Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

BSOD possible malware help please [Solved]

Started by madpad1972 , Sep 19 2013 09:20 AM

  • This topic is locked This topic is locked

#1
madpad1972
Posted 19 September 2013 - 09:20 AM

madpad1972

    Member

  • Member
  • PipPip
  • 49 posts
Hello all have been having BSOD for a few weeks now,Have posted on this forum http://www.geekstogo...3347-bsod-help/
sleepydude told me to try here to see if it was malware problem hope you can help
thanks madpad

OTL logfile
OTL logfile created on: 9/19/2013 3:57:27 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kieron_win7\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 49.22% Memory free
7.49 Gb Paging File | 5.07 Gb Available in Paging File | 67.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 112.38 Gb Free Space | 75.40% Space Free | Partition Type: NTFS

Computer Name: KIERON_WIN7-PC | User Name: kieron_win7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/09/19 15:52:50 | 000,059,964 | ---- | M] (Macrovision Europe Ltd.) -- C:\Users\kieron_win7\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
PRC - [2013/09/19 15:47:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\kieron_win7\Downloads\OTL.exe
PRC - [2013/09/02 21:35:59 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/09/02 14:58:59 | 000,079,360 | ---- | M] (Creative Labs) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
PRC - [2013/09/02 14:56:06 | 004,942,336 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUsb\XFastUsb.exe
PRC - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/11/21 04:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/09/02 17:01:36 | 000,125,216 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe
PRC - [2010/09/02 17:01:22 | 000,948,504 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe
PRC - [2010/09/02 14:26:08 | 000,456,976 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe
PRC - [2009/07/08 15:32:50 | 001,233,195 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
PRC - [2009/05/04 19:05:04 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
PRC - [2009/02/23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/19 15:52:51 | 000,697,884 | ---- | M] () -- C:\Users\kieron_win7\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0037\~df394b.tmp
MOD - [2013/09/19 15:52:51 | 000,592,896 | ---- | M] () -- C:\Users\kieron_win7\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0037\~de6248.tmp
MOD - [2013/09/11 13:12:16 | 016,177,544 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013/09/02 21:35:56 | 000,410,576 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppgooglenaclpluginchrome.dll
MOD - [2013/09/02 21:35:54 | 004,053,456 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
MOD - [2013/09/02 21:35:04 | 000,709,584 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
MOD - [2013/09/02 21:35:03 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\libegl.dll
MOD - [2013/09/02 21:35:01 | 001,604,560 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll
MOD - [2013/08/07 20:25:24 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2010/09/02 17:01:22 | 000,948,504 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe
MOD - [2010/09/02 16:54:26 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\SmartView\sqlite3.dll
MOD - [2009/04/20 11:55:58 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/06 18:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2013/07/18 20:33:12 | 000,366,600 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/07/18 20:33:12 | 000,023,816 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/05/27 06:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/04/20 02:04:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/09/13 17:12:30 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/02 15:01:57 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2013/09/02 14:59:51 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2013/09/02 14:58:59 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2013/08/14 18:55:29 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/09/02 17:01:36 | 000,125,216 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe -- (SmartViewService)
SRV - [2010/09/02 14:26:08 | 000,456,976 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe -- (WCUService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 04:43:56 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/09/03 10:28:03 | 000,031,808 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2013/09/02 14:56:06 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2013/08/20 07:02:12 | 000,204,568 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/08/20 07:02:12 | 000,103,576 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2013/06/18 21:50:08 | 000,139,616 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/02/14 12:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/04/20 02:44:50 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/04/20 01:22:34 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/11/21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/21 04:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/21 04:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/08/24 10:55:43 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010/06/11 14:37:14 | 000,015,368 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2009/11/25 14:06:02 | 001,276,928 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://dub113.mail....64855&rru=inbox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?r...opt=0&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 95 93 8C E8 A7 CE 01 [binary data]
IE - HKCU\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\DeviceVM\SmartView\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0514F587-03B3-4fcb-9A95-7EF32353E9E2}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.yahoo....icevm&type=ASRK
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/09/08 21:34:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\kieron_win7\AppData\Roaming\Mozilla\Extensions
[2013/09/08 21:33:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/09/08 21:33:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://hotmail.com/
CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
CHR - Extension: Google Docs = C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: WeatherBug (Legacy App) = C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.6_0\
CHR - Extension: WeatherBug (Legacy App) = C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.7_0\
CHR - Extension: InvisibleHand = C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.9.2_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Live Sports = C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\oamjbefinnglappklpabmhpbcdiephoo\3.5_0\
CHR - Extension: VLC Remote = C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocjihlfhgfogkibimkhmmblpoihoodmm\0.9_0\
CHR - Extension: Gmail = C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (SmartView VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\DeviceVM\SmartView\SmartView.dll (DeviceVM, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [VIAAUD] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VIAAUD.exe File not found
O4 - HKLM..\Run: [CTSyncService] C:\Program Files (x86)\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [SmartViewAgent] C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe ()
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [XFastUsb] C:\Program Files (x86)\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKCU..\Run: [ASRockIES] File not found
O4 - HKCU..\Run: [ASRockOCTuner] File not found
O4 - HKCU..\Run: [zASRockInstantBoot] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42EE8034-985E-49E3-A52C-482581341C6C}: DhcpNameServer = 192.168.1.254
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/19 14:10:42 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\Xorion
[2013/09/19 01:49:55 | 000,000,000 | ---D | C] -- C:\db4c9e673f840282af82b954
[2013/09/17 15:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2013/09/17 15:17:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2013/09/17 15:13:57 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Roaming\FileZilla
[2013/09/16 19:26:24 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Roaming\Malwarebytes
[2013/09/16 19:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/09/16 19:26:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/09/16 19:26:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/09/16 19:26:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/09/16 19:25:40 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\Programs
[2013/09/13 16:03:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoBettorsBullseye
[2013/09/13 10:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013/09/13 10:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2013/09/13 10:53:08 | 000,000,000 | ---D | C] -- C:\AMD
[2013/09/13 10:13:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2013/09/13 10:13:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2013/09/13 09:41:05 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Roaming\Easeware
[2013/09/12 09:44:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative Labs
[2013/09/10 21:17:51 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\CrashDumps
[2013/09/09 18:19:59 | 000,000,000 | ---D | C] -- C:\2f0316f2edce54d5ee66697f6a7f1a6f
[2013/09/08 22:49:21 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Roaming\vlc
[2013/09/08 22:49:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013/09/08 22:48:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2013/09/08 21:59:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013/09/08 21:42:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013/09/08 21:36:24 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\Macromedia
[2013/09/08 21:36:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2013/09/08 21:36:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2013/09/08 21:34:05 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Roaming\Mozilla
[2013/09/08 21:34:05 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\Mozilla
[2013/09/08 21:34:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/09/08 21:34:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/09/08 21:33:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/09/05 12:05:31 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/09/05 11:54:30 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator
[2013/09/05 11:54:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LinuxLive USB Creator
[2013/09/05 03:10:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013/09/04 11:48:23 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\Diagnostics
[2013/09/03 13:51:33 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\Desktop\vuplus
[2013/09/03 10:28:03 | 000,031,808 | ---- | C] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS
[2013/09/02 23:35:45 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013/09/02 22:39:20 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013/09/02 22:37:11 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013/09/02 18:38:51 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\Adobe
[2013/09/02 18:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SDFormatter
[2013/09/02 18:18:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SDA
[2013/09/02 18:17:53 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\Downloaded Installations
[2013/09/02 16:26:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013/09/02 16:26:50 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/09/02 16:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/09/02 16:01:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013/09/02 16:01:30 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\Google
[2013/09/02 16:01:07 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\Deployment
[2013/09/02 16:01:07 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\Apps
[2013/09/02 15:34:26 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Roaming\TuneUp Software
[2013/09/02 15:30:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013/09/02 15:08:29 | 000,000,000 | ---D | C] -- C:\ProgramData\DeviceVM
[2013/09/02 15:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/09/02 15:05:34 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/09/02 15:05:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/09/02 15:05:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\{8533ADFA-85F0-4dc1-946A-2A0BA58E78E3}
[2013/09/02 15:05:27 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Roaming\DeviceVm
[2013/09/02 15:05:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DeviceVM
[2013/09/02 15:02:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative
[2013/09/02 15:02:09 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Creative Installation Information
[2013/09/02 15:02:02 | 002,873,822 | ---- | C] (Creative) -- C:\Windows\SysWow64\Sens_oal.dll
[2013/09/02 15:02:02 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/09/02 15:02:02 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/09/02 15:02:01 | 001,910,272 | ---- | C] (Creative) -- C:\Windows\SysNative\Sens_oal.dll
[2013/09/02 14:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
[2013/09/02 14:59:35 | 000,000,000 | ---D | C] -- C:\Program Files\Creative
[2013/09/02 14:58:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Creative Labs Shared
[2013/09/02 14:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Creative
[2013/09/02 14:58:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative
[2013/09/02 14:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2013/09/02 14:57:37 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Roaming\Macromedia
[2013/09/02 14:57:36 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Roaming\Adobe
[2013/09/02 14:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2013/09/02 14:56:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2013/09/02 14:56:06 | 000,015,936 | ---- | C] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETURPX.SYS
[2013/09/02 14:56:06 | 000,000,000 | ---D | C] -- C:\ProgramData\FNET
[2013/09/02 14:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XFast USB
[2013/09/02 14:56:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XFastUsb
[2013/09/02 14:55:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASRock Utility
[2013/09/02 14:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility
[2013/09/02 14:55:47 | 000,015,368 | ---- | C] (Windows ® Win 7 DDK provider) -- C:\Windows\SysNative\drivers\AsrAppCharger.sys
[2013/09/02 14:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\ASRock Utility
[2013/09/02 14:55:33 | 000,076,912 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\L1C62x64.sys
[2013/09/02 14:55:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e
[2013/09/02 14:53:08 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013/09/02 14:52:50 | 000,242,176 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll
[2013/09/02 14:52:50 | 000,193,024 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
[2013/09/02 14:52:50 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll
[2013/09/02 14:52:50 | 000,082,432 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll
[2013/09/02 14:52:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA
[2013/09/02 14:52:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013/09/02 14:52:23 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013/09/02 14:51:16 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013/09/02 14:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013/09/02 14:49:19 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/09/02 14:49:19 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\Searches
[2013/09/02 14:49:19 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/09/02 14:49:19 | 000,000,000 | -H-D | C] -- C:\Users\kieron_win7\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/09/02 14:49:10 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Roaming\Identities
[2013/09/02 14:49:08 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\Contacts
[2013/09/02 14:49:06 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\VirtualStore
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\AppData\Local\Temporary Internet Files
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\Templates
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\Start Menu
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\SendTo
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\Recent
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\PrintHood
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\NetHood
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\Documents\My Videos
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\Documents\My Pictures
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\Documents\My Music
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\My Documents
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\Local Settings
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\AppData\Local\History
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\Cookies
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\Application Data
[2013/09/02 14:48:56 | 000,000,000 | -HSD | C] -- C:\Users\kieron_win7\AppData\Local\Application Data
[2013/09/02 14:48:55 | 000,000,000 | --SD | C] -- C:\Users\kieron_win7\AppData\Roaming\Microsoft
[2013/09/02 14:48:55 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\Videos
[2013/09/02 14:48:55 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\Saved Games
[2013/09/02 14:48:55 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\Pictures
[2013/09/02 14:48:55 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\Music
[2013/09/02 14:48:55 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/09/02 14:48:55 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\Links
[2013/09/02 14:48:55 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\Favorites
[2013/09/02 14:48:55 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\Downloads
[2013/09/02 14:48:55 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\Documents
[2013/09/02 14:48:55 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\Desktop
[2013/09/02 14:48:55 | 000,000,000 | R--D | C] -- C:\Users\kieron_win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/09/02 14:48:55 | 000,000,000 | -H-D | C] -- C:\Users\kieron_win7\AppData
[2013/09/02 14:48:55 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\Temp
[2013/09/02 14:48:55 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Local\Microsoft
[2013/09/02 14:48:55 | 000,000,000 | ---D | C] -- C:\Users\kieron_win7\AppData\Roaming\Media Center Programs
[2013/09/01 20:27:05 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013/09/01 20:26:53 | 000,000,000 | ---D | C] -- C:\9bddfef33ecf9d8d00d0f1fd
[2013/08/28 01:41:24 | 000,000,000 | -HSD | C] -- C:\Boot
[2013/08/28 00:42:16 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013/08/27 18:18:05 | 000,000,000 | ---D | C] -- C:\Intel
[2013/08/27 16:49:38 | 000,000,000 | -HSD | C] -- C:\Recovery
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/19 15:52:53 | 000,001,402 | ---- | M] () -- C:\Users\kieron_win7\Desktop\Games.lnk
[2013/09/19 15:52:39 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/19 15:52:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/19 15:52:16 | 3017,605,120 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/19 15:52:15 | 440,804,871 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/09/19 15:31:36 | 000,016,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/19 15:31:36 | 000,016,656 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/19 15:12:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/19 15:06:01 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/19 13:19:27 | 000,000,951 | ---- | M] () -- C:\Users\kieron_win7\Desktop\BlueScreenView.cfg
[2013/09/19 01:55:09 | 000,772,376 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/09/19 01:55:09 | 000,659,886 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/09/19 01:55:09 | 000,120,996 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/09/19 01:55:00 | 000,772,376 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/09/16 19:26:14 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/16 11:07:10 | 000,146,528 | ---- | M] (NirSoft) -- C:\Users\kieron_win7\Desktop\BlueScreenView.exe
[2013/09/13 16:03:50 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\AutoBettorsBullseye.lnk
[2013/09/13 10:13:51 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/09/13 09:33:40 | 000,275,056 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/08 22:49:12 | 000,001,073 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/09/08 22:35:51 | 000,000,134 | ---- | M] () -- C:\Users\kieron_win7\Desktop\Internet Explorer Troubleshooting.url
[2013/09/08 22:13:16 | 000,002,186 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/08 21:42:38 | 000,002,022 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/09/08 21:34:02 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/09/05 12:01:57 | 152,764,416 | ---- | M] () -- C:\Users\kieron_win7\Desktop\lubuntu-13.04-desktop-i386.iso.lili-download
[2013/09/03 10:28:03 | 000,031,808 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS
[2013/09/03 08:22:49 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/09/02 23:35:33 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2013/09/02 22:40:15 | 000,122,093 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013/09/02 22:40:15 | 000,122,093 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013/09/02 22:38:29 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2013/09/02 18:53:36 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/09/02 18:18:28 | 000,002,089 | ---- | M] () -- C:\Users\Public\Desktop\SDFormatter.lnk
[2013/09/02 16:26:50 | 000,000,819 | ---- | M] () -- C:\Users\kieron_win7\Desktop\7-Zip File Manager.lnk
[2013/09/02 16:09:58 | 000,002,286 | ---- | M] () -- C:\Users\kieron_win7\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/02 15:27:40 | 000,001,113 | ---- | M] () -- C:\Users\kieron_win7\Desktop\Activate SmartView.lnk
[2013/09/02 15:27:20 | 000,001,444 | ---- | M] () -- C:\Users\kieron_win7\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/02 15:02:07 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2013/09/02 15:02:02 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2013/09/02 15:02:02 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2013/09/02 14:58:18 | 000,001,000 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
[2013/09/02 14:56:06 | 000,015,936 | ---- | M] (FNet Co., Ltd.) -- C:\Windows\SysNative\drivers\FNETURPX.SYS
[2013/09/02 14:56:06 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\XFast USB.LNK
[2013/09/02 14:56:00 | 000,001,123 | ---- | M] () -- C:\Users\kieron_win7\Desktop\ASRock InstantBoot.lnk
[2013/09/02 14:55:59 | 000,001,050 | ---- | M] () -- C:\Users\Public\Desktop\ASRock IES.lnk
[2013/09/02 14:55:55 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ASRock OC Tuner.lnk
[2013/09/02 14:52:59 | 000,001,209 | ---- | M] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/18 21:42:59 | 000,001,402 | ---- | C] () -- C:\Users\kieron_win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk
[2013/09/18 16:18:43 | 000,001,402 | ---- | C] () -- C:\Users\kieron_win7\Desktop\Games.lnk
[2013/09/18 16:14:00 | 000,000,951 | ---- | C] () -- C:\Users\kieron_win7\Desktop\BlueScreenView.cfg
[2013/09/17 15:12:03 | 030,162,182 | ---- | C] () -- C:\Users\kieron_win7\Desktop\VU+ Toolbox Version 2.0.exe
[2013/09/16 19:26:14 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/09/13 16:03:50 | 000,000,996 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoBettorsBullseye.lnk
[2013/09/13 16:03:50 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\AutoBettorsBullseye.lnk
[2013/09/13 11:17:13 | 000,772,376 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/09/13 10:13:51 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2013/09/13 10:13:38 | 000,002,120 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2013/09/08 22:49:12 | 000,001,073 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/09/08 22:35:51 | 000,000,134 | ---- | C] () -- C:\Users\kieron_win7\Desktop\Internet Explorer Troubleshooting.url
[2013/09/08 21:42:38 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/09/08 21:42:38 | 000,002,022 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/09/08 21:36:14 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/08 21:34:02 | 000,001,166 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/09/08 21:34:02 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/09/05 13:29:34 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013/09/05 12:01:57 | 152,764,416 | ---- | C] () -- C:\Users\kieron_win7\Desktop\lubuntu-13.04-desktop-i386.iso.lili-download
[2013/09/04 10:11:04 | 440,804,871 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/09/03 08:22:49 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2013/09/02 22:40:00 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013/09/02 22:40:00 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013/09/02 22:38:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/09/02 18:53:36 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013/09/02 18:18:28 | 000,002,089 | ---- | C] () -- C:\Users\Public\Desktop\SDFormatter.lnk
[2013/09/02 16:26:50 | 000,000,819 | ---- | C] () -- C:\Users\kieron_win7\Desktop\7-Zip File Manager.lnk
[2013/09/02 16:02:24 | 000,002,286 | ---- | C] () -- C:\Users\kieron_win7\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/09/02 16:02:24 | 000,002,186 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/09/02 16:01:39 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/02 16:01:38 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/02 15:27:39 | 000,001,113 | ---- | C] () -- C:\Users\kieron_win7\Desktop\Activate SmartView.lnk
[2013/09/02 15:27:20 | 000,001,444 | ---- | C] () -- C:\Users\kieron_win7\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/09/02 15:02:49 | 000,005,037 | ---- | C] () -- C:\Windows\SysNative\cfgfx.ini
[2013/09/02 15:02:49 | 000,002,265 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2013/09/02 15:02:49 | 000,001,650 | ---- | C] () -- C:\Windows\FF08_Capture.ini
[2013/09/02 15:02:49 | 000,001,540 | ---- | C] () -- C:\Windows\FF08_Render.ini
[2013/09/02 15:02:07 | 000,191,488 | ---- | C] () -- C:\Windows\SysNative\APOMgr64.DLL
[2013/09/02 15:02:07 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013/09/02 15:02:07 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\CmdRtr64.DLL
[2013/09/02 15:02:07 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013/09/02 15:02:07 | 000,000,159 | RH-- | C] () -- C:\Windows\ctfile.rfc
[2013/09/02 14:58:18 | 000,001,012 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk
[2013/09/02 14:58:18 | 000,001,000 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
[2013/09/02 14:56:06 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\XFast USB.LNK
[2013/09/02 14:56:00 | 000,001,123 | ---- | C] () -- C:\Users\kieron_win7\Desktop\ASRock InstantBoot.lnk
[2013/09/02 14:55:59 | 000,001,050 | ---- | C] () -- C:\Users\Public\Desktop\ASRock IES.lnk
[2013/09/02 14:55:55 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ASRock OC Tuner.lnk
[2013/09/02 14:52:59 | 000,001,221 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
[2013/09/02 14:52:59 | 000,001,209 | ---- | C] () -- C:\Users\Public\Desktop\HD VDeck.lnk
[2013/09/02 14:49:24 | 000,001,416 | ---- | C] () -- C:\Users\kieron_win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013/09/02 14:49:20 | 000,001,450 | ---- | C] () -- C:\Users\kieron_win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/09/02 14:48:55 | 000,000,290 | ---- | C] () -- C:\Users\kieron_win7\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/09/02 14:48:55 | 000,000,272 | ---- | C] () -- C:\Users\kieron_win7\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/08/28 01:41:25 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2013/08/28 01:41:24 | 000,383,786 | RHS- | C] () -- C:\bootmgr
[2013/08/28 00:42:16 | 3017,605,120 | -HS- | C] () -- C:\hiberfil.sys

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/09/02 15:05:27 | 000,000,000 | ---D | M] -- C:\Users\kieron_win7\AppData\Roaming\DeviceVm
[2013/09/13 09:41:05 | 000,000,000 | ---D | M] -- C:\Users\kieron_win7\AppData\Roaming\Easeware
[2013/09/19 14:13:27 | 000,000,000 | ---D | M] -- C:\Users\kieron_win7\AppData\Roaming\FileZilla
[2013/09/02 15:34:26 | 000,000,000 | ---D | M] -- C:\Users\kieron_win7\AppData\Roaming\TuneUp Software

========== Purity Check ==========



< End of report >
  • 0

Advertisements

#2
SleepyDude
Posted 19 September 2013 - 12:37 PM

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,975 posts
Hi Madpad, welcome to Malware Removal section of the forum.

My name is SleepyDude I will be helping you with your Computer problem. I know that having a computer with problems can be very frustrating but I will do my best to help you fixing the issue.

Please note I'm currently in training, all my responses will be revised by my Teacher before I post so expect a slight delay between replies. On the bright side, you have two people to examine your problem!

Sometimes this can be a long process, it's very important that you stay with me and follow all my instructions to the letter until I declare your machine is clean.

I have compiled a list of guidelines you must take in consideration so that the helping process goes smooth for you and for me:

  • Please perform all steps in the order they are listed in each set of instructions
  • Don't install/uninstall any software or run any other cleaning tools besides the ones I ask you to use
    • Running other programs can interfere with the tools we use and have unpredicted results. Also I need to know what is going on with your machine at any time
  • If possible avoid using the computer for other tasks until we finish the cleaning process
    • The reason for this is because it can make the malware infection worst and more difficult to clean. Some malware can download updates from the internet when you use the computer
  • Please don't attach your logs instead Copy & Paste the information to your post unless specifically instructed to do so
  • Please read every post completely before doing anything if you have some doubts or questions please ask before continuing

IMPORTANT: At GeeksToGo we do our best to help you solving the problem but sometimes things don't go as planned. To be safe than sorry you should Backup your important data to a safe place, anywhere except on the computer with problems.

The all fixing process need to be executed from a user account with Administrator privileges also some of the tasks need to be executed in Safe Mode, you should save or print the instructions for use when you don't have access to the forum.

I need some time to revise your log in the meantime can you please post the Extras.txt log OTL created on C:\Users\kieron_win7\Downloads\?
Also I would like you to move the OTL.exe located on the same folder to the Desktop. Thanks.
  • 0

#3
madpad1972
Posted 19 September 2013 - 12:56 PM

madpad1972

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi sleepy here is the Extras.txt log and the OTL.exe is on the desktop.
awaiting orders kind sir.

OTL Extras logfile created on: 9/19/2013 3:57:27 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\kieron_win7\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 49.22% Memory free
7.49 Gb Paging File | 5.07 Gb Available in Paging File | 67.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.05 Gb Total Space | 112.38 Gb Free Space | 75.40% Space Free | Partition Type: NTFS

Computer Name: KIERON_WIN7-PC | User Name: kieron_win7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D5D80C-DC9E-4BA0-A75A-9E4BB6DFA641}" = lport=138 | protocol=17 | dir=in | app=system |
"{11B0A55C-CC69-4691-A2AE-7F6903BB5CB1}" = lport=139 | protocol=6 | dir=in | app=system |
"{22301FF4-9E9E-4AF4-BB86-8B425B2AADFA}" = rport=137 | protocol=17 | dir=out | app=system |
"{3327092F-1A1F-4A74-B535-27358CACC2F3}" = rport=445 | protocol=6 | dir=out | app=system |
"{468F95C8-3905-462F-A25B-328F1A51E4F6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4CDD69F5-54EB-4742-8638-8319D054A7EB}" = lport=445 | protocol=6 | dir=in | app=system |
"{554C9941-E9CA-4037-8352-3DA1A3C73491}" = lport=137 | protocol=17 | dir=in | app=system |
"{6BECC6C4-A105-461F-AA42-DF9238E2BA30}" = rport=138 | protocol=17 | dir=out | app=system |
"{72268997-DA84-43BF-BD8F-97DA5EC1C387}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7D806A63-457B-409D-A1BB-3DE5C57288A6}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{9F970586-E3D0-4AE2-9687-17AFA481684E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B3CFED5D-D5D6-4E83-A916-EEEC658E3E53}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{223D89CC-7076-4F92-9F1A-79A4611C612F}" = protocol=1 | dir=out | [email protected],-28544 |
"{5448E667-3BB3-40A5-96D2-73E8226CBD89}" = protocol=1 | dir=in | [email protected],-28543 |
"{545A14F5-241B-482A-9A5D-FE97094DFF72}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{5C4D3D36-BAD4-4F42-91D7-D6FB899ADB6A}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{80C3BFDA-CCDF-47E8-92ED-AF3ED729FD78}" = protocol=58 | dir=out | [email protected],-28546 |
"{E033E4AA-2056-4467-B182-24C517B2E83E}" = protocol=58 | dir=in | [email protected],-28545 |
"{E9387E15-AC5E-46C1-9408-F7D7E17F1A9C}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{F9946106-E044-473B-B133-675A0E871AC5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"TCP Query User{1D2DDD84-F9CA-4435-8682-5868EA01612E}C:\users\kieron_win7\appdata\local\temp\ir_ext_temp_1\dc\dcc_e2.exe" = protocol=6 | dir=in | app=c:\users\kieron_win7\appdata\local\temp\ir_ext_temp_1\dc\dcc_e2.exe |
"TCP Query User{1F214F35-4F86-4947-A6D7-B43D9DDD0CCC}C:\users\kieron_win7\appdata\local\temp\ir_ext_temp_2\dc\dcc_e2.exe" = protocol=6 | dir=in | app=c:\users\kieron_win7\appdata\local\temp\ir_ext_temp_2\dc\dcc_e2.exe |
"TCP Query User{203156B2-C483-4EFD-9213-9C17089EC141}C:\users\kieron_win7\appdata\local\temp\ir_ext_temp_4\dc\dcc_e2.exe" = protocol=6 | dir=in | app=c:\users\kieron_win7\appdata\local\temp\ir_ext_temp_4\dc\dcc_e2.exe |
"TCP Query User{49A1BBB9-1A44-4460-82F4-0BEC1ADDEBD8}C:\users\kieron_win7\appdata\local\temp\ir_ext_temp_8\dc\dcc_e2.exe" = protocol=6 | dir=in | app=c:\users\kieron_win7\appdata\local\temp\ir_ext_temp_8\dc\dcc_e2.exe |
"TCP Query User{7E7A4446-FE9A-45CF-B91D-0EBA89E44E3A}C:\users\kieron_win7\appdata\local\temp\ir_ext_temp_7\dc\dcc_e2.exe" = protocol=6 | dir=in | app=c:\users\kieron_win7\appdata\local\temp\ir_ext_temp_7\dc\dcc_e2.exe |
"TCP Query User{9185C7A6-BB82-4893-B535-BA9F30375076}C:\users\kieron_win7\appdata\local\temp\ir_ext_temp_5\dc\dcc_e2.exe" = protocol=6 | dir=in | app=c:\users\kieron_win7\appdata\local\temp\ir_ext_temp_5\dc\dcc_e2.exe |
"TCP Query User{B7553B82-4F42-4B5C-B86E-D5CED2DF6AE0}C:\users\kieron_win7\appdata\local\temp\ir_ext_temp_3\dc\dcc_e2.exe" = protocol=6 | dir=in | app=c:\users\kieron_win7\appdata\local\temp\ir_ext_temp_3\dc\dcc_e2.exe |
"TCP Query User{E9BF0F9E-782E-46B3-A2ED-8EA627A03A4F}C:\users\kieron_win7\appdata\local\temp\ir_ext_temp_0\dc\dcc_e2.exe" = protocol=6 | dir=in | app=c:\users\kieron_win7\appdata\local\temp\ir_ext_temp_0\dc\dcc_e2.exe |
"TCP Query User{EFE12075-2842-457C-8363-B481674E100C}C:\users\kieron_win7\appdata\local\temp\ir_ext_temp_6\dc\dcc_e2.exe" = protocol=6 | dir=in | app=c:\users\kieron_win7\appdata\local\temp\ir_ext_temp_6\dc\dcc_e2.exe |
"UDP Query User{1BF1F31F-BE34-44C6-8C7C-04A25C136E1A}C:\users\kieron_win7\appdata\local\temp\ir_ext_temp_6\dc\dcc_e2.exe" = protocol=17 | dir=in | app=c:\users\kieron_win7\appdata\local\temp\ir_ext_temp_6\dc\dcc_e2.exe |
"UDP Query User{1D6B8A8A-8AF6-4333-8FF2-DF9B7FA1BB5A}C:\users\kieron_win7\appdata\local\temp\ir_ext_temp_1\dc\dcc_e2.exe" = protocol=17 | dir=in | app=c:\users\kieron_win7\appdata\local\temp\ir_ext_temp_1\dc\dcc_e2.exe |
"UDP Query User{3FC783F7-85BB-4594-A5E7-74E098644353}C:\users\kieron_win7\appdata\local\temp\ir_ext_temp_5\dc\dcc_e2.exe" = protocol=17 | dir=in | app=c:\users\kieron_win7\appdata\local\temp\ir_ext_temp_5\dc\dcc_e2.exe |
"UDP Query User{54222236-A918-4DB6-BCC0-91BDC10C8E63}C:\users\kieron_win7\appdata\local\temp\ir_ext_temp_7\dc\dcc_e2.exe" = protocol=17 | dir=in | app=c:\users\kieron_win7\appdata\local\temp\ir_ext_temp_7\dc\dcc_e2.exe |
"UDP Query User{89656867-4496-40AC-83D4-4AA0A33BD455}C:\users\kieron_win7\appdata\local\temp\ir_ext_temp_0\dc\dcc_e2.exe" = protocol=17 | dir=in | app=c:\users\kieron_win7\appdata\local\temp\ir_ext_temp_0\dc\dcc_e2.exe |
"UDP Query User{A1ADA836-6BEE-4336-B049-0336F9600C73}C:\users\kieron_win7\appdata\local\temp\ir_ext_temp_2\dc\dcc_e2.exe" = protocol=17 | dir=in | app=c:\users\kieron_win7\appdata\local\temp\ir_ext_temp_2\dc\dcc_e2.exe |
"UDP Query User{B237BBA0-AD3C-488F-90CD-26EA11DB37C0}C:\users\kieron_win7\appdata\local\temp\ir_ext_temp_4\dc\dcc_e2.exe" = protocol=17 | dir=in | app=c:\users\kieron_win7\appdata\local\temp\ir_ext_temp_4\dc\dcc_e2.exe |
"UDP Query User{D68B2345-9F8D-4AE9-A047-8FE57B4E9764}C:\users\kieron_win7\appdata\local\temp\ir_ext_temp_8\dc\dcc_e2.exe" = protocol=17 | dir=in | app=c:\users\kieron_win7\appdata\local\temp\ir_ext_temp_8\dc\dcc_e2.exe |
"UDP Query User{DC71739F-FD46-41CC-8758-2D65CADCDC38}C:\users\kieron_win7\appdata\local\temp\ir_ext_temp_3\dc\dcc_e2.exe" = protocol=17 | dir=in | app=c:\users\kieron_win7\appdata\local\temp\ir_ext_temp_3\dc\dcc_e2.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{23170F69-40C1-2702-0922-000001000000}" = 7-Zip 9.22 (x64 edition)
"{3DB84568-DD0E-401F-BC21-CE24720A0C5B}" = Microsoft Security Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}" = AMD Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{179324FF-7B16-4BA8-9836-055CAAEE4F08}" = SDFormatter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{5B0CE14A-B9B6-4E25-A1BE-3EEC1998AC2C}" = SmartView Software Updater
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.04)
"{C448EA30-BB7F-4D42-83BC-385EBA140AF2}" = SmartView for IE
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}" = Sound Blaster X-Fi MB
"{FB59E4A7-3A11-4908-8743-138735790ACE}" = AutoBettorsBullseye
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock IES_is1" = ASRock IES v2.1.12
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.23
"ASRock OC Tuner_is1" = ASRock OC Tuner v2.4.31
"AutoBettorsBullseye" = AutoBettorsBullseye
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"FileZilla Client" = FileZilla Client 3.7.3
"Google Chrome" = Google Chrome
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"LinuxLive USB Creator" = LinuxLive USB Creator
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 23.0.1 (x86 en-GB)" = Mozilla Firefox 23.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"VLC media player" = VLC media player 2.0.8
"XFastUsb" = XFastUsb

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 9/19/2013 5:01:24 AM | Computer Name = kieron_win7-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 9/19/2013 5:01:24 AM | Computer Name = kieron_win7-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service aspnet_state
(ASP.NET State Service) failed. The first DWORD in the Data section contains the
error code.

Error - 9/19/2013 5:01:25 AM | Computer Name = kieron_win7-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 9/19/2013 5:01:25 AM | Computer Name = kieron_win7-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET (ASP.NET)
failed. The first DWORD in the Data section contains the error code.

Error - 9/19/2013 5:01:28 AM | Computer Name = kieron_win7-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = The performance strings in the Performance registry value is corrupted
when process Performance extension counter provider. The BaseIndex value from the
Performance registry is the first DWORD in the Data section, LastCounter value
is the second DWORD in the Data section, and LastHelp value is the third DWORD in
the Data section.

Error - 9/19/2013 5:01:28 AM | Computer Name = kieron_win7-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service ASP.NET (ASP.NET)
failed. The first DWORD in the Data section contains the error code.

Error - 9/19/2013 6:23:03 AM | Computer Name = kieron_win7-PC | Source = .NET Runtime | ID = 1023
Description =

Error - 9/19/2013 6:23:03 AM | Computer Name = kieron_win7-PC | Source = Application Error | ID = 1000
Error - 9/19/2013 6:23:08 AM | Computer Name = kieron_win7-PC | Source = .NET Runtime
Optimization Service | ID = 1101

Description =
Error - 9/19/2013 7:29:29 AM | Computer Name = kieron_win7-PC | Source = WinMgmt
| ID = 10

Description =
Error - 9/19/2013 10:07:00 AM | Computer Name = kieron_win7-PC | Source = SideBySide
| ID = 16842811

Description = Activation context generation failed for "C:\Program Files\ATI\CIM\Bin64\SetACL64.exe".Error in manifest or policy file "C:\Program Files\ATI\CIM\Bin64\Microsoft.VC80.MFC.MANIFEST" on line 0.
Invalid Xml syntax.
Error - 9/19/2013 10:52:53 AM | Computer Name = kieron_win7-PC | Source = WinMgmt
| ID = 10

Description =

Error encountered while reading event logs.

< End of report >
  • 0

#4
SleepyDude
Posted 20 September 2013 - 07:29 AM

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,975 posts
Hi Madpad,

Let's see what we find... but first I have some questions for you.

You know and use these two programs SmartView for IE/Activate SmartView and AutoBettorsBullseye?
Did you purchase AutoBettorsBullseye?

We have some concerns about them if you don't use any of those programs please Uninstall by opening the Control Panel > Uninstall a program and locating on the list: SmartView for IE and SmartView Software Updater, also AutoBettorsBullseye.


Step 1 - Run OTL Fix

!!! WARNING !!! The following fix is only relevant for this system and no other, running the script on another computer will not work and may cause problems...

  • Right click on the icon Posted Image and choose Run as Administrator to execute the tool. Make sure all other windows are closed.
    Do not change any other settings unless otherwise told to do so.
  • Under the Posted Image box at the bottom, paste in the following:
    :Commands
[CreateRestorePoint]

:OTL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll
CHR - Extension: WeatherBug (Legacy App) = C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.6_0\
CHR - Extension: WeatherBug (Legacy App) = C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.7_0\
CHR - Extension: InvisibleHand = C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.9.2_0\
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.

:Files
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c

:Commands
[EmptyTemp]
[Reboot]
  • click the Run Fix button at the top. Let the program run uninterrupted.
  • click OK
Notes:
  • When OTL executes the Fix it can shutdown all running processes and you may lose the Desktop and icons, but they will return on reboot
  • OTL may ask to reboot the machine. Please accept right away.
  • The report should appear in Notepad after the reboot. Copy & Paste that report in your next reply and not as attachment.
  • The OTL fix log will be saved in the following location: C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log - where mmddyyy _hhmmss is the date and time when the fix run.

Step 2 - Scan with AdwCleaner

Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Right click on the Adwcleaner icon and choose Run as Administrator to execute the program
    Posted Image
  • Click the Scan button and wait for the program to finish.
  • For now click the Report button, Notepad will open please copy/paste the generated log to your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt

Step 3 - Scan with aswMBR

  • Download aswMBR from here or here and save the file to the Desktop.
  • Double click the aswMBR.exe file to run it.
    (On Windows Vista and above right click the icon and choose Run as Administrator, accept the security warning)
    Posted Image
  • If it asks you if you want to download the latest virus definitions, click Yes
  • Click the "Scan" button to start the scan
    Posted Image
  • On completion of the scan click Save log and save the file aswMBR.txt to your Desktop.
    WARNING: Don't click on the buttons FixMBR and Fix unless instructed to do so.
  • Open the log aswMBR.txt and post the full contents of the file in your next reply.


Things I would like to see in your next reply:
  • Let me know what you decide about the programs I mention
  • The OTL Fix log
  • AdwCleaner log AdwCleaner[R0].txt
  • The aswMBR.txt log

  • 0

#5
madpad1972
Posted 20 September 2013 - 08:10 AM

madpad1972

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi sleepy uninstalled the two programs and run the otl fix
enclosed is the log will close windows now and run adwcleaner.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
File C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.5.0\\npsitesafety.dll not found.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.6_0\videos folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.6_0\scripts folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.6_0\images\weather_icons folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.6_0\images\videos folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.6_0\images folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.6_0\help\scripts folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.6_0\help\images folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.6_0\help folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.6_0\fonts folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.6_0\css\main\images folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.6_0\css\main folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.6_0\css\alerts\images folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.6_0\css\alerts folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.6_0\css folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.6_0 folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.7_0\videos folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.7_0\scripts folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.7_0\images\weather_icons folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.7_0\images\videos folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.7_0\images folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.7_0\help\scripts folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.7_0\help\images folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.7_0\help folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.7_0\fonts folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.7_0\css\main\images folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.7_0\css\main folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.7_0\css\alerts\images folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.7_0\css\alerts folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.7_0\css folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.7_0 folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.9.2_0\lib folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.9.2_0\images folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.9.2_0\html folder moved successfully.
C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\Extensions\lghjfnfolmcikomdjmoiemllfnlmmoko\3.9.2_0 folder moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully.
========== FILES ==========
< netsh advfirewall reset /c >
Ok.
C:\Users\kieron_win7\Desktop\cmd.bat deleted successfully.
C:\Users\kieron_win7\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\kieron_win7\Desktop\cmd.bat deleted successfully.
C:\Users\kieron_win7\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: kieron_win7
->Temp folder emptied: 895808733 bytes
->Temporary Internet Files folder emptied: 181226452 bytes
->FireFox cache emptied: 265351360 bytes
->Google Chrome cache emptied: 218464878 bytes
->Flash cache emptied: 71667 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1618992 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 475504562 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 170910203 bytes
RecycleBin emptied: 3413619 bytes

Total Files Cleaned = 2,110.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 09202013_150145

Files\Folders moved on Reboot...
C:\Users\kieron_win7\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#6
madpad1972
Posted 20 September 2013 - 08:50 AM

madpad1972

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
I have uninstaaled the 2 programs mentioned
here are the other logs you required.


# AdwCleaner v3.004 - Report created 20/09/2013 at 15:31:12
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : kieron_win7 - KIERON_WIN7-PC
# Running from : C:\Users\kieron_win7\Downloads\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Found C:\ProgramData\DeviceVM
Folder Found C:\Users\kieron_win7\AppData\Roaming\DeviceVM

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxps://dub113.mail.live.com/default.aspx?id=64855&rru=inbox

-\\ Mozilla Firefox v23.0.1 (en-GB)

[ File : C:\Users\kieron_win7\AppData\Roaming\Mozilla\Firefox\Profiles\tu8fy5mz.default\prefs.js ]


-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1936 octets] - [20/09/2013 15:31:12]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [1996 octets] ##########

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-20 15:11:44
-----------------------------
15:11:44.935 OS Version: Windows x64 6.1.7601 Service Pack 1
15:11:44.937 Number of processors: 2 586 0xF06
15:11:44.938 ComputerName: KIERON_WIN7-PC UserName: kieron_win7
15:11:46.662 Initialize success
15:14:36.817 AVAST engine defs: 13092001
15:15:15.680 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-4
15:15:15.683 Disk 0 Vendor: ST3160318AS CC38 Size: 152627MB BusType: 3
15:15:15.793 Disk 0 MBR read successfully
15:15:15.796 Disk 0 MBR scan
15:15:15.803 Disk 0 Windows 7 default MBR code
15:15:15.807 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 152627 MB offset 2
15:15:15.901 Disk 0 scanning C:\Windows\system32\drivers
15:15:30.505 Service scanning
15:16:02.132 Modules scanning
15:16:02.140 Disk 0 trace - called modules:
15:16:02.162 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
15:16:02.166 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046144f0]
15:16:02.171 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8004176520]
15:16:02.177 5 ACPI.sys[fffff88000f4c7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T1L0-4[0xfffffa800417a060]
15:16:02.833 AVAST engine scan C:\Windows
15:16:04.973 AVAST engine scan C:\Windows\system32
15:20:24.243 AVAST engine scan C:\Windows\system32\drivers
15:20:42.282 AVAST engine scan C:\Users\kieron_win7
15:22:03.129 AVAST engine scan C:\ProgramData
15:22:54.530 Scan finished successfully
15:25:14.177 Disk 0 MBR has been saved successfully to "C:\Users\kieron_win7\Desktop\MBR.dat"
15:25:14.227 The log file has been saved successfully to "C:\Users\kieron_win7\Desktop\aswMBR.txt"
  • 0

#7
SleepyDude
Posted 20 September 2013 - 12:57 PM

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,975 posts
Hi Madpad,

So far not big problems found, lets clean up some tidy bits that AdwCleaner found and run another scan.

How is the computer running, more BSOD recently? Can you associate the problem with some specific task?


Step 1 - AdwCleaner Clean

  • Close all open windows and browsers
  • Right click on the Posted Image icon you have on the Desktop and choose Run as Administrator to execute the program
    Posted Image
  • Click the Scan button and wait for the scan to finish, only then the Clean button becomes active
  • Click the Clean button and wait, once done it may ask to reboot, allow it.
  • On reboot a log will be presented please copy/paste that in your next reply. The report is saved to C:\AdwCleaner\AdwCleaner[S1].txt

Note: After this the Internet Explorer Home Page will change, you will need to change it back to https://dub113.mail....64855&rru=inbox if you want.


Step 2 - Scan with ESET On-line Scanner

Download Eset On-line Scanner, run the tool and follow the prompts to install the program.
Posted Image
  • UNCHECK the box's Remove found threats and Scan Archives.
  • Click on Advanced Settings, an check the options:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Disable your AntiVirus and AntiSpyware applications to speedup the scan
    (If you have difficulty properly disabling your security programs, refer to this link)
  • Click Start and then wait for the scan to finish (it will take some time).
    The virus signature database will begin to download and the Scan will start automatically. Be patient this make take some time depending on the speed of your Internet Connection.
  • Once the scan is completed, close the program
  • Use Notepad to open the log file located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Use Notepad to open the log file located at C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt
  • Copy and paste the log contents to your reply
  • Enable your AntiVirus and AntiSpyware applications


Step 3 - Security Check

Download Security Check by screen317 from here or here.
  • Save it to the Desktop.
  • Right click on the icon Posted Image and choose Run as Administrator.
    Posted Image
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the full contents of that document.


Things I would like to see in your next reply:
  • Answer to my questions please.
  • AdwCleaner log AdwCleaner[S1].txt
  • The ESET log
  • The checkup.txt log

  • 0

#8
madpad1972
Posted 20 September 2013 - 03:27 PM

madpad1972

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
the problem is random only when browsing
had another bsod when running eset so had to restart and run again
have run ESET On-line Scanner but cant find report in notepad
here is bsod log
==================================================
Dump File : 092013-19671-01.dmp
Crash Time : 9/20/2013 9:16:57 PM
Bug Check String : CACHE_MANAGER
Bug Check Code : 0x00000034
Parameter 1 : 00000000`00050853
Parameter 2 : fffff880`02fbd488
Parameter 3 : fffff880`02fbcce0
Parameter 4 : fffff800`02cd8a16
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092013-19671-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 276,104
Dump File Time : 9/20/2013 9:17:50 PM
==================================================



# AdwCleaner v3.004 - Report created 20/09/2013 at 22:15:40
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : kieron_win7 - KIERON_WIN7-PC
# Running from : C:\Users\kieron_win7\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514


-\\ Mozilla Firefox v23.0.1 (en-GB)

[ File : C:\Users\kieron_win7\AppData\Roaming\Mozilla\Firefox\Profiles\tu8fy5mz.default\prefs.js ]


-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2076 octets] - [20/09/2013 15:31:12]
AdwCleaner[R1].txt - [2136 octets] - [20/09/2013 20:29:43]
AdwCleaner[R2].txt - [1109 octets] - [20/09/2013 21:19:01]
AdwCleaner[R3].txt - [1169 octets] - [20/09/2013 22:14:51]
AdwCleaner[S0].txt - [2163 octets] - [20/09/2013 20:30:50]
AdwCleaner[S1].txt - [1091 octets] - [20/09/2013 22:15:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1151 octets] ##########
  • 0

#9
madpad1972
Posted 20 September 2013 - 03:43 PM

madpad1972

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Security Check results
i am going to rerun ESET On-line Scanner

Results of screen317's Security Check version 0.99.73
Windows 7 Service Pack 1 x64 (UAC is enabled)
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Flash Player 11.8.800.168
Adobe Reader XI
Mozilla Firefox (23.0.1)
Google Chrome 29.0.1547.62
Google Chrome 29.0.1547.66
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````
  • 0

#10
madpad1972
Posted 20 September 2013 - 04:22 PM

madpad1972

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
thats the only file it could find said the path C:\Program Files\ESET\ESET Online Scanner\log.txt did not exist

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9bd95f672fb2b24599686f8ec798e504
# engine=15204
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-09-20 08:57:51
# local_time=2013-09-20 09:57:51 (+0000, GMT Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 1037396 132175721 0 0
# scanned=94201
# found=0
# cleaned=0
# scan_time=2192
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9bd95f672fb2b24599686f8ec798e504
# engine=15204
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-09-20 10:16:22
# local_time=2013-09-20 11:16:22 (+0000, GMT Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 1042107 132180432 0 0
# scanned=94645
# found=0
# cleaned=0
# scan_time=1843
  • 0

Advertisements

#11
SleepyDude
Posted 21 September 2013 - 04:44 AM

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,975 posts

thats the only file it could find said the path C:\Program Files\ESET\ESET Online Scanner\log.txt did not exist

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9bd95f672fb2b24599686f8ec798e504
# engine=15204
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-09-20 08:57:51
# local_time=2013-09-20 09:57:51 (+0000, GMT Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 1037396 132175721 0 0
# scanned=94201
# found=0
# cleaned=0
# scan_time=2192
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9bd95f672fb2b24599686f8ec798e504
# engine=15204
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-09-20 10:16:22
# local_time=2013-09-20 11:16:22 (+0000, GMT Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 1042107 132180432 0 0
# scanned=94645
# found=0
# cleaned=0
# scan_time=1843


That one is the correct log thanks.

Can you post the C:\AdwCleaner\AdwCleaner[S0].txt log please?
  • 0

#12
madpad1972
Posted 21 September 2013 - 10:22 AM

madpad1972

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Sorry didnt see your last line

# AdwCleaner v3.004 - Report created 20/09/2013 at 20:30:50
# Updated 15/09/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : kieron_win7 - KIERON_WIN7-PC
# Running from : C:\Users\kieron_win7\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\DeviceVM
Folder Deleted : C:\Users\kieron_win7\AppData\Roaming\DeviceVM

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.7601.17514

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v23.0.1 (en-GB)

[ File : C:\Users\kieron_win7\AppData\Roaming\Mozilla\Firefox\Profiles\tu8fy5mz.default\prefs.js ]


-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\kieron_win7\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2076 octets] - [20/09/2013 15:31:12]
AdwCleaner[R1].txt - [2136 octets] - [20/09/2013 20:29:43]
AdwCleaner[S0].txt - [2023 octets] - [20/09/2013 20:30:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2083 octets] ##########

Another BSOD this morning if it helps

==================================================
Dump File : 092113-17593-01.dmp
Crash Time : 9/21/2013 10:50:21 AM
Bug Check String : KMODE_EXCEPTION_NOT_HANDLED
Bug Check Code : 0x0000001e
Parameter 1 : ffffffff`c0000005
Parameter 2 : fffff800`02fb12bc
Parameter 3 : 00000000`00000000
Parameter 4 : 00000000`00000010
Caused By Driver : ntoskrnl.exe
Caused By Address : ntoskrnl.exe+75b80
File Description : NT Kernel & System
Product Name : Microsoft® Windows® Operating System
Company : Microsoft Corporation
File Version : 6.1.7601.18229 (win7sp1_gdr.130801-1533)
Processor : x64
Crash Address : ntoskrnl.exe+75b80
Stack Address 1 :
Stack Address 2 :
Stack Address 3 :
Computer Name :
Full Path : C:\Windows\Minidump\092113-17593-01.dmp
Processors Count : 2
Major Version : 15
Minor Version : 7601
Dump File Size : 276,096
Dump File Time : 9/21/2013 12:10:51 PM
==================================================
  • 0

#13
SleepyDude
Posted 21 September 2013 - 10:29 AM

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,975 posts
Hi,

Thanks for the logs I will discus this with my Teacher and will back shortly.

One more question did the computer ever worker correctly or you always had this BSOD problem?
  • 0

#14
SleepyDude
Posted 21 September 2013 - 02:46 PM

SleepyDude

    Trusted Helper

  • Malware Removal
  • 4,975 posts
Hi Madpad,

Based on your logs it doesn't looks like the BSOD is Malware related, so I would like to remove the tools we use and then continue to work on the BSOD problem.

Step 1 - Empty The System Restore

Remove old Restore Points and create a New Clean Restore Point.
  • Right click on the icon Posted Image and choose Run as Administrator to execute the tool. Make sure all other windows are closed and to let it run uninterrupted.
    Do not change any other settings unless otherwise told to do so.
  • Under the Posted Image box at the bottom, paste in the following:
    :Files
%windir%\systemnative\vssadmin.exe delete shadows /for=c: /all /quiet /c

:Commands
[CreateRestorePoint]
  • click the Posted Image button at the top
    Notes:
  • when done OTL will show a windows with Fix Complete!, click OK to access the report.
  • Copy & Paste the result in your next reply and not as attachment.

Step 2 - Remove the Tools we use

» AdwCleaner
  • Double-click then Posted Image icon on the Desktop to run the program.
    (On Windows Vista and higher accept the UAC prompt to allow changes to the computer).
  • click the Uninstall button.
» OTL
  • Double-click the OTL Icon Posted Image on the Desktop to start the program
    (On Windows Vista and higher accept the UAC prompt to allow changes to the computer).
  • click the Posted Image button. Accept the prompt to Reboot.
» Uninstall ESET On-line Scanner
  • Please open Start > Control Panel > Uninstall a program or Programs and Features if in Classic View, locate ESET On-line Scanner on the list and uninstall because it's no longer needed.
» Security Check
  • Delete SecurityCheck.exe and checkup.txt from the Desktop.
» Others
  • Delete MBR.dat any .log, .txt, file created on the Desktop during the cleaning process.

Step 3 - Enable Driver Verifier

  • Click Start
  • Type verifier in the box and press Enter
  • Select Create Standard Settings, then click Next, then select Automatically Select all Drivers Installed on this Computer
  • Click Next, then Finish
  • Reboot your computer, and you will see the list of drivers to be verified during startup. If there is a faulty driver you will get a BSOD with its respective error message, please take note of the driver involved and post.
    If you don't get a BSOD continue to use the computer until you get one.

After collecting the information about the BSOD, disable the Driver Verification
  • Click Start and type verifier /reset

  • 0

#15
madpad1972
Posted 22 September 2013 - 04:55 AM

madpad1972

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hi sleepy otl log enclosed

========== FILES ==========
< %windir%\systemnative\vssadmin.exe delete shadows /for=c: /all /quiet /c >
C:\Users\kieron_win7\Desktop\cmd.bat deleted successfully.
C:\Users\kieron_win7\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 09222013_115028
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP