Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Lock ups in Win7


  • Please log in to reply

#76
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Go to Services tab and click on the box to hide Microsoft Services then uncheck
everything that remains. Go to Startup tab and uncheck everything. OK and
reboot. If it helps then go back and turn on a few items each
time until you find the culprit.
  • 0

Advertisements


#77
brycrip

brycrip

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 395 posts
Sorry... but nope! Deleted everything in Services and Start Up but it still won't boot. Went back to msconfig twice to see if I had done it right... each time it won't boot unless I go into Safe Mode.

Thanks.... I'm sure you are as frustrated as I am. Anyway... done for today! Time to go back out to the boat for dinner.

Thanks so much for you're help...
Bry
  • 0

#78
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
I think you need to try a Windows System Restore.

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Type with an Enter after each line:

rstrui.exe

Then pick a date back when it was still booting into regular mode.

You have these to choose from:

14-11-2013 20:18:05 Restore Operation
15-11-2013 17:37:34 Windows Update
17-11-2013 20:27:19 Windows Update
19-11-2013 15:18:55 Windows Update
19-11-2013 16:09:33 Windows Update
21-11-2013 15:16:29 Installed AVG 2014
22-11-2013 15:22:56 avast! antivirus system restore point
24-11-2013 19:38:27 Restore Operation
24-11-2013 19:47:17 Removed OpenOffice 4.0.1
24-11-2013 20:23:18 Installed OpenOffice 4.0.1
25-11-2013 19:06:11 Installed Recovery for Writer 1.7.20461.2 Demo License
25-11-2013 19:20:22 Removed Recovery for Writer 1.7.20461.2 Demo License
29-11-2013 20:47:29 Installed System Requirements Lab for Intel
29-11-2013 21:06:53 Installed Java 7 Update 45
03-12-2013 20:40:22 Windows Update
04-12-2013 19:42:26 Windows Update
04-12-2013 21:24:53 Windows Update
05-12-2013 18:56:28 Installed LibreOffice 4.1 Help Pack (English (United States))
05-12-2013 19:53:42 Installed LibreOffice 4.1.3.2
05-12-2013 20:17:06 Windows Update
06-12-2013 18:42:52 avast! antivirus system restore point
06-12-2013 20:46:12 Windows Update
07-12-2013 17:31:18 Windows Update
07-12-2013 20:43:08 Windows Update
08-12-2013 21:46:40 Windows Update
09-12-2013 17:13:23 Windows Update
  • 0

#79
brycrip

brycrip

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 395 posts
Ok!!! System Restore got me back into the normal operation mode. It is interesting to note that while working in Safe Mode over the past three days, the computer did not lock up. I did have some problems with the cursor in the beginning, but no computer lock-ups. Mean anything to you?

Going back into msconfig and click on AVAST, but for now, leave everything else off.

Bry
  • 0

#80
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Probably a driver but it might be something you can uncheck in msconfig.

Let's run a new FRST scan (with additions checked) to see where we stand.
  • 0

#81
brycrip

brycrip

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 395 posts
Here you go....


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2013
Ran by BC (administrator) on CHINOOK on 11-12-2013 13:47:48
Running from C:\Users\BC\AppData\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(COMPANYVERS_NAME) C:\Program Files\SafePCRepair_89\bar\1.bin\89barsvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Egis Technology Inc.) C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\WordWeb\wweb32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaUI.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AVG_UI] - "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
HKCU\...\Run: [Free Download Manager] - C:\Program Files\Free Download Manager\fdm.exe [6950400 2013-10-25] (FreeDownloadManager.ORG)
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-07-29] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: BrowseSmart - {ffbb88a9-c663-4b9b-9170-70fa0a5a2786} - C:\Program Files\BrowseSmart\BrowseSmartBHO.dll (BrowseSmart)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043
FF user.js: detected! => C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043\user.js
FF NewTab: user_pref("browser.newtab.url", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @SafePCRepair_89.com/Plugin - C:\Program Files\SafePCRepair_89\bar\1.bin\NP89Stub.dll (MindSpark)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

Chrome:
=======
CHR HomePage: hxxp://start.search.us.com/v/2/?guid={54B51BB6-D4BF-48D7-8A97-B424C1127420}&serpv=5
CHR Extension: (Google Docs) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (avast! WebRep) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx

========================== Services (Whitelisted) =================

S4 EgisTec Ticket Service; C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe [173424 2011-04-02] (Egis Technology Inc. )
R4 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [739944 2011-05-10] (Acer Incorporated)
R4 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated)
R4 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.)
S4 ioloService; C:\Program Files\SafePCRepair\ioloToolService.exe [2625800 2013-04-05] (iolo technologies, LLC)
R4 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated)
R4 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [185632 2009-11-26] (Ralink Technology, Corp.)
R4 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
R4 SafePCRepair_89Service; C:\Program Files\SafePCRepair_89\bar\1.bin\89barsvc.exe [44752 2013-11-25] (COMPANYVERS_NAME)
S4 Update BrowseSmart; C:\Program Files\BrowseSmart\updateBrowseSmart.exe [66848 2013-11-20] ()
S4 Util BrowseSmart; C:\Program Files\BrowseSmart\bin\utilBrowseSmart.exe [66848 2013-12-06] ()

==================== Drivers (Whitelisted) ====================

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120632 2013-09-25] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-10-16] (AVG Technologies)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [21600 2011-08-09] (Egis Technology Inc.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16936 2011-08-09] (Egis Technology Inc.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [62240 2011-08-09] (Egis Technology Inc.)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [827904 2009-11-26] (Ralink Technology Corp.)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwsn00.sys [10382576 2013-07-25] (Intel Corporation)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [252520 2011-03-06] (Realtek Semiconductor Corp.)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S4 aswSP; No ImagePath
S0 AVGIDSHX; system32\DRIVERS\avgidshx.sys [x]
S1 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [x]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-10 17:49 - 2013-12-10 18:46 - 00075523 _____ C:\Users\BC\Documents\Untitled 1.odt
2013-12-10 14:24 - 2013-12-10 14:24 - 00075358 _____ C:\Users\BC\Documents\SavedCopyStones.odt
2013-12-10 13:10 - 2013-12-10 13:10 - 00000000 ____D C:\Users\BC\AppData\Roaming\Free Download Manager
2013-12-06 14:24 - 2013-12-06 15:03 - 10085984 _____ (AVAST Software) C:\Users\BC\Downloads\avast_free_antivirus_setup.exe.part
2013-12-06 13:44 - 2013-12-06 13:44 - 50063360 _____ C:\Program Files\GUTD9CC.tmp
2013-12-06 13:44 - 2013-12-06 13:44 - 00774392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-05 15:06 - 2013-12-05 15:06 - 00000000 ____D C:\Users\BC\AppData\Roaming\LibreOffice
2013-12-05 14:58 - 2013-12-05 14:58 - 00002579 _____ C:\Users\Public\Desktop\LibreOffice 4.1.lnk
2013-12-05 13:57 - 2013-12-05 14:58 - 00000000 ____D C:\Program Files\LibreOffice 4
2013-12-05 13:14 - 2013-12-11 13:47 - 00000000 ____D C:\FRST
2013-12-05 13:08 - 2013-12-11 12:56 - 00000000 ____D C:\Program Files\MyPC Backup
2013-12-05 13:05 - 2013-12-11 12:56 - 00000000 ____D C:\Program Files\SpeedFan
2013-12-05 13:05 - 2013-12-05 13:05 - 00000000 ____D C:\Users\BC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-12-05 12:57 - 2013-12-05 12:57 - 05745096 _____ (Hewlett-Packard Company ) C:\Users\BC\Downloads\sp31000.exe
2013-12-05 12:49 - 2013-12-11 12:56 - 00000000 ____D C:\Program Files\BrowseSmart
2013-12-03 15:40 - 2013-12-05 15:18 - 00019018 _____ C:\Windows\IE11_main.log
2013-12-03 12:31 - 2013-12-03 12:31 - 00003288 ____N C:\bootsqm.dat
2013-11-29 16:19 - 2013-12-05 12:39 - 00018548 _____ C:\Windows\DPINST.LOG
2013-11-29 16:14 - 2013-11-29 16:14 - 00000000 ____D C:\Users\BC\AppData\Roaming\SystemRequirementsLab
2013-11-29 16:13 - 2013-11-29 16:13 - 00000000 ____D C:\Windows\Sun
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\ProgramData\Oracle
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-29 16:08 - 2013-11-29 16:07 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-29 16:07 - 2013-11-29 16:07 - 00000000 ____D C:\Program Files\Java
2013-11-29 15:48 - 2013-11-29 15:48 - 00000000 ____D C:\Program Files\SystemRequirementsLab
2013-11-29 10:13 - 2013-11-29 10:13 - 00000000 ____D C:\Users\BC\AppData\Local\Adobe
2013-11-27 14:53 - 2013-11-27 14:53 - 00000000 ___HD C:\Windows\PIF
2013-11-26 13:45 - 2013-11-26 13:45 - 00000360 _____ C:\Users\BC\Desktop\junk.txt
2013-11-26 12:28 - 2013-11-26 12:30 - 04066921 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst-lite(1).exe
2013-11-25 15:45 - 2013-12-11 12:57 - 00004088 _____ C:\Windows\setupact.log
2013-11-25 15:45 - 2013-12-05 13:41 - 00002486 _____ C:\Windows\PFRO.log
2013-11-25 15:45 - 2013-11-25 15:45 - 00000000 _____ C:\Windows\setuperr.log
2013-11-25 14:07 - 2013-11-25 14:11 - 00000000 ____D C:\Users\BC\AppData\Roaming\OfficeRecovery
2013-11-25 14:07 - 2013-11-25 14:07 - 00000000 ____D C:\ProgramData\OfficeRecovery.d7cc0641
2013-11-25 13:36 - 2013-12-11 12:56 - 00000000 ____D C:\Program Files\SafePCRepair
2013-11-25 13:33 - 2013-12-11 12:56 - 00000000 ____D C:\Program Files\SafePCRepair_89
2013-11-24 15:25 - 2013-11-24 15:25 - 00001070 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-11-24 15:24 - 2013-11-24 15:24 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-11-22 10:24 - 2013-11-22 10:24 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVAST Software
2013-11-22 10:24 - 2013-11-22 10:23 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-22 10:23 - 2013-11-22 10:23 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-17 15:27 - 2013-11-17 15:27 - 00000000 ____D C:\2ded7b3cf452d17edf0e7189072a
2013-11-16 12:45 - 2013-11-16 12:45 - 00000000 ____D C:\Users\BC\AppData\Roaming\CrystalIdea Software
2013-11-15 13:06 - 2013-11-15 13:08 - 04066921 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst-lite.exe
2013-11-15 13:06 - 2013-11-15 13:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-14 15:40 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 15:40 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 15:40 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 15:39 - 2013-09-24 21:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 15:39 - 2013-09-24 21:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 15:39 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 15:39 - 2013-09-24 20:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 15:39 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 15:39 - 2013-09-24 20:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 15:39 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 15:39 - 2013-09-24 19:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 15:39 - 2013-09-24 19:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 15:39 - 2013-07-04 07:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-14 15:38 - 2013-10-02 20:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 15:37 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 15:37 - 2013-10-11 21:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 15:37 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 15:37 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\Users\BC\AppData\Roaming\Malwarebytes
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-13 14:13 - 2013-12-11 12:56 - 00000000 ____D C:\Program Files\Free Download Manager
2013-11-13 13:27 - 2013-11-13 13:27 - 00013697 _____ C:\ComboFix.txt
2013-11-13 13:00 - 2013-11-13 13:27 - 00000000 ____D C:\Qoobox
2013-11-13 12:59 - 2013-11-13 13:24 - 00000000 ____D C:\Windows\erdnt

==================== One Month Modified Files and Folders =======

2013-12-11 13:47 - 2013-12-05 13:14 - 00000000 ____D C:\FRST
2013-12-11 13:31 - 2012-06-12 14:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-11 13:19 - 2012-08-09 16:18 - 00000000 ____D C:\Windows\pss
2013-12-11 13:07 - 2011-12-09 16:03 - 00000000 ____D C:\Users\BC
2013-12-11 13:05 - 2009-07-13 23:34 - 00016160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-11 13:05 - 2009-07-13 23:34 - 00016160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-11 13:01 - 2013-10-30 14:36 - 02094933 _____ C:\Windows\WindowsUpdate.log
2013-12-11 12:57 - 2013-11-25 15:45 - 00004088 _____ C:\Windows\setupact.log
2013-12-11 12:57 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-11 12:57 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\wfp
2013-12-11 12:56 - 2013-12-05 13:08 - 00000000 ____D C:\Program Files\MyPC Backup
2013-12-11 12:56 - 2013-12-05 13:05 - 00000000 ____D C:\Program Files\SpeedFan
2013-12-11 12:56 - 2013-12-05 12:49 - 00000000 ____D C:\Program Files\BrowseSmart
2013-12-11 12:56 - 2013-11-25 13:36 - 00000000 ____D C:\Program Files\SafePCRepair
2013-12-11 12:56 - 2013-11-25 13:33 - 00000000 ____D C:\Program Files\SafePCRepair_89
2013-12-11 12:56 - 2013-11-13 14:13 - 00000000 ____D C:\Program Files\Free Download Manager
2013-12-11 12:56 - 2013-11-10 11:58 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVG2014
2013-12-11 12:56 - 2013-10-16 13:21 - 00000000 ____D C:\ProgramData\AVG2014
2013-12-11 12:56 - 2013-06-08 15:57 - 00000000 ____D C:\Windows\Minidump
2013-12-11 12:56 - 2013-04-02 14:43 - 00000000 ____D C:\Program Files\CCleaner
2013-12-11 12:56 - 2012-04-07 13:33 - 00000000 ____D C:\Program Files\Unlocker
2013-12-11 12:56 - 2011-12-09 17:28 - 00000000 ____D C:\Users\BC\AppData\Roaming\vlc
2013-12-11 12:56 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2013-12-10 18:46 - 2013-12-10 17:49 - 00075523 _____ C:\Users\BC\Documents\Untitled 1.odt
2013-12-10 14:24 - 2013-12-10 14:24 - 00075358 _____ C:\Users\BC\Documents\SavedCopyStones.odt
2013-12-10 13:10 - 2013-12-10 13:10 - 00000000 ____D C:\Users\BC\AppData\Roaming\Free Download Manager
2013-12-08 14:59 - 2011-12-13 20:25 - 00000000 ____D C:\VirusTrap1
2013-12-06 15:03 - 2013-12-06 14:24 - 10085984 _____ (AVAST Software) C:\Users\BC\Downloads\avast_free_antivirus_setup.exe.part
2013-12-06 13:44 - 2013-12-06 13:44 - 50063360 _____ C:\Program Files\GUTD9CC.tmp
2013-12-06 13:44 - 2013-12-06 13:44 - 00774392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-06 13:44 - 2012-01-14 19:01 - 00000000 ____D C:\Program Files\Google
2013-12-05 17:57 - 2011-12-09 16:04 - 00070968 _____ C:\Users\BC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-05 17:56 - 2009-07-13 23:33 - 00317776 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-05 15:18 - 2013-12-03 15:40 - 00019018 _____ C:\Windows\IE11_main.log
2013-12-05 15:06 - 2013-12-05 15:06 - 00000000 ____D C:\Users\BC\AppData\Roaming\LibreOffice
2013-12-05 14:58 - 2013-12-05 14:58 - 00002579 _____ C:\Users\Public\Desktop\LibreOffice 4.1.lnk
2013-12-05 14:58 - 2013-12-05 13:57 - 00000000 ____D C:\Program Files\LibreOffice 4
2013-12-05 14:29 - 2010-11-20 16:01 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-05 13:41 - 2013-11-25 15:45 - 00002486 _____ C:\Windows\PFRO.log
2013-12-05 13:05 - 2013-12-05 13:05 - 00000000 ____D C:\Users\BC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-12-05 13:05 - 2013-11-07 12:55 - 00000929 _____ C:\Users\BC\Desktop\SpeedFan.lnk
2013-12-05 13:05 - 2013-11-07 12:55 - 00000045 _____ C:\Windows\system32\initdebug.nfo
2013-12-05 12:59 - 2011-08-09 00:00 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-12-05 12:57 - 2013-12-05 12:57 - 05745096 _____ (Hewlett-Packard Company ) C:\Users\BC\Downloads\sp31000.exe
2013-12-05 12:39 - 2013-11-29 16:19 - 00018548 _____ C:\Windows\DPINST.LOG
2013-12-04 14:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF
2013-12-04 09:55 - 2013-03-17 10:38 - 00000000 ____D C:\Users\BC\AppData\Roaming\Skype
2013-12-03 12:31 - 2013-12-03 12:31 - 00003288 ____N C:\bootsqm.dat
2013-12-02 14:36 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2013-11-29 16:14 - 2013-11-29 16:14 - 00000000 ____D C:\Users\BC\AppData\Roaming\SystemRequirementsLab
2013-11-29 16:13 - 2013-11-29 16:13 - 00000000 ____D C:\Windows\Sun
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\ProgramData\Oracle
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-29 16:07 - 2013-11-29 16:08 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-29 16:07 - 2013-11-29 16:07 - 00000000 ____D C:\Program Files\Java
2013-11-29 15:48 - 2013-11-29 15:48 - 00000000 ____D C:\Program Files\SystemRequirementsLab
2013-11-29 10:13 - 2013-11-29 10:13 - 00000000 ____D C:\Users\BC\AppData\Local\Adobe
2013-11-27 14:53 - 2013-11-27 14:53 - 00000000 ___HD C:\Windows\PIF
2013-11-26 13:45 - 2013-11-26 13:45 - 00000360 _____ C:\Users\BC\Desktop\junk.txt
2013-11-26 12:30 - 2013-11-26 12:28 - 04066921 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst-lite(1).exe
2013-11-25 15:45 - 2013-11-25 15:45 - 00000000 _____ C:\Windows\setuperr.log
2013-11-25 14:11 - 2013-11-25 14:07 - 00000000 ____D C:\Users\BC\AppData\Roaming\OfficeRecovery
2013-11-25 14:07 - 2013-11-25 14:07 - 00000000 ____D C:\ProgramData\OfficeRecovery.d7cc0641
2013-11-24 15:25 - 2013-11-24 15:25 - 00001070 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-11-24 15:24 - 2013-11-24 15:24 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-11-24 13:37 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-11-22 10:24 - 2013-11-22 10:24 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVAST Software
2013-11-22 10:23 - 2013-11-22 10:24 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-22 10:23 - 2013-11-22 10:23 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-22 10:22 - 2013-03-16 13:05 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-22 09:58 - 2011-12-09 16:17 - 00000000 ____D C:\ProgramData\MFAData
2013-11-21 14:04 - 2011-12-09 16:03 - 00000000 ____D C:\Users\BC\AppData\Local\VirtualStore
2013-11-17 15:27 - 2013-11-17 15:27 - 00000000 ____D C:\2ded7b3cf452d17edf0e7189072a
2013-11-16 12:45 - 2013-11-16 12:45 - 00000000 ____D C:\Users\BC\AppData\Roaming\CrystalIdea Software
2013-11-16 12:39 - 2012-03-28 16:51 - 00000000 ____D C:\Program Files\WordWeb
2013-11-15 17:42 - 2013-10-30 14:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-15 13:08 - 2013-11-15 13:06 - 04066921 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst-lite.exe
2013-11-15 13:06 - 2013-11-15 13:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-15 12:50 - 2009-07-13 23:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-15 12:45 - 2013-07-20 07:13 - 00000000 ____D C:\Windows\system32\MRT
2013-11-15 12:38 - 2011-12-16 19:04 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 15:35 - 2013-10-30 14:27 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-14 15:21 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Public
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\Users\BC\AppData\Roaming\Malwarebytes
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-13 13:27 - 2013-11-13 13:27 - 00013697 _____ C:\ComboFix.txt
2013-11-13 13:27 - 2013-11-13 13:00 - 00000000 ____D C:\Qoobox
2013-11-13 13:24 - 2013-11-13 12:59 - 00000000 ____D C:\Windows\erdnt

Some content of TEMP:
====================
C:\Users\BC\AppData\Local\Temp\BackupSetup.exe
C:\Users\BC\AppData\Local\Temp\jxpiinstall(1).exe
C:\Users\BC\AppData\Local\Temp\jxpiinstall.exe
C:\Users\BC\AppData\Local\Temp\sfamcc00001.dll
C:\Users\BC\AppData\Local\Temp\sfareca00001.dll
C:\Users\BC\AppData\Local\Temp\sfextra.dll
C:\Users\BC\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-02 14:28

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-12-2013
Ran by BC at 2013-12-11 13:49:00
Running from C:\Users\BC\AppData\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acer Crystal Eye Webcam (Version: 1.0.1904)
Acer ePower Management (Version: 6.00.3007)
Acer eRecovery Management (Version: 5.00.3502)
Acer Registration (Version: 1.04.3502)
Acer ScreenSaver (Version: 1.1.0617.2011)
Acer Updater (Version: 1.02.3500)
Acer VCM (Version: 4.05.3501)
Adobe AIR (Version: 3.7.0.1860)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
BrowseSmart (Version: 2013.11.21.002241)
CCleaner (Version: 4.00)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
D3DX10 (Version: 15.4.2368.0902)
Free Download Manager 3.9.3
Galerie de photos Windows Live (Version: 15.4.3502.0922)
iCall (Version: 7.1.524)
Identity Card (Version: 1.00.3501)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.14.10.2230)
Intel® Rapid Storage Technology (Version: 10.1.0.1008)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Junk Mail filter update (Version: 15.4.3502.0922)
Launch Manager (Version: 5.1.4)
LibreOffice 4.1 Help Pack (English (United States)) (Version: 4.1.3.2)
LibreOffice 4.1.3.2 (Version: 4.1.3.2)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MSVCRT (Version: 15.4.2862.0708)
MyWinLocker 4 (Version: 4.0.14.25)
MyWinLocker Suite (Version: 4.0.14.15)
OpenOffice 4.0.1 (Version: 4.01.9714)
Ralink RT2870 Wireless LAN Card (Version: 1.5.6.0)
Realtek Ethernet Controller Driver (Version: 7.37.1229.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6307)
Realtek PCIE Card Reader (Version: 6.1.7600.78)
SelectionLinks (Version: 1.0)
Shredder (Version: 2.0.8.9)
Skype™ 6.6 (Version: 6.6.106)
SpeedFan (remove only)
Synaptics Pointing Device Driver (Version: 15.1.18.0)
System Requirements Lab for Intel (Version: 4.5.13.0)
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VLC media player 2.1.0 (Version: 2.1.0)
Welcome Center (Version: 1.02.3503)
Windows Live (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WordWeb (Version: 6)

==================== Restore Points =========================

14-11-2013 20:18:05 Restore Operation
15-11-2013 17:37:34 Windows Update
17-11-2013 20:27:19 Windows Update
19-11-2013 15:18:55 Windows Update
19-11-2013 16:09:33 Windows Update
21-11-2013 15:16:29 Installed AVG 2014
22-11-2013 15:22:56 avast! antivirus system restore point
24-11-2013 19:38:27 Restore Operation
24-11-2013 19:47:17 Removed OpenOffice 4.0.1
24-11-2013 20:23:18 Installed OpenOffice 4.0.1
25-11-2013 19:06:11 Installed Recovery for Writer 1.7.20461.2 Demo License
25-11-2013 19:20:22 Removed Recovery for Writer 1.7.20461.2 Demo License
29-11-2013 20:47:29 Installed System Requirements Lab for Intel
29-11-2013 21:06:53 Installed Java 7 Update 45
03-12-2013 20:40:22 Windows Update
04-12-2013 19:42:26 Windows Update
04-12-2013 21:24:53 Windows Update
05-12-2013 18:56:28 Installed LibreOffice 4.1 Help Pack (English (United States))
05-12-2013 19:53:42 Installed LibreOffice 4.1.3.2
05-12-2013 20:17:06 Windows Update
06-12-2013 18:42:52 avast! antivirus system restore point
06-12-2013 20:46:12 Windows Update
07-12-2013 17:31:18 Windows Update
07-12-2013 20:43:08 Windows Update
08-12-2013 21:46:40 Windows Update
09-12-2013 17:13:23 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:04 - 2013-03-25 12:17 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {00B7BDB0-B402-40C1-A4CB-D569BBDC1A4E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {3C61BF98-B1A3-445D-813B-4B8B80A5F2E7} - System32\Tasks\{2F8EB3EA-875C-4E36-8380-B9F8CF6B71B2} => C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {3FD60D5F-A872-4150-835E-A0B1D7A891A6} - System32\Tasks\{423C745D-CEB9-4720-834B-5910ADC6F8D5} => C:\Program Files\tinySpell\tinyspell.exe
Task: {4A0CE86E-3B42-4A6A-8F59-93EF2A9C3340} - System32\Tasks\{47C8FCC1-4B89-44C5-A945-3D30301AE89B} => Firefox.exe
Task: {56D88B04-85C7-4410-BAEB-912E432705C3} - System32\Tasks\Adobe ARM => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)
Task: {7BAA9F29-A535-41A3-ADCB-FD77A7459241} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1434271250-535229840-3131482536-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {82A70256-A65B-45B0-A289-2F52D670FF40} - System32\Tasks\{6977321E-CE53-4746-8B61-77A4D12D0423} => Firefox.exe
Task: {8E432221-B688-49C4-8CCA-6611CFA9F602} - System32\Tasks\{16C26C30-E35C-44AE-AFED-771B87A2A222} => C:\Program Files\OpenOffice.org
Task: {92FB80DF-3D46-471B-A2A6-DC3D2FB09EF5} - System32\Tasks\{764A393D-633B-439A-9593-6364EADF016A} => C:\Program Files\Moyea\FLV Editor Lite\FlvEditorLite.exe
Task: {9B8F7347-CAB4-4C1B-82A3-2B0CF9EE341F} - System32\Tasks\{C978A38F-7358-4587-9AE2-A8C10C5E6928} => C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {A369E454-F732-460B-BE75-6CEBF9561A1D} - System32\Tasks\{7A078B64-317B-47E5-AEED-6DA886061D18} => Firefox.exe
Task: {B0E4A562-7DF8-4567-92AD-2FAE0D3847C9} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1434271250-535229840-3131482536-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {B2C2BB7E-05B6-47C1-AA76-7D8BBA82DA03} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
Task: {D5E81E6D-48AE-44AC-9B70-500CE81575B1} - System32\Tasks\{A82B7F6C-83D4-4711-AAFD-454886EA6197} => C:\Program Files\iCall\iCall.exe [2012-06-18] ()
Task: {F417EE00-20DF-4F86-8D2B-967557058F93} - System32\Tasks\{3E9059AE-66C4-4070-B46D-2D805B2D2D4D} => C:\Program Files\tinySpell\tinyspell.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-07-04 16:32 - 2010-07-04 16:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2010-07-04 16:32 - 2010-07-04 16:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2012-03-28 16:51 - 2012-07-15 11:27 - 02216480 ____N () C:\Windows\wweb32.dll
2012-03-28 16:51 - 2012-07-15 11:25 - 00022800 ____N () C:\Program Files\WordWeb\WUCNT.dll
2011-12-21 17:40 - 2009-11-26 17:02 - 00918816 _____ () C:\Program Files\Ralink\Common\RaWLAPI.dll
2013-11-15 13:06 - 2013-11-15 13:06 - 03363952 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-11-26 12:31 - 2013-10-25 21:58 - 00283648 _____ () C:\Program Files\Free Download Manager\Firefox\Extension\components\vmsfdmff22.dll

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: AVGIDSShim
Description: AVGIDSShim
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: AVGIDSShim
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/11/2013 01:07:40 PM) (Source: Windows Backup) (User: )
Description: The backup did not complete because of an error writing to the backup location D:\. The error is: The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006).

Error: (12/11/2013 01:00:41 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/11/2013 01:00:41 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/11/2013 01:00:41 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/11/2013 01:00:41 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/11/2013 01:00:41 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)

Error: (12/11/2013 01:00:40 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.JetPropStore> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/11/2013 01:00:40 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot load the property store information.

Context: Windows Application, SystemIndex Catalog


Details:
The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f) (0x8004117f)

Error: (12/11/2013 01:00:40 PM) (Source: Windows Search Service) (User: )
Description: The search service has detected corrupted data files in the index {id=1100}. The service will attempt to automatically correct this problem by rebuilding the index.


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/11/2013 01:00:40 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service cannot open the Jet property store.


Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f))


System errors:
=============
Error: (12/11/2013 01:00:41 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/11/2013 01:00:41 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service terminated with service-specific error %%-1073473535.

Error: (12/11/2013 00:58:35 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AVGIDSHX
AVGIDSShim

Error: (12/11/2013 00:58:35 PM) (Source: Service Control Manager) (User: )
Description: The Util BrowseSmart service failed to start due to the following error:
%%1053

Error: (12/11/2013 00:58:35 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Util BrowseSmart service to connect.

Error: (12/11/2013 00:58:04 PM) (Source: Service Control Manager) (User: )
Description: The Update BrowseSmart service failed to start due to the following error:
%%1053

Error: (12/11/2013 00:58:04 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Update BrowseSmart service to connect.

Error: (12/11/2013 00:51:32 PM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (12/11/2013 00:47:51 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (12/11/2013 00:47:50 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================
Error: (12/11/2013 01:07:40 PM) (Source: Windows Backup)(User: )
Description: D:\The backup location cannot be found or is not valid. Review your backup settings and check the backup location. (0x81000006)

Error: (12/11/2013 01:00:41 PM) (Source: Windows Search Service)(User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt

Error: (12/11/2013 01:00:41 PM) (Source: Windows Search Service)(User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/11/2013 01:00:41 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/11/2013 01:00:41 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)

Error: (12/11/2013 01:00:41 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
Element not found. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer

Error: (12/11/2013 01:00:40 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore

Error: (12/11/2013 01:00:40 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f) (0x8004117f)

Error: (12/11/2013 01:00:40 PM) (Source: Windows Search Service)(User: )
Description:
Details:
The content index catalog is corrupt. (HRESULT : 0xc0041801) (0xc0041801)
1100

Error: (12/11/2013 01:00:40 PM) (Source: Windows Search Service)(User: )
Description:
Details:
0x%08x (0x8004117f - The content index server cannot update or access information because of a database error. Stop and restart the search service. If the problem persists, reset and recrawl the content index. In some cases it may be necessary to delete and recreate the content index. (HRESULT : 0x8004117f))


==================== Memory info ===========================

Percentage of memory in use: 64%
Total physical RAM: 1011.87 MB
Available physical RAM: 356.51 MB
Total Pagefile: 2035.87 MB
Available Pagefile: 1233.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1915.05 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:219.79 GB) (Free:166.74 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: E2768EF3)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#82
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
Looks like we have to remove the same garbage again. First clear the alarms:


Right click on (My) Computer and select Manage (Continue) Then click on the arrow in front of Event Viewer. Next Click on the arrow in front of Windows Logs Right click on System and Clear Log, Clear. Repeat for Application.



Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that

I assume it will reboot. If not please do so.

Then:

Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).
sfc  /scannow

(This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter. Copy and paste the text from notepad or if it is too big, just attach the file.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Then run FRST again and just do a scan.
  • 0

#83
brycrip

brycrip

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 395 posts
I'll continue tomorrow with the Event Viewer Tool by Vino Rosso.

'Start, All Programs, Accessories then right click on Command Promp' ran fine and didn't find anything.

Here are the FRST Scans:

Thank you!

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-12-2013
Ran by BC (administrator) on CHINOOK on 11-12-2013 15:18:15
Running from C:\Users\BC\AppData\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
(COMPANYVERS_NAME) C:\Program Files\SafePCRepair_89\bar\1.bin\89barsvc.exe
() C:\Program Files\BrowseSmart\updateBrowseSmart.exe
() C:\Program Files\BrowseSmart\bin\utilBrowseSmart.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Egis Technology Inc.) C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
() C:\Program Files\WordWeb\wweb32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaUI.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [UnlockerAssistant] - C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1934632 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [SuiteTray] - C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM\...\Run: [SafePCRepair Search Scope Monitor] - C:\Program Files\SafePCRepair_89\bar\1.bin\89SrchMn.exe [44784 2013-11-25] (MindSpark)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715368 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [EgisUpdate] - C:\Program Files\EgisTec IPS\EgisUpdate.exe [202608 2011-03-28] (Egis Technology Inc.)
HKLM\...\Run: [EgisTecPMMUpdate] - C:\Program Files\EgisTec IPS\PmmUpdate.exe [408432 2011-03-28] (Egis Technology Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [AVG_UI] - "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
HKCU\...\Run: [WordWeb] - C:\Program Files\WordWeb\wweb32.exe [77064 2012-04-21] ()
HKCU\...\Run: [SPEEDbitVideoAccelerator] - "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup
HKCU\...\Run: [iCall] - C:\Program Files\iCall\iCall.exe [4852416 2012-06-18] ()
HKCU\...\Run: [Free Download Manager] - C:\Program Files\Free Download Manager\fdm.exe [6950400 2013-10-25] (FreeDownloadManager.ORG)
HKCU\...\Run: [DownloadAccelerator] - "C:\Program Files\DAP\DAP.EXE" /STARTUP
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-07-29] ()
Startup: C:\Users\BC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk
ShortcutTarget: OpenOffice.org 3.4.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: BrowseSmart - {ffbb88a9-c663-4b9b-9170-70fa0a5a2786} - C:\Program Files\BrowseSmart\BrowseSmartBHO.dll (BrowseSmart)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043
FF user.js: detected! => C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043\user.js
FF NewTab: user_pref("browser.newtab.url", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @SafePCRepair_89.com/Plugin - C:\Program Files\SafePCRepair_89\bar\1.bin\NP89Stub.dll (MindSpark)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

Chrome:
=======
CHR HomePage: hxxp://start.search.us.com/v/2/?guid={54B51BB6-D4BF-48D7-8A97-B424C1127420}&serpv=5
CHR Extension: (Google Docs) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (avast! WebRep) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx

========================== Services (Whitelisted) =================

S3 EgisTec Ticket Service; C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe [173424 2011-04-02] (Egis Technology Inc. )
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [739944 2011-05-10] (Acer Incorporated)
R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.)
S3 ioloService; C:\Program Files\SafePCRepair\ioloToolService.exe [2625800 2013-04-05] (iolo technologies, LLC)
R2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated)
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [185632 2009-11-26] (Ralink Technology, Corp.)
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
R2 SafePCRepair_89Service; C:\Program Files\SafePCRepair_89\bar\1.bin\89barsvc.exe [44752 2013-11-25] (COMPANYVERS_NAME)
R2 Update BrowseSmart; C:\Program Files\BrowseSmart\updateBrowseSmart.exe [66848 2013-11-20] ()
R2 Util BrowseSmart; C:\Program Files\BrowseSmart\bin\utilBrowseSmart.exe [66848 2013-12-06] ()

==================== Drivers (Whitelisted) ====================

R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120632 2013-09-25] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-10-16] (AVG Technologies)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [21600 2011-08-09] (Egis Technology Inc.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16936 2011-08-09] (Egis Technology Inc.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [62240 2011-08-09] (Egis Technology Inc.)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [827904 2009-11-26] (Ralink Technology Corp.)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwsn00.sys [10382576 2013-07-25] (Intel Corporation)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [252520 2011-03-06] (Realtek Semiconductor Corp.)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S4 aswSP; No ImagePath
S0 AVGIDSHX; system32\DRIVERS\avgidshx.sys [x]
S1 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [x]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-10 17:49 - 2013-12-10 18:46 - 00075523 _____ C:\Users\BC\Documents\Untitled 1.odt
2013-12-10 14:24 - 2013-12-10 14:24 - 00075358 _____ C:\Users\BC\Documents\SavedCopyStones.odt
2013-12-10 13:10 - 2013-12-10 13:10 - 00000000 ____D C:\Users\BC\AppData\Roaming\Free Download Manager
2013-12-06 14:24 - 2013-12-06 15:03 - 10085984 _____ (AVAST Software) C:\Users\BC\Downloads\avast_free_antivirus_setup.exe.part
2013-12-06 13:44 - 2013-12-06 13:44 - 50063360 _____ C:\Program Files\GUTD9CC.tmp
2013-12-06 13:44 - 2013-12-06 13:44 - 00774392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-05 15:06 - 2013-12-05 15:06 - 00000000 ____D C:\Users\BC\AppData\Roaming\LibreOffice
2013-12-05 14:58 - 2013-12-05 14:58 - 00002579 _____ C:\Users\Public\Desktop\LibreOffice 4.1.lnk
2013-12-05 13:57 - 2013-12-05 14:58 - 00000000 ____D C:\Program Files\LibreOffice 4
2013-12-05 13:14 - 2013-12-11 13:47 - 00000000 ____D C:\FRST
2013-12-05 13:08 - 2013-12-11 12:56 - 00000000 ____D C:\Program Files\MyPC Backup
2013-12-05 13:05 - 2013-12-11 12:56 - 00000000 ____D C:\Program Files\SpeedFan
2013-12-05 13:05 - 2013-12-05 13:05 - 00000000 ____D C:\Users\BC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-12-05 12:57 - 2013-12-05 12:57 - 05745096 _____ (Hewlett-Packard Company ) C:\Users\BC\Downloads\sp31000.exe
2013-12-05 12:49 - 2013-12-11 12:56 - 00000000 ____D C:\Program Files\BrowseSmart
2013-12-03 15:40 - 2013-12-05 15:18 - 00019018 _____ C:\Windows\IE11_main.log
2013-12-03 12:31 - 2013-12-03 12:31 - 00003288 ____N C:\bootsqm.dat
2013-11-29 16:19 - 2013-12-05 12:39 - 00018548 _____ C:\Windows\DPINST.LOG
2013-11-29 16:14 - 2013-11-29 16:14 - 00000000 ____D C:\Users\BC\AppData\Roaming\SystemRequirementsLab
2013-11-29 16:13 - 2013-11-29 16:13 - 00000000 ____D C:\Windows\Sun
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\ProgramData\Oracle
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-29 16:08 - 2013-11-29 16:07 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-29 16:07 - 2013-11-29 16:07 - 00000000 ____D C:\Program Files\Java
2013-11-29 15:48 - 2013-11-29 15:48 - 00000000 ____D C:\Program Files\SystemRequirementsLab
2013-11-29 10:13 - 2013-11-29 10:13 - 00000000 ____D C:\Users\BC\AppData\Local\Adobe
2013-11-27 14:53 - 2013-11-27 14:53 - 00000000 ___HD C:\Windows\PIF
2013-11-26 13:45 - 2013-11-26 13:45 - 00000360 _____ C:\Users\BC\Desktop\junk.txt
2013-11-26 12:28 - 2013-11-26 12:30 - 04066921 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst-lite(1).exe
2013-11-25 15:45 - 2013-12-11 15:06 - 00004256 _____ C:\Windows\setupact.log
2013-11-25 15:45 - 2013-12-05 13:41 - 00002486 _____ C:\Windows\PFRO.log
2013-11-25 15:45 - 2013-11-25 15:45 - 00000000 _____ C:\Windows\setuperr.log
2013-11-25 14:07 - 2013-11-25 14:11 - 00000000 ____D C:\Users\BC\AppData\Roaming\OfficeRecovery
2013-11-25 14:07 - 2013-11-25 14:07 - 00000000 ____D C:\ProgramData\OfficeRecovery.d7cc0641
2013-11-25 13:36 - 2013-12-11 12:56 - 00000000 ____D C:\Program Files\SafePCRepair
2013-11-25 13:33 - 2013-12-11 12:56 - 00000000 ____D C:\Program Files\SafePCRepair_89
2013-11-24 15:25 - 2013-11-24 15:25 - 00001070 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-11-24 15:24 - 2013-11-24 15:24 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-11-22 10:24 - 2013-11-22 10:24 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVAST Software
2013-11-22 10:24 - 2013-11-22 10:23 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-22 10:23 - 2013-11-22 10:23 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-17 15:27 - 2013-11-17 15:27 - 00000000 ____D C:\2ded7b3cf452d17edf0e7189072a
2013-11-16 12:45 - 2013-11-16 12:45 - 00000000 ____D C:\Users\BC\AppData\Roaming\CrystalIdea Software
2013-11-15 13:06 - 2013-11-15 13:08 - 04066921 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst-lite.exe
2013-11-15 13:06 - 2013-11-15 13:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-14 15:40 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 15:40 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 15:40 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 15:39 - 2013-09-24 21:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 15:39 - 2013-09-24 21:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 15:39 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 15:39 - 2013-09-24 20:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 15:39 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 15:39 - 2013-09-24 20:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 15:39 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 15:39 - 2013-09-24 19:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 15:39 - 2013-09-24 19:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 15:39 - 2013-07-04 07:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-14 15:38 - 2013-10-02 20:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 15:37 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 15:37 - 2013-10-11 21:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 15:37 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 15:37 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\Users\BC\AppData\Roaming\Malwarebytes
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-13 14:13 - 2013-12-11 12:56 - 00000000 ____D C:\Program Files\Free Download Manager
2013-11-13 13:27 - 2013-11-13 13:27 - 00013697 _____ C:\ComboFix.txt
2013-11-13 13:00 - 2013-11-13 13:27 - 00000000 ____D C:\Qoobox
2013-11-13 12:59 - 2013-11-13 13:24 - 00000000 ____D C:\Windows\erdnt

==================== One Month Modified Files and Folders =======

2013-12-11 15:17 - 2009-07-13 23:34 - 00016160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-11 15:17 - 2009-07-13 23:34 - 00016160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-11 15:06 - 2013-11-25 15:45 - 00004256 _____ C:\Windows\setupact.log
2013-12-11 15:06 - 2013-10-30 14:36 - 01078875 _____ C:\Windows\WindowsUpdate.log
2013-12-11 15:06 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-11 14:53 - 2012-08-09 16:18 - 00000000 ____D C:\Windows\pss
2013-12-11 14:31 - 2012-06-12 14:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-11 13:47 - 2013-12-05 13:14 - 00000000 ____D C:\FRST
2013-12-11 13:07 - 2011-12-09 16:03 - 00000000 ____D C:\Users\BC
2013-12-11 12:57 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\wfp
2013-12-11 12:56 - 2013-12-05 13:08 - 00000000 ____D C:\Program Files\MyPC Backup
2013-12-11 12:56 - 2013-12-05 13:05 - 00000000 ____D C:\Program Files\SpeedFan
2013-12-11 12:56 - 2013-12-05 12:49 - 00000000 ____D C:\Program Files\BrowseSmart
2013-12-11 12:56 - 2013-11-25 13:36 - 00000000 ____D C:\Program Files\SafePCRepair
2013-12-11 12:56 - 2013-11-25 13:33 - 00000000 ____D C:\Program Files\SafePCRepair_89
2013-12-11 12:56 - 2013-11-13 14:13 - 00000000 ____D C:\Program Files\Free Download Manager
2013-12-11 12:56 - 2013-11-10 11:58 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVG2014
2013-12-11 12:56 - 2013-10-16 13:21 - 00000000 ____D C:\ProgramData\AVG2014
2013-12-11 12:56 - 2013-06-08 15:57 - 00000000 ____D C:\Windows\Minidump
2013-12-11 12:56 - 2013-04-02 14:43 - 00000000 ____D C:\Program Files\CCleaner
2013-12-11 12:56 - 2012-04-07 13:33 - 00000000 ____D C:\Program Files\Unlocker
2013-12-11 12:56 - 2011-12-09 17:28 - 00000000 ____D C:\Users\BC\AppData\Roaming\vlc
2013-12-11 12:56 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2013-12-10 18:46 - 2013-12-10 17:49 - 00075523 _____ C:\Users\BC\Documents\Untitled 1.odt
2013-12-10 14:24 - 2013-12-10 14:24 - 00075358 _____ C:\Users\BC\Documents\SavedCopyStones.odt
2013-12-10 13:10 - 2013-12-10 13:10 - 00000000 ____D C:\Users\BC\AppData\Roaming\Free Download Manager
2013-12-08 14:59 - 2011-12-13 20:25 - 00000000 ____D C:\VirusTrap1
2013-12-06 15:03 - 2013-12-06 14:24 - 10085984 _____ (AVAST Software) C:\Users\BC\Downloads\avast_free_antivirus_setup.exe.part
2013-12-06 13:44 - 2013-12-06 13:44 - 50063360 _____ C:\Program Files\GUTD9CC.tmp
2013-12-06 13:44 - 2013-12-06 13:44 - 00774392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-06 13:44 - 2012-01-14 19:01 - 00000000 ____D C:\Program Files\Google
2013-12-05 17:57 - 2011-12-09 16:04 - 00070968 _____ C:\Users\BC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-05 17:56 - 2009-07-13 23:33 - 00317776 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-05 15:18 - 2013-12-03 15:40 - 00019018 _____ C:\Windows\IE11_main.log
2013-12-05 15:06 - 2013-12-05 15:06 - 00000000 ____D C:\Users\BC\AppData\Roaming\LibreOffice
2013-12-05 14:58 - 2013-12-05 14:58 - 00002579 _____ C:\Users\Public\Desktop\LibreOffice 4.1.lnk
2013-12-05 14:58 - 2013-12-05 13:57 - 00000000 ____D C:\Program Files\LibreOffice 4
2013-12-05 14:29 - 2010-11-20 16:01 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-05 13:41 - 2013-11-25 15:45 - 00002486 _____ C:\Windows\PFRO.log
2013-12-05 13:05 - 2013-12-05 13:05 - 00000000 ____D C:\Users\BC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-12-05 13:05 - 2013-11-07 12:55 - 00000929 _____ C:\Users\BC\Desktop\SpeedFan.lnk
2013-12-05 13:05 - 2013-11-07 12:55 - 00000045 _____ C:\Windows\system32\initdebug.nfo
2013-12-05 12:59 - 2011-08-09 00:00 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-12-05 12:57 - 2013-12-05 12:57 - 05745096 _____ (Hewlett-Packard Company ) C:\Users\BC\Downloads\sp31000.exe
2013-12-05 12:39 - 2013-11-29 16:19 - 00018548 _____ C:\Windows\DPINST.LOG
2013-12-04 14:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF
2013-12-04 09:55 - 2013-03-17 10:38 - 00000000 ____D C:\Users\BC\AppData\Roaming\Skype
2013-12-03 12:31 - 2013-12-03 12:31 - 00003288 ____N C:\bootsqm.dat
2013-12-02 14:36 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2013-11-29 16:14 - 2013-11-29 16:14 - 00000000 ____D C:\Users\BC\AppData\Roaming\SystemRequirementsLab
2013-11-29 16:13 - 2013-11-29 16:13 - 00000000 ____D C:\Windows\Sun
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\ProgramData\Oracle
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-29 16:07 - 2013-11-29 16:08 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-29 16:07 - 2013-11-29 16:07 - 00000000 ____D C:\Program Files\Java
2013-11-29 15:48 - 2013-11-29 15:48 - 00000000 ____D C:\Program Files\SystemRequirementsLab
2013-11-29 10:13 - 2013-11-29 10:13 - 00000000 ____D C:\Users\BC\AppData\Local\Adobe
2013-11-27 14:53 - 2013-11-27 14:53 - 00000000 ___HD C:\Windows\PIF
2013-11-26 13:45 - 2013-11-26 13:45 - 00000360 _____ C:\Users\BC\Desktop\junk.txt
2013-11-26 12:30 - 2013-11-26 12:28 - 04066921 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst-lite(1).exe
2013-11-25 15:45 - 2013-11-25 15:45 - 00000000 _____ C:\Windows\setuperr.log
2013-11-25 14:11 - 2013-11-25 14:07 - 00000000 ____D C:\Users\BC\AppData\Roaming\OfficeRecovery
2013-11-25 14:07 - 2013-11-25 14:07 - 00000000 ____D C:\ProgramData\OfficeRecovery.d7cc0641
2013-11-24 15:25 - 2013-11-24 15:25 - 00001070 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-11-24 15:24 - 2013-11-24 15:24 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-11-24 13:37 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-11-22 10:24 - 2013-11-22 10:24 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVAST Software
2013-11-22 10:23 - 2013-11-22 10:24 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-22 10:23 - 2013-11-22 10:23 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-22 10:22 - 2013-03-16 13:05 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-22 09:58 - 2011-12-09 16:17 - 00000000 ____D C:\ProgramData\MFAData
2013-11-21 14:04 - 2011-12-09 16:03 - 00000000 ____D C:\Users\BC\AppData\Local\VirtualStore
2013-11-17 15:27 - 2013-11-17 15:27 - 00000000 ____D C:\2ded7b3cf452d17edf0e7189072a
2013-11-16 12:45 - 2013-11-16 12:45 - 00000000 ____D C:\Users\BC\AppData\Roaming\CrystalIdea Software
2013-11-16 12:39 - 2012-03-28 16:51 - 00000000 ____D C:\Program Files\WordWeb
2013-11-15 17:42 - 2013-10-30 14:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-15 13:08 - 2013-11-15 13:06 - 04066921 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst-lite.exe
2013-11-15 13:06 - 2013-11-15 13:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-15 12:50 - 2009-07-13 23:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-15 12:45 - 2013-07-20 07:13 - 00000000 ____D C:\Windows\system32\MRT
2013-11-15 12:38 - 2011-12-16 19:04 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 15:35 - 2013-10-30 14:27 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-14 15:21 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Public
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\Users\BC\AppData\Roaming\Malwarebytes
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-13 13:27 - 2013-11-13 13:27 - 00013697 _____ C:\ComboFix.txt
2013-11-13 13:27 - 2013-11-13 13:00 - 00000000 ____D C:\Qoobox
2013-11-13 13:24 - 2013-11-13 12:59 - 00000000 ____D C:\Windows\erdnt

Some content of TEMP:
====================
C:\Users\BC\AppData\Local\Temp\BackupSetup.exe
C:\Users\BC\AppData\Local\Temp\jxpiinstall(1).exe
C:\Users\BC\AppData\Local\Temp\jxpiinstall.exe
C:\Users\BC\AppData\Local\Temp\sfamcc00001.dll
C:\Users\BC\AppData\Local\Temp\sfareca00001.dll
C:\Users\BC\AppData\Local\Temp\sfextra.dll
C:\Users\BC\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-02 14:28

==================== End Of Log ============================
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-12-2013
Ran by BC at 2013-12-11 15:19:23 Run:2
Running from C:\Users\BC\AppData\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [AVG_UI] - "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
HKCU\...\Run: [Free Download Manager] - C:\Program Files\Free Download Manager\fdm.exe [6950400 2013-10-25] (FreeDownloadManager.ORG)
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] ATTENTION! ====> ZeroAccess?
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: BrowseSmart - {ffbb88a9-c663-4b9b-9170-70fa0a5a2786} - C:\Program Files\BrowseSmart\BrowseSmartBHO.dll (BrowseSmart)
FF Plugin: @SafePCRepair_89.com/Plugin - C:\Program Files\SafePCRepair_89\bar\1.bin\NP89Stub.dll (MindSpark)
CHR HomePage: hxxp://start.search.us.com/v/2/?guid={54B51BB6-D4BF-48D7-8A97-B424C1127420}&serpv=5
S4 ioloService; C:\Program Files\SafePCRepair\ioloToolService.exe [2625800 2013-04-05] (iolo technologies, LLC)
R4 SafePCRepair_89Service; C:\Program Files\SafePCRepair_89\bar\1.bin\89barsvc.exe [44752 2013-11-25] (COMPANYVERS_NAME)
S4 Update BrowseSmart; C:\Program Files\BrowseSmart\updateBrowseSmart.exe [66848 2013-11-20] ()
S4 Util BrowseSmart; C:\Program Files\BrowseSmart\bin\utilBrowseSmart.exe [66848 2013-12-06] ()
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [120632 2013-09-25] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [223032 2013-09-02] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [37664 2013-10-16] (AVG Technologies)
S0 AVGIDSHX; system32\DRIVERS\avgidshx.sys [x]
S1 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [x]
2013-11-25 13:36 - 2013-12-11 12:56 - 00000000 ____D C:\Program Files\SafePCRepair
2013-11-25 13:33 - 2013-12-11 12:56 - 00000000 ____D C:\Program Files\SafePCRepair_89
2013-12-11 12:56 - 2013-12-05 13:08 - 00000000 ____D C:\Program Files\MyPC Backup
2013-12-11 12:56 - 2013-12-05 13:05 - 00000000 ____D C:\Program Files\SpeedFan
2013-12-11 12:56 - 2013-12-05 12:49 - 00000000 ____D C:\Program Files\BrowseSmart
2013-12-11 12:56 - 2013-11-25 13:36 - 00000000 ____D C:\Program Files\SafePCRepair
2013-12-11 12:56 - 2013-11-25 13:33 - 00000000 ____D C:\Program Files\SafePCRepair_89
2013-12-11 12:56 - 2013-11-13 14:13 - 00000000 ____D C:\Program Files\Free Download Manager
2013-12-11 12:56 - 2013-11-10 11:58 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVG2014
2013-12-11 12:56 - 2013-10-16 13:21 - 00000000 ____D C:\ProgramData\AVG2014
2013-12-10 13:10 - 2013-12-10 13:10 - 00000000 ____D C:\Users\BC\AppData\Roaming\Free Download Manager
2013-11-26 12:30 - 2013-11-26 12:28 - 04066921 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst-lite(1).exe
Task: {B2C2BB7E-05B6-47C1-AA76-7D8BBA82DA03} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-03-25] (Piriform Ltd)
C:\Program Files\SafePCRepair
C:\Program Files\BrowseSmart
C:\Program Files\Free Download Manager
AVGIDSHX
AVGIDSShim

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AVG_UI => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Free Download Manager => Value deleted successfully.
HKCU\Software\Classes\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} => Key deleted successfully.
HKCR\CLSID\{CC59E0F9-7E43-44FA-9FAA-8377850BF205} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffbb88a9-c663-4b9b-9170-70fa0a5a2786} => Key deleted successfully.
HKCR\CLSID\{ffbb88a9-c663-4b9b-9170-70fa0a5a2786} => Key deleted successfully.
HKLM\Software\MozillaPlugins\@SafePCRepair_89.com/Plugin => Key deleted successfully.
C:\Program Files\SafePCRepair_89\bar\1.bin\NP89Stub.dll => Moved successfully.
CHR HomePage: hxxp://start.search.us.com/v/2/?guid={54B51BB6-D4BF-48D7-8A97-B424C1127420}&serpv=5 ==> The Chrome "Settings" can be used to fix the entry.
ioloService => Service deleted successfully.
SafePCRepair_89Service => Service deleted successfully.
Update BrowseSmart => Service deleted successfully.
Util BrowseSmart => Service deleted successfully.
Avgdiskx => Service deleted successfully.
Avglogx => Service deleted successfully.
avgtp => Service deleted successfully.
AVGIDSHX => Service deleted successfully.
AVGIDSShim => Service deleted successfully.
C:\Program Files\SafePCRepair => Moved successfully.
C:\Program Files\SafePCRepair_89 => Moved successfully.
C:\Program Files\MyPC Backup => Moved successfully.
C:\Program Files\SpeedFan => Moved successfully.
C:\Program Files\BrowseSmart => Moved successfully.
"C:\Program Files\SafePCRepair" => File/Directory not found.
"C:\Program Files\SafePCRepair_89" => File/Directory not found.
C:\Program Files\Free Download Manager => Moved successfully.
C:\Users\BC\AppData\Roaming\AVG2014 => Moved successfully.
C:\ProgramData\AVG2014 => Moved successfully.
C:\Users\BC\AppData\Roaming\Free Download Manager => Moved successfully.
C:\Users\BC\Downloads\fdminst-lite(1).exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2C2BB7E-05B6-47C1-AA76-7D8BBA82DA03} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2C2BB7E-05B6-47C1-AA76-7D8BBA82DA03} => Key deleted successfully.
C:\Windows\System32\Tasks\CCleanerSkipUAC => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => Key deleted successfully.
"C:\Program Files\SafePCRepair" => File/Directory not found.
"C:\Program Files\BrowseSmart" => File/Directory not found.
"C:\Program Files\Free Download Manager" => File/Directory not found.


The system needs a manual reboot.

==== End of Fixlog ====
  • 0

#84
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
OK but it looks like you ran the FRST scan before the FRST fix. Can you run a FRST scan again?
  • 0

#85
brycrip

brycrip

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 395 posts
Hey!

I ran the MS Fix program and it downloaded about 9 updates so that seems to be working again. I worked yesterday afternoon for about 3 hours and an additional hour last night on battery and didn't experience any lock-ups. Big improvement! Usually have to reboot once an hour. Ok, here is another FRST Scan w/ Additional:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-12-2013 01
Ran by BC (administrator) on CHINOOK on 12-12-2013 13:37:44
Running from C:\Users\BC\AppData\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Egis Technology Inc.) C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
() C:\Program Files\WordWeb\wweb32.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaUI.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [UnlockerAssistant] - C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1934632 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [SuiteTray] - C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715368 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [EgisUpdate] - C:\Program Files\EgisTec IPS\EgisUpdate.exe [202608 2011-03-28] (Egis Technology Inc.)
HKLM\...\Run: [EgisTecPMMUpdate] - C:\Program Files\EgisTec IPS\PmmUpdate.exe [408432 2011-03-28] (Egis Technology Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKCU\...\Run: [WordWeb] - C:\Program Files\WordWeb\wweb32.exe [77064 2012-04-21] ()
HKCU\...\Run: [SPEEDbitVideoAccelerator] - "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-07-29] ()
Startup: C:\Users\BC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk
ShortcutTarget: OpenOffice.org 3.4.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043
FF user.js: detected! => C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043\user.js
FF NewTab: user_pref("browser.newtab.url", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

Chrome:
=======
CHR HomePage: hxxp://start.search.us.com/v/2/?guid={54B51BB6-D4BF-48D7-8A97-B424C1127420}&serpv=5
CHR Extension: (Google Docs) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (avast! WebRep) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx

========================== Services (Whitelisted) =================

S3 EgisTec Ticket Service; C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe [173424 2011-04-02] (Egis Technology Inc. )
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [739944 2011-05-10] (Acer Incorporated)
R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.)
R2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated)
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [185632 2009-11-26] (Ralink Technology, Corp.)
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [21600 2011-08-09] (Egis Technology Inc.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16936 2011-08-09] (Egis Technology Inc.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [62240 2011-08-09] (Egis Technology Inc.)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [827904 2009-11-26] (Ralink Technology Corp.)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwsn00.sys [10382576 2013-07-25] (Intel Corporation)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [252520 2011-03-06] (Realtek Semiconductor Corp.)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S4 aswSP; No ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-12 13:33 - 2013-12-12 13:33 - 00000000 ____D C:\FRST
2013-12-12 10:50 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 10:50 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 10:34 - 2013-12-12 10:34 - 00347816 _____ (Microsoft Corporation) C:\Users\BC\Downloads\MicrosoftFixit.wu.LB.5231028965699254.1.1.Run.exe
2013-12-12 10:22 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 10:22 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 10:22 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 10:22 - 2013-10-29 20:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 10:22 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 10:22 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 10:22 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 10:22 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 10:22 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 10:22 - 2013-10-03 20:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 10:22 - 2013-10-03 20:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-06 14:24 - 2013-12-06 15:03 - 10085984 _____ (AVAST Software) C:\Users\BC\Downloads\avast_free_antivirus_setup.exe.part
2013-12-06 13:44 - 2013-12-06 13:44 - 50063360 _____ C:\Program Files\GUTD9CC.tmp
2013-12-06 13:44 - 2013-12-06 13:44 - 00774392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-05 15:06 - 2013-12-05 15:06 - 00000000 ____D C:\Users\BC\AppData\Roaming\LibreOffice
2013-12-05 14:58 - 2013-12-05 14:58 - 00002579 _____ C:\Users\Public\Desktop\LibreOffice 4.1.lnk
2013-12-05 13:57 - 2013-12-05 14:58 - 00000000 ____D C:\Program Files\LibreOffice 4
2013-12-05 13:05 - 2013-12-05 13:05 - 00000000 ____D C:\Users\BC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-12-05 12:57 - 2013-12-05 12:57 - 05745096 _____ (Hewlett-Packard Company ) C:\Users\BC\Downloads\sp31000.exe
2013-12-03 15:40 - 2013-12-05 15:18 - 00019018 _____ C:\Windows\IE11_main.log
2013-12-03 12:31 - 2013-12-03 12:31 - 00003288 ____N C:\bootsqm.dat
2013-11-29 16:19 - 2013-12-05 12:39 - 00018548 _____ C:\Windows\DPINST.LOG
2013-11-29 16:14 - 2013-11-29 16:14 - 00000000 ____D C:\Users\BC\AppData\Roaming\SystemRequirementsLab
2013-11-29 16:13 - 2013-11-29 16:13 - 00000000 ____D C:\Windows\Sun
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\ProgramData\Oracle
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-29 16:08 - 2013-11-29 16:07 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-29 16:07 - 2013-11-29 16:07 - 00000000 ____D C:\Program Files\Java
2013-11-29 15:48 - 2013-11-29 15:48 - 00000000 ____D C:\Program Files\SystemRequirementsLab
2013-11-29 10:13 - 2013-11-29 10:13 - 00000000 ____D C:\Users\BC\AppData\Local\Adobe
2013-11-27 14:53 - 2013-11-27 14:53 - 00000000 ___HD C:\Windows\PIF
2013-11-26 13:45 - 2013-11-26 13:45 - 00000360 _____ C:\Users\BC\Desktop\junk.txt
2013-11-25 15:45 - 2013-12-12 13:32 - 00004928 _____ C:\Windows\setupact.log
2013-11-25 15:45 - 2013-12-05 13:41 - 00002486 _____ C:\Windows\PFRO.log
2013-11-25 15:45 - 2013-11-25 15:45 - 00000000 _____ C:\Windows\setuperr.log
2013-11-25 14:07 - 2013-11-25 14:11 - 00000000 ____D C:\Users\BC\AppData\Roaming\OfficeRecovery
2013-11-25 14:07 - 2013-11-25 14:07 - 00000000 ____D C:\ProgramData\OfficeRecovery.d7cc0641
2013-11-24 15:25 - 2013-11-24 15:25 - 00001070 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-11-24 15:24 - 2013-11-24 15:24 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-11-22 10:24 - 2013-11-22 10:24 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVAST Software
2013-11-22 10:24 - 2013-11-22 10:23 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-22 10:23 - 2013-11-22 10:23 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-17 15:27 - 2013-11-17 15:27 - 00000000 ____D C:\2ded7b3cf452d17edf0e7189072a
2013-11-16 12:45 - 2013-11-16 12:45 - 00000000 ____D C:\Users\BC\AppData\Roaming\CrystalIdea Software
2013-11-15 13:06 - 2013-11-15 13:08 - 04066921 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst-lite.exe
2013-11-15 13:06 - 2013-11-15 13:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-14 15:40 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 15:40 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 15:40 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 15:39 - 2013-09-24 21:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 15:39 - 2013-09-24 21:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 15:39 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 15:39 - 2013-09-24 20:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 15:39 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 15:39 - 2013-09-24 20:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 15:39 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 15:39 - 2013-09-24 19:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 15:39 - 2013-09-24 19:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 15:39 - 2013-07-04 07:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-14 15:38 - 2013-10-02 20:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 15:37 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 15:37 - 2013-10-11 21:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 15:37 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 15:37 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\Users\BC\AppData\Roaming\Malwarebytes
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-13 13:27 - 2013-11-13 13:27 - 00013697 _____ C:\ComboFix.txt
2013-11-13 13:00 - 2013-11-13 13:27 - 00000000 ____D C:\Qoobox
2013-11-13 12:59 - 2013-11-13 13:24 - 00000000 ____D C:\Windows\erdnt

==================== One Month Modified Files and Folders =======

2013-12-12 13:35 - 2013-10-30 14:36 - 01612214 _____ C:\Windows\WindowsUpdate.log
2013-12-12 13:33 - 2013-12-12 13:33 - 00000000 ____D C:\FRST
2013-12-12 13:32 - 2013-11-25 15:45 - 00004928 _____ C:\Windows\setupact.log
2013-12-12 13:32 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-12 12:31 - 2012-06-12 14:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-12 12:27 - 2010-11-20 16:01 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-12 12:27 - 2009-07-13 23:34 - 00016160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-12 12:27 - 2009-07-13 23:34 - 00016160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-12 10:59 - 2009-07-13 23:33 - 00317776 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 10:55 - 2013-07-20 07:13 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 10:51 - 2011-12-16 19:04 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-12 10:34 - 2013-12-12 10:34 - 00347816 _____ (Microsoft Corporation) C:\Users\BC\Downloads\MicrosoftFixit.wu.LB.5231028965699254.1.1.Run.exe
2013-12-12 10:32 - 2012-06-12 14:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-12 10:32 - 2011-08-09 00:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-12 10:29 - 2013-03-17 10:38 - 00000000 ____D C:\Users\BC\AppData\Roaming\Skype
2013-12-11 19:10 - 2011-12-09 17:28 - 00000000 ____D C:\Users\BC\AppData\Roaming\vlc
2013-12-11 15:22 - 2012-08-01 15:00 - 00000000 ____D C:\Program Files\iCall
2013-12-11 14:53 - 2012-08-09 16:18 - 00000000 ____D C:\Windows\pss
2013-12-11 13:07 - 2011-12-09 16:03 - 00000000 ____D C:\Users\BC
2013-12-11 12:57 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\wfp
2013-12-11 12:56 - 2013-06-08 15:57 - 00000000 ____D C:\Windows\Minidump
2013-12-11 12:56 - 2012-04-07 13:33 - 00000000 ____D C:\Program Files\Unlocker
2013-12-11 12:56 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2013-12-08 14:59 - 2011-12-13 20:25 - 00000000 ____D C:\VirusTrap1
2013-12-06 15:03 - 2013-12-06 14:24 - 10085984 _____ (AVAST Software) C:\Users\BC\Downloads\avast_free_antivirus_setup.exe.part
2013-12-06 13:44 - 2013-12-06 13:44 - 50063360 _____ C:\Program Files\GUTD9CC.tmp
2013-12-06 13:44 - 2013-12-06 13:44 - 00774392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-06 13:44 - 2012-01-14 19:01 - 00000000 ____D C:\Program Files\Google
2013-12-05 17:57 - 2011-12-09 16:04 - 00070968 _____ C:\Users\BC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-05 15:18 - 2013-12-03 15:40 - 00019018 _____ C:\Windows\IE11_main.log
2013-12-05 15:06 - 2013-12-05 15:06 - 00000000 ____D C:\Users\BC\AppData\Roaming\LibreOffice
2013-12-05 14:58 - 2013-12-05 14:58 - 00002579 _____ C:\Users\Public\Desktop\LibreOffice 4.1.lnk
2013-12-05 14:58 - 2013-12-05 13:57 - 00000000 ____D C:\Program Files\LibreOffice 4
2013-12-05 13:41 - 2013-11-25 15:45 - 00002486 _____ C:\Windows\PFRO.log
2013-12-05 13:05 - 2013-12-05 13:05 - 00000000 ____D C:\Users\BC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-12-05 13:05 - 2013-11-07 12:55 - 00000929 _____ C:\Users\BC\Desktop\SpeedFan.lnk
2013-12-05 13:05 - 2013-11-07 12:55 - 00000045 _____ C:\Windows\system32\initdebug.nfo
2013-12-05 12:59 - 2011-08-09 00:00 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-12-05 12:57 - 2013-12-05 12:57 - 05745096 _____ (Hewlett-Packard Company ) C:\Users\BC\Downloads\sp31000.exe
2013-12-05 12:39 - 2013-11-29 16:19 - 00018548 _____ C:\Windows\DPINST.LOG
2013-12-04 14:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF
2013-12-03 12:31 - 2013-12-03 12:31 - 00003288 ____N C:\bootsqm.dat
2013-12-02 14:36 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2013-11-29 16:14 - 2013-11-29 16:14 - 00000000 ____D C:\Users\BC\AppData\Roaming\SystemRequirementsLab
2013-11-29 16:13 - 2013-11-29 16:13 - 00000000 ____D C:\Windows\Sun
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\ProgramData\Oracle
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-29 16:07 - 2013-11-29 16:08 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-29 16:07 - 2013-11-29 16:07 - 00000000 ____D C:\Program Files\Java
2013-11-29 15:48 - 2013-11-29 15:48 - 00000000 ____D C:\Program Files\SystemRequirementsLab
2013-11-29 10:13 - 2013-11-29 10:13 - 00000000 ____D C:\Users\BC\AppData\Local\Adobe
2013-11-27 14:53 - 2013-11-27 14:53 - 00000000 ___HD C:\Windows\PIF
2013-11-26 13:45 - 2013-11-26 13:45 - 00000360 _____ C:\Users\BC\Desktop\junk.txt
2013-11-25 15:45 - 2013-11-25 15:45 - 00000000 _____ C:\Windows\setuperr.log
2013-11-25 14:11 - 2013-11-25 14:07 - 00000000 ____D C:\Users\BC\AppData\Roaming\OfficeRecovery
2013-11-25 14:07 - 2013-11-25 14:07 - 00000000 ____D C:\ProgramData\OfficeRecovery.d7cc0641
2013-11-24 15:25 - 2013-11-24 15:25 - 00001070 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-11-24 15:24 - 2013-11-24 15:24 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-11-24 13:37 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-11-23 13:26 - 2013-12-12 10:22 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-22 10:24 - 2013-11-22 10:24 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVAST Software
2013-11-22 10:23 - 2013-11-22 10:24 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-22 10:23 - 2013-11-22 10:23 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-22 10:22 - 2013-03-16 13:05 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-22 09:58 - 2011-12-09 16:17 - 00000000 ____D C:\ProgramData\MFAData
2013-11-21 14:04 - 2011-12-09 16:03 - 00000000 ____D C:\Users\BC\AppData\Local\VirtualStore
2013-11-17 15:27 - 2013-11-17 15:27 - 00000000 ____D C:\2ded7b3cf452d17edf0e7189072a
2013-11-16 12:45 - 2013-11-16 12:45 - 00000000 ____D C:\Users\BC\AppData\Roaming\CrystalIdea Software
2013-11-16 12:39 - 2012-03-28 16:51 - 00000000 ____D C:\Program Files\WordWeb
2013-11-15 17:42 - 2013-10-30 14:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-15 13:08 - 2013-11-15 13:06 - 04066921 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst-lite.exe
2013-11-15 13:06 - 2013-11-15 13:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-15 12:50 - 2009-07-13 23:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-14 15:35 - 2013-10-30 14:27 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-14 15:21 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Public
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\Users\BC\AppData\Roaming\Malwarebytes
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-13 13:27 - 2013-11-13 13:27 - 00013697 _____ C:\ComboFix.txt
2013-11-13 13:27 - 2013-11-13 13:00 - 00000000 ____D C:\Qoobox
2013-11-13 13:24 - 2013-11-13 12:59 - 00000000 ____D C:\Windows\erdnt

Some content of TEMP:
====================
C:\Users\BC\AppData\Local\Temp\BackupSetup.exe
C:\Users\BC\AppData\Local\Temp\jxpiinstall(1).exe
C:\Users\BC\AppData\Local\Temp\jxpiinstall.exe
C:\Users\BC\AppData\Local\Temp\sfamcc00001.dll
C:\Users\BC\AppData\Local\Temp\sfareca00001.dll
C:\Users\BC\AppData\Local\Temp\sfextra.dll
C:\Users\BC\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-02 14:28

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-12-2013 01
Ran by BC at 2013-12-12 13:38:43
Running from C:\Users\BC\AppData\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Acer Crystal Eye Webcam (Version: 1.0.1904)
Acer ePower Management (Version: 6.00.3007)
Acer eRecovery Management (Version: 5.00.3502)
Acer Registration (Version: 1.04.3502)
Acer ScreenSaver (Version: 1.1.0617.2011)
Acer Updater (Version: 1.02.3500)
Acer VCM (Version: 4.05.3501)
Adobe AIR (Version: 3.7.0.1860)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
BrowseSmart (Version: 2013.11.21.002241)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
D3DX10 (Version: 15.4.2368.0902)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
Identity Card (Version: 1.00.3501)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.14.10.2230)
Intel® Rapid Storage Technology (Version: 10.1.0.1008)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Junk Mail filter update (Version: 15.4.3502.0922)
Launch Manager (Version: 5.1.4)
LibreOffice 4.1 Help Pack (English (United States)) (Version: 4.1.3.2)
LibreOffice 4.1.3.2 (Version: 4.1.3.2)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MSVCRT (Version: 15.4.2862.0708)
MyWinLocker 4 (Version: 4.0.14.25)
MyWinLocker Suite (Version: 4.0.14.15)
OpenOffice 4.0.1 (Version: 4.01.9714)
Ralink RT2870 Wireless LAN Card (Version: 1.5.6.0)
Realtek Ethernet Controller Driver (Version: 7.37.1229.2010)
Realtek High Definition Audio Driver (Version: 6.0.1.6307)
Realtek PCIE Card Reader (Version: 6.1.7600.78)
SelectionLinks (Version: 1.0)
Shredder (Version: 2.0.8.9)
Skype™ 6.6 (Version: 6.6.106)
SpeedFan (remove only)
Synaptics Pointing Device Driver (Version: 15.1.18.0)
System Requirements Lab for Intel (Version: 4.5.13.0)
Unlocker 1.9.1 (Version: 1.9.1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VLC media player 2.1.0 (Version: 2.1.0)
Welcome Center (Version: 1.02.3503)
Windows Live (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WordWeb (Version: 6)

==================== Restore Points =========================

17-11-2013 20:27:19 Windows Update
19-11-2013 15:18:55 Windows Update
19-11-2013 16:09:33 Windows Update
21-11-2013 15:16:29 Installed AVG 2014
22-11-2013 15:22:56 avast! antivirus system restore point
24-11-2013 19:38:27 Restore Operation
24-11-2013 19:47:17 Removed OpenOffice 4.0.1
24-11-2013 20:23:18 Installed OpenOffice 4.0.1
25-11-2013 19:06:11 Installed Recovery for Writer 1.7.20461.2 Demo License
25-11-2013 19:20:22 Removed Recovery for Writer 1.7.20461.2 Demo License
29-11-2013 20:47:29 Installed System Requirements Lab for Intel
29-11-2013 21:06:53 Installed Java 7 Update 45
03-12-2013 20:40:22 Windows Update
04-12-2013 19:42:26 Windows Update
04-12-2013 21:24:53 Windows Update
05-12-2013 18:56:28 Installed LibreOffice 4.1 Help Pack (English (United States))
05-12-2013 19:53:42 Installed LibreOffice 4.1.3.2
05-12-2013 20:17:06 Windows Update
06-12-2013 18:42:52 avast! antivirus system restore point
06-12-2013 20:46:12 Windows Update
07-12-2013 17:31:18 Windows Update
07-12-2013 20:43:08 Windows Update
08-12-2013 21:46:40 Windows Update
09-12-2013 17:13:23 Windows Update
12-12-2013 15:49:43 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:04 - 2013-03-25 12:17 - 00000098 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {00B7BDB0-B402-40C1-A4CB-D569BBDC1A4E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-12] (Adobe Systems Incorporated)
Task: {3C61BF98-B1A3-445D-813B-4B8B80A5F2E7} - System32\Tasks\{2F8EB3EA-875C-4E36-8380-B9F8CF6B71B2} => C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {3FD60D5F-A872-4150-835E-A0B1D7A891A6} - System32\Tasks\{423C745D-CEB9-4720-834B-5910ADC6F8D5} => C:\Program Files\tinySpell\tinyspell.exe
Task: {4A0CE86E-3B42-4A6A-8F59-93EF2A9C3340} - System32\Tasks\{47C8FCC1-4B89-44C5-A945-3D30301AE89B} => Firefox.exe
Task: {56D88B04-85C7-4410-BAEB-912E432705C3} - System32\Tasks\Adobe ARM => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-05-11] (Adobe Systems Incorporated)
Task: {7BAA9F29-A535-41A3-ADCB-FD77A7459241} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1434271250-535229840-3131482536-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {82A70256-A65B-45B0-A289-2F52D670FF40} - System32\Tasks\{6977321E-CE53-4746-8B61-77A4D12D0423} => Firefox.exe
Task: {8E432221-B688-49C4-8CCA-6611CFA9F602} - System32\Tasks\{16C26C30-E35C-44AE-AFED-771B87A2A222} => C:\Program Files\OpenOffice.org
Task: {92FB80DF-3D46-471B-A2A6-DC3D2FB09EF5} - System32\Tasks\{764A393D-633B-439A-9593-6364EADF016A} => C:\Program Files\Moyea\FLV Editor Lite\FlvEditorLite.exe
Task: {9B8F7347-CAB4-4C1B-82A3-2B0CF9EE341F} - System32\Tasks\{C978A38F-7358-4587-9AE2-A8C10C5E6928} => C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Task: {A369E454-F732-460B-BE75-6CEBF9561A1D} - System32\Tasks\{7A078B64-317B-47E5-AEED-6DA886061D18} => Firefox.exe
Task: {B0E4A562-7DF8-4567-92AD-2FAE0D3847C9} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1434271250-535229840-3131482536-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {D5E81E6D-48AE-44AC-9B70-500CE81575B1} - System32\Tasks\{A82B7F6C-83D4-4711-AAFD-454886EA6197} => C:\Program Files\iCall\iCall.exe
Task: {F417EE00-20DF-4F86-8D2B-967557058F93} - System32\Tasks\{3E9059AE-66C4-4070-B46D-2D805B2D2D4D} => C:\Program Files\tinySpell\tinyspell.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2010-07-04 16:32 - 2010-07-04 16:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2010-07-04 16:32 - 2010-07-04 16:32 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2012-03-28 16:51 - 2012-07-15 11:27 - 02216480 ____N () C:\Windows\wweb32.dll
2012-03-28 16:51 - 2012-07-15 11:25 - 00022800 ____N () C:\Program Files\WordWeb\WUCNT.dll
2011-12-21 17:40 - 2009-11-26 17:02 - 00918816 _____ () C:\Program Files\Ralink\Common\RaWLAPI.dll
2013-11-15 13:06 - 2013-11-15 13:06 - 03363952 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/12/2013 01:32:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/12/2013 00:20:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/12/2013 00:11:55 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/12/2013 11:53:29 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/12/2013 10:59:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/12/2013 10:04:50 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2013 09:14:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2013 08:35:22 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2013 06:25:15 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2013 03:20:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============

Microsoft Office Sessions:
=========================
Error: (12/12/2013 01:32:05 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/12/2013 00:20:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/12/2013 00:11:55 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/12/2013 11:53:29 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/12/2013 10:59:22 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/12/2013 10:04:50 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2013 09:14:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2013 08:35:22 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2013 06:25:15 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2013 03:20:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 62%
Total physical RAM: 1011.87 MB
Available physical RAM: 381.2 MB
Total Pagefile: 2035.87 MB
Available Pagefile: 1303.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1926.97 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:219.79 GB) (Free:167.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: E2768EF3)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

Advertisements


#86
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
I do not see Avast at all so it probably needs to be reinstalled.

Is SpeedFan working for you? How are the temps? If not working, uninstall it.

I see SpeedBit Video Accelerator running but can't see where it was installed. Did you install it?
  • 0

#87
brycrip

brycrip

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 395 posts
Gee... I thought I had dumped SpeedBit Video Accelerator months ago. Went to Uninstall Programs and don't see it listed. Where could it be hiding?

Somehow lost Speedfan and had to re-download it. Seems to work fine but Core temps. are still in the lower 60's. Can Speedfan adjust the settings?

I'll re-install AVAST!
  • 0

#88
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
We can remove Speedbit with FRST:

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that

In Speedfan if you check the Automatic Fan Speed sometimes that helps. On some PCs you can also get Speedfan to control the fan directly tho I have never been able to get it to work.

Sometimes if you prop up the back of a laptop with a book (without blocking the vents it will run a bit cooler.) 60 is probably not going to cause any problems tho.

I've got to run in to town so will be off line for about 2 hours.
  • 0

#89
brycrip

brycrip

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 395 posts
Here my FRST Fix and another scan:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-12-2013 01
Ran by BC at 2013-12-13 11:38:28 Run:1
Running from C:\Users\BC\AppData\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKCU\...\Run: [SPEEDbitVideoAccelerator] - "C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe" /startup
ShortcutTarget: OpenOffice.org 3.4.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)
C:\Program Files\SpeedBit Video Accelerator
*****************

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\SPEEDbitVideoAccelerator => Value deleted successfully.
C:\Program Files\OpenOffice.org 3\program\quickstart.exe not found.
"C:\Program Files\SpeedBit Video Accelerator" => File/Directory not found.

==== End of Fixlog ====

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-12-2013 01
Ran by BC (administrator) on CHINOOK on 13-12-2013 11:40:00
Running from C:\Users\BC\AppData\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files\Acer\Registration\GREGsvc.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaRegistry.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\RS_Service.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(Egis Technology Inc.) C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Program Files\WordWeb\wweb32.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(FreeDownloadManager.ORG) C:\Program Files\Free Download Manager\fdm.exe
(Acer Incorporated) C:\Program Files\Acer\Acer VCM\AcerVCM.exe
(Ralink Technology, Corp.) C:\Program Files\Ralink\Common\RaUI.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [UnlockerAssistant] - C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1934632 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [SuiteTray] - C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715368 2011-05-10] (Acer Incorporated)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [1081424 2011-03-14] (Dritek System Inc.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [EgisUpdate] - C:\Program Files\EgisTec IPS\EgisUpdate.exe [202608 2011-03-28] (Egis Technology Inc.)
HKLM\...\Run: [EgisTecPMMUpdate] - C:\Program Files\EgisTec IPS\PmmUpdate.exe [408432 2011-03-28] (Egis Technology Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKCU\...\Run: [WordWeb] - C:\Program Files\WordWeb\wweb32.exe [77064 2012-04-21] ()
HKCU\...\Run: [Free Download Manager] - C:\Program Files\Free Download Manager\fdm.exe [6950400 2013-10-25] (FreeDownloadManager.ORG)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-07-29] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2010-07-29] ()
Startup: C:\Users\BC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk
ShortcutTarget: OpenOffice.org 3.4.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.2.10.2 172.16.60.253

FireFox:
========
FF ProfilePath: C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043
FF user.js: detected! => C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043\user.js
FF NewTab: user_pref("browser.newtab.url", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.4.53 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: fdm_ffext - C:\Users\BC\AppData\Roaming\Mozilla\Firefox\Profiles\sevjm9wi.default-1384098992043\Extensions\[email protected]
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

Chrome:
=======
CHR HomePage: hxxp://start.search.us.com/v/2/?guid={54B51BB6-D4BF-48D7-8A97-B424C1127420}&serpv=5
CHR Extension: (Google Docs) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (avast! WebRep) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR Extension: (Gmail) - C:\Users\BC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx

========================== Services (Whitelisted) =================

S3 EgisTec Ticket Service; C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe [173424 2011-04-02] (Egis Technology Inc. )
R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [739944 2011-05-10] (Acer Incorporated)
R2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [29696 2011-05-26] (Acer Incorporated)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.)
R2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376 2012-04-05] (Acer Incorporated)
R2 RalinkRegistryWriter; C:\Program Files\Ralink\Common\RaRegistry.exe [185632 2009-11-26] (Ralink Technology, Corp.)
R2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
R1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [21600 2011-08-09] (Egis Technology Inc.)
R1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16936 2011-08-09] (Egis Technology Inc.)
R1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [62240 2011-08-09] (Egis Technology Inc.)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [827904 2009-11-26] (Ralink Technology Corp.)
R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwsn00.sys [10382576 2013-07-25] (Intel Corporation)
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [252520 2011-03-06] (Realtek Semiconductor Corp.)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S4 aswSP; No ImagePath
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-13 11:35 - 2013-12-13 11:38 - 00000000 ____D C:\FRST
2013-12-12 14:36 - 2013-12-13 11:23 - 00000000 ____D C:\Program Files\SpeedFan
2013-12-12 14:01 - 2013-12-13 11:35 - 00000000 ____D C:\Users\BC\AppData\Roaming\Free Download Manager
2013-12-12 13:59 - 2013-12-12 13:59 - 00000000 ____D C:\Program Files\Free Download Manager
2013-12-12 13:53 - 2013-12-12 13:53 - 04066921 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst-lite.exe
2013-12-12 10:50 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 10:50 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 10:34 - 2013-12-12 10:34 - 00347816 _____ (Microsoft Corporation) C:\Users\BC\Downloads\MicrosoftFixit.wu.LB.5231028965699254.1.1.Run.exe
2013-12-12 10:22 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 10:22 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 10:22 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 10:22 - 2013-10-29 20:27 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 10:22 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 10:22 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 10:22 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 10:22 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 10:22 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 10:22 - 2013-10-03 20:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 10:22 - 2013-10-03 20:17 - 00177152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-06 14:24 - 2013-12-06 15:03 - 10085984 _____ (AVAST Software) C:\Users\BC\Downloads\avast_free_antivirus_setup.exe.part
2013-12-06 13:44 - 2013-12-06 13:44 - 50063360 _____ C:\Program Files\GUTD9CC.tmp
2013-12-06 13:44 - 2013-12-06 13:44 - 00774392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-05 15:06 - 2013-12-05 15:06 - 00000000 ____D C:\Users\BC\AppData\Roaming\LibreOffice
2013-12-05 14:58 - 2013-12-05 14:58 - 00002579 _____ C:\Users\Public\Desktop\LibreOffice 4.1.lnk
2013-12-05 13:57 - 2013-12-05 14:58 - 00000000 ____D C:\Program Files\LibreOffice 4
2013-12-05 13:05 - 2013-12-05 13:05 - 00000000 ____D C:\Users\BC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-12-05 12:57 - 2013-12-05 12:57 - 05745096 _____ (Hewlett-Packard Company ) C:\Users\BC\Downloads\sp31000.exe
2013-12-03 15:40 - 2013-12-05 15:18 - 00019018 _____ C:\Windows\IE11_main.log
2013-12-03 12:31 - 2013-12-03 12:31 - 00003288 ____N C:\bootsqm.dat
2013-11-29 16:19 - 2013-12-05 12:39 - 00018548 _____ C:\Windows\DPINST.LOG
2013-11-29 16:14 - 2013-11-29 16:14 - 00000000 ____D C:\Users\BC\AppData\Roaming\SystemRequirementsLab
2013-11-29 16:13 - 2013-11-29 16:13 - 00000000 ____D C:\Windows\Sun
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\ProgramData\Oracle
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-29 16:08 - 2013-11-29 16:07 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-29 16:07 - 2013-11-29 16:07 - 00000000 ____D C:\Program Files\Java
2013-11-29 15:48 - 2013-11-29 15:48 - 00000000 ____D C:\Program Files\SystemRequirementsLab
2013-11-29 10:13 - 2013-11-29 10:13 - 00000000 ____D C:\Users\BC\AppData\Local\Adobe
2013-11-27 14:53 - 2013-11-27 14:53 - 00000000 ___HD C:\Windows\PIF
2013-11-26 13:45 - 2013-11-26 13:45 - 00000360 _____ C:\Users\BC\Desktop\junk.txt
2013-11-25 15:45 - 2013-12-13 11:31 - 00005432 _____ C:\Windows\setupact.log
2013-11-25 15:45 - 2013-12-12 14:37 - 00003148 _____ C:\Windows\PFRO.log
2013-11-25 15:45 - 2013-11-25 15:45 - 00000000 _____ C:\Windows\setuperr.log
2013-11-25 14:07 - 2013-11-25 14:11 - 00000000 ____D C:\Users\BC\AppData\Roaming\OfficeRecovery
2013-11-25 14:07 - 2013-11-25 14:07 - 00000000 ____D C:\ProgramData\OfficeRecovery.d7cc0641
2013-11-24 15:25 - 2013-11-24 15:25 - 00001070 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-11-24 15:24 - 2013-11-24 15:24 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-11-22 10:24 - 2013-11-22 10:24 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVAST Software
2013-11-22 10:24 - 2013-11-22 10:23 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-22 10:23 - 2013-11-22 10:23 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-17 15:27 - 2013-11-17 15:27 - 00000000 ____D C:\2ded7b3cf452d17edf0e7189072a
2013-11-16 12:45 - 2013-11-16 12:45 - 00000000 ____D C:\Users\BC\AppData\Roaming\CrystalIdea Software
2013-11-15 13:06 - 2013-11-15 13:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-14 15:40 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 15:40 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 15:40 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 15:39 - 2013-09-24 21:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 15:39 - 2013-09-24 21:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 15:39 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 15:39 - 2013-09-24 20:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 15:39 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 15:39 - 2013-09-24 20:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 15:39 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 15:39 - 2013-09-24 19:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 15:39 - 2013-09-24 19:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 15:39 - 2013-07-04 07:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-14 15:38 - 2013-10-02 20:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 15:37 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 15:37 - 2013-10-11 21:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 15:37 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 15:37 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\Users\BC\AppData\Roaming\Malwarebytes
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-13 13:27 - 2013-11-13 13:27 - 00013697 _____ C:\ComboFix.txt
2013-11-13 13:00 - 2013-11-13 13:27 - 00000000 ____D C:\Qoobox
2013-11-13 12:59 - 2013-11-13 13:24 - 00000000 ____D C:\Windows\erdnt

==================== One Month Modified Files and Folders =======

2013-12-13 11:39 - 2009-07-13 23:34 - 00016160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-13 11:39 - 2009-07-13 23:34 - 00016160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-13 11:38 - 2013-12-13 11:35 - 00000000 ____D C:\FRST
2013-12-13 11:35 - 2013-12-12 14:01 - 00000000 ____D C:\Users\BC\AppData\Roaming\Free Download Manager
2013-12-13 11:35 - 2013-10-30 14:36 - 01730395 _____ C:\Windows\WindowsUpdate.log
2013-12-13 11:31 - 2013-11-25 15:45 - 00005432 _____ C:\Windows\setupact.log
2013-12-13 11:31 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-13 11:23 - 2013-12-12 14:36 - 00000000 ____D C:\Program Files\SpeedFan
2013-12-13 10:31 - 2012-06-12 14:28 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-13 10:26 - 2013-03-17 10:38 - 00000000 ____D C:\Users\BC\AppData\Roaming\Skype
2013-12-13 09:32 - 2013-03-17 10:38 - 00000000 ___RD C:\Program Files\Skype
2013-12-13 09:32 - 2011-08-09 00:29 - 00000000 ____D C:\ProgramData\Skype
2013-12-12 19:25 - 2011-12-09 17:28 - 00000000 ____D C:\Users\BC\AppData\Roaming\vlc
2013-12-12 18:42 - 2010-11-20 16:01 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-12 14:37 - 2013-11-25 15:45 - 00003148 _____ C:\Windows\PFRO.log
2013-12-12 14:36 - 2013-11-07 12:55 - 00000929 _____ C:\Users\BC\Desktop\SpeedFan.lnk
2013-12-12 14:36 - 2013-11-07 12:55 - 00000045 _____ C:\Windows\system32\initdebug.nfo
2013-12-12 13:59 - 2013-12-12 13:59 - 00000000 ____D C:\Program Files\Free Download Manager
2013-12-12 13:53 - 2013-12-12 13:53 - 04066921 _____ (FreeDownloadManager.ORG ) C:\Users\BC\Downloads\fdminst-lite.exe
2013-12-12 10:59 - 2009-07-13 23:33 - 00317776 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 10:55 - 2013-07-20 07:13 - 00000000 ____D C:\Windows\system32\MRT
2013-12-12 10:51 - 2011-12-16 19:04 - 88123800 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-12 10:34 - 2013-12-12 10:34 - 00347816 _____ (Microsoft Corporation) C:\Users\BC\Downloads\MicrosoftFixit.wu.LB.5231028965699254.1.1.Run.exe
2013-12-12 10:32 - 2012-06-12 14:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-12 10:32 - 2011-08-09 00:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 14:53 - 2012-08-09 16:18 - 00000000 ____D C:\Windows\pss
2013-12-11 13:07 - 2011-12-09 16:03 - 00000000 ____D C:\Users\BC
2013-12-11 12:57 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\wfp
2013-12-11 12:56 - 2013-06-08 15:57 - 00000000 ____D C:\Windows\Minidump
2013-12-11 12:56 - 2012-04-07 13:33 - 00000000 ____D C:\Program Files\Unlocker
2013-12-11 12:56 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\registration
2013-12-08 14:59 - 2011-12-13 20:25 - 00000000 ____D C:\VirusTrap1
2013-12-06 15:03 - 2013-12-06 14:24 - 10085984 _____ (AVAST Software) C:\Users\BC\Downloads\avast_free_antivirus_setup.exe.part
2013-12-06 13:44 - 2013-12-06 13:44 - 50063360 _____ C:\Program Files\GUTD9CC.tmp
2013-12-06 13:44 - 2013-12-06 13:44 - 00774392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-06 13:44 - 2012-01-14 19:01 - 00000000 ____D C:\Program Files\Google
2013-12-05 17:57 - 2011-12-09 16:04 - 00070968 _____ C:\Users\BC\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-05 15:18 - 2013-12-03 15:40 - 00019018 _____ C:\Windows\IE11_main.log
2013-12-05 15:06 - 2013-12-05 15:06 - 00000000 ____D C:\Users\BC\AppData\Roaming\LibreOffice
2013-12-05 14:58 - 2013-12-05 14:58 - 00002579 _____ C:\Users\Public\Desktop\LibreOffice 4.1.lnk
2013-12-05 14:58 - 2013-12-05 13:57 - 00000000 ____D C:\Program Files\LibreOffice 4
2013-12-05 13:05 - 2013-12-05 13:05 - 00000000 ____D C:\Users\BC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
2013-12-05 12:59 - 2011-08-09 00:00 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-12-05 12:57 - 2013-12-05 12:57 - 05745096 _____ (Hewlett-Packard Company ) C:\Users\BC\Downloads\sp31000.exe
2013-12-05 12:39 - 2013-11-29 16:19 - 00018548 _____ C:\Windows\DPINST.LOG
2013-12-04 14:16 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF
2013-12-03 12:31 - 2013-12-03 12:31 - 00003288 ____N C:\bootsqm.dat
2013-12-02 14:36 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2013-11-29 16:14 - 2013-11-29 16:14 - 00000000 ____D C:\Users\BC\AppData\Roaming\SystemRequirementsLab
2013-11-29 16:13 - 2013-11-29 16:13 - 00000000 ____D C:\Windows\Sun
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\ProgramData\Oracle
2013-11-29 16:08 - 2013-11-29 16:08 - 00000000 ____D C:\Program Files\Common Files\Java
2013-11-29 16:07 - 2013-11-29 16:08 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-11-29 16:07 - 2013-11-29 16:07 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-11-29 16:07 - 2013-11-29 16:07 - 00000000 ____D C:\Program Files\Java
2013-11-29 15:48 - 2013-11-29 15:48 - 00000000 ____D C:\Program Files\SystemRequirementsLab
2013-11-29 10:13 - 2013-11-29 10:13 - 00000000 ____D C:\Users\BC\AppData\Local\Adobe
2013-11-27 14:53 - 2013-11-27 14:53 - 00000000 ___HD C:\Windows\PIF
2013-11-26 13:45 - 2013-11-26 13:45 - 00000360 _____ C:\Users\BC\Desktop\junk.txt
2013-11-25 15:45 - 2013-11-25 15:45 - 00000000 _____ C:\Windows\setuperr.log
2013-11-25 14:11 - 2013-11-25 14:07 - 00000000 ____D C:\Users\BC\AppData\Roaming\OfficeRecovery
2013-11-25 14:07 - 2013-11-25 14:07 - 00000000 ____D C:\ProgramData\OfficeRecovery.d7cc0641
2013-11-24 15:25 - 2013-11-24 15:25 - 00001070 _____ C:\Users\Public\Desktop\OpenOffice 4.0.1.lnk
2013-11-24 15:24 - 2013-11-24 15:24 - 00000000 ____D C:\Program Files\OpenOffice 4
2013-11-24 13:37 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-11-23 13:26 - 2013-12-12 10:22 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-22 10:24 - 2013-11-22 10:24 - 00000000 ____D C:\Users\BC\AppData\Roaming\AVAST Software
2013-11-22 10:23 - 2013-11-22 10:24 - 00178304 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-22 10:23 - 2013-11-22 10:23 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-22 10:22 - 2013-03-16 13:05 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-22 09:58 - 2011-12-09 16:17 - 00000000 ____D C:\ProgramData\MFAData
2013-11-21 14:04 - 2011-12-09 16:03 - 00000000 ____D C:\Users\BC\AppData\Local\VirtualStore
2013-11-17 15:27 - 2013-11-17 15:27 - 00000000 ____D C:\2ded7b3cf452d17edf0e7189072a
2013-11-16 12:45 - 2013-11-16 12:45 - 00000000 ____D C:\Users\BC\AppData\Roaming\CrystalIdea Software
2013-11-16 12:39 - 2012-03-28 16:51 - 00000000 ____D C:\Program Files\WordWeb
2013-11-15 17:42 - 2013-10-30 14:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-15 13:06 - 2013-11-15 13:06 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-15 12:50 - 2009-07-13 23:53 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-14 15:35 - 2013-10-30 14:27 - 00001069 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-11-14 15:21 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Public
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\Users\BC\AppData\Roaming\Malwarebytes
2013-11-14 13:16 - 2013-11-14 13:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-13 13:27 - 2013-11-13 13:27 - 00013697 _____ C:\ComboFix.txt
2013-11-13 13:27 - 2013-11-13 13:00 - 00000000 ____D C:\Qoobox
2013-11-13 13:24 - 2013-11-13 12:59 - 00000000 ____D C:\Windows\erdnt

Some content of TEMP:
====================
C:\Users\BC\AppData\Local\Temp\BackupSetup.exe
C:\Users\BC\AppData\Local\Temp\jxpiinstall(1).exe
C:\Users\BC\AppData\Local\Temp\jxpiinstall.exe
C:\Users\BC\AppData\Local\Temp\sfamcc00001.dll
C:\Users\BC\AppData\Local\Temp\sfextra.dll
C:\Users\BC\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-02 14:28

==================== End Of Log ============================
  • 0

#90
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,031 posts
  • MVP
OK That got rid of Speedbit. How is it running now? Any more lockups?

You have a shortcut at C:\Users\BC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk which points to a file which is no longer there. Might as well remove the OpenOffice.org 3.4.lnk
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP