Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Lock ups in Win7

Started by brycrip , Nov 07 2013 12:38 PM

  • Please log in to reply

#61
brycrip
Posted 05 December 2013 - 12:24 PM

brycrip

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 429 posts
Got SpeedFan to download from CNET. But had my first lock-up today after only about 5 minutes of computer use. It was pretty cool to the touch!
Still unprotected!
Here is the FIST scan:




Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-12-2013
Ran by BC (administrator) on CHINOOK on 05-12-2013 13:16:31
Running from C:\Users\BC\AppData\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(COMPANYVERS_NAME) C:\Program Files\SafePCRepair_89\bar\1.bin\89barsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Egis Technology Inc.) C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\WordWeb\wweb32.exe
(FreeDownloadManager.ORG) C:\Program Files\Free Download Manager\fdm.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaUI.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Program Files\BrowseSmart\updateBrowseSmart.exe
(CNET Download.com) C:\Downloads\Software\cbsidlm-cbsi145-SpeedFan-ORG-10067444.exe
(Almico Software (www.almico.com)) C:\Program Files\SpeedFan\speedfan.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [SuiteTray] - C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM\...\Run: [EgisTecPMMUpdate] - C:\Program Files\EgisTec IPS\PmmUpdate.exe [408432 2011-03-28] (Egis Technology Inc.)
HKLM\...\Run: [EgisUpdate] - C:\Program Files\EgisTec IPS\EgisUpdate.exe [202608 2011-03-28] (Egis Technology Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1934632 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715368 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [UnlockerAssistant] - C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] - "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
HKLM\...\Run: [SafePCRepair Search Scope Monitor] - C:\Program Files\SafePCRepair_89\bar\1.bin\89SrchMn.exe [44784 2013-11-25] (MindSpark)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [WordWeb] - C:\Program Files\WordWeb\wweb32.exe [77064 2012-04-21] ()
HKCU\...\Run: [Free Download Manager] - C:\Program Files\Free Download Manager\fdm.exe [6950400 2013-10-25] (FreeDownloadManager.ORG)
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-07-29] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: BrowseSmart - {ffbb88a9-c663-4b9b-9170-70fa0a5a2786} - C:\Program Files\BrowseSmart\BrowseSmartBHO.dll (BrowseSmart)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043
FF user.js: detected! => C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043\user.js
FF NewTab: user_pref("browser.newtab.url", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @SafePCRepair_89.com/Plugin - C:\Program Files\SafePCRepair_89\bar\1.bin\NP89Stub.dll (MindSpark)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: fdm_ffext - C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043\Extensions\[email protected]
FF Extension: firefox - C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043\Extensions\[email protected]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

Chrome:
=======
CHR HomePage: hxxp://start.search.us.com/v/2/?guid={54B51BB6-D4BF-48D7-8A97-B424C1127420}&serpv=5
CHR RestoreOnStartup: "hxxp://start.search.us.com/v/2/?guid={54B51BB6-D4BF-48D7-8A97-B424C1127420}&serpv=5"]}},"browser":{"clear_lso_data_enabled":true,"last_known_google_url":"https://www.google.c...om/favicon.ico"
CHR Extension: (Google Docs) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (avast! WebRep) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx

========================== Services (Whitelisted) =================

S3 EgisTec Ticket Service; C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe [173424 2011-04-02] (Egis Technology Inc. )
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [739944 2011-05-10] (Acer Incorporated)
R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.)
S3 ioloService; C:\Program Files\SafePCRepair\ioloToolService.exe [2625800 2013-04-05] (iolo technologies, LLC)
R2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated)
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [185632 2009-11-26] (Ralink Technology, Corp.)
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
R2 SafePCRepair_89Service; C:\Program Files\SafePCRepair_89\bar\1.bin\89barsvc.exe [44752 2013-11-25] (COMPANYVERS_NAME)
R2 Update BrowseSmart; C:\Program Files\BrowseSmart\updateBrowseSmart.exe [66848 2013-11-20] ()

==================== Drivers (Whitelisted) ====================

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120632 2013-09-25] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-10-16] (AVG Technologies)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [21600 2011-08-09] (Egis Technology Inc.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16936 2011-08-09] (Egis Technology Inc.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [62240 2011-08-09] (Egis Technology Inc.)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [827904 2009-11-26] (Ralink Technology Corp.)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwsn00.sys [10382576 2013-07-25] (Intel Corporation)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [252520 2011-03-06] (Realtek Semiconductor Corp.)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S4 aswSP; No ImagePath
S0 AVGIDSHX; system32\DRIVERS\avgidshx.sys [x]
S1 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [x]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-05 13:14 - 2013-12-05 13:14 - 00000000 ____D C:\FRST
2013-12-05 13:08 - 2013-12-05 13:10 - 00000000 ____D C:\Program Files\MyPC Backup
2013-12-05 13:05 - 2013-12-05 13:07 - 00000000 ____D C:\Program Files\SpeedFan
2013-12-05 13:05 - 2013-12-05 13:05 - 00000000 ____D C:\Users\BC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-12-05 12:57 - 2013-12-05 12:57 - 05745096 _____ (Hewlett-Packard Company ) C:\Users\BC\Downloads\sp31000.exe
2013-12-05 12:49 - 2013-12-05 12:50 - 00000000 ____D C:\Program Files\BrowseSmart
2013-12-03 15:40 - 2013-12-04 16:25 - 00013959 _____ C:\Windows\IE11_main.log
2013-12-03 12:31 - 2013-12-03 12:31 - 00003288 ____N C:\bootsqm.dat
2013-11-29 16:19 - 2013-12-05 12:39 - 00018548 _____ C:\Windows\DPINST.LOG
2013-11-29 16:14 - 2013-11-29 16:14 - 00000000 ____D C:\Users\BC\AppData\Roaming\SystemRequirementsLab
2013-11-29 16:13 - 2013-11-29 16:13 - 00000000 ____D C:\Windows\Sun
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\ProgramData\Oracle
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-29 16:08 - 2013-11-29 16:07 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-29 16:07 - 2013-11-29 16:07 - 00000000 ____D C:\Program Files\Java
2013-11-29 15:48 - 2013-11-29 15:48 - 00000000 ____D C:\Program Files\SystemRequirementsLab
2013-11-29 10:13 - 2013-11-29 10:13 - 00000000 ____D C:\Users\BC\AppData\Local\Adobe
2013-11-27 14:53 - 2013-11-27 14:53 - 00000000 ___HD C:\Windows\PIF
2013-11-26 13:45 - 2013-11-26 13:45 - 00000360 _____ C:\Users\BC\Desktop\junk.txt
2013-11-26 12:31 - 2013-12-05 13:15 - 00000000 ____D C:\Users\BC\AppData\Roaming\Free Download Manager
2013-11-26 12:28 - 2013-11-26 12:30 - 04066921 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst-lite(1).exe
2013-11-25 15:45 - 2013-12-05 12:20 - 00003696 _____ C:\Windows\setupact.log
2013-11-25 15:45 - 2013-11-25 15:45 - 00002152 _____ C:\Windows\PFRO.log
2013-11-25 15:45 - 2013-11-25 15:45 - 00000000 _____ C:\Windows\setuperr.log
2013-11-25 14:07 - 2013-11-25 14:11 - 00000000 ____D C:\Users\BC\AppData\Roaming\OfficeRecovery
2013-11-25 14:07 - 2013-11-25 14:07 - 00000000 ____D C:\ProgramData\OfficeRecovery.d7cc0641
2013-11-25 13:36 - 2013-11-25 13:36 - 00000000 ____D C:\Users\BC\AppData\Local\iolo
2013-11-25 13:36 - 2013-11-25 13:36 - 00000000 ____D C:\ProgramData\iolo
2013-11-25 13:36 - 2013-11-25 13:36 - 00000000 ____D C:\Program Files\SafePCRepair
2013-11-25 13:33 - 2013-11-25 13:33 - 00000000 ____D C:\Program Files\SafePCRepair_89
2013-11-24 15:25 - 2013-11-24 15:25 - 00001070 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-11-24 15:24 - 2013-11-24 15:24 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-11-22 10:24 - 2013-11-22 10:24 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVAST Software
2013-11-22 10:24 - 2013-11-22 10:23 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-22 10:23 - 2013-11-22 10:23 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-17 15:27 - 2013-11-17 15:27 - 00000000 ____D C:\2ded7b3cf452d17edf0e7189072a
2013-11-16 12:45 - 2013-11-16 12:45 - 00000000 ____D C:\Users\BC\AppData\Roaming\CrystalIdea Software
2013-11-15 13:06 - 2013-11-15 13:08 - 04066921 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst-lite.exe
2013-11-15 13:06 - 2013-11-15 13:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-14 15:40 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 15:40 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 15:40 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 15:39 - 2013-09-24 21:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 15:39 - 2013-09-24 21:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 15:39 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 15:39 - 2013-09-24 20:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 15:39 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 15:39 - 2013-09-24 20:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 15:39 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 15:39 - 2013-09-24 19:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 15:39 - 2013-09-24 19:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 15:39 - 2013-07-04 07:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-14 15:38 - 2013-10-02 20:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 15:37 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 15:37 - 2013-10-11 21:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 15:37 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 15:37 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\Users\BC\AppData\Roaming\Malwarebytes
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-13 14:13 - 2013-11-26 12:31 - 00000000 ____D C:\Program Files\Free Download Manager
2013-11-13 13:27 - 2013-11-13 13:27 - 00013697 _____ C:\ComboFix.txt
2013-11-13 13:00 - 2013-11-13 13:27 - 00000000 ____D C:\Qoobox
2013-11-13 12:59 - 2013-11-13 13:24 - 00000000 ____D C:\Windows\erdnt
2013-11-10 11:58 - 2013-11-10 11:58 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVG2014
2013-11-10 11:54 - 2013-11-21 15:13 - 00000000 ____D C:\Users\BC\AppData\Local\Avg2014
2013-11-08 13:46 - 2013-11-08 13:46 - 00000988 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-08 13:38 - 2013-11-08 13:43 - 24278649 _____ C:\Users\BC\Downloads\vlc-2.1.0-win32.exe
2013-11-08 13:23 - 2013-11-08 14:18 - 00041698 _____ C:\Users\BC\Downloads\Extras.Txt
2013-11-07 17:54 - 2013-11-07 17:54 - 00000000 ____D C:\Users\BC\AppData\Local\{3B375EDC-7B9F-4182-95FB-B5720A3E1B76}
2013-11-07 15:32 - 2013-11-10 11:12 - 00016431 _____ C:\Users\BC\Downloads\Addition.txt
2013-11-07 15:25 - 2013-11-07 15:25 - 00003621 _____ C:\Users\BC\Desktop\JRT.txt
2013-11-07 15:15 - 2013-11-07 15:15 - 00000000 ____D C:\Windows\ERUNT
2013-11-07 13:23 - 2013-11-07 13:23 - 02143832 _____ C:\Users\BC\Downloads\instsf449.exe
2013-11-07 12:55 - 2013-12-05 13:05 - 00000929 _____ C:\Users\BC\Desktop\SpeedFan.lnk
2013-11-07 12:55 - 2013-12-05 13:05 - 00000045 _____ C:\Windows\system32\initdebug.nfo
2013-11-05 12:15 - 2013-11-05 12:15 - 00661184 _____ (Sysinternals - www.sysinternals.com) C:\Users\BC\Downloads\autoruns.exe

==================== One Month Modified Files and Folders =======

2013-12-05 13:15 - 2013-11-26 12:31 - 00000000 ____D C:\Users\BC\AppData\Roaming\Free Download Manager
2013-12-05 13:14 - 2013-12-05 13:14 - 00000000 ____D C:\FRST
2013-12-05 13:10 - 2013-12-05 13:08 - 00000000 ____D C:\Program Files\MyPC Backup
2013-12-05 13:07 - 2013-12-05 13:05 - 00000000 ____D C:\Program Files\SpeedFan
2013-12-05 13:05 - 2013-12-05 13:05 - 00000000 ____D C:\Users\BC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-12-05 13:05 - 2013-11-07 12:55 - 00000929 _____ C:\Users\BC\Desktop\SpeedFan.lnk
2013-12-05 13:05 - 2013-11-07 12:55 - 00000045 _____ C:\Windows\system32\initdebug.nfo
2013-12-05 12:59 - 2011-08-09 00:00 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-12-05 12:57 - 2013-12-05 12:57 - 05745096 _____ (Hewlett-Packard Company ) C:\Users\BC\Downloads\sp31000.exe
2013-12-05 12:50 - 2013-12-05 12:49 - 00000000 ____D C:\Program Files\BrowseSmart
2013-12-05 12:39 - 2013-11-29 16:19 - 00018548 _____ C:\Windows\DPINST.LOG
2013-12-05 12:31 - 2012-06-12 14:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-05 12:28 - 2009-07-13 23:34 - 00016160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-05 12:28 - 2009-07-13 23:34 - 00016160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-05 12:24 - 2013-10-30 14:36 - 02015174 _____ C:\Windows\WindowsUpdate.log
2013-12-05 12:20 - 2013-11-25 15:45 - 00003696 _____ C:\Windows\setupact.log
2013-12-05 12:20 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-05 10:41 - 2010-11-20 16:01 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-05 10:40 - 2011-12-13 20:25 - 00000000 ____D C:\VirusTrap1
2013-12-04 19:57 - 2011-12-09 17:28 - 00000000 ____D C:\Users\BC\AppData\Roaming\vlc
2013-12-04 16:25 - 2013-12-03 15:40 - 00013959 _____ C:\Windows\IE11_main.log
2013-12-04 14:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF
2013-12-04 09:55 - 2013-03-17 10:38 - 00000000 ____D C:\Users\BC\AppData\Roaming\Skype
2013-12-03 12:31 - 2013-12-03 12:31 - 00003288 ____N C:\bootsqm.dat
2013-12-02 14:36 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2013-11-29 16:14 - 2013-11-29 16:14 - 00000000 ____D C:\Users\BC\AppData\Roaming\SystemRequirementsLab
2013-11-29 16:13 - 2013-11-29 16:13 - 00000000 ____D C:\Windows\Sun
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\ProgramData\Oracle
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-29 16:07 - 2013-11-29 16:08 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-29 16:07 - 2013-11-29 16:07 - 00000000 ____D C:\Program Files\Java
2013-11-29 15:48 - 2013-11-29 15:48 - 00000000 ____D C:\Program Files\SystemRequirementsLab
2013-11-29 10:13 - 2013-11-29 10:13 - 00000000 ____D C:\Users\BC\AppData\Local\Adobe
2013-11-27 14:53 - 2013-11-27 14:53 - 00000000 ___HD C:\Windows\PIF
2013-11-26 13:45 - 2013-11-26 13:45 - 00000360 _____ C:\Users\BC\Desktop\junk.txt
2013-11-26 12:31 - 2013-11-13 14:13 - 00000000 ____D C:\Program Files\Free Download Manager
2013-11-26 12:30 - 2013-11-26 12:28 - 04066921 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst-lite(1).exe
2013-11-25 15:45 - 2013-11-25 15:45 - 00002152 _____ C:\Windows\PFRO.log
2013-11-25 15:45 - 2013-11-25 15:45 - 00000000 _____ C:\Windows\setuperr.log
2013-11-25 14:11 - 2013-11-25 14:07 - 00000000 ____D C:\Users\BC\AppData\Roaming\OfficeRecovery
2013-11-25 14:07 - 2013-11-25 14:07 - 00000000 ____D C:\ProgramData\OfficeRecovery.d7cc0641
2013-11-25 13:36 - 2013-11-25 13:36 - 00000000 ____D C:\Users\BC\AppData\Local\iolo
2013-11-25 13:36 - 2013-11-25 13:36 - 00000000 ____D C:\ProgramData\iolo
2013-11-25 13:36 - 2013-11-25 13:36 - 00000000 ____D C:\Program Files\SafePCRepair
2013-11-25 13:33 - 2013-11-25 13:33 - 00000000 ____D C:\Program Files\SafePCRepair_89
2013-11-24 15:28 - 2011-12-09 16:04 - 00064768 _____ C:\Users\BC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-24 15:28 - 2009-07-13 23:33 - 00289520 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-24 15:25 - 2013-11-24 15:25 - 00001070 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-11-24 15:24 - 2013-11-24 15:24 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-11-24 14:43 - 2011-12-09 16:03 - 00000000 ____D C:\Users\BC
2013-11-24 14:43 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\wfp
2013-11-24 14:42 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2013-11-24 13:37 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-11-22 10:24 - 2013-11-22 10:24 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVAST Software
2013-11-22 10:23 - 2013-11-22 10:24 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-22 10:23 - 2013-11-22 10:23 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-22 10:22 - 2013-03-16 13:05 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-22 09:58 - 2011-12-09 16:17 - 00000000 ____D C:\ProgramData\MFAData
2013-11-21 15:13 - 2013-11-10 11:54 - 00000000 ____D C:\Users\BC\AppData\Local\Avg2014
2013-11-21 14:04 - 2011-12-09 16:03 - 00000000 ____D C:\Users\BC\AppData\Local\VirtualStore
2013-11-17 15:27 - 2013-11-17 15:27 - 00000000 ____D C:\2ded7b3cf452d17edf0e7189072a
2013-11-16 12:45 - 2013-11-16 12:45 - 00000000 ____D C:\Users\BC\AppData\Roaming\CrystalIdea Software
2013-11-16 12:39 - 2012-03-28 16:51 - 00000000 ____D C:\Program Files\WordWeb
2013-11-15 17:42 - 2013-10-30 14:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-15 13:08 - 2013-11-15 13:06 - 04066921 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst-lite.exe
2013-11-15 13:06 - 2013-11-15 13:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-15 12:50 - 2009-07-13 23:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-15 12:45 - 2013-07-20 07:13 - 00000000 ____D C:\Windows\system32\MRT
2013-11-15 12:38 - 2011-12-16 19:04 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 15:35 - 2013-10-30 14:27 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-14 15:21 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Public
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\Users\BC\AppData\Roaming\Malwarebytes
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-13 13:27 - 2013-11-13 13:27 - 00013697 _____ C:\ComboFix.txt
2013-11-13 13:27 - 2013-11-13 13:00 - 00000000 ____D C:\Qoobox
2013-11-13 13:24 - 2013-11-13 12:59 - 00000000 ____D C:\Windows\erdnt
2013-11-10 11:58 - 2013-11-10 11:58 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVG2014
2013-11-10 11:56 - 2013-10-16 13:21 - 00000000 ____D C:\ProgramData\AVG2014
2013-11-10 11:12 - 2013-11-07 15:32 - 00016431 _____ C:\Users\BC\Downloads\Addition.txt
2013-11-08 14:18 - 2013-11-08 13:23 - 00041698 _____ C:\Users\BC\Downloads\Extras.Txt
2013-11-08 13:46 - 2013-11-08 13:46 - 00000988 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-11-08 13:44 - 2011-12-09 17:25 - 00000000 ____D C:\Program Files\VideoLAN
2013-11-08 13:43 - 2013-11-08 13:38 - 24278649 _____ C:\Users\BC\Downloads\vlc-2.1.0-win32.exe
2013-11-07 17:54 - 2013-11-07 17:54 - 00000000 ____D C:\Users\BC\AppData\Local\{3B375EDC-7B9F-4182-95FB-B5720A3E1B76}
2013-11-07 15:25 - 2013-11-07 15:25 - 00003621 _____ C:\Users\BC\Desktop\JRT.txt
2013-11-07 15:15 - 2013-11-07 15:15 - 00000000 ____D C:\Windows\ERUNT
2013-11-07 13:23 - 2013-11-07 13:23 - 02143832 _____ C:\Users\BC\Downloads\instsf449.exe
2013-11-05 12:15 - 2013-11-05 12:15 - 00661184 _____ (Sysinternals - www.sysinternals.com) C:\Users\BC\Downloads\autoruns.exe

Some content of TEMP:
====================
C:\Users\BC\AppData\Local\Temp\BackupSetup.exe
C:\Users\BC\AppData\Local\Temp\jxpiinstall(1).exe
C:\Users\BC\AppData\Local\Temp\jxpiinstall.exe
C:\Users\BC\AppData\Local\Temp\sfamcc00001.dll
C:\Users\BC\AppData\Local\Temp\sfareca00001.dll
C:\Users\BC\AppData\Local\Temp\sfextra.dll
C:\Users\BC\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-02 14:28

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-12-2013
Ran by BC at 2013-12-05 13:17:47
Running from C:\Users\BC\AppData\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acer Crystal Eye Webcam (Version: 1.0.1904)
Acer ePower Management (Version: 6.00.3007)
Acer eRecovery Management (Version: 5.00.3502)
Acer Registration (Version: 1.04.3502)
Acer ScreenSaver (Version: 1.1.0617.2011)
Acer Updater (Version: 1.02.3500)
Acer VCM (Version: 4.05.3501)
Adobe AIR (Version: 3.7.0.1860)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
BrowseSmart (Version: 2013.11.21.002241)
CCleaner (Version: 4.00)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
D3DX10 (Version: 15.4.2368.0902)
Free Download Manager 3.9.3
Galerie de photos Windows Live (Version: 15.4.3502.0922)
iCall (Version: 7.1.524)
Identity Card (Version: 1.00.3501)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.14.10.2230)
Intel® Rapid Storage Technology (Version: 10.1.0.1008)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Junk Mail filter update (Version: 15.4.3502.0922)
Launch Manager (Version: 5.1.4)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MSVCRT (Version: 15.4.2862.0708)
MyWinLocker 4 (Version: 4.0.14.25)
MyWinLocker Suite (Version: 4.0.14.15)
OpenOffice 4.0.1 (Version: 4.01.9714)
Ralink RT2870 Wireless LAN Card (Version: 1.5.6.0)
Realtek Ethernet Controller Driver (Version: 7.37.1229.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6307)
Realtek PCIE Card Reader (Version: 6.1.7600.78)
SelectionLinks (Version: 1.0)
Shredder (Version: 2.0.8.9)
Skype™ 6.6 (Version: 6.6.106)
SpeedFan (remove only)
Synaptics Pointing Device Driver (Version: 15.1.18.0)
System Requirements Lab for Intel (Version: 4.5.13.0)
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VLC media player 2.1.0 (Version: 2.1.0)
Welcome Center (Version: 1.02.3503)
Windows Live (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WordWeb (Version: 6)

==================== Restore Points =========================

10-11-2013 16:54:19 Installed AVG 2014
12-11-2013 17:40:38 Windows Update
13-11-2013 18:32:39 Windows Update
13-11-2013 20:05:14 Windows Update
14-11-2013 20:18:05 Restore Operation
15-11-2013 17:37:34 Windows Update
17-11-2013 20:27:19 Windows Update
19-11-2013 15:18:55 Windows Update
19-11-2013 16:09:33 Windows Update
21-11-2013 15:16:29 Installed AVG 2014
22-11-2013 15:22:56 avast! antivirus system restore point
24-11-2013 19:38:27 Restore Operation
24-11-2013 19:47:17 Removed OpenOffice 4.0.1
24-11-2013 20:23:18 Installed OpenOffice 4.0.1
25-11-2013 19:06:11 Installed Recovery for Writer 1.7.20461.2 Demo License
25-11-2013 19:20:22 Removed Recovery for Writer 1.7.20461.2 Demo License
29-11-2013 20:47:29 Installed System Requirements Lab for Intel
29-11-2013 21:06:53 Installed Java 7 Update 45
03-12-2013 20:40:22 Windows Update
04-12-2013 19:42:26 Windows Update
04-12-2013 21:24:53 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:04 - 2013-03-25 12:17 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {00B7BDB0-B402-40C1-A4CB-D569BBDC1A4E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {3C61BF98-B1A3-445D-813B-4B8B80A5F2E7} - System32\Tasks\{2F8EB3EA-875C-4E36-8380-B9F8CF6B71B2} => C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {3FD60D5F-A872-4150-835E-A0B1D7A891A6} - System32\Tasks\{423C745D-CEB9-4720-834B-5910ADC6F8D5} => C:\Program Files\tinySpell\tinyspell.exe
Task: {4A0CE86E-3B42-4A6A-8F59-93EF2A9C3340} - System32\Tasks\{47C8FCC1-4B89-44C5-A945-3D30301AE89B} => Firefox.exe
Task: {56D88B04-85C7-4410-BAEB-912E432705C3} - System32\Tasks\Adobe ARM => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)
Task: {7BAA9F29-A535-41A3-ADCB-FD77A7459241} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1434271250-535229840-3131482536-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {82A70256-A65B-45B0-A289-2F52D670FF40} - System32\Tasks\{6977321E-CE53-4746-8B61-77A4D12D0423} => Firefox.exe
Task: {8E432221-B688-49C4-8CCA-6611CFA9F602} - System32\Tasks\{16C26C30-E35C-44AE-AFED-771B87A2A222} => C:\Program Files\OpenOffice.org
Task: {92FB80DF-3D46-471B-A2A6-DC3D2FB09EF5} - System32\Tasks\{764A393D-633B-439A-9593-6364EADF016A} => C:\Program Files\Moyea\FLV Editor Lite\FlvEditorLite.exe
Task: {9B8F7347-CAB4-4C1B-82A3-2B0CF9EE341F} - System32\Tasks\{C978A38F-7358-4587-9AE2-A8C10C5E6928} => C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {A369E454-F732-460B-BE75-6CEBF9561A1D} - System32\Tasks\{7A078B64-317B-47E5-AEED-6DA886061D18} => Firefox.exe
Task: {B0E4A562-7DF8-4567-92AD-2FAE0D3847C9} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1434271250-535229840-3131482536-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {B2C2BB7E-05B6-47C1-AA76-7D8BBA82DA03} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {D5E81E6D-48AE-44AC-9B70-500CE81575B1} - System32\Tasks\{A82B7F6C-83D4-4711-AAFD-454886EA6197} => C:\Program Files\iCall\iCall.exe [2012-06-18] ()
Task: {F417EE00-20DF-4F86-8D2B-967557058F93} - System32\Tasks\{3E9059AE-66C4-4070-B46D-2D805B2D2D4D} => C:\Program Files\tinySpell\tinyspell.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-07-04 16:32 - 2010-07-04 16:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2012-03-28 16:51 - 2012-07-15 11:27 - 02216480 ____N () C:\Windows\wweb32.dll
2012-03-28 16:51 - 2012-07-15 11:25 - 00022800 ____N () C:\Program Files\WordWeb\WUCNT.dll
2011-12-21 17:40 - 2009-11-26 17:02 - 00918816 _____ () C:\Program Files\Ralink\Common\RaWLAPI.dll
2013-12-05 13:07 - 2013-12-05 13:07 - 00158720 _____ () C:\Users\BC\AppData\Local\Temp\sfareca00001.dll
2013-12-05 13:07 - 2013-12-05 13:07 - 00192512 _____ () C:\Users\BC\AppData\Local\Temp\sfamcc00001.dll
2010-07-04 16:32 - 2010-07-04 16:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: AVGIDSShim
Description: AVGIDSShim
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AVGIDSShim
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/05/2013 00:21:19 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/05/2013 00:03:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/05/2013 10:34:09 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/05/2013 06:42:55 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/05/2013 06:21:47 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/05/2013 05:07:32 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/04/2013 06:34:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/04/2013 02:44:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/04/2013 01:11:41 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/04/2013 11:17:20 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/05/2013 00:21:05 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSHX
AVGIDSShim

Error: (12/05/2013 00:20:56 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:19:45 PM on ‎12/‎5/‎2013 was unexpected.

Error: (12/05/2013 00:03:50 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSHX
AVGIDSShim

Error: (12/05/2013 10:34:09 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSHX
AVGIDSShim

Error: (12/05/2013 06:42:55 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSHX
AVGIDSShim

Error: (12/05/2013 06:21:46 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSHX
AVGIDSShim

Error: (12/05/2013 05:07:31 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSHX
AVGIDSShim

Error: (12/04/2013 06:34:44 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSHX
AVGIDSShim

Error: (12/04/2013 04:25:59 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7.

Error: (12/04/2013 02:44:49 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSHX
AVGIDSShim


Microsoft Office Sessions:
=========================
Error: (12/05/2013 00:21:19 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/05/2013 00:03:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/05/2013 10:34:09 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/05/2013 06:42:55 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/05/2013 06:21:47 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/05/2013 05:07:32 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/04/2013 06:34:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/04/2013 02:44:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/04/2013 01:11:41 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/04/2013 11:17:20 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 58%
Total physical RAM: 1011.87 MB
Available physical RAM: 424.3 MB
Total Pagefile: 2035.87 MB
Available Pagefile: 1291.45 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.09 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:219.79 GB) (Free:169.85 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: E2768EF3)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

Advertisements

#62
brycrip
Posted 06 December 2013 - 12:23 PM

brycrip

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 429 posts
First lock-up today after about an hour's computer use on-line. Speedfan pegged my core temperature at 62 degrees. I'm going to go a head and re-download AVAST.
  • 0

#63
brycrip
Posted 06 December 2013 - 12:57 PM

brycrip

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 429 posts
Second lock-up. Speenfan Core temperature: 59-degrees.
  • 0

#64
RKinner
Posted 06 December 2013 - 05:43 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Your FRST shows that AVG is still there. It's like it reverted back to an earlier time except there is one Avast driver visible. Also you have picked up something called SafePCRepair_89 which I don't think is trustworthy.

Once you reinstall Avast run another FRST scan and let's see what it looks like.
  • 0

#65
brycrip
Posted 07 December 2013 - 02:05 PM

brycrip

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 429 posts
FRST has decided not to scan my computer anymore. I'll have to re-download it.
How do I get rid of PC Repair? Don't see it in my Uninstall Programs.
One freeze-up today... I tried using my mouse thinking my touch pad was faulty but it didn't make any difference. On other thing... MS seems to be trying to download an update when I close off. I wait for the machine to download and appears to do so, shutting down. But next time I shut down... I'm delayed again while the update appears to download.

Thanx... Bry
  • 0

#66
RKinner
Posted 07 December 2013 - 02:39 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
We can delete PC Repair with FRST or OTL.

For the annoying Update:

You might try http://support.microsoft.com/kb/910339 There is a Fixit that pops up on that page. Perhaps it will help.

Also http://support.micro...kb/971058/en-us Another Fixit but also a manual method that usually works.

Have you tried creating a new user with admin rights and logging in as the new user? Does that crash too?
  • 0

#67
brycrip
Posted 09 December 2013 - 01:17 PM

brycrip

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 429 posts
Computer will only work in Safe Mode now. Window says there is a registry error
  • 0

#68
brycrip
Posted 09 December 2013 - 01:24 PM

brycrip

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 429 posts
Can't run MS Fit It in Safe Mode!

Here is FIST SCAN:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-12-2013
Ran by BC (administrator) on CHINOOK on 09-12-2013 13:54:14
Running from C:\Users\BC\AppData\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(COMPANYVERS_NAME) C:\Program Files\SafePCRepair_89\bar\1.bin\89barsvc.exe
(Skype Technologies) C:\Program Files\Skype\Updater\Updater.exe
() C:\Program Files\BrowseSmart\updateBrowseSmart.exe
() C:\Program Files\BrowseSmart\bin\utilBrowseSmart.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Egis Technology Inc.) C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 11.0\Reader\reader_sl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files\WordWeb\wweb32.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(FreeDownloadManager.ORG) C:\Program Files\Free Download Manager\fdm.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaUI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [SuiteTray] - C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM\...\Run: [EgisTecPMMUpdate] - C:\Program Files\EgisTec IPS\PmmUpdate.exe [408432 2011-03-28] (Egis Technology Inc.)
HKLM\...\Run: [EgisUpdate] - C:\Program Files\EgisTec IPS\EgisUpdate.exe [202608 2011-03-28] (Egis Technology Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1934632 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715368 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [UnlockerAssistant] - C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] - "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
HKLM\...\Run: [SafePCRepair Search Scope Monitor] - C:\Program Files\SafePCRepair_89\bar\1.bin\89SrchMn.exe [44784 2013-11-25] (MindSpark)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-06] (AVAST Software)
HKCU\...\Run: [WordWeb] - C:\Program Files\WordWeb\wweb32.exe [77064 2012-04-21] ()
HKCU\...\Run: [Free Download Manager] - C:\Program Files\Free Download Manager\fdm.exe [6950400 2013-10-25] (FreeDownloadManager.ORG)
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-07-29] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: BrowseSmart - {ffbb88a9-c663-4b9b-9170-70fa0a5a2786} - C:\Program Files\BrowseSmart\BrowseSmartBHO.dll (BrowseSmart)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043
FF user.js: detected! => C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043\user.js
FF NewTab: user_pref("browser.newtab.url", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @SafePCRepair_89.com/Plugin - C:\Program Files\SafePCRepair_89\bar\1.bin\NP89Stub.dll (MindSpark)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: fdm_ffext - C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043\Extensions\[email protected]
FF Extension: firefox - C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043\Extensions\[email protected]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

Chrome:
=======
CHR HomePage: hxxp://start.search.us.com/v/2/?guid={54B51BB6-D4BF-48D7-8A97-B424C1127420}&serpv=5
CHR Extension: (Google Docs) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (avast! WebRep) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-06] (AVAST Software)
S3 EgisTec Ticket Service; C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe [173424 2011-04-02] (Egis Technology Inc. )
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [739944 2011-05-10] (Acer Incorporated)
R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.)
S3 ioloService; C:\Program Files\SafePCRepair\ioloToolService.exe [2625800 2013-04-05] (iolo technologies, LLC)
R2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated)
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [185632 2009-11-26] (Ralink Technology, Corp.)
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
R2 SafePCRepair_89Service; C:\Program Files\SafePCRepair_89\bar\1.bin\89barsvc.exe [44752 2013-11-25] (COMPANYVERS_NAME)
R2 Update BrowseSmart; C:\Program Files\BrowseSmart\updateBrowseSmart.exe [66848 2013-11-20] ()
R2 Util BrowseSmart; C:\Program Files\BrowseSmart\bin\utilBrowseSmart.exe [66848 2013-12-06] ()

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-12-06] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-12-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-12-06] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-12-06] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-12-06] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-12-06] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-12-06] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-12-06] ()
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120632 2013-09-25] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-10-16] (AVG Technologies)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [21600 2011-08-09] (Egis Technology Inc.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16936 2011-08-09] (Egis Technology Inc.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [62240 2011-08-09] (Egis Technology Inc.)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [827904 2009-11-26] (Ralink Technology Corp.)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwsn00.sys [10382576 2013-07-25] (Intel Corporation)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [252520 2011-03-06] (Realtek Semiconductor Corp.)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S0 AVGIDSHX; system32\DRIVERS\avgidshx.sys [x]
S1 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [x]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-09 13:48 - 2013-12-09 13:48 - 00000000 ____D C:\FRST
2013-12-06 18:09 - 2013-12-09 13:52 - 00000896 _____ C:\Windows\setupact.log
2013-12-06 18:09 - 2013-12-06 18:09 - 00000000 _____ C:\Windows\setuperr.log
2013-12-06 15:46 - 2013-12-09 12:14 - 00023442 _____ C:\Windows\IE11_main.log
2013-12-06 14:24 - 2013-12-06 15:03 - 10085984 _____ (AVAST Software) C:\Users\BC\Downloads\avast_free_antivirus_setup.exe.part
2013-12-06 14:24 - 2013-12-06 14:24 - 00000000 _____ C:\Users\BC\Downloads\avast_free_antivirus_setup.exe
2013-12-06 13:44 - 2013-12-09 13:53 - 00000874 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-06 13:44 - 2013-12-09 13:49 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-06 13:44 - 2013-12-06 13:44 - 50063360 _____ C:\Program Files\GUTD9CC.tmp
2013-12-06 13:44 - 2013-12-06 13:44 - 00774392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00403440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00079720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-06 13:44 - 2013-12-06 13:44 - 00035656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00000000 ____D C:\Program Files\GUMD9AC.tmp
2013-12-05 15:06 - 2013-12-05 15:06 - 00000000 ____D C:\Users\BC\AppData\Roaming\LibreOffice
2013-12-05 14:58 - 2013-12-05 14:58 - 00002579 _____ C:\Users\Public\Desktop\LibreOffice 4.1.lnk
2013-12-05 13:57 - 2013-12-05 14:58 - 00000000 ____D C:\Program Files\LibreOffice 4
2013-12-05 13:08 - 2013-12-05 13:10 - 00000000 ____D C:\Program Files\MyPC Backup
2013-12-05 13:05 - 2013-12-06 13:51 - 00000000 ____D C:\Program Files\SpeedFan
2013-12-05 13:05 - 2013-12-05 13:05 - 00000000 ____D C:\Users\BC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-12-05 12:57 - 2013-12-05 12:57 - 05745096 _____ (Hewlett-Packard Company ) C:\Users\BC\Downloads\sp31000.exe
2013-12-05 12:49 - 2013-12-06 12:24 - 00000000 ____D C:\Program Files\BrowseSmart
2013-12-03 12:31 - 2013-12-03 12:31 - 00003288 ____N C:\bootsqm.dat
2013-11-29 16:14 - 2013-11-29 16:14 - 00000000 ____D C:\Users\BC\AppData\Roaming\SystemRequirementsLab
2013-11-29 16:13 - 2013-11-29 16:13 - 00000000 ____D C:\Windows\Sun
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\ProgramData\Oracle
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-29 16:08 - 2013-11-29 16:07 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-29 16:07 - 2013-11-29 16:07 - 00000000 ____D C:\Program Files\Java
2013-11-29 15:48 - 2013-11-29 15:48 - 00000000 ____D C:\Program Files\SystemRequirementsLab
2013-11-29 10:13 - 2013-11-29 10:13 - 00000000 ____D C:\Users\BC\AppData\Local\Adobe
2013-11-27 14:53 - 2013-11-27 14:53 - 00000000 ___HD C:\Windows\PIF
2013-11-26 13:45 - 2013-11-26 13:45 - 00000360 _____ C:\Users\BC\Desktop\junk.txt
2013-11-26 12:31 - 2013-12-09 13:47 - 00000000 ____D C:\Users\BC\AppData\Roaming\Free Download Manager
2013-11-25 14:07 - 2013-11-25 14:11 - 00000000 ____D C:\Users\BC\AppData\Roaming\OfficeRecovery
2013-11-25 14:07 - 2013-11-25 14:07 - 00000000 ____D C:\ProgramData\OfficeRecovery.d7cc0641
2013-11-25 13:36 - 2013-11-25 13:36 - 00000000 ____D C:\Users\BC\AppData\Local\iolo
2013-11-25 13:36 - 2013-11-25 13:36 - 00000000 ____D C:\ProgramData\iolo
2013-11-25 13:36 - 2013-11-25 13:36 - 00000000 ____D C:\Program Files\SafePCRepair
2013-11-25 13:33 - 2013-11-25 13:33 - 00000000 ____D C:\Program Files\SafePCRepair_89
2013-11-24 15:25 - 2013-11-24 15:25 - 00001070 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-11-24 15:24 - 2013-11-24 15:24 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-11-22 10:24 - 2013-12-06 13:44 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-22 10:24 - 2013-11-22 10:24 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVAST Software
2013-11-22 10:23 - 2013-11-22 10:23 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-17 15:27 - 2013-11-17 15:27 - 00000000 ____D C:\2ded7b3cf452d17edf0e7189072a
2013-11-16 12:45 - 2013-11-16 12:45 - 00000000 ____D C:\Users\BC\AppData\Roaming\CrystalIdea Software
2013-11-15 13:06 - 2013-11-15 13:08 - 04066921 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst-lite.exe
2013-11-15 13:06 - 2013-11-15 13:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-14 15:40 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 15:40 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 15:40 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 15:39 - 2013-09-24 21:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 15:39 - 2013-09-24 21:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 15:39 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 15:39 - 2013-09-24 20:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 15:39 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 15:39 - 2013-09-24 20:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 15:39 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 15:39 - 2013-09-24 19:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 15:39 - 2013-09-24 19:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 15:39 - 2013-07-04 07:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-14 15:38 - 2013-10-02 20:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 15:37 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 15:37 - 2013-10-11 21:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 15:37 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 15:37 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\Users\BC\AppData\Roaming\Malwarebytes
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-13 14:13 - 2013-11-26 12:31 - 00000000 ____D C:\Program Files\Free Download Manager
2013-11-13 13:27 - 2013-11-13 13:27 - 00013697 _____ C:\ComboFix.txt
2013-11-13 13:00 - 2013-11-13 13:27 - 00000000 ____D C:\Qoobox
2013-11-13 12:59 - 2013-11-13 13:24 - 00000000 ____D C:\Windows\erdnt
2013-11-10 11:58 - 2013-11-10 11:58 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVG2014
2013-11-10 11:54 - 2013-11-21 15:13 - 00000000 ____D C:\Users\BC\AppData\Local\Avg2014

==================== One Month Modified Files and Folders =======

2013-12-09 13:53 - 2013-12-06 13:44 - 00000874 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-09 13:52 - 2013-12-06 18:09 - 00000896 _____ C:\Windows\setupact.log
2013-12-09 13:52 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-09 13:49 - 2013-12-06 13:44 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-09 13:48 - 2013-12-09 13:48 - 00000000 ____D C:\FRST
2013-12-09 13:47 - 2013-11-26 12:31 - 00000000 ____D C:\Users\BC\AppData\Roaming\Free Download Manager
2013-12-09 13:44 - 2013-10-30 14:36 - 01319568 _____ C:\Windows\WindowsUpdate.log
2013-12-09 13:43 - 2009-07-13 23:34 - 00016160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-09 13:43 - 2009-07-13 23:34 - 00016160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-09 12:31 - 2012-06-12 14:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-09 12:14 - 2013-12-06 15:46 - 00023442 _____ C:\Windows\IE11_main.log
2013-12-08 18:23 - 2011-12-09 17:28 - 00000000 ____D C:\Users\BC\AppData\Roaming\vlc
2013-12-08 14:59 - 2011-12-13 20:25 - 00000000 ____D C:\VirusTrap1
2013-12-06 18:09 - 2013-12-06 18:09 - 00000000 _____ C:\Windows\setuperr.log
2013-12-06 15:42 - 2010-11-20 16:01 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-06 15:03 - 2013-12-06 14:24 - 10085984 _____ (AVAST Software) C:\Users\BC\Downloads\avast_free_antivirus_setup.exe.part
2013-12-06 14:24 - 2013-12-06 14:24 - 00000000 _____ C:\Users\BC\Downloads\avast_free_antivirus_setup.exe
2013-12-06 13:51 - 2013-12-05 13:05 - 00000000 ____D C:\Program Files\SpeedFan
2013-12-06 13:44 - 2013-12-06 13:44 - 50063360 _____ C:\Program Files\GUTD9CC.tmp
2013-12-06 13:44 - 2013-12-06 13:44 - 00774392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00403440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00079720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-06 13:44 - 2013-12-06 13:44 - 00035656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00000000 ____D C:\Program Files\GUMD9AC.tmp
2013-12-06 13:44 - 2013-11-22 10:24 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-06 13:44 - 2013-03-16 13:09 - 00269216 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-06 13:44 - 2012-01-14 19:01 - 00000000 ____D C:\Program Files\Google
2013-12-06 12:24 - 2013-12-05 12:49 - 00000000 ____D C:\Program Files\BrowseSmart
2013-12-05 17:57 - 2011-12-09 16:04 - 00070968 _____ C:\Users\BC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-05 17:56 - 2009-07-13 23:33 - 00317776 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-05 15:06 - 2013-12-05 15:06 - 00000000 ____D C:\Users\BC\AppData\Roaming\LibreOffice
2013-12-05 14:58 - 2013-12-05 14:58 - 00002579 _____ C:\Users\Public\Desktop\LibreOffice 4.1.lnk
2013-12-05 14:58 - 2013-12-05 13:57 - 00000000 ____D C:\Program Files\LibreOffice 4
2013-12-05 13:10 - 2013-12-05 13:08 - 00000000 ____D C:\Program Files\MyPC Backup
2013-12-05 13:05 - 2013-12-05 13:05 - 00000000 ____D C:\Users\BC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-12-05 13:05 - 2013-11-07 12:55 - 00000929 _____ C:\Users\BC\Desktop\SpeedFan.lnk
2013-12-05 13:05 - 2013-11-07 12:55 - 00000045 _____ C:\Windows\system32\initdebug.nfo
2013-12-05 12:59 - 2011-08-09 00:00 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-12-05 12:57 - 2013-12-05 12:57 - 05745096 _____ (Hewlett-Packard Company ) C:\Users\BC\Downloads\sp31000.exe
2013-12-04 14:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF
2013-12-04 09:55 - 2013-03-17 10:38 - 00000000 ____D C:\Users\BC\AppData\Roaming\Skype
2013-12-03 12:31 - 2013-12-03 12:31 - 00003288 ____N C:\bootsqm.dat
2013-12-02 14:36 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2013-11-29 16:14 - 2013-11-29 16:14 - 00000000 ____D C:\Users\BC\AppData\Roaming\SystemRequirementsLab
2013-11-29 16:13 - 2013-11-29 16:13 - 00000000 ____D C:\Windows\Sun
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\ProgramData\Oracle
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-29 16:07 - 2013-11-29 16:08 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-29 16:07 - 2013-11-29 16:07 - 00000000 ____D C:\Program Files\Java
2013-11-29 15:48 - 2013-11-29 15:48 - 00000000 ____D C:\Program Files\SystemRequirementsLab
2013-11-29 10:13 - 2013-11-29 10:13 - 00000000 ____D C:\Users\BC\AppData\Local\Adobe
2013-11-27 14:53 - 2013-11-27 14:53 - 00000000 ___HD C:\Windows\PIF
2013-11-26 13:45 - 2013-11-26 13:45 - 00000360 _____ C:\Users\BC\Desktop\junk.txt
2013-11-26 12:31 - 2013-11-13 14:13 - 00000000 ____D C:\Program Files\Free Download Manager
2013-11-25 14:11 - 2013-11-25 14:07 - 00000000 ____D C:\Users\BC\AppData\Roaming\OfficeRecovery
2013-11-25 14:07 - 2013-11-25 14:07 - 00000000 ____D C:\ProgramData\OfficeRecovery.d7cc0641
2013-11-25 13:36 - 2013-11-25 13:36 - 00000000 ____D C:\Users\BC\AppData\Local\iolo
2013-11-25 13:36 - 2013-11-25 13:36 - 00000000 ____D C:\ProgramData\iolo
2013-11-25 13:36 - 2013-11-25 13:36 - 00000000 ____D C:\Program Files\SafePCRepair
2013-11-25 13:33 - 2013-11-25 13:33 - 00000000 ____D C:\Program Files\SafePCRepair_89
2013-11-24 15:25 - 2013-11-24 15:25 - 00001070 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-11-24 15:24 - 2013-11-24 15:24 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-11-24 14:43 - 2011-12-09 16:03 - 00000000 ____D C:\Users\BC
2013-11-24 14:43 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\wfp
2013-11-24 14:42 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2013-11-24 13:37 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-11-22 10:24 - 2013-11-22 10:24 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVAST Software
2013-11-22 10:23 - 2013-11-22 10:23 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-22 10:22 - 2013-03-16 13:05 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-22 09:58 - 2011-12-09 16:17 - 00000000 ____D C:\ProgramData\MFAData
2013-11-21 15:13 - 2013-11-10 11:54 - 00000000 ____D C:\Users\BC\AppData\Local\Avg2014
2013-11-21 14:04 - 2011-12-09 16:03 - 00000000 ____D C:\Users\BC\AppData\Local\VirtualStore
2013-11-17 15:27 - 2013-11-17 15:27 - 00000000 ____D C:\2ded7b3cf452d17edf0e7189072a
2013-11-16 12:45 - 2013-11-16 12:45 - 00000000 ____D C:\Users\BC\AppData\Roaming\CrystalIdea Software
2013-11-16 12:39 - 2012-03-28 16:51 - 00000000 ____D C:\Program Files\WordWeb
2013-11-15 17:42 - 2013-10-30 14:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-15 13:08 - 2013-11-15 13:06 - 04066921 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst-lite.exe
2013-11-15 13:06 - 2013-11-15 13:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-15 12:50 - 2009-07-13 23:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-15 12:45 - 2013-07-20 07:13 - 00000000 ____D C:\Windows\system32\MRT
2013-11-15 12:38 - 2011-12-16 19:04 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 15:35 - 2013-10-30 14:27 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-14 15:21 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Public
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\Users\BC\AppData\Roaming\Malwarebytes
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-13 13:27 - 2013-11-13 13:27 - 00013697 _____ C:\ComboFix.txt
2013-11-13 13:27 - 2013-11-13 13:00 - 00000000 ____D C:\Qoobox
2013-11-13 13:24 - 2013-11-13 12:59 - 00000000 ____D C:\Windows\erdnt
2013-11-10 11:58 - 2013-11-10 11:58 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVG2014
2013-11-10 11:56 - 2013-10-16 13:21 - 00000000 ____D C:\ProgramData\AVG2014
2013-11-10 11:12 - 2013-11-07 15:32 - 00016431 _____ C:\Users\BC\Downloads\Addition.txt

Some content of TEMP:
====================
C:\Users\BC\AppData\Local\Temp\GoogleUpdateSetup_1.3.21.169.exe
C:\Users\BC\AppData\Local\Temp\sfamcc00001.dll
C:\Users\BC\AppData\Local\Temp\sfareca00001.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-02 14:28

==================== End Of Log ============================


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-12-2013
Ran by BC at 2013-12-09 13:55:48
Running from C:\Users\BC\AppData\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Acer Crystal Eye Webcam (Version: 1.0.1904)
Acer ePower Management (Version: 6.00.3007)
Acer eRecovery Management (Version: 5.00.3502)
Acer Registration (Version: 1.04.3502)
Acer ScreenSaver (Version: 1.1.0617.2011)
Acer Updater (Version: 1.02.3500)
Acer VCM (Version: 4.05.3501)
Adobe AIR (Version: 3.7.0.1860)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
BrowseSmart (Version: 2013.11.21.002241)
CCleaner (Version: 4.00)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
D3DX10 (Version: 15.4.2368.0902)
Free Download Manager 3.9.3
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Google Update Helper (Version: 1.3.21.169)
iCall (Version: 7.1.524)
Identity Card (Version: 1.00.3501)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.14.10.2230)
Intel® Rapid Storage Technology (Version: 10.1.0.1008)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Junk Mail filter update (Version: 15.4.3502.0922)
Launch Manager (Version: 5.1.4)
LibreOffice 4.1 Help Pack (English (United States)) (Version: 4.1.3.2)
LibreOffice 4.1.3.2 (Version: 4.1.3.2)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MSVCRT (Version: 15.4.2862.0708)
MyWinLocker 4 (Version: 4.0.14.25)
MyWinLocker Suite (Version: 4.0.14.15)
OpenOffice 4.0.1 (Version: 4.01.9714)
Ralink RT2870 Wireless LAN Card (Version: 1.5.6.0)
Realtek Ethernet Controller Driver (Version: 7.37.1229.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6307)
Realtek PCIE Card Reader (Version: 6.1.7600.78)
SelectionLinks (Version: 1.0)
Shredder (Version: 2.0.8.9)
Skype™ 6.6 (Version: 6.6.106)
SpeedFan (remove only)
Synaptics Pointing Device Driver (Version: 15.1.18.0)
System Requirements Lab for Intel (Version: 4.5.13.0)
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VLC media player 2.1.0 (Version: 2.1.0)
Welcome Center (Version: 1.02.3503)
Windows Live (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WordWeb (Version: 6)

==================== Restore Points =========================

14-11-2013 20:18:05 Restore Operation
15-11-2013 17:37:34 Windows Update
17-11-2013 20:27:19 Windows Update
19-11-2013 15:18:55 Windows Update
19-11-2013 16:09:33 Windows Update
21-11-2013 15:16:29 Installed AVG 2014
22-11-2013 15:22:56 avast! antivirus system restore point
24-11-2013 19:38:27 Restore Operation
24-11-2013 19:47:17 Removed OpenOffice 4.0.1
24-11-2013 20:23:18 Installed OpenOffice 4.0.1
25-11-2013 19:06:11 Installed Recovery for Writer 1.7.20461.2 Demo License
25-11-2013 19:20:22 Removed Recovery for Writer 1.7.20461.2 Demo License
29-11-2013 20:47:29 Installed System Requirements Lab for Intel
29-11-2013 21:06:53 Installed Java 7 Update 45
03-12-2013 20:40:22 Windows Update
04-12-2013 19:42:26 Windows Update
04-12-2013 21:24:53 Windows Update
05-12-2013 18:56:28 Installed LibreOffice 4.1 Help Pack (English (United States))
05-12-2013 19:53:42 Installed LibreOffice 4.1.3.2
05-12-2013 20:17:06 Windows Update
06-12-2013 18:42:52 avast! antivirus system restore point
06-12-2013 20:46:12 Windows Update
07-12-2013 17:31:18 Windows Update
07-12-2013 20:43:08 Windows Update
08-12-2013 21:46:40 Windows Update
09-12-2013 17:13:23 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:04 - 2013-03-25 12:17 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {00B7BDB0-B402-40C1-A4CB-D569BBDC1A4E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {3C61BF98-B1A3-445D-813B-4B8B80A5F2E7} - System32\Tasks\{2F8EB3EA-875C-4E36-8380-B9F8CF6B71B2} => C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {3FD60D5F-A872-4150-835E-A0B1D7A891A6} - System32\Tasks\{423C745D-CEB9-4720-834B-5910ADC6F8D5} => C:\Program Files\tinySpell\tinyspell.exe
Task: {3FEE3E06-B7D1-4726-B933-E9D6F098A606} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-06] (Google Inc.)
Task: {4A0CE86E-3B42-4A6A-8F59-93EF2A9C3340} - System32\Tasks\{47C8FCC1-4B89-44C5-A945-3D30301AE89B} => Firefox.exe
Task: {56D88B04-85C7-4410-BAEB-912E432705C3} - System32\Tasks\Adobe ARM => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)
Task: {733A56A1-8B5E-4D3F-A85C-8C2B9363E83A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-06] (Google Inc.)
Task: {7BAA9F29-A535-41A3-ADCB-FD77A7459241} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1434271250-535229840-3131482536-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {82A70256-A65B-45B0-A289-2F52D670FF40} - System32\Tasks\{6977321E-CE53-4746-8B61-77A4D12D0423} => Firefox.exe
Task: {8E432221-B688-49C4-8CCA-6611CFA9F602} - System32\Tasks\{16C26C30-E35C-44AE-AFED-771B87A2A222} => C:\Program Files\OpenOffice.org
Task: {92FB80DF-3D46-471B-A2A6-DC3D2FB09EF5} - System32\Tasks\{764A393D-633B-439A-9593-6364EADF016A} => C:\Program Files\Moyea\FLV Editor Lite\FlvEditorLite.exe
Task: {9B8F7347-CAB4-4C1B-82A3-2B0CF9EE341F} - System32\Tasks\{C978A38F-7358-4587-9AE2-A8C10C5E6928} => C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {A369E454-F732-460B-BE75-6CEBF9561A1D} - System32\Tasks\{7A078B64-317B-47E5-AEED-6DA886061D18} => Firefox.exe
Task: {B0E4A562-7DF8-4567-92AD-2FAE0D3847C9} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1434271250-535229840-3131482536-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {B2C2BB7E-05B6-47C1-AA76-7D8BBA82DA03} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {D5E81E6D-48AE-44AC-9B70-500CE81575B1} - System32\Tasks\{A82B7F6C-83D4-4711-AAFD-454886EA6197} => C:\Program Files\iCall\iCall.exe [2012-06-18] ()
Task: {F417EE00-20DF-4F86-8D2B-967557058F93} - System32\Tasks\{3E9059AE-66C4-4070-B46D-2D805B2D2D4D} => C:\Program Files\tinySpell\tinyspell.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-07-04 16:32 - 2010-07-04 16:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2010-07-04 16:32 - 2010-07-04 16:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-12-06 13:44 - 2013-12-06 13:44 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-03-28 16:51 - 2012-07-15 11:27 - 02216480 ____N () C:\Windows\wweb32.dll
2012-03-28 16:51 - 2012-07-15 11:25 - 00022800 ____N () C:\Program Files\WordWeb\WUCNT.dll
2011-12-21 17:40 - 2009-11-26 17:02 - 00918816 _____ () C:\Program Files\Ralink\Common\RaWLAPI.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: AVGIDSShim
Description: AVGIDSShim
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AVGIDSShim
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/09/2013 01:53:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2013 01:35:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2013 00:09:59 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2013 07:56:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2013 07:19:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2013 07:00:07 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location D:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (12/08/2013 05:36:25 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2013 03:42:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2013 02:03:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/07/2013 11:26:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (12/09/2013 01:53:07 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSHX
AVGIDSShim

Error: (12/09/2013 01:52:28 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:50:44 PM on ‎12/‎9/‎2013 was unexpected.

Error: (12/09/2013 01:35:58 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSHX
AVGIDSShim

Error: (12/09/2013 00:15:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 11 for Windows 7.

Error: (12/09/2013 00:09:59 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSHX
AVGIDSShim

Error: (12/08/2013 07:56:27 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSHX
AVGIDSShim

Error: (12/08/2013 07:19:36 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSHX
AVGIDSShim

Error: (12/08/2013 05:35:43 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSHX
AVGIDSShim

Error: (12/08/2013 05:34:52 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 4:47:03 PM on ‎12/‎8/‎2013 was unexpected.

Error: (12/08/2013 03:42:26 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSHX
AVGIDSShim


Microsoft Office Sessions:
=========================
Error: (12/09/2013 01:53:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2013 01:35:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/09/2013 00:09:59 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2013 07:56:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2013 07:19:37 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2013 07:00:07 PM) (Source: Windows Backup)(User: )
Description: D:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (12/08/2013 05:36:25 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2013 03:42:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/08/2013 02:03:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/07/2013 11:26:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 62%
Total physical RAM: 1011.87 MB
Available physical RAM: 375.28 MB
Total Pagefile: 2035.87 MB
Available Pagefile: 1221.17 MB
Total Virtual: 2047.88 MB
Available Virtual: 1911.04 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:219.79 GB) (Free:162.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: E2768EF3)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#69
brycrip
Posted 09 December 2013 - 01:55 PM

brycrip

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 429 posts
Still in Safe Mode... getting harder to correspond to you... Firefox stops responding... Have lost control of the cursor... it moves around screen buts does nothing...

Ran Windows Updater and it found the following errors but couldn't fix them:

Windows Update Error
Problem installing recent updates (listed twice)
Cryptographic service components not registered
  • 0

#70
RKinner
Posted 09 December 2013 - 03:33 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that

I have been having problems with Firefox too. Getting a warning that a script is taking too long. I think it is Googelupdate so am removing it with FRST. IF that doesn't help then try Firefox in Safe Mode:
https://support.mozi...using-safe-mode



Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

net  stop  cryptsvc
ren  %systemroot%\System32\Catroot2  oldcatroot2
net  start  cryptsvc

Do you get any errors?
  • 0

Advertisements

#71
brycrip
Posted 10 December 2013 - 12:19 PM

brycrip

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 429 posts
Here's the Fix Log

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 09-12-2013
Ran by BC at 2013-12-10 13:09:58 Run:1
Running from C:\Users\BC\AppData\Desktop
Boot Mode: Safe Mode (with Networking)

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [AVG_UI] - "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
HKLM\...\Run: [SafePCRepair Search Scope Monitor] - C:\Program Files\SafePCRepair_89\bar\1.bin\89SrchMn.exe [44784 2013-11-25] (MindSpark)
HKCU\...\Run: [Free Download Manager] - C:\Program Files\Free Download Manager\fdm.exe [6950400 2013-10-25] (FreeDownloadManager.ORG)
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: BrowseSmart - {ffbb88a9-c663-4b9b-9170-70fa0a5a2786} - C:\Program Files\BrowseSmart\BrowseSmartBHO.dll (BrowseSmart)
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: BrowseSmart - {ffbb88a9-c663-4b9b-9170-70fa0a5a2786} - C:\Program Files\BrowseSmart\BrowseSmartBHO.dll (BrowseSmart)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll (Google Inc.)
FF Extension: fdm_ffext - C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043\Extensions\[email protected]
FF Extension: firefox - C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043\Extensions\[email protected]
S3 ioloService; C:\Program Files\SafePCRepair\ioloToolService.exe [2625800 2013-04-05] (iolo technologies, LLC)
R2 SafePCRepair_89Service; C:\Program Files\SafePCRepair_89\bar\1.bin\89barsvc.exe [44752 2013-11-25] (COMPANYVERS_NAME)
R2 Update BrowseSmart; C:\Program Files\BrowseSmart\updateBrowseSmart.exe [66848 2013-11-20] ()
R2 Util BrowseSmart; C:\Program Files\BrowseSmart\bin\utilBrowseSmart.exe [66848 2013-12-06] ()
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120632 2013-09-25] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-10-16] (AVG Technologies)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S0 AVGIDSHX; system32\DRIVERS\avgidshx.sys [x]
S1 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [x]
2013-12-05 13:08 - 2013-12-05 13:10 - 00000000 ____D C:\Program Files\MyPC Backup
2013-12-05 12:49 - 2013-12-06 12:24 - 00000000 ____D C:\Program Files\BrowseSmart
2013-11-26 12:31 - 2013-12-09 13:47 - 00000000 ____D C:\Users\BC\AppData\Roaming\Free Download Manager
2013-11-25 13:36 - 2013-11-25 13:36 - 00000000 ____D C:\Users\BC\AppData\Local\iolo
2013-11-25 13:36 - 2013-11-25 13:36 - 00000000 ____D C:\ProgramData\iolo
2013-11-25 13:36 - 2013-11-25 13:36 - 00000000 ____D C:\Program Files\SafePCRepair
2013-11-25 13:33 - 2013-11-25 13:33 - 00000000 ____D C:\Program Files\SafePCRepair_89
2013-11-10 11:58 - 2013-11-10 11:58 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVG2014
2013-11-10 11:54 - 2013-11-21 15:13 - 00000000 ____D C:\Users\BC\AppData\Local\Avg2014
2013-12-06 12:24 - 2013-12-05 12:49 - 00000000 ____D C:\Program Files\BrowseSmart
2013-11-21 15:13 - 2013-11-10 11:54 - 00000000 ____D C:\Users\BC\AppData\Local\Avg2014
2013-11-15 13:08 - 2013-11-15 13:06 - 04066921 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst-lite.exe
2013-11-10 11:58 - 2013-11-10 11:58 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVG2014
2013-11-10 11:56 - 2013-10-16 13:21 - 00000000 ____D C:\ProgramData\AVG2014
Task: {3FEE3E06-B7D1-4726-B933-E9D6F098A606} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-06] (Google Inc.)
Task: {733A56A1-8B5E-4D3F-A85C-8C2B9363E83A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-12-06] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
AVGIDSHX
AVGIDSShim
C:\Program Files\SafePCRepair_89
C:\Program Files\AVG
C:\Program Files\Free Download Manager



*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AVG_UI => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SafePCRepair Search Scope Monitor => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Free Download Manager => Value deleted successfully.
HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} => Key deleted successfully.
HKCR\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffbb88a9-c663-4b9b-9170-70fa0a5a2786} => Key deleted successfully.
HKCR\CLSID\{ffbb88a9-c663-4b9b-9170-70fa0a5a2786} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} => Key not found.
HKCR\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffbb88a9-c663-4b9b-9170-70fa0a5a2786} => Key not found.
HKCR\CLSID\{ffbb88a9-c663-4b9b-9170-70fa0a5a2786} => Key not found.
HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3 => Key deleted successfully.
C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll => Moved successfully.
HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9 => Key deleted successfully.
C:\Program Files\Google\Update\1.3.21.169\npGoogleUpdate3.dll not found.
C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043\Extensions\[email protected] => Moved successfully.
C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043\Extensions\[email protected] => Moved successfully.
ioloService => Service deleted successfully.
SafePCRepair_89Service => Service deleted successfully.
Update BrowseSmart => Service deleted successfully.
Util BrowseSmart => Service deleted successfully.
Avgdiskx => Service deleted successfully.
Avglogx => Service deleted successfully.
avgtp => Service deleted successfully.
giveio => Service deleted successfully.
AVGIDSHX => Service deleted successfully.
AVGIDSShim => Service deleted successfully.
C:\Program Files\MyPC Backup => Moved successfully.
C:\Program Files\BrowseSmart => Moved successfully.
C:\Users\BC\AppData\Roaming\Free Download Manager => Moved successfully.
C:\Users\BC\AppData\Local\iolo => Moved successfully.
C:\ProgramData\iolo => Moved successfully.
C:\Program Files\SafePCRepair => Moved successfully.
C:\Program Files\SafePCRepair_89 => Moved successfully.
C:\Users\BC\AppData\Roaming\AVG2014 => Moved successfully.
C:\Users\BC\AppData\Local\Avg2014 => Moved successfully.
"C:\Program Files\BrowseSmart" => File/Directory not found.
"C:\Users\BC\AppData\Local\Avg2014" => File/Directory not found.
C:\Users\BC\Downloads\fdminst-lite.exe => Moved successfully.
"C:\Users\BC\AppData\Roaming\AVG2014" => File/Directory not found.
C:\ProgramData\AVG2014 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FEE3E06-B7D1-4726-B933-E9D6F098A606} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FEE3E06-B7D1-4726-B933-E9D6F098A606} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{733A56A1-8B5E-4D3F-A85C-8C2B9363E83A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{733A56A1-8B5E-4D3F-A85C-8C2B9363E83A} => Key deleted successfully.
C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore => Key deleted successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
"C:\Program Files\SafePCRepair_89" => File/Directory not found.
"C:\Program Files\AVG" => File/Directory not found.

"C:\Program Files\Free Download Manager" directory move:

C:\Program Files\Free Download Manager\detoured.dll => Moved successfully.
C:\Program Files\Free Download Manager\dlall.htm => Moved successfully.
C:\Program Files\Free Download Manager\dlfvideo.htm => Moved successfully.
C:\Program Files\Free Download Manager\dllink.htm => Moved successfully.
C:\Program Files\Free Download Manager\dlpage.htm => Moved successfully.
C:\Program Files\Free Download Manager\dlselected.htm => Moved successfully.
C:\Program Files\Free Download Manager\etasks.exe => Moved successfully.
C:\Program Files\Free Download Manager\fdm.exe => Moved successfully.
C:\Program Files\Free Download Manager\fdm.tlb => Moved successfully.
C:\Program Files\Free Download Manager\fdm.url => Moved successfully.
Could not move "C:\Program Files\Free Download Manager\fdmcs.dat" => Scheduled to move on reboot.
C:\Program Files\Free Download Manager\fdmumsp.dll => Moved successfully.
C:\Program Files\Free Download Manager\fdmwi.exe => Moved successfully.
C:\Program Files\Free Download Manager\fdm_01.gif => Moved successfully.
C:\Program Files\Free Download Manager\flvsniff.dll => Moved successfully.
C:\Program Files\Free Download Manager\iefdm2.dll => Moved successfully.
C:\Program Files\Free Download Manager\iefdmdm.dll => Moved successfully.
C:\Program Files\Free Download Manager\license.txt => Moved successfully.
C:\Program Files\Free Download Manager\msdl.dll => Moved successfully.
C:\Program Files\Free Download Manager\npfdm.dll => Moved successfully.
C:\Program Files\Free Download Manager\player.swf => Moved successfully.
C:\Program Files\Free Download Manager\sigkey.dat => Moved successfully.
C:\Program Files\Free Download Manager\tips.dat => Moved successfully.
C:\Program Files\Free Download Manager\unins000.dat => Moved successfully.
C:\Program Files\Free Download Manager\unins000.exe => Moved successfully.
C:\Program Files\Free Download Manager\Updater.exe => Moved successfully.
C:\Program Files\Free Download Manager\vistafx.dll => Moved successfully.
C:\Program Files\Free Download Manager\Skins\How to create a skin.url => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\back.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\back_d.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\checks.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\choosefolder.ico => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\creategroup.ico => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\dldtasks.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\dldtasks_sel.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\dlinfo.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\dropbox.ico => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\filelist.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\filelist_sel.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\go.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\groups.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\groupsmenu.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\groupsmenu_d.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\login.ico => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\logstat.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\mute.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\scheduler.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\scheduler_sel.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\settime.ico => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\sitelist.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\sitelist_sel.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\skin.ini => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool0.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool0_d.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool0_small.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool0_small_d.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool_bt.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool_bt_d.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool_bt_small.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool_bt_small_d.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool_dld.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool_dld_d.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool_dld_small.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool_dld_small_d.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool_hfe.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool_hfe_d.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool_hfe_small.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool_hfe_small_d.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool_sch.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool_sch_d.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool_sch_small.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool_sch_small_d.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool_sites.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool_sites_d.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool_sites_small.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool_sites_small_d.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool_spider.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool_spider_d.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool_spider_small.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tool_spider_small_d.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tosel.ico => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tounsel.ico => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tray.ico => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tray_down.ico => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tray_err.ico => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\tray_starting.ico => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\vidman.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Skins\old style\vidman_d.bmp => Moved successfully.
C:\Program Files\Free Download Manager\Server\adddownloadres_err.html => Moved successfully.
C:\Program Files\Free Download Manager\Server\adddownloadres_ok.html => Moved successfully.
C:\Program Files\Free Download Manager\Server\compdlds.html => Moved successfully.
C:\Program Files\Free Download Manager\Server\index.html => Moved successfully.
C:\Program Files\Free Download Manager\Plugins\FDM plugins SDK.url => Moved successfully.
C:\Program Files\Free Download Manager\Language\eng.lng => Moved successfully.
C:\Program Files\Free Download Manager\Help\Free Download Manager.chm => Moved successfully.
C:\Program Files\Free Download Manager\Firefox\extension\chrome.manifest => Moved successfully.
C:\Program Files\Free Download Manager\Firefox\extension\install.rdf => Moved successfully.
C:\Program Files\Free Download Manager\Firefox\extension\components\.autoreg => Moved successfully.
C:\Program Files\Free Download Manager\Firefox\extension\components\ivmsfdmff.xpt => Moved successfully.
C:\Program Files\Free Download Manager\Firefox\extension\components\ivmsfdmff22.xpt => Moved successfully.
C:\Program Files\Free Download Manager\Firefox\extension\components\vmsfdmff.dll => Moved successfully.
C:\Program Files\Free Download Manager\Firefox\extension\components\vmsfdmff22.dll => Moved successfully.
C:\Program Files\Free Download Manager\Firefox\extension\chrome\content\fdm_brcache.js => Moved successfully.
C:\Program Files\Free Download Manager\Firefox\extension\chrome\content\fdm_dldObserver.js => Moved successfully.
C:\Program Files\Free Download Manager\Firefox\extension\chrome\content\fdm_ffext.js => Moved successfully.
C:\Program Files\Free Download Manager\Firefox\extension\chrome\content\fdm_ffext.xul => Moved successfully.
C:\Program Files\Free Download Manager\Firefox\extension\chrome\content\fdm_ffextDM.js => Moved successfully.
C:\Program Files\Free Download Manager\Firefox\extension\chrome\content\fdm_ffextDM.xul => Moved successfully.
C:\Program Files\Free Download Manager\Firefox\extension\chrome\content\fdm_ffpxy.js => Moved successfully.
C:\Program Files\Free Download Manager\Firefox\extension\chrome\content\fdm_fmbtn.js => Moved successfully.
C:\Program Files\Free Download Manager\Firefox\extension\chrome\content\fdm_objtabs.css => Moved successfully.
C:\Program Files\Free Download Manager\Archive\unrar.dll => Moved successfully.
C:\Program Files\Free Download Manager\Archive\7-zip\Formats\arj.dll => Moved successfully.
C:\Program Files\Free Download Manager\Archive\7-zip\Formats\zip.dll => Moved successfully.
C:\Program Files\Free Download Manager\Archive\7-zip\Codecs\Deflate.dll => Moved successfully.
Could not move "C:\Program Files\Free Download Manager" directory. => Scheduled to move on reboot.
  • 0

#72
RKinner
Posted 10 December 2013 - 12:39 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Can you run a FRST scan and check the Addition box then post both logs?


Any luck with the crypto commands? Is Avast working again?
  • 0

#73
brycrip
Posted 10 December 2013 - 01:04 PM

brycrip

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 429 posts
Crypto fix seems to run in circles... something about a file not found. Maybe I'm not doing it right!

Anyway... still operating in Safe Mode but the cursor is acting better today; much better... Thankx.

Here are the two FRST scans:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-12-2013
Ran by BC (administrator) on CHINOOK on 10-12-2013 13:57:34
Running from C:\Users\BC\AppData\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) ===================

(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [SuiteTray] - C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM\...\Run: [EgisTecPMMUpdate] - C:\Program Files\EgisTec IPS\PmmUpdate.exe [408432 2011-03-28] (Egis Technology Inc.)
HKLM\...\Run: [EgisUpdate] - C:\Program Files\EgisTec IPS\EgisUpdate.exe [202608 2011-03-28] (Egis Technology Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1934632 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715368 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [UnlockerAssistant] - C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-12-06] (AVAST Software)
HKCU\...\Run: [WordWeb] - C:\Program Files\WordWeb\wweb32.exe [77064 2012-04-21] ()
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-07-29] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043
FF user.js: detected! => C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043\user.js
FF NewTab: user_pref("browser.newtab.url", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @SafePCRepair_89.com/Plugin - C:\Program Files\SafePCRepair_89\bar\1.bin\NP89Stub.dll No File
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

Chrome:
=======
CHR HomePage: hxxp://start.search.us.com/v/2/?guid={54B51BB6-D4BF-48D7-8A97-B424C1127420}&serpv=5
CHR Extension: (Google Docs) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (avast! WebRep) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx

========================== Services (Whitelisted) =================

S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-06] (AVAST Software)
S3 EgisTec Ticket Service; C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe [173424 2011-04-02] (Egis Technology Inc. )
S2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [739944 2011-05-10] (Acer Incorporated)
S2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated)
S2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.)
S2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated)
S2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [185632 2009-11-26] (Ralink Technology, Corp.)
S2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

S2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-12-06] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-12-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-12-06] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-12-06] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-12-06] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-12-06] (AVAST Software)
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-12-06] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-12-06] ()
S1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [21600 2011-08-09] (Egis Technology Inc.)
S1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16936 2011-08-09] (Egis Technology Inc.)
S1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [62240 2011-08-09] (Egis Technology Inc.)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [827904 2009-11-26] (Ralink Technology Corp.)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwsn00.sys [10382576 2013-07-25] (Intel Corporation)
S3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [252520 2011-03-06] (Realtek Semiconductor Corp.)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-10 13:51 - 2013-12-10 13:52 - 00145824 _____ C:\Windows\Minidump\121013-32978-01.dmp
2013-12-10 13:30 - 2013-12-10 13:51 - 239451967 _____ C:\Windows\MEMORY.DMP
2013-12-10 13:30 - 2013-12-10 13:31 - 00145824 _____ C:\Windows\Minidump\121013-31995-01.dmp
2013-12-10 13:28 - 2013-12-10 13:49 - 00000112 _____ C:\Windows\setupact.log
2013-12-10 13:28 - 2013-12-10 13:28 - 00000000 _____ C:\Windows\setuperr.log
2013-12-10 13:10 - 2013-12-10 13:10 - 00000000 ____D C:\Users\BC\AppData\Roaming\Free Download Manager
2013-12-09 13:48 - 2013-12-10 13:57 - 00000000 ____D C:\FRST
2013-12-06 14:24 - 2013-12-06 15:03 - 10085984 _____ (AVAST Software) C:\Users\BC\Downloads\avast_free_antivirus_setup.exe.part
2013-12-06 14:24 - 2013-12-06 14:24 - 00000000 _____ C:\Users\BC\Downloads\avast_free_antivirus_setup.exe
2013-12-06 13:44 - 2013-12-06 13:44 - 50063360 _____ C:\Program Files\GUTD9CC.tmp
2013-12-06 13:44 - 2013-12-06 13:44 - 00774392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00403440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00079720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-06 13:44 - 2013-12-06 13:44 - 00035656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00000000 ____D C:\Program Files\GUMD9AC.tmp
2013-12-05 15:06 - 2013-12-05 15:06 - 00000000 ____D C:\Users\BC\AppData\Roaming\LibreOffice
2013-12-05 14:58 - 2013-12-05 14:58 - 00002579 _____ C:\Users\Public\Desktop\LibreOffice 4.1.lnk
2013-12-05 13:57 - 2013-12-05 14:58 - 00000000 ____D C:\Program Files\LibreOffice 4
2013-12-05 13:05 - 2013-12-06 13:51 - 00000000 ____D C:\Program Files\SpeedFan
2013-12-05 13:05 - 2013-12-05 13:05 - 00000000 ____D C:\Users\BC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-12-05 12:57 - 2013-12-05 12:57 - 05745096 _____ (Hewlett-Packard Company ) C:\Users\BC\Downloads\sp31000.exe
2013-12-03 12:31 - 2013-12-03 12:31 - 00003288 ____N C:\bootsqm.dat
2013-11-29 16:14 - 2013-11-29 16:14 - 00000000 ____D C:\Users\BC\AppData\Roaming\SystemRequirementsLab
2013-11-29 16:13 - 2013-11-29 16:13 - 00000000 ____D C:\Windows\Sun
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\ProgramData\Oracle
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-29 16:08 - 2013-11-29 16:07 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-29 16:07 - 2013-11-29 16:07 - 00000000 ____D C:\Program Files\Java
2013-11-29 15:48 - 2013-11-29 15:48 - 00000000 ____D C:\Program Files\SystemRequirementsLab
2013-11-29 10:13 - 2013-11-29 10:13 - 00000000 ____D C:\Users\BC\AppData\Local\Adobe
2013-11-27 14:53 - 2013-11-27 14:53 - 00000000 ___HD C:\Windows\PIF
2013-11-26 13:45 - 2013-11-26 13:45 - 00000360 _____ C:\Users\BC\Desktop\junk.txt
2013-11-25 14:07 - 2013-11-25 14:11 - 00000000 ____D C:\Users\BC\AppData\Roaming\OfficeRecovery
2013-11-25 14:07 - 2013-11-25 14:07 - 00000000 ____D C:\ProgramData\OfficeRecovery.d7cc0641
2013-11-24 15:25 - 2013-11-24 15:25 - 00001070 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-11-24 15:24 - 2013-11-24 15:24 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-11-22 10:24 - 2013-12-06 13:44 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-22 10:24 - 2013-11-22 10:24 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVAST Software
2013-11-22 10:23 - 2013-11-22 10:23 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-17 15:27 - 2013-11-17 15:27 - 00000000 ____D C:\2ded7b3cf452d17edf0e7189072a
2013-11-16 12:45 - 2013-11-16 12:45 - 00000000 ____D C:\Users\BC\AppData\Roaming\CrystalIdea Software
2013-11-15 13:06 - 2013-11-15 13:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-14 15:40 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 15:40 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 15:40 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 15:39 - 2013-09-24 21:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 15:39 - 2013-09-24 21:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 15:39 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 15:39 - 2013-09-24 20:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 15:39 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 15:39 - 2013-09-24 20:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 15:39 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 15:39 - 2013-09-24 19:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 15:39 - 2013-09-24 19:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 15:39 - 2013-07-04 07:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-14 15:38 - 2013-10-02 20:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 15:37 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 15:37 - 2013-10-11 21:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 15:37 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 15:37 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\Users\BC\AppData\Roaming\Malwarebytes
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-13 13:27 - 2013-11-13 13:27 - 00013697 _____ C:\ComboFix.txt
2013-11-13 13:00 - 2013-11-13 13:27 - 00000000 ____D C:\Qoobox
2013-11-13 12:59 - 2013-11-13 13:24 - 00000000 ____D C:\Windows\erdnt

==================== One Month Modified Files and Folders =======

2013-12-10 13:57 - 2013-12-09 13:48 - 00000000 ____D C:\FRST
2013-12-10 13:52 - 2013-12-10 13:51 - 00145824 _____ C:\Windows\Minidump\121013-32978-01.dmp
2013-12-10 13:51 - 2013-12-10 13:30 - 239451967 _____ C:\Windows\MEMORY.DMP
2013-12-10 13:51 - 2013-06-08 15:57 - 00000000 ____D C:\Windows\Minidump
2013-12-10 13:49 - 2013-12-10 13:28 - 00000112 _____ C:\Windows\setupact.log
2013-12-10 13:49 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-10 13:31 - 2013-12-10 13:30 - 00145824 _____ C:\Windows\Minidump\121013-31995-01.dmp
2013-12-10 13:28 - 2013-12-10 13:28 - 00000000 _____ C:\Windows\setuperr.log
2013-12-10 13:10 - 2013-12-10 13:10 - 00000000 ____D C:\Users\BC\AppData\Roaming\Free Download Manager
2013-12-09 14:00 - 2009-07-13 23:34 - 00016160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-09 14:00 - 2009-07-13 23:34 - 00016160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-09 12:31 - 2012-06-12 14:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-08 18:23 - 2011-12-09 17:28 - 00000000 ____D C:\Users\BC\AppData\Roaming\vlc
2013-12-08 14:59 - 2011-12-13 20:25 - 00000000 ____D C:\VirusTrap1
2013-12-06 15:42 - 2010-11-20 16:01 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-06 15:03 - 2013-12-06 14:24 - 10085984 _____ (AVAST Software) C:\Users\BC\Downloads\avast_free_antivirus_setup.exe.part
2013-12-06 14:24 - 2013-12-06 14:24 - 00000000 _____ C:\Users\BC\Downloads\avast_free_antivirus_setup.exe
2013-12-06 13:51 - 2013-12-05 13:05 - 00000000 ____D C:\Program Files\SpeedFan
2013-12-06 13:44 - 2013-12-06 13:44 - 50063360 _____ C:\Program Files\GUTD9CC.tmp
2013-12-06 13:44 - 2013-12-06 13:44 - 00774392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00403440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00079720 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00057672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00049944 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-06 13:44 - 2013-12-06 13:44 - 00035656 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-12-06 13:44 - 2013-12-06 13:44 - 00000000 ____D C:\Program Files\GUMD9AC.tmp
2013-12-06 13:44 - 2013-11-22 10:24 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-06 13:44 - 2013-03-16 13:09 - 00269216 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-06 13:44 - 2012-01-14 19:01 - 00000000 ____D C:\Program Files\Google
2013-12-05 17:57 - 2011-12-09 16:04 - 00070968 _____ C:\Users\BC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-05 17:56 - 2009-07-13 23:33 - 00317776 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-05 15:06 - 2013-12-05 15:06 - 00000000 ____D C:\Users\BC\AppData\Roaming\LibreOffice
2013-12-05 14:58 - 2013-12-05 14:58 - 00002579 _____ C:\Users\Public\Desktop\LibreOffice 4.1.lnk
2013-12-05 14:58 - 2013-12-05 13:57 - 00000000 ____D C:\Program Files\LibreOffice 4
2013-12-05 13:05 - 2013-12-05 13:05 - 00000000 ____D C:\Users\BC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-12-05 13:05 - 2013-11-07 12:55 - 00000929 _____ C:\Users\BC\Desktop\SpeedFan.lnk
2013-12-05 13:05 - 2013-11-07 12:55 - 00000045 _____ C:\Windows\system32\initdebug.nfo
2013-12-05 12:59 - 2011-08-09 00:00 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-12-05 12:57 - 2013-12-05 12:57 - 05745096 _____ (Hewlett-Packard Company ) C:\Users\BC\Downloads\sp31000.exe
2013-12-04 14:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF
2013-12-04 09:55 - 2013-03-17 10:38 - 00000000 ____D C:\Users\BC\AppData\Roaming\Skype
2013-12-03 12:31 - 2013-12-03 12:31 - 00003288 ____N C:\bootsqm.dat
2013-12-02 14:36 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2013-11-29 16:14 - 2013-11-29 16:14 - 00000000 ____D C:\Users\BC\AppData\Roaming\SystemRequirementsLab
2013-11-29 16:13 - 2013-11-29 16:13 - 00000000 ____D C:\Windows\Sun
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\ProgramData\Oracle
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-29 16:07 - 2013-11-29 16:08 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-29 16:07 - 2013-11-29 16:07 - 00000000 ____D C:\Program Files\Java
2013-11-29 15:48 - 2013-11-29 15:48 - 00000000 ____D C:\Program Files\SystemRequirementsLab
2013-11-29 10:13 - 2013-11-29 10:13 - 00000000 ____D C:\Users\BC\AppData\Local\Adobe
2013-11-27 14:53 - 2013-11-27 14:53 - 00000000 ___HD C:\Windows\PIF
2013-11-26 13:45 - 2013-11-26 13:45 - 00000360 _____ C:\Users\BC\Desktop\junk.txt
2013-11-25 14:11 - 2013-11-25 14:07 - 00000000 ____D C:\Users\BC\AppData\Roaming\OfficeRecovery
2013-11-25 14:07 - 2013-11-25 14:07 - 00000000 ____D C:\ProgramData\OfficeRecovery.d7cc0641
2013-11-24 15:25 - 2013-11-24 15:25 - 00001070 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-11-24 15:24 - 2013-11-24 15:24 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-11-24 14:43 - 2011-12-09 16:03 - 00000000 ____D C:\Users\BC
2013-11-24 14:43 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\wfp
2013-11-24 14:42 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2013-11-24 13:37 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-11-22 10:24 - 2013-11-22 10:24 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVAST Software
2013-11-22 10:23 - 2013-11-22 10:23 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-22 10:22 - 2013-03-16 13:05 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-22 09:58 - 2011-12-09 16:17 - 00000000 ____D C:\ProgramData\MFAData
2013-11-21 14:04 - 2011-12-09 16:03 - 00000000 ____D C:\Users\BC\AppData\Local\VirtualStore
2013-11-17 15:27 - 2013-11-17 15:27 - 00000000 ____D C:\2ded7b3cf452d17edf0e7189072a
2013-11-16 12:45 - 2013-11-16 12:45 - 00000000 ____D C:\Users\BC\AppData\Roaming\CrystalIdea Software
2013-11-16 12:39 - 2012-03-28 16:51 - 00000000 ____D C:\Program Files\WordWeb
2013-11-15 17:42 - 2013-10-30 14:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-15 13:06 - 2013-11-15 13:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-15 12:50 - 2009-07-13 23:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-15 12:45 - 2013-07-20 07:13 - 00000000 ____D C:\Windows\system32\MRT
2013-11-15 12:38 - 2011-12-16 19:04 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 15:35 - 2013-10-30 14:27 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-14 15:21 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Public
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\Users\BC\AppData\Roaming\Malwarebytes
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-13 13:27 - 2013-11-13 13:27 - 00013697 _____ C:\ComboFix.txt
2013-11-13 13:27 - 2013-11-13 13:00 - 00000000 ____D C:\Qoobox
2013-11-13 13:24 - 2013-11-13 12:59 - 00000000 ____D C:\Windows\erdnt
2013-11-10 11:12 - 2013-11-07 15:32 - 00016431 _____ C:\Users\BC\Downloads\Addition.txt

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-02 14:28

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-12-2013
Ran by BC at 2013-12-10 13:59:07
Running from C:\Users\BC\AppData\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

Acer Crystal Eye Webcam (Version: 1.0.1904)
Acer ePower Management (Version: 6.00.3007)
Acer eRecovery Management (Version: 5.00.3502)
Acer Registration (Version: 1.04.3502)
Acer ScreenSaver (Version: 1.1.0617.2011)
Acer Updater (Version: 1.02.3500)
Acer VCM (Version: 4.05.3501)
Adobe AIR (Version: 3.7.0.1860)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
BrowseSmart (Version: 2013.11.21.002241)
CCleaner (Version: 4.00)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
D3DX10 (Version: 15.4.2368.0902)
Free Download Manager 3.9.3
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Google Update Helper (Version: 1.3.21.169)
iCall (Version: 7.1.524)
Identity Card (Version: 1.00.3501)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.14.10.2230)
Intel® Rapid Storage Technology (Version: 10.1.0.1008)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Junk Mail filter update (Version: 15.4.3502.0922)
Launch Manager (Version: 5.1.4)
LibreOffice 4.1 Help Pack (English (United States)) (Version: 4.1.3.2)
LibreOffice 4.1.3.2 (Version: 4.1.3.2)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MSVCRT (Version: 15.4.2862.0708)
MyWinLocker 4 (Version: 4.0.14.25)
MyWinLocker Suite (Version: 4.0.14.15)
OpenOffice 4.0.1 (Version: 4.01.9714)
Ralink RT2870 Wireless LAN Card (Version: 1.5.6.0)
Realtek Ethernet Controller Driver (Version: 7.37.1229.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6307)
Realtek PCIE Card Reader (Version: 6.1.7600.78)
SelectionLinks (Version: 1.0)
Shredder (Version: 2.0.8.9)
Skype™ 6.6 (Version: 6.6.106)
SpeedFan (remove only)
Synaptics Pointing Device Driver (Version: 15.1.18.0)
System Requirements Lab for Intel (Version: 4.5.13.0)
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VLC media player 2.1.0 (Version: 2.1.0)
Welcome Center (Version: 1.02.3503)
Windows Live (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WordWeb (Version: 6)

==================== Restore Points =========================

14-11-2013 20:18:05 Restore Operation
15-11-2013 17:37:34 Windows Update
17-11-2013 20:27:19 Windows Update
19-11-2013 15:18:55 Windows Update
19-11-2013 16:09:33 Windows Update
21-11-2013 15:16:29 Installed AVG 2014
22-11-2013 15:22:56 avast! antivirus system restore point
24-11-2013 19:38:27 Restore Operation
24-11-2013 19:47:17 Removed OpenOffice 4.0.1
24-11-2013 20:23:18 Installed OpenOffice 4.0.1
25-11-2013 19:06:11 Installed Recovery for Writer 1.7.20461.2 Demo License
25-11-2013 19:20:22 Removed Recovery for Writer 1.7.20461.2 Demo License
29-11-2013 20:47:29 Installed System Requirements Lab for Intel
29-11-2013 21:06:53 Installed Java 7 Update 45
03-12-2013 20:40:22 Windows Update
04-12-2013 19:42:26 Windows Update
04-12-2013 21:24:53 Windows Update
05-12-2013 18:56:28 Installed LibreOffice 4.1 Help Pack (English (United States))
05-12-2013 19:53:42 Installed LibreOffice 4.1.3.2
05-12-2013 20:17:06 Windows Update
06-12-2013 18:42:52 avast! antivirus system restore point
06-12-2013 20:46:12 Windows Update
07-12-2013 17:31:18 Windows Update
07-12-2013 20:43:08 Windows Update
08-12-2013 21:46:40 Windows Update
09-12-2013 17:13:23 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:04 - 2013-03-25 12:17 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {00B7BDB0-B402-40C1-A4CB-D569BBDC1A4E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {3C61BF98-B1A3-445D-813B-4B8B80A5F2E7} - System32\Tasks\{2F8EB3EA-875C-4E36-8380-B9F8CF6B71B2} => C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {3FD60D5F-A872-4150-835E-A0B1D7A891A6} - System32\Tasks\{423C745D-CEB9-4720-834B-5910ADC6F8D5} => C:\Program Files\tinySpell\tinyspell.exe
Task: {4A0CE86E-3B42-4A6A-8F59-93EF2A9C3340} - System32\Tasks\{47C8FCC1-4B89-44C5-A945-3D30301AE89B} => Firefox.exe
Task: {56D88B04-85C7-4410-BAEB-912E432705C3} - System32\Tasks\Adobe ARM => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)
Task: {7BAA9F29-A535-41A3-ADCB-FD77A7459241} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1434271250-535229840-3131482536-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {82A70256-A65B-45B0-A289-2F52D670FF40} - System32\Tasks\{6977321E-CE53-4746-8B61-77A4D12D0423} => Firefox.exe
Task: {8E432221-B688-49C4-8CCA-6611CFA9F602} - System32\Tasks\{16C26C30-E35C-44AE-AFED-771B87A2A222} => C:\Program Files\OpenOffice.org
Task: {92FB80DF-3D46-471B-A2A6-DC3D2FB09EF5} - System32\Tasks\{764A393D-633B-439A-9593-6364EADF016A} => C:\Program Files\Moyea\FLV Editor Lite\FlvEditorLite.exe
Task: {9B8F7347-CAB4-4C1B-82A3-2B0CF9EE341F} - System32\Tasks\{C978A38F-7358-4587-9AE2-A8C10C5E6928} => C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {A369E454-F732-460B-BE75-6CEBF9561A1D} - System32\Tasks\{7A078B64-317B-47E5-AEED-6DA886061D18} => Firefox.exe
Task: {B0E4A562-7DF8-4567-92AD-2FAE0D3847C9} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1434271250-535229840-3131482536-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {B2C2BB7E-05B6-47C1-AA76-7D8BBA82DA03} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {D5E81E6D-48AE-44AC-9B70-500CE81575B1} - System32\Tasks\{A82B7F6C-83D4-4711-AAFD-454886EA6197} => C:\Program Files\iCall\iCall.exe [2012-06-18] ()
Task: {F417EE00-20DF-4F86-8D2B-967557058F93} - System32\Tasks\{3E9059AE-66C4-4070-B46D-2D805B2D2D4D} => C:\Program Files\tinySpell\tinyspell.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-07-04 16:32 - 2010-07-04 16:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2013-11-15 13:06 - 2013-11-15 13:06 - 03363952 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== Faulty Device Manager Devices =============

Name: aswRvrt
Description: aswRvrt
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswRvrt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: avast! Network Shield Support
Description: avast! Network Shield Support
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswTdi
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: aswVmm
Description: aswVmm
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: aswVmm
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/10/2013 01:53:07 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2013 01:32:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2013 01:29:36 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/10/2013 01:29:36 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/10/2013 01:29:36 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/10/2013 01:29:36 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/10/2013 01:29:36 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (12/10/2013 01:29:33 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/10/2013 01:29:33 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f) (0x8004117f)

Error: (12/10/2013 01:29:32 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=1100}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)


System errors:
=============
Error: (12/10/2013 01:52:34 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (12/10/2013 01:52:32 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (12/10/2013 01:52:24 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (12/10/2013 01:52:13 PM) (Source: DCOM) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/10/2013 01:52:11 PM) (Source: BugCheck) (User: )
Description: 0x00000051 (0x00000001, 0x8761a1f0, 0x00e54000, 0x00000374)C:\Windows\MEMORY.DMP121013-32978-01

Error: (12/10/2013 01:51:55 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
aswRvrt
aswSnx
aswSP
aswTdi
aswVmm
discache
mwlPSDFilter
mwlPSDNServ
mwlPSDVDisk
spldr
Wanarpv6

Error: (12/10/2013 01:51:45 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 1:50:27 PM on ‎12/‎10/‎2013 was unexpected.

Error: (12/10/2013 01:31:35 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (12/10/2013 01:31:34 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (12/10/2013 01:31:24 PM) (Source: DCOM) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}


Microsoft Office Sessions:
=========================
Error: (12/10/2013 01:53:07 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2013 01:32:11 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2013 01:29:36 PM) (Source: Windows Search Service)(User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (12/10/2013 01:29:36 PM) (Source: Windows Search Service)(User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/10/2013 01:29:36 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/10/2013 01:29:36 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/10/2013 01:29:36 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (12/10/2013 01:29:33 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (12/10/2013 01:29:33 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f) (0x8004117f)

Error: (12/10/2013 01:29:32 PM) (Source: Windows Search Service)(User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
1100


==================== Memory info ===========================

Percentage of memory in use: 44%
Total physical RAM: 1011.87 MB
Available physical RAM: 559.09 MB
Total Pagefile: 2035.87 MB
Available Pagefile: 1631.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1925.66 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:219.79 GB) (Free:166.48 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: E2768EF3)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#74
RKinner
Posted 10 December 2013 - 01:25 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
The log looks pretty good tho a lot of errors - probably because you are in Safe Mode. I see CCleaner is running a task. There is a known issue with CCleaner and Search:

Being a long-time user of Piriform CCleaner, it appears one of the recent updates changed or added an item labled "MS Search" under 'Applications' > 'Windows'.
Upon unchecking this option in the settings of CCleaner, I am no longer experiencing the symptoms posted above.


I think I would uninstall CCleaner for now.

What exactly happens in regular mode that you have to use Safe Mode? IF you go into msconfig and turn off everything but the MS services does it still not go into regular mode?
  • 0

#75
brycrip
Posted 10 December 2013 - 02:06 PM

brycrip

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 429 posts
Ok... CCleaner is gone!

On start up I get prompted to enter my password. Get Welcome screen and then Desktop. Then the screen that tells me a problem was detected and windows has been shut down to prevent damage to my computer. The Windows Error Recovery screen comes up and I select Save Mode w/ Networking. I am prompted to re-enter my password.

I go into msconfig and then what do you want me to delete?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP