/10 14:56:20 | 000,000,000 | ---D | C] -- C:\Users\Billy\Documents\Telltale Games [2013/07/02 13:05:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/07/22 20:18:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/07/22 20:05:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/07/22 18:33:52 | 000,848,230 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/07/22 18:33:52 | 000,718,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/07/22 18:33:52 | 000,132,542 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/07/22 18:28:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/07/22 18:26:54 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/07/22 18:26:44 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013/07/22 18:26:43 | 3364,143,104 | -HS- | M] () -- C:\hiberfil.sys [2013/07/12 19:02:45 | 000,281,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/06/27 15:04:51 | 000,693,112 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/06/27 15:04:51 | 000,078,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/07/21 10:25:53 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/07/21 10:25:53 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/07/21 10:25:53 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/07/21 10:25:53 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/07/21 10:25:53 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/07/12 19:02:38 | 000,281,088 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/05/05 22:55:34 | 000,000,017 | ---- | C] () -- C:\Users\Billy\AppData\Local\resmon.resmoncfg [2013/02/15 12:29:33 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012/08/24 05:18:15 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2012/08/24 05:18:10 | 000,963,388 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2012/08/24 05:18:10 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012/07/26 01:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012/07/26 01:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012/07/26 00:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012/07/25 18:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012/07/25 13:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012/07/25 13:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012/06/02 07:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2012/04/20 13:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2013/03/22 23:53:25 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013/03/05 23:31:28 | 019,758,592 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013/03/05 22:03:37 | 017,561,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 20:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 20:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 20:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report >
-
No problems since restore, but I assume some of the cleared infection is back, too. Power buttons fine, sounds fine, internet is fine. Mouse and keyboard fine.