Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Acting Weird [Solved]


  • This topic is locked This topic is locked

#16
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Conrad,

Thanks for the logs. Something went wrong with the OTL log so let's try that again:

OTL Fix

  • Run OTL.
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :OTL
    O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
    O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
    O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)

    :Files
    netsh advfirewall reset /c
    netsh advfirewall set allprofiles state off /c

    :Commands
    [EMPTYTEMP]


  • Click the Run Fix button.
  • After your computer has rebooted, run OTL and click Quick Scan.
  • Copy and paste the contents of the log that it produces into your next post.

Tom
  • 0

Advertisements


#17
Conrad 678

Conrad 678

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Hopefully this one has what you want to know..

OTL logfile created on: 3/29/2013 8:39:26 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\K Man's Travel Pal\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.10 Mb Total Physical Memory | 193.78 Mb Available Physical Memory | 19.13% Memory free
1.99 Gb Paging File | 1.03 Gb Available in Paging File | 51.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135.94 Gb Total Space | 96.26 Gb Free Space | 70.81% Space Free | Partition Type: NTFS

Computer Name: KMANSTRAVELPAL | User Name: K Man's Travel Pal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/26 10:02:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\K Man's Travel Pal\Desktop\OTL.exe
PRC - [2013/03/13 06:25:41 | 000,706,776 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
PRC - [2013/02/19 15:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2013/02/19 15:08:52 | 000,169,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2013/02/19 15:06:50 | 000,203,840 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2013/01/14 19:00:22 | 001,278,064 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/04/23 10:46:32 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2010/04/17 00:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe
PRC - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2010/04/07 23:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
PRC - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========
  • 0

#18
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Conrad,

Sorry for the delay, it's been a very busy weekend and I've had a lousy cold but I'm all drugged up so I can pop in quickly before hitting the sack.

The OTL log has been cut a little bit short, can you navigate to this folder please:

C:\_OTL\MovedFiles

Zip up any text files (.txt) and attach them to your next post please.

Tom
  • 0

#19
Conrad 678

Conrad 678

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
This was all I could find.

Thanks!

All processes killed
Error: Unable to interpret <:OTLO15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites):Filesnetsh advfirewall reset /cnetsh advfirewall set allprofiles state off /c :Commands[EMPTYTEMP]> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 03282013_095746

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...







Files\Folders moved on Reboot...
File\Folder C:\Users\K Man's Travel Pal\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\M5K3YU55\LBTN;!c=SV;!c=S2L2;!c=BL;!c=HL;uri=;u=t_R%7Ccm_WHEATONIL%7Cst_IL%7Cfrp_1%7Crsiseg_C05504_10054%7Crsiseg_C05504_0%7Cmin_0%7Cmax_700000%7Czp_60187;ord=327201365282405[1].htm not found!
File\Folder C:\Users\K Man's Travel Pal\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\M5K3YU55\LBTN;!c=SV;!c=S2L2;!c=BL;!c=HL;uri=;u=t_R%7Ccm_WHEATONIL%7Cst_IL%7Cfrp_1%7Crsiseg_C05504_10054%7Crsiseg_C05504_0%7Cmin_0%7Cmax_700000%7Czp_60187;ord=327201365282405[2].htm not found!
File\Folder C:\Users\K Man's Travel Pal\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\8NADNKQO\bEklMjZudW0lM0QxJTI2c2lnJTNEQU9ENjRfMW9Qb3FNcHZ6VWNWZ0xjZlVCX0RrbjRZY1JxUSUyNmNsaWVudCUzRGNhLXB1Yi05NTE2NjA2MTQ2NDkzNTQyJTI2YWR1cmwlM0QX;sz=728x90;ord=1364392385257;[1].js not found!
File\Folder C:\Users\K Man's Travel Pal\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\8NADNKQO\cm;u=,cm-21188927502_1364393603,12dcfecf020558b,re,cm.2o98;sz=300x250;adx=laphilaprclassic1;env=ifr;ord1=483238;cmw=owl;dcopt=ist;contx=re;cmd=www.realtor.com;btg=cm[1].js not found!
File\Folder C:\Users\K Man's Travel Pal\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\8NADNKQO\eJw1zFEOwiAMgOG79AYUprYchrTSuekEI5iYmN3d8LDn%252F8svjPxrTAxd2iMVeRrExugYtnpLkr%252Bv2iyt5W7XvtYy4oGzdIEo7MbBnRgO%252FXlvaZG2DOyRAcM0E9lFcyaPImqokwavZ0WaNUDc9z9a0yyx[1].htm not found!
File\Folder C:\Users\K Man's Travel Pal\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\8NADNKQO\IL_11;net=cm;u=,cm-11624433079_1364393141,12dcfecf020558b,ads,;sz=728x90;app=ATTadv_IL_11;btg=app0;env=ifr;ord1=833967;cmw=owl;dcopt=ist;contx=ads;cmd=ad.doubleclick[1].js not found!
File\Folder C:\Users\K Man's Travel Pal\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3UBF05H2\seg_C05504_10054_rsiseg_C05504_0_bd_0_bth_0_ct_wheaton_ls_1_max_700000_pt_1_t_cb_zp_60187_zp_60187_p_500k_1mm_yb_1920_add_042111_udbid_1140425784_listingprice_529900[1].js not found!
File\Folder C:\Users\K Man's Travel Pal\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3728BLVG\bEklMjZudW0lM0QxJTI2c2lnJTNEQU9ENjRfM0loejJVTTBxbVE2MnN5a0ozV1Fyek5HTUZUdyUyNmNsaWVudCUzRGNhLXB1Yi05NTE2NjA2MTQ2NDkzNTQyJTI2YWR1cmwlM0QX;sz=728x90;ord=1364392433320;[1].js not found!
File\Folder C:\Users\K Man's Travel Pal\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3728BLVG\LBTN;!c=SV;!c=S2L2;!c=BL;!c=HL;uri=;u=t_R%7Ccm_WHEATONIL%7Cst_IL%7Cfrp_1%7Crsiseg_C05504_10054%7Crsiseg_C05504_0%7Cmin_0%7Cmax_700000%7Czp_60187;ord=327201365282405[1].htm not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Files\Folders moved on Reboot...
File\Folder C:\Users\K Man's Travel Pal\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\M5K3YU55\LBTN;!c=SV;!c=S2L2;!c=BL;!c=HL;uri=;u=t_R%7Ccm_WHEATONIL%7Cst_IL%7Cfrp_1%7Crsiseg_C05504_10054%7Crsiseg_C05504_0%7Cmin_0%7Cmax_700000%7Czp_60187;ord=327201365282405[1].htm not found!
File\Folder C:\Users\K Man's Travel Pal\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\M5K3YU55\LBTN;!c=SV;!c=S2L2;!c=BL;!c=HL;uri=;u=t_R%7Ccm_WHEATONIL%7Cst_IL%7Cfrp_1%7Crsiseg_C05504_10054%7Crsiseg_C05504_0%7Cmin_0%7Cmax_700000%7Czp_60187;ord=327201365282405[2].htm not found!
File\Folder C:\Users\K Man's Travel Pal\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\8NADNKQO\bEklMjZudW0lM0QxJTI2c2lnJTNEQU9ENjRfMW9Qb3FNcHZ6VWNWZ0xjZlVCX0RrbjRZY1JxUSUyNmNsaWVudCUzRGNhLXB1Yi05NTE2NjA2MTQ2NDkzNTQyJTI2YWR1cmwlM0QX;sz=728x90;ord=1364392385257;[1].js not found!
File\Folder C:\Users\K Man's Travel Pal\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\8NADNKQO\cm;u=,cm-21188927502_1364393603,12dcfecf020558b,re,cm.2o98;sz=300x250;adx=laphilaprclassic1;env=ifr;ord1=483238;cmw=owl;dcopt=ist;contx=re;cmd=www.realtor.com;btg=cm[1].js not found!
File\Folder C:\Users\K Man's Travel Pal\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\8NADNKQO\eJw1zFEOwiAMgOG79AYUprYchrTSuekEI5iYmN3d8LDn%252F8svjPxrTAxd2iMVeRrExugYtnpLkr%252Bv2iyt5W7XvtYy4oGzdIEo7MbBnRgO%252FXlvaZG2DOyRAcM0E9lFcyaPImqokwavZ0WaNUDc9z9a0yyx[1].htm not found!
File\Folder C:\Users\K Man's Travel Pal\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\8NADNKQO\IL_11;net=cm;u=,cm-11624433079_1364393141,12dcfecf020558b,ads,;sz=728x90;app=ATTadv_IL_11;btg=app0;env=ifr;ord1=833967;cmw=owl;dcopt=ist;contx=ads;cmd=ad.doubleclick[1].js not found!
File\Folder C:\Users\K Man's Travel Pal\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3UBF05H2\seg_C05504_10054_rsiseg_C05504_0_bd_0_bth_0_ct_wheaton_ls_1_max_700000_pt_1_t_cb_zp_60187_zp_60187_p_500k_1mm_yb_1920_add_042111_udbid_1140425784_listingprice_529900[1].js not found!
File\Folder C:\Users\K Man's Travel Pal\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3728BLVG\bEklMjZudW0lM0QxJTI2c2lnJTNEQU9ENjRfM0loejJVTTBxbVE2MnN5a0ozV1Fyek5HTUZUdyUyNmNsaWVudCUzRGNhLXB1Yi05NTE2NjA2MTQ2NDkzNTQyJTI2YWR1cmwlM0QX;sz=728x90;ord=1364392433320;[1].js not found!
File\Folder C:\Users\K Man's Travel Pal\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5\3728BLVG\LBTN;!c=SV;!c=S2L2;!c=BL;!c=HL;uri=;u=t_R%7Ccm_WHEATONIL%7Cst_IL%7Cfrp_1%7Crsiseg_C05504_10054%7Crsiseg_C05504_0%7Cmin_0%7Cmax_700000%7Czp_60187;ord=327201365282405[1].htm not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...









All processes killed
Error: Unable to interpret <:OTLO15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites):Filesnetsh advfirewall reset /cnetsh advfirewall set allprofiles state off /c :Commands[EMPTYTEMP]> in the current context!

OTL by OldTimer - Version 3.2.69.0 log created on 03282013_100514

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#20
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Conrad,

I'm not sure what's happened to the last log so we'll have to grab another one:

OTL

  • Double click on the OTL icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
When the scan completes, it will open a notepad window: OTL.txt. This is saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of this file and paste it into your reply.

Tom
  • 0

#21
Conrad 678

Conrad 678

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Hope this is what you are looking for.

Thanks!

OTL logfile created on: 4/4/2013 7:46:18 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\K Man's Travel Pal\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.10 Mb Total Physical Memory | 264.42 Mb Available Physical Memory | 26.10% Memory free
1.99 Gb Paging File | 1.09 Gb Available in Paging File | 54.97% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 135.94 Gb Total Space | 96.29 Gb Free Space | 70.83% Space Free | Partition Type: NTFS

Computer Name: KMANSTRAVELPAL | User Name: K Man's Travel Pal | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/26 10:02:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\K Man's Travel Pal\Desktop\OTL.exe
PRC - [2013/03/13 06:25:41 | 000,706,776 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe
PRC - [2013/02/19 15:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2013/02/19 15:08:52 | 000,169,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
PRC - [2013/02/19 15:06:50 | 000,203,840 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2013/01/14 19:00:22 | 001,278,064 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2012/11/22 21:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/04/23 10:46:32 | 000,735,776 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2010/04/17 00:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe
PRC - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe
PRC - [2010/04/07 23:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe
PRC - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
PRC - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - [2013/03/13 06:26:02 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/19 15:12:14 | 000,172,416 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2013/02/19 15:08:52 | 000,169,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2013/02/19 15:06:50 | 000,203,840 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/11/16 22:07:20 | 000,279,048 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2012/08/31 13:20:06 | 000,167,784 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/05/11 22:28:14 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2010/04/23 10:46:32 | 000,735,776 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2010/04/17 00:56:48 | 000,305,520 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/04/13 20:11:14 | 000,229,688 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBKbackup.exe -- (MOBKbackup)
SRV - [2010/04/07 23:18:40 | 000,312,400 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/01/29 18:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2010/01/28 18:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2010/01/08 08:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/10/09 21:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Acer Games\Acer Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/06/04 21:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - [2013/02/19 15:15:04 | 000,060,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2013/02/19 15:12:24 | 000,210,608 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2013/02/19 15:10:52 | 000,092,632 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2013/02/19 15:09:52 | 000,565,888 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2013/02/19 15:09:02 | 000,363,080 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2013/02/19 15:08:40 | 000,065,928 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2013/02/19 15:08:20 | 000,235,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2013/02/19 15:07:50 | 000,133,416 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/04/20 16:40:44 | 000,146,872 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HipShieldK.sys -- (HipShieldK)
DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/04/21 02:47:36 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010/04/13 20:10:22 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\MOBK.sys -- (MOBKFilter)
DRV - [2010/04/06 21:04:42 | 001,792,512 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2010/03/02 01:23:36 | 000,082,384 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2009/06/02 21:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2009/06/02 21:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009/06/02 21:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer...34wwi5w46n2t259
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...AW_enUS435US435
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...AW_enUS435US435
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/05 19:38:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/03/11 21:45:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013/04/04 19:45:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\McAfee\MSK [2013/03/21 05:45:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/02/05 19:38:05 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20130326094546.dll (McAfee, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html File not found
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34D1D2B6-CA20-4F70-97C5-CC1B7A119B89}: DhcpNameServer = 10.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8100D57F-88F9-4E95-BA58-1A8EB8A668D9}: DhcpNameServer = 4.2.2.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/04 20:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/03/28 12:54:21 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\K Man's Travel Pal\Desktop\aswMBR.exe
[2013/03/28 09:57:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/26 12:17:09 | 005,044,718 | ---- | C] (Swearware) -- C:\Users\K Man's Travel Pal\Desktop\ComboFix.exe
[2013/03/26 10:02:38 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\K Man's Travel Pal\Desktop\OTL.exe
[2013/03/25 20:31:21 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/03/23 08:56:56 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/03/23 08:56:43 | 000,000,000 | ---D | C] -- C:\Users\K Man's Travel Pal\AppData\Local\temp
[2013/03/16 16:31:51 | 000,000,000 | ---D | C] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
[2013/03/15 21:02:22 | 000,000,000 | ---D | C] -- C:\Users\K Man's Travel Pal\AppData\Roaming\cef-cache
[2013/03/15 21:00:43 | 000,000,000 | ---D | C] -- C:\Users\K Man's Travel Pal\AppData\Roaming\PPNet
[2013/03/15 20:57:36 | 000,000,000 | ---D | C] -- C:\Programs
[2013/03/14 21:16:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/03/14 20:33:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/03/14 20:33:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/03/09 10:18:24 | 000,000,000 | ---D | C] -- C:\TRAUMEREI
[2013/03/09 10:18:22 | 000,000,000 | ---D | C] -- C:\ST. ANTHONY DIVERTIMENTO
[2013/03/09 10:18:21 | 000,000,000 | ---D | C] -- C:\Prophetiae Sibyllarum
[2013/03/09 10:18:21 | 000,000,000 | ---D | C] -- C:\PRELUDIO
[2013/03/09 10:18:20 | 000,000,000 | ---D | C] -- C:\Prelude & Fugue #12 in F Min (WTC, Book I)
[2013/03/09 10:18:19 | 000,000,000 | ---D | C] -- C:\PACHELBEL MOTET
[2013/03/09 10:18:19 | 000,000,000 | ---D | C] -- C:\O HOLY NIGHT
[2013/03/09 10:18:17 | 000,000,000 | ---D | C] -- C:\NON PIU ANDRAI
[2013/03/09 10:18:15 | 000,000,000 | ---D | C] -- C:\LARGO AL FACTOTUM
[2013/03/09 10:18:14 | 000,000,000 | ---D | C] -- C:\HOW LOVELY IS THY DWELLING PLACE
[2013/03/09 10:18:13 | 000,000,000 | ---D | C] -- C:\FESTIVAL PRELUDE
[2013/03/09 10:18:12 | 000,000,000 | ---D | C] -- C:\ELEVAZIONE
[2013/03/09 10:18:09 | 000,000,000 | ---D | C] -- C:\BRUNNER NATIONAL GUARD
[2013/03/09 10:18:08 | 000,000,000 | ---D | C] -- C:\Battaglia Galiard
[2013/03/09 10:18:08 | 000,000,000 | ---D | C] -- C:\AVE MARIA (BUONAMICI)
[2013/03/09 10:18:04 | 000,000,000 | ---D | C] -- C:\ALTE KAMERADEN
[2013/03/09 10:18:02 | 000,000,000 | ---D | C] -- C:\ALLEIN AUF GOTES WORT
[2013/03/09 10:18:02 | 000,000,000 | ---D | C] -- C:\A SCHUMANN SAMPLER
[2013/03/09 10:18:01 | 000,000,000 | ---D | C] -- C:\A MES YEUX ENCHANTES
[2013/03/09 10:06:15 | 000,000,000 | ---D | C] -- C:\24 Bach Chorales
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/04 19:49:18 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/04 19:49:18 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/04 19:45:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/04 19:43:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/04 19:41:35 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/04 19:41:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/04 19:41:12 | 796,733,440 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/31 19:43:29 | 000,000,428 | ---- | M] () -- C:\Windows\tasks\vtscheduletask.job
[2013/03/28 12:55:58 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\K Man's Travel Pal\Desktop\aswMBR.exe
[2013/03/26 12:17:11 | 005,044,718 | ---- | M] (Swearware) -- C:\Users\K Man's Travel Pal\Desktop\ComboFix.exe
[2013/03/26 10:02:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\K Man's Travel Pal\Desktop\OTL.exe
[2013/03/16 16:31:52 | 000,001,083 | ---- | M] () -- C:\Users\K Man's Travel Pal\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.net.lnk
[2013/03/16 16:31:52 | 000,001,059 | ---- | M] () -- C:\Users\K Man's Travel Pal\Desktop\PokerStars.net.lnk
[2013/03/09 10:06:05 | 000,000,378 | ---- | M] () -- C:\Users\K Man's Travel Pal\Desktop\Removable Disk (D) - Shortcut.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/16 16:31:52 | 000,001,083 | ---- | C] () -- C:\Users\K Man's Travel Pal\Application Data\Microsoft\Internet Explorer\Quick Launch\PokerStars.net.lnk
[2013/03/16 16:31:52 | 000,001,059 | ---- | C] () -- C:\Users\K Man's Travel Pal\Desktop\PokerStars.net.lnk
[2013/03/09 10:06:05 | 000,000,378 | ---- | C] () -- C:\Users\K Man's Travel Pal\Desktop\Removable Disk (D) - Shortcut.lnk
[2013/01/15 20:46:11 | 000,007,870 | -HS- | C] () -- C:\Users\K Man's Travel Pal\AppData\Local\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2013/01/15 20:46:11 | 000,007,870 | -HS- | C] () -- C:\ProgramData\1pb78m8n6he1l1565b3k36w7o7of8ksb88y53s63tpqg0vl
[2012/12/26 16:01:37 | 000,751,078 | ---- | C] () -- C:\Users\K Man's Travel Pal\AppData\Roaming\1.bmp
[2012/12/26 16:01:25 | 000,018,252 | ---- | C] () -- C:\Users\K Man's Travel Pal\AppData\Roaming\sound.mp3
[2012/12/26 16:01:20 | 000,114,890 | ---- | C] () -- C:\Users\K Man's Travel Pal\AppData\Roaming\1.jpg
[2012/02/05 19:19:05 | 000,221,287 | ---- | C] () -- C:\Windows\hpoins19.dat
[2012/02/05 19:19:05 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011/06/14 20:45:11 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2011/06/12 16:23:33 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011/06/12 16:23:33 | 000,000,302 | ---- | C] () -- C:\Windows\PidList_C.ini
[2011/06/12 16:23:30 | 000,113,264 | ---- | C] () -- C:\Windows\FixUVC.exe

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/02/25 22:34:43 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\.minecraft
[2012/11/17 14:13:04 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Audacity
[2013/03/15 21:02:22 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\cef-cache
[2012/02/25 18:31:17 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\MakeMusic
[2013/03/15 21:00:43 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\PPNet
[2011/08/06 12:23:23 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\WildTangent
[2011/08/30 20:38:23 | 000,000,000 | ---D | M] -- C:\Users\K Man's Travel Pal\AppData\Roaming\Windows Live Writer

========== Purity Check ==========



< End of report >
  • 0

#22
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Conrad,

That's great, thanks. There's only one thing that needs to be fixed now:

Command Prompt

Warning: this fix is specific to the user in this thread. No one else should follow these instructions as it may cause more harm than good. If you are after assistance, please start a thread of your own.

  • Click on the Start Posted Image button and in the search box, type Command Prompt
  • When you see Command Prompt on the list, right-click on it and select Run as administrator
  • When command prompt opens, copy and paste the following commands into it, press enter after each

    netsh advfirewall reset

    netsh advfirewall set allprofiles state off

  • Right-click on the Command Prompt window and click Select All, this will invert all of the colours by selecting the text, now press enter. All of this text is now copied.
  • Paste (Ctrl+V) it into your next post please.

Tom
  • 0

#23
Conrad 678

Conrad 678

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
I hope I did this correctly....


Microsoft Windows [Version 6.1.7601]
Copyright © 2009 Microsoft Corporation. All rights reserved.

C:\Windows\system32>netsh advfirewall reset
Ok.


C:\Windows\system32>netsh advfirewall set allprofiles state off
Ok.


C:\Windows\system32>
  • 0

#24
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Conrad,

Your system is now clear of malware and your firewall is up and running. Now we need to tidy up after ourselves:

OTL CleanUp

  • Open OTL
  • Click CleanUp
This will remove all of the tools that we have used (and their subsequent logs) from your system, leaving you as good as new.

WOT Link Scanning

  • Install WOT (Web Of Trust) from here Safe Browsing Tool - WOT
  • This program provides information about the safety of websites and links that you visit.
  • The ratings can be found below:

    Green - Website is highly rated
    Yellow - Website should be used with caution
    Red - Website should be avoided
  • A complete list of the symbols can be found here
WOT provides colour coded link scanning for websites and allows you to see whether a link you are about to click on is bad - e.g. malicious.

Uninstall ComboFix

  • Hold the Windows Key and press R to bring up the Run dialogue box
  • In this box, type Combofix /Uninstall and press OK
    Notice the space between the x and the /

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled


System Restore

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete
You are now done


I'm in such a rush at the moment but I will post further instructions later for updating the various software you have on your computer that poses a security risk :)

Tom
  • 0

#25
Conrad 678

Conrad 678

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Thank you Tom. I do appreciate this.
  • 0

Advertisements


#26
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Conrad,

It appears that your Adobe Reader and Java are both very out of date. It is essential to keep software, especially these two (and Adobe Flash, but yours is up to date), up to date to patch the various security exploits that they have. There is a very good chance that this is how you were infected in the first place!

Uninstall Software

  • Click on the Start Posted Image button and select Control Panel
  • Click on Programs then click on Uninstall a program
  • You will now see a list of your installed software, double click on the following one by one to uninstall them:

    • Adobe Reader 9.5.3
  • Once you have done this, reboot your computer

Then download and install the latest version from here: http://get.adobe.com/uk/reader/

Make sure you deselect the option: Yes, install McAfee Security Scan Plus - optional

Do you use Java? You may or may not be aware of the various security risks of using Java that were recently exposed. Government organisations have started to recommend people stop using it:

http://news.cnet.com...n-after-update/

If you do use Java for offline purposes, games or software etc., then we can just remove the browser plugin (the insecure component) but otherwise I would highly recommend that you uninstall Java using JavaRA:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components.

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, then click on Remove Java Runtime.
  • Select the Java version you have from the drop down list, and then click on Run Uninstaller
  • Press Yes if it asks to uninstall the product.
  • Allow the uninstaller to remove the installed version.
  • Reboot when finished

Tom
  • 0

#27
Conrad 678

Conrad 678

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
The Adobe part went fine, but it wouldn't let me download the JavaRa. I got a message that said: unable to load the required resources. Error text: failed to initialize dialog.

What next?
  • 0

#28
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Conrad,

I have uploaded a copy for you, try downloading it from here: https://dl.dropboxus...7616/JavaRa.zip

Tom
  • 0

#29
tom982

tom982

    Member 1K

  • Member
  • PipPipPipPip
  • 1,183 posts
Hi Conrad,

It's been a few days since I last heard from you, are you having any problems with the JavaRa fix? Threads are closed after 3 days of inactivity but if you need more time then just let me know and we can sort something out.

Tom
  • 0

#30
Conrad 678

Conrad 678

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 103 posts
Everything seems to be OK now. Sorry I didn't respond sooner. Thanks for all your help.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP