Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

A haunting, transparent virus that I can't get rid of. [Solved]


  • This topic is locked This topic is locked

#16
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hello there, I have had a good sleep and all my dreams take place within System 32 :wacko:

We need to uninstall a program, run an OTL fix, Defragment the Hard Drive and I'm afraid run ChkDsk again. Oh No I hear you say, but it has to be done. I'm hoping it will only take a couple of hours this time, so fingers crossed please.



1. Uninstall
  • In control panel click Uninstall a Program or Programs and Features and uninstall:
  • Protected Folder - This is an IObit program and a must uninstall.
  • IObit Games Booster - It's up to you if you want to keep this or not. What I find with Games Boosters is that they use the memory that they save by running in the background!


2. OTL Fix

Open OTL then Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

:COMMANDS
[CREATERESTOREPOINT]

:OTL
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\Bearbear\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\

O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll (IObit)
O4 - HKLM..\Run: [IObit Malware Fighter] C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe (IObit)
O4 - HKU\S-1-5-21-3713297176-944618025-1417552208-1000..\Run: [Advanced SystemCare 6] C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe (IObit)
O4 - HKU\S-1-5-21-3713297176-944618025-1417552208-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-3713297176-944618025-1417552208-1000..\Run: [SmartRAM] C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suo10_SmartRAM.exe (IObit)

[2013/05/23 02:16:19 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\PMB Files
[2013/05/23 02:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2013/05/23 02:15:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2013/05/23 02:15:53 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\.swt
[2013/05/23 01:47:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
[2013/05/23 01:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2
[2013/05/23 01:37:43 | 000,026,432 | ---- | C] (IObit) -- C:\Windows\SysNative\RegistryDefragBootTime.exe
[2013/05/23 00:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6
[2013/05/23 00:35:15 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\IObit
[2013/05/23 00:34:30 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2013/05/23 00:34:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2013/05/23 01:47:02 | 000,001,173 | ---- | M] () -- C:\Users\Public\Desktop\IObit Malware Fighter.lnk
[2013/05/23 00:35:49 | 000,001,221 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 6.lnk
[2013/05/23 01:47:01 | 000,017,720 | ---- | C] () -- C:\Windows\SysNative\drivers\SmartDefragDriver.sys

:REG
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F835D09-AD29-4403-B134-EAB34D9CF325}" =-
"{2346D129-2C24-42B4-AEC7-C34DF13CD87F}" =-
"{691A6F4C-934E-4B80-A263-614B56496344}" =-
"{8011E6A4-C51C-46D5-949A-5727DACEEA00}" =-
"{BB4518FB-8EEF-4D93-BFCD-419D9386F3FD}" =-
"{DE94B6D0-8A6D-449D-9FFE-AAB574813B2A}" =-

:COMMANDS
[REBOOT]

  • Then click Run Fix
  • Click O.K to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste Fix Log in your next reply.


3. Defragment the Hard-Drive
  • Click Start , then click Run... then type in CMD and click on OK.
  • At the Command Prompt C:\ > type the following:
  • CD C:\ and press the Enter key.
  • Now type in DEFRAG C: -F
  • An Analysis report will be displayed and then Windows will start the Deragmentation run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Type in EXIT and and press the Enter key to close the command window.

4. Error Checking
  • Click Start and in the search box type CMD - You should see CMD under programs, right click and Run as Administrator.
  • CMD window will open, at the prompt copy and paste the following: CHKDSK C: /F /R and press Enter
  • Choose Yes (Y) at the next prompt to schedule disk check and press enter.
  • Exit CMD by typing exit
  • Restart computer. This will check your hard drive for errors. I dont need to see a log just inform me if errors were found and fixed.

  • 0

Advertisements


#17
Neinei

Neinei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I got the best sleep in years last night. Even though I'm 16 and still have life ahead of me. ^^
Done.
I am now running the defragmentation in CMD. It gave me an error at first because it wasn't elevated. :)
My computer is a bit slower to respond here and there, but the sticky windows aren't as horrendously slow as before I posted in G2G.
I believe I am supposed to give you yesterdays CHKDSK log as well? Or am I going to give you both logs at once?
Also, it has been a while since defragmentation has automatically started after presenting the Pre-Defragmentation report. Maybe 15 minutes now. Is that normal?

OTL Fix Log:

========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin\ deleted successfully.
File C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin\ not found.
File C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll not found.
File C:\Users\Bearbear\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0 not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}\ not found.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\ASCPlugin_Protection.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IObit Malware Fighter not found.
File C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe not found.
Registry value HKEY_USERS\S-1-5-21-3713297176-944618025-1417552208-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced SystemCare 6 not found.
File C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCTray.exe not found.
Registry value HKEY_USERS\S-1-5-21-3713297176-944618025-1417552208-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster not found.
File C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe not found.
Registry value HKEY_USERS\S-1-5-21-3713297176-944618025-1417552208-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SmartRAM deleted successfully.
File C:\Program Files (x86)\IObit\Advanced SystemCare 6\Suo10_SmartRAM.exe not found.
Folder C:\Users\Bearbear\AppData\Local\PMB Files\ not found.
Folder C:\ProgramData\PMB Files\ not found.
C:\Program Files (x86)\Pando Networks folder moved successfully.
C:\Users\Bearbear\.swt\lib\win32\x86 folder moved successfully.
C:\Users\Bearbear\.swt\lib\win32 folder moved successfully.
C:\Users\Bearbear\.swt\lib folder moved successfully.
C:\Users\Bearbear\.swt folder moved successfully.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter\ not found.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 2\ not found.
C:\Windows\SysNative\RegistryDefragBootTime.exe moved successfully.
Folder C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 6\ not found.
C:\Users\Bearbear\AppData\Roaming\IObit\Smart Defrag 2 folder moved successfully.
C:\Users\Bearbear\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Users\Bearbear\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\Bearbear\AppData\Roaming\IObit\IObit Malware Fighter folder moved successfully.
C:\Users\Bearbear\AppData\Roaming\IObit\Advanced SystemCare V6\Startup Manager folder moved successfully.
C:\Users\Bearbear\AppData\Roaming\IObit\Advanced SystemCare V6\SmartRAM folder moved successfully.
C:\Users\Bearbear\AppData\Roaming\IObit\Advanced SystemCare V6\Registrycleaner\backup\Registry folder moved successfully.
C:\Users\Bearbear\AppData\Roaming\IObit\Advanced SystemCare V6\Registrycleaner\backup folder moved successfully.
C:\Users\Bearbear\AppData\Roaming\IObit\Advanced SystemCare V6\Registrycleaner folder moved successfully.
C:\Users\Bearbear\AppData\Roaming\IObit\Advanced SystemCare V6\Log folder moved successfully.
C:\Users\Bearbear\AppData\Roaming\IObit\Advanced SystemCare V6\Internet Booster folder moved successfully.
C:\Users\Bearbear\AppData\Roaming\IObit\Advanced SystemCare V6\DiskCleaner folder moved successfully.
C:\Users\Bearbear\AppData\Roaming\IObit\Advanced SystemCare V6\ClonedFilesScanner folder moved successfully.
C:\Users\Bearbear\AppData\Roaming\IObit\Advanced SystemCare V6\Boottime folder moved successfully.
C:\Users\Bearbear\AppData\Roaming\IObit\Advanced SystemCare V6\Backup folder moved successfully.
C:\Users\Bearbear\AppData\Roaming\IObit\Advanced SystemCare V6 folder moved successfully.
C:\Users\Bearbear\AppData\Roaming\IObit folder moved successfully.
C:\ProgramData\IObit\Protected Folder folder moved successfully.
C:\ProgramData\IObit\Game Booster 3\BackLnk folder moved successfully.
C:\ProgramData\IObit\Game Booster 3 folder moved successfully.
C:\ProgramData\IObit\ASCDownloader folder moved successfully.
C:\ProgramData\IObit\Advanced SystemCare V6 folder moved successfully.
C:\ProgramData\IObit folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2\Update folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Smart Defrag 2 folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\log\scan folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\log\realtime folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter\log folder moved successfully.
C:\Program Files (x86)\IObit\IObit Malware Fighter folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster 3\Update folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster 3\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster 3\LatestGames folder moved successfully.
C:\Program Files (x86)\IObit\Game Booster 3 folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\Toolbox_Download folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\SecurityHole_Backup folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\LatestNews folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\images folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\BootTimeLog folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCServiceLog folder moved successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 6 folder moved successfully.
C:\Program Files (x86)\IObit folder moved successfully.
File C:\Users\Public\Desktop\IObit Malware Fighter.lnk not found.
File C:\Users\Public\Desktop\Advanced SystemCare 6.lnk not found.
File C:\Windows\SysNative\drivers\SmartDefragDriver.sys not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1F835D09-AD29-4403-B134-EAB34D9CF325} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F835D09-AD29-4403-B134-EAB34D9CF325}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2346D129-2C24-42B4-AEC7-C34DF13CD87F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2346D129-2C24-42B4-AEC7-C34DF13CD87F}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{691A6F4C-934E-4B80-A263-614B56496344} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{691A6F4C-934E-4B80-A263-614B56496344}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8011E6A4-C51C-46D5-949A-5727DACEEA00} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8011E6A4-C51C-46D5-949A-5727DACEEA00}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BB4518FB-8EEF-4D93-BFCD-419D9386F3FD} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB4518FB-8EEF-4D93-BFCD-419D9386F3FD}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DE94B6D0-8A6D-449D-9FFE-AAB574813B2A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE94B6D0-8A6D-449D-9FFE-AAB574813B2A}\ not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 05272013_151118
  • 0

#18
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Defrag will take some time to complete.

I will ask for the ChkDsk results after the 2nd run. I will post instructions on how to do this Posted Image
  • 0

#19
Neinei

Neinei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Alright. The CHKDSK has now completed. Read for the next instructions tomorrow. ^^
  • 0

#20
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi Neinei, apologies for not including running an elevated CMD, you have done well there so give yourself a pat on the back and a slap on the wrist for me :)

This post we will run some scans to check for any hangers on and also retrieve the ChkDsk results. Here you go:

1. DOWNLOAD and INSTALL MALWAREBYTES
  • Download and follow prompts to install Malwarebytes
  • Before clicking Finish Uncheck the Start Free Trial checkbox if present and Select the Update and Launch Checkboxes.
  • Click Finish
  • Any updates found will now be installed and the main screen loads.
  • Select Perform quick scan and click Scan
  • The scan will take a few minutes. Once complete click O.K and Show Results
  • Make sure anything found is checked and click Remove Selected
  • A reboot may be needed please proceed if asked.
  • When complete, a log will open in Notepad. Please paste this in your next reply.
  • If reboot was needed the log is automatically saved by MBAM and can be viewed by clicking the Logs tab then Open log

2. ESET SCAN ONLY
Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Uncheck the Remove Found Threats box. I want to check the results first as ESET may remove a false positive otherwise :)
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you copy the logfile
  • Then click on: Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste the log in your next reply.

3. CHKDSK LOG
  • Click Start and in the search box type Event Viewer and press Enter
  • Click the small arrow to the left of Windows Logs then click Applications the events will show in a few seconds.
  • Scroll down the information list to locate the Wininit entry then Double click Wininit
  • In the window that pops up select Copy then open Notepad and Paste the log there.
  • Copy and Paste the log in your reply :)
[attachment=64823:Event Viewer img.jpg]


4. OTL SCAN
  • Right click the OTL icon and select Run as Administrator.
  • Make sure the following boxes are checked:
  • Scan All Users
  • Use Company-Name WhiteList
  • Skip Microsoft Files
  • Use No-Company-Name WhiteList
  • Now Click Run Scan
  • OTL will now scan your computer and produce 1 log file. OTL.txt
  • Post both in your next reply

Things I want to see in your next post.
  • Malwarebytes Log
  • ESET Log
  • ChkDsk Log
  • OTL Scan.

  • 1

#21
Neinei

Neinei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.


Instructions followed carefully. This was the only flaw. :) I needed to be in Program Files (x86) for this. I don't know why, but I get excited each time it's time for more instructions. XD Anyway, my computer is slightly slow to respond again, I'm noticing.

MBAM Log:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.05.28.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Bearbear :: BEARBEAR-PC [administrator]

5/28/2013 10:20:45 AM
mbam-log-2013-05-28 (10-20-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206518
Time elapsed: 1 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET Log:


[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=867055602ff37e4582746203b015de0a
# engine=13939
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-05-28 04:33:55
# local_time=2013-05-28 11:33:55 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 0 121302285 0 0
# scanned=103241
# found=0
# cleaned=0
# scan_time=3897

Wininit/CHKDSK Log:


Log Name: Application
Source: Microsoft-Windows-Wininit
Date: 5/28/2013 12:03:09 AM
Event ID: 1001
Task Category: None
Level: Information
Keywords: Classic
User: N/A
Computer: Bearbear-PC
Description:


Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
152320 file records processed.

File verification completed.
223 large file records processed.

0 bad file records processed.

0 EA records processed.

44 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
188898 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
152320 file SDs/SIDs processed.

Cleaning up 12 unused index entries from index $SII of file 0x9.
Cleaning up 12 unused index entries from index $SDH of file 0x9.
Cleaning up 12 unused security descriptors.
Security descriptor verification completed.
18290 data files processed.

CHKDSK is verifying Usn Journal...
33643456 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Read failure with status 0xc0000185 at offset 0x4c34b01000 for 0x10000 bytes.
Read failure with status 0xc0000185 at offset 0x4c34b01000 for 0x1000 bytes.
Read failure with status 0xc0000185 at offset 0x4c35da3000 for 0x10000 bytes.
Read failure with status 0xc0000185 at offset 0x4c35da6000 for 0x1000 bytes.
Read failure with status 0xc0000185 at offset 0x4c36d4f000 for 0x10000 bytes.
Read failure with status 0xc0000185 at offset 0x4c36d4f000 for 0x1000 bytes.
Windows replaced bad clusters in file 13618
of name \Nexon\Mabinogi\package\145_FU~1.PAC.
152304 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
149966089 free clusters processed.

Free space verification is complete.
Adding 411 bad clusters to the Bad Clusters File.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

625027071 KB total disk space.
24753916 KB in 83359 files.
64140 KB in 18291 indexes.
75372 KB in bad sectors.
270919 KB in use by the system.
65536 KB occupied by the log file.
599862724 KB available on disk.

4096 bytes in each allocation unit.
156256767 total allocation units on disk.
149965681 allocation units available on disk.

Internal Info:
00 53 02 00 1e 8d 01 00 a1 1d 03 00 00 00 00 00 .S..............
87 00 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 ....,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.

Event Xml:
<Event xmlns="http://schemas.micro.../events/event">
<System>
<Provider Name="Microsoft-Windows-Wininit" Guid="{206f6dea-d3c5-4d10-bc72-989f03c8b84b}" EventSourceName="Wininit" />
<EventID Qualifiers="16384">1001</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2013-05-28T05:03:09.000000000Z" />
<EventRecordID>1545</EventRecordID>
<Correlation />
<Execution ProcessID="0" ThreadID="0" />
<Channel>Application</Channel>
<Computer>Bearbear-PC</Computer>
<Security />
</System>
<EventData>
<Data>

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)...
152320 file records processed.

File verification completed.
223 large file records processed.

0 bad file records processed.

0 EA records processed.

44 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)...
188898 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)...
152320 file SDs/SIDs processed.

Cleaning up 12 unused index entries from index $SII of file 0x9.
Cleaning up 12 unused index entries from index $SDH of file 0x9.
Cleaning up 12 unused security descriptors.
Security descriptor verification completed.
18290 data files processed.

CHKDSK is verifying Usn Journal...
33643456 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)...
Read failure with status 0xc0000185 at offset 0x4c34b01000 for 0x10000 bytes.
Read failure with status 0xc0000185 at offset 0x4c34b01000 for 0x1000 bytes.
Read failure with status 0xc0000185 at offset 0x4c35da3000 for 0x10000 bytes.
Read failure with status 0xc0000185 at offset 0x4c35da6000 for 0x1000 bytes.
Read failure with status 0xc0000185 at offset 0x4c36d4f000 for 0x10000 bytes.
Read failure with status 0xc0000185 at offset 0x4c36d4f000 for 0x1000 bytes.
Windows replaced bad clusters in file 13618
of name \Nexon\Mabinogi\package\145_FU~1.PAC.
152304 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
149966089 free clusters processed.

Free space verification is complete.
Adding 411 bad clusters to the Bad Clusters File.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.

625027071 KB total disk space.
24753916 KB in 83359 files.
64140 KB in 18291 indexes.
75372 KB in bad sectors.
270919 KB in use by the system.
65536 KB occupied by the log file.
599862724 KB available on disk.

4096 bytes in each allocation unit.
156256767 total allocation units on disk.
149965681 allocation units available on disk.

Internal Info:
00 53 02 00 1e 8d 01 00 a1 1d 03 00 00 00 00 00 .S..............
87 00 00 00 2c 00 00 00 00 00 00 00 00 00 00 00 ....,...........
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

Windows has finished checking your disk.
Please wait while your computer restarts.
</Data>
</EventData>
</Event>

OTL Log:

OTL logfile created on: 5/28/2013 12:17:26 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bearbear\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.91 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 65.31% Memory free
7.82 Gb Paging File | 6.51 Gb Available in Paging File | 83.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 596.07 Gb Total Space | 571.88 Gb Free Space | 95.94% Space Free | Partition Type: NTFS

Computer Name: BEARBEAR-PC | User Name: Bearbear | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/23 07:33:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bearbear\Desktop\OTL.exe
PRC - [2013/05/23 00:44:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/02/07 12:35:46 | 000,546,944 | ---- | M] (ESET) -- C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
PRC - [2011/02/01 13:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2011/02/01 13:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe


========== Modules (No Company Name) ==========

MOD - [2013/05/23 00:44:07 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppgooglenaclpluginchrome.dll
MOD - [2013/05/23 00:43:59 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013/05/23 00:43:06 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
MOD - [2013/05/23 00:43:05 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libegl.dll
MOD - [2013/05/23 00:43:03 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/01/27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/01/27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/10/19 14:51:44 | 001,430,288 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV:64bit: - [2010/10/19 14:31:40 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010/10/19 14:29:38 | 000,838,928 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/02/01 13:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/02/01 13:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/01/20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/26 08:21:28 | 000,174,680 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2011/04/05 03:10:16 | 012,262,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 14:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 14:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010/11/20 22:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 22:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/10/19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/18 02:21:32 | 008,153,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/29 08:16:20 | 000,014,784 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Thpevm.sys -- (Thpevm)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007/11/09 05:00:30 | 000,026,968 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3713297176-944618025-1417552208-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3713297176-944618025-1417552208-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3713297176-944618025-1417552208-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E5 53 C0 C3 68 57 CE 01 [binary data]
IE - HKU\S-1-5-21-3713297176-944618025-1417552208-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3713297176-944618025-1417552208-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Bearbear\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\Bearbear\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Google Search = C:\Users\Bearbear\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Wolf and the Ice Planet = C:\Users\Bearbear\AppData\Local\Google\Chrome\User Data\Default\Extensions\gffkhmkbijdmbncaoclaclldnbndflck\1_0\

O1 HOSTS File: ([2013/05/25 08:14:26 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D22093CA-E336-4018-A821-01CC23D08FDF}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/28 10:25:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/05/28 10:20:05 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\Malwarebytes
[2013/05/28 10:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/05/28 10:19:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/05/28 10:19:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/05/28 10:19:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/05/25 15:23:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/05/25 15:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/05/25 08:14:25 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/05/23 21:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2013/05/23 13:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonUS
[2013/05/23 13:35:31 | 000,000,000 | --SD | C] -- C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mabinogi
[2013/05/23 13:35:28 | 000,000,000 | ---D | C] -- C:\Nexon
[2013/05/23 12:37:01 | 000,000,000 | --SD | C] -- C:\Users\Bearbear\Documents\Mabinogi
[2013/05/23 07:52:12 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Bearbear\Desktop\OTL.exe
[2013/05/23 01:54:10 | 000,000,000 | ---D | C] -- C:\Windows\tasks\TaskDisabled
[2013/05/23 00:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/05/23 00:35:53 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\Apple Computer
[2013/05/23 00:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}
[2013/05/22 23:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/05/22 23:33:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/05/22 23:31:25 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Programs
[2013/05/22 23:06:59 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\Adobe
[2013/05/22 23:02:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2013/05/22 23:02:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2013/05/22 22:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/22 22:52:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/05/22 22:52:27 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Google
[2013/05/22 22:52:17 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Deployment
[2013/05/22 21:22:09 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
[2013/05/22 21:22:09 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Apps
[2013/05/22 21:18:14 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\Intel
[2013/05/22 21:16:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
[2013/05/22 21:15:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013/05/22 21:15:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2013/05/22 21:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013/05/22 21:15:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco
[2013/05/22 20:55:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent
[2013/05/22 20:55:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/05/22 20:55:11 | 000,000,000 | ---D | C] -- C:\Intel
[2013/05/22 20:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013/05/22 20:37:36 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Diagnostics
[2013/05/22 20:34:40 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Toshiba
[2013/05/22 20:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Toshiba
[2013/05/22 20:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
[2013/05/22 20:33:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOSHIBA
[2013/05/22 20:28:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Renesas Electronics
[2013/05/22 20:27:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[2013/05/22 18:05:48 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/05/22 16:47:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2013/05/22 16:47:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013/05/22 16:47:23 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013/05/22 16:46:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013/05/22 16:46:49 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/05/22 16:46:42 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013/05/22 16:46:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/05/22 16:46:39 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\WinBatch
[2013/05/22 09:14:18 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/05/22 09:14:18 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Searches
[2013/05/22 09:14:18 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/05/22 09:14:18 | 000,000,000 | -H-D | C] -- C:\Users\Bearbear\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/05/22 09:14:08 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\Identities
[2013/05/22 09:14:05 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Contacts
[2013/05/22 09:14:04 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\VirtualStore
[2013/05/22 09:13:54 | 000,000,000 | --SD | C] -- C:\Users\Bearbear\AppData\Roaming\Microsoft
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Videos
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Saved Games
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Pictures
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Music
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Links
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Favorites
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Downloads
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Documents
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\Desktop
[2013/05/22 09:13:54 | 000,000,000 | R--D | C] -- C:\Users\Bearbear\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\AppData\Local\Temporary Internet Files
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Templates
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Start Menu
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\SendTo
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Recent
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\PrintHood
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\NetHood
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Documents\My Videos
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Documents\My Pictures
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Documents\My Music
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\My Documents
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Local Settings
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\AppData\Local\History
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Cookies
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\Application Data
[2013/05/22 09:13:54 | 000,000,000 | -HSD | C] -- C:\Users\Bearbear\AppData\Local\Application Data
[2013/05/22 09:13:54 | 000,000,000 | -H-D | C] -- C:\Users\Bearbear\AppData
[2013/05/22 09:13:54 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Temp
[2013/05/22 09:13:54 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Local\Microsoft
[2013/05/22 09:13:54 | 000,000,000 | ---D | C] -- C:\Users\Bearbear\AppData\Roaming\Media Center Programs
[2013/05/22 09:05:11 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/05/22 08:47:49 | 000,000,000 | ---D | C] -- C:\Windows.old
[2013/05/22 08:08:27 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/05/22 08:06:20 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/05/22 04:27:19 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013/05/22 04:13:06 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2013/05/28 11:57:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/28 10:19:31 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/28 10:17:13 | 000,018,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/05/28 10:17:13 | 000,018,560 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/05/28 10:15:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/05/28 00:03:33 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/28 00:02:16 | 3148,689,408 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/28 00:00:52 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat
[2013/05/25 15:24:14 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/05/25 14:30:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/05/25 09:22:08 | 000,001,182 | ---- | M] () -- C:\Users\Bearbear\Desktop\ Mabinogi .lnk
[2013/05/25 08:57:34 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/25 08:14:26 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2013/05/23 12:17:44 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/05/23 12:17:44 | 000,624,178 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/05/23 12:17:44 | 000,106,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/05/23 12:05:34 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2013/05/23 07:33:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bearbear\Desktop\OTL.exe
[2013/05/22 23:06:57 | 000,002,279 | ---- | M] () -- C:\Users\Bearbear\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/22 22:57:29 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/22 22:57:28 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/22 22:44:24 | 000,275,712 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/05/22 21:22:09 | 000,002,495 | ---- | M] () -- C:\Users\Bearbear\Desktop\Windows 7 USB DVD Download Tool.lnk
[2013/05/22 21:13:49 | 044,953,528 | ---- | M] () -- C:\Users\Bearbear\Documents\TC00333600D.exe
[2013/05/22 20:54:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/05/22 08:09:14 | 000,108,227 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/05/22 08:09:14 | 000,108,227 | ---- | M] () -- C:\Windows\SysNative\license.rtf

========== Files Created - No Company Name ==========

[2013/05/28 10:19:31 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/05/28 00:00:52 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat
[2013/05/25 15:24:14 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/05/25 15:24:08 | 000,002,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/05/25 14:30:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/05/23 13:35:31 | 000,001,182 | ---- | C] () -- C:\Users\Bearbear\Desktop\ Mabinogi .lnk
[2013/05/23 12:05:31 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2013/05/22 22:57:29 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/05/22 22:57:28 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/05/22 22:53:43 | 000,002,279 | ---- | C] () -- C:\Users\Bearbear\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/05/22 22:53:43 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/05/22 22:52:42 | 000,000,902 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/22 22:52:38 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/22 22:14:53 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/05/22 22:00:11 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013/05/22 21:22:09 | 000,002,495 | ---- | C] () -- C:\Users\Bearbear\Desktop\Windows 7 USB DVD Download Tool.lnk
[2013/05/22 21:13:59 | 044,953,528 | ---- | C] () -- C:\Users\Bearbear\Documents\TC00333600D.exe
[2013/05/22 20:55:24 | 000,008,192 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll
[2013/05/22 20:54:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013/05/22 16:46:53 | 000,000,852 | ---- | C] () -- C:\Windows\SysNative\drivers\RTKHDRC.dat
[2013/05/22 16:46:53 | 000,000,712 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX1.dat
[2013/05/22 16:46:53 | 000,000,712 | ---- | C] () -- C:\Windows\SysNative\drivers\RTEQEX0.dat
[2013/05/22 09:13:54 | 000,000,290 | ---- | C] () -- C:\Users\Bearbear\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/05/22 09:13:54 | 000,000,272 | ---- | C] () -- C:\Users\Bearbear\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/05/22 08:09:08 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/05/22 08:09:02 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/05/22 04:13:06 | 3148,689,408 | -HS- | C] () -- C:\hiberfil.sys

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 22:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

If G2G had spoilers, I'd use 'em. ^^

Edited by Neinei, 28 May 2013 - 11:45 AM.

  • 0

#22
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
I have seen these logs thanks Neinei I am awaiting my instructors approval for my next post.

Spoiler

  • 0

#23
Neinei

Neinei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts

Spoiler


Spoiler


:lol:

Anyway, my computer is on standby. Definitely ready to dissect it more.
Edit: The reason why I posted this was mainly to ask about iolo System Mechanic, and ask for a bit of your knowledge on it, because my lover would like to have Iolo for free, but wants an experienced, computer literate IT to give a say. ^^ I went and forgot that I was supposed to add that, lol.

Edited by Neinei, 28 May 2013 - 05:23 PM.

  • 0

#24
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
In my next post O.k Posted Image

P.S Nice spoiler Posted Image
  • 0

#25
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi there Neinei.

O.K I think I know the possible causes of your problems. Posted Image

You may or may not have picked up some Malware from a your friends computer. You restored to factory settings which won't necessarily remove the nastier types of Malware. Office Max formated the Hard drive which will remove Malware, but won't fix a failing hard drive. Quite the opposite formating can make things worse and this has been done several times. OfficeMax may have carried out a factory reset the first time around and not removed the Malware if present. There were programs fighting each other or taking up resources Spybot, IObit and Pando. If you look at the ChKDsk results below:

ChkDsk Results
625027071 KB total disk space.
24753916 KB in 83359 files.
64140 KB in 18291 indexes.
75372 KB in bad sectors.
270919 KB in use by the system.
65536 KB occupied by the log file.
599862724 KB available on disk.You can see there are bad sectors that are unrepairable this is a sign that the Hard Drive is failing. The drive needs to be replaced so back up all your important data now. There is no telling when it will finally fail.
The hard drive may have had errors from the very begining which is not OfficeMax fault as brand new fresh out the box hard drives can have errors. I'm not really a fan of department store repairs however, so Next time put your money back in your pocket and log in to GeeksToGo for a free diagnosis

My advice is to buy yourself a hard drive and a copy of Windows 7 and install it yourself, you seem very capable to do this. If you have problems then you can post in the Tech section here and you will get expert assistance :)


The logs are clean and I don't want to run anymore tools as Backing up your data before the fail is the most important. I will hide those desktop files and try to fix the Password issue (which could be due to the hard drive failing as funny things like this can happen), and also clean some OTL entries.

1. OTL Fix
Open OTL then Copy the entire text in the Quote box below, do not include the word QUOTE and Paste into the Custom Scans/Fixes box in OTL.

:OTL
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

[2013/05/23 00:35:55 | 000,000,000 | ---D | C] -- C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
[2013/05/23 00:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\{BDDB56DE-AE4E-48A2-B856-FB60C8498453}
[2013/05/22 23:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

:COMMANDS
[CLEARALLRESTOREPOINTS]

  • Then click Run Fix
  • Click O.K to Reboot.
  • An OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - Where mmddyyy _hhmmss is the date and time of fix.
  • Copy and Paste Fix Log into your next reply.

2. Hidden Files
  • Click Start and in the search box type or copy\paste Folder Options then Enter
  • Select the View Tab and under Hidden files and folders check the Don't show hidden files, folders or Drives
  • Click Apply then O.K

3. Password screen
  • Click Start and in the search box type CMD - You should see CMD under programs, right click and Run as Administrator.
  • The CMD window will open. At the prompt copy\paste the following - control userpasswords2 then Enter
  • Check the box Users must enter a user name and password to use this computer then click O.K
  • Click Start and in the search box type user accounts and Create a password for your account if present
  • If not then your password is still in place and should be asked for at reboot.

4. Disable Sidebar Gadgets
There are security risks with Sidebar and it can use a lot of memory so best to disable
  • Click Start and in the search box type Features the uninstalls window will open.
  • On the right hand side select Turn Windows features on or off
  • In the window that opens uncheck the box labeled Windows Gadget Platform and click O.K then Restart

Things I want to see in your next post.
  • OTL fix.txt

P.S Iolo advice in my next post, I haven't forgoten ;)
  • 0

Advertisements


#26
Neinei

Neinei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hey Nutloaf.

I can definitely buy another Hard Drive tomorrow. Any suggestions on what HD I should get specifically for my computer, or does it matter? ^^
I tried disabling SideBar Gadgets, but nothing was in the "Turn windows features on or off" list. Nothing at all. So I exited. Also, Maybe I could buy mroe RAM or something.... ^^ Any idea on how much RAM would cost before I start googling?

AAAAHHHHHH!!! My computer's about to cut off!

OTL FIX LOG!:


Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} folder moved successfully.
C:\ProgramData\{BDDB56DE-AE4E-48A2-B856-FB60C8498453} folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 05292013_193401
  • 0

#27
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts

AAAAHHHHHH!!! My computer's about to cut off!


Have you made a backup of all your Photos, Music, Documents etc. Once I am satisfied that the computer is clean of malware, and you have made a backup. I can pass you over to one of our Tech guys here who will give you advice and maybe run some more checks on your hard drive. If your drive fails in the process at least you have all your stuff saved ready for the new drive.

but nothing was in the "Turn windows features on or off" list. Nothing at all. So I exited


I should have stated that when the list window opens it can take a couple of minutes for the list to load in the square window. So give that another go.

]
Any suggestions on what HD I should get specifically for my computer, or does it matter?
Maybe I could buy mroe RAM or something.... ^^ Any idea on how much RAM would cost before I start googling?


Hard Drives and ram can be bought inexpensively. I wouldn't start Googling as I will pass you on to an experienced Tech member here. I will ask my instructor if I will deal with this or not also. As I am still training in Malware Removal. So don't worry you will get the answers you want.


[size="2"]How did you know it was going to cut off?
  • 0

#28
Neinei

Neinei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
The Power was about to shut off :). "Plug in or find another power source".

I will definitely wait for more advice. Nothing important is really on the computer, so I don't think I need to back anything up.
I'll go disable sidebar gadgets.

Thanks again for this all. :thumbsup:
  • 0

#29
Nutloaf

Nutloaf

    Trusted Helper

  • Malware Removal
  • 1,790 posts
Hi Neinei could you please run this Microsoft Fix as well please for the Gadgets disable.

SideBar
EDIT - How is the computer running at the moment? Is it getting worse?

Edited by Nutloaf, 30 May 2013 - 02:55 PM.

  • 0

#30
Neinei

Neinei

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Hey Nutloaf, how've you been?

In maybe 30 minutes, I will be going to best buy (or elsewhere) to buy a Hard Drive with my father. Hopefully I will get a 1 Terabyte internal HDD. I won't install it until you post back, giving me an O.K. I have to wash dishes in order to even go to Best Buy, so I will run the Microsoft Fix when I get back, before I install anything. When I checked on my computer last (Today- 9:17 a.m) it was still running slowly and unresponsive. Now, each time I log into the desktop, there is a 3 minute black screen that appears before it actually loads into the desktop. The cursor is still mobile and visible. I would say it's pretty much running the same, but with less freezing. :no:

Edited by Neinei, 30 May 2013 - 05:31 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP