Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Computer Crashing and Nonresponding Programs [Closed]


  • This topic is locked This topic is locked

#1
Delilah45

Delilah45

    Member

  • Member
  • PipPip
  • 26 posts
I have a small notebook computer. I am not sure what is causing this, but almost all programs on my computer are crawling, or end in a "Not Responding" message. I have tried running Malwarebytes but it always crashes before finishing. It is not unusual for most or all of the memory on my computer to read as 80% or more on Task Manager. Recently the computer has started to crash suddenly, just blacking out.

OTL logfile created on: 12/11/2013 4:04:15 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bria\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1012.30 Mb Total Physical Memory | 97.36 Mb Available Physical Memory | 9.62% Memory free
2.10 Gb Paging File | 0.27 Gb Available in Paging File | 12.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 284.99 Gb Total Space | 258.31 Gb Free Space | 90.64% Space Free | Partition Type: NTFS

Computer Name: BRIA-PC | User Name: Bria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/12 15:54:35 | 001,210,320 | ---- | M] (Google Inc.) -- C:\Windows\Temp\CR_36DF3.tmp\setup.exe
PRC - [2013/11/12 15:30:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bria\Downloads\OTL.exe
PRC - [2013/11/06 15:35:00 | 035,305,312 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\Install\{7F9535E0-A1C7-4EC5-9425-9B34B1246BAD}\31.0.1650.48_chrome_installer.exe
PRC - [2013/09/30 09:51:00 | 000,754,024 | ---- | M] (McAfee, Inc.) -- c:\Program Files\McAfee\SiteAdvisor\saUI.exe
PRC - [2013/09/04 09:45:03 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013/09/02 15:35:59 | 000,829,392 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/29 21:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/05/25 16:13:56 | 000,151,912 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2012/05/25 16:07:30 | 000,161,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
PRC - [2012/05/25 16:07:04 | 000,166,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
PRC - [2012/02/06 16:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/08/02 11:00:04 | 000,715,368 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2011/08/02 11:00:02 | 000,739,944 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2011/08/02 10:59:58 | 000,469,608 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2011/07/13 20:34:17 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/06/30 21:51:14 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LMutilps32.exe
PRC - [2011/06/30 21:51:14 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LMworker.exe
PRC - [2011/06/30 21:51:12 | 001,103,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2011/06/30 21:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2011/06/06 15:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/29 21:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
PRC - [2011/05/12 15:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/05/12 01:04:12 | 000,723,560 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2011/03/28 22:49:06 | 000,408,432 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec IPS\PmmUpdate.exe
PRC - [2011/03/28 22:48:54 | 000,202,608 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec IPS\EgisUpdate.exe
PRC - [2011/03/07 03:45:22 | 001,755,136 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2011/01/27 21:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
PRC - [2010/11/12 01:24:10 | 001,602,344 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2010/11/12 01:24:08 | 001,812,264 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010/11/06 03:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/06/01 18:32:18 | 000,966,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
PRC - [2010/06/01 18:29:24 | 002,057,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
PRC - [2010/01/29 19:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/02 15:35:56 | 000,410,576 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppgooglenaclpluginchrome.dll
MOD - [2013/09/02 15:35:55 | 013,599,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
MOD - [2013/09/02 15:35:54 | 004,053,456 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
MOD - [2013/09/02 15:35:04 | 000,709,584 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\libglesv2.dll
MOD - [2013/09/02 15:35:03 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\libegl.dll
MOD - [2013/09/02 15:35:01 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\29.0.1547.66\ffmpegsumo.dll


========== Services (SafeList) ==========

SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/23 10:55:10 | 000,362,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\virusscan\mcods.exe -- (McODS)
SRV - [2012/05/25 16:13:56 | 000,151,912 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/05/25 16:07:30 | 000,161,664 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/05/25 16:07:04 | 000,166,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/02/06 16:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2011/08/02 11:00:02 | 000,739,944 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2011/06/30 21:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/06/21 15:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/06/07 11:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/06 15:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/29 21:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/05/12 15:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/03/08 20:00:46 | 000,203,080 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\McAfee\msc\McAWFwk.exe -- (McAWFwk)
SRV - [2011/03/07 03:45:22 | 001,755,136 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/01/27 21:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 21:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 21:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV - [2011/01/27 21:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 21:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 21:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 21:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 21:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/11/20 16:29:12 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010/11/06 03:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/06/01 18:29:24 | 002,057,560 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/01/29 19:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - [2013/04/04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/02/22 12:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 12:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 12:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 12:29:46 | 000,169,608 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/02/22 12:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 12:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 12:29:46 | 000,064,912 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2012/02/22 12:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 12:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/12/30 05:03:00 | 001,338,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igddim32.sys -- (igddim32)
DRV - [2011/12/19 04:46:13 | 000,062,240 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2011/12/19 04:46:13 | 000,021,600 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2011/12/19 04:46:13 | 000,016,936 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2011/06/09 10:37:56 | 000,278,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2011/05/30 03:03:34 | 000,254,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 16:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/11/10 08:28:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013/11/12 10:28:37 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\29.0.1547.66\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: Google Docs = C:\Users\Bria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Bria\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Bria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Bria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SiteAdvisor = C:\Users\Bria\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1271_1\
CHR - Extension: Lazarus: Form Recovery = C:\Users\Bria\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno\3.0.5_0\
CHR - Extension: Google Wallet = C:\Users\Bria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Bria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\mcafee\systemcore\ScriptSn.20130902195126.dll (McAfee, Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [GfxServiceInstall] C:\Windows\System32\GfxCUIServiceInstall.vbs ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F3DD2BF-30AF-491E-A15A-42071BFCFB08}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{552d631b-2168-11e3-abc5-047d7b4ff539}\Shell - "" = AutoRun
O33 - MountPoints2\{552d631b-2168-11e3-abc5-047d7b4ff539}\Shell\AutoRun\command - "" = D:\KODAK_Camera_Setup_App.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/12 10:26:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

========== Files - Modified Within 30 Days ==========

[2013/11/12 15:50:35 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/12 15:40:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/12 15:20:31 | 000,628,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/11/12 15:20:29 | 000,110,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/11/12 15:15:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/12 10:30:05 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/12 10:30:05 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/12 10:20:46 | 796,102,656 | -HS- | M] () -- C:\hiberfil.sys

========== Files Created - No Company Name ==========

[2013/10/02 13:10:58 | 000,050,524 | ---- | C] () -- C:\Users\Bria\AppData\Local\recently-used.xbel
[2013/09/02 08:37:00 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2013/09/02 08:37:00 | 000,039,672 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT
[2013/09/02 08:37:00 | 000,033,076 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE4.DAT
[2013/09/02 08:37:00 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2013/09/02 08:37:00 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat
[2013/09/02 08:37:00 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2013/09/02 08:37:00 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2013/09/02 08:37:00 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2013/09/02 08:37:00 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2013/09/02 08:37:00 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2012/01/05 22:16:12 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/01/05 22:16:11 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/12/19 04:24:47 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/09/02 11:13:50 | 000,000,000 | ---D | M] -- C:\Users\Bria\AppData\Roaming\Screensaver
[2013/09/09 10:01:02 | 000,000,000 | ---D | M] -- C:\Users\Bria\AppData\Roaming\TP

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 12/11/2013 3:31:48 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bria\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1012.30 Mb Total Physical Memory | 118.65 Mb Available Physical Memory | 11.72% Memory free
2.05 Gb Paging File | 0.38 Gb Available in Paging File | 18.56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 284.99 Gb Total Space | 258.44 Gb Free Space | 90.68% Space Free | Partition Type: NTFS

Computer Name: BRIA-PC | User Name: Bria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05BDA96C-936A-49EB-BF6F-09A79ACACAF5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{069059BA-A339-4A78-BF6C-FF91010DD389}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{48C7BC0A-05FE-4379-9D43-39C71D8F512B}" = lport=139 | protocol=6 | dir=in | app=system |
"{49A67672-8F5D-4688-9F55-7E883F23D20B}" = lport=138 | protocol=17 | dir=in | app=system |
"{4CE87528-05C8-4E6F-8226-4D4987BA0B76}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4F751B8A-F78A-4BDC-953C-E656D54D2168}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{61C16BDD-3C34-4F8B-ACB8-5A75A524679E}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{6C48E47D-A037-41BF-840C-3A51E6619CA9}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{76FD95A8-D1E9-4C62-BE34-C869A76E50D7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7842B863-F3B0-47EA-8C9D-AAE6DA14A405}" = lport=445 | protocol=6 | dir=in | app=system |
"{7EA1248E-F177-4132-A332-2FFA55959CBE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{856D77ED-40D0-44FD-89CC-E87173150CEA}" = rport=445 | protocol=6 | dir=out | app=system |
"{89EA3990-D5C9-4428-A4FE-F99CFE087A83}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{9B505CAF-C1CF-4B22-A1F8-83E540FFFFB1}" = rport=137 | protocol=17 | dir=out | app=system |
"{A8D40493-E095-49C0-8A52-C5622DE95816}" = rport=139 | protocol=6 | dir=out | app=system |
"{C3D9625E-C0C6-4522-B40F-D613E24D7A57}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C3EE4E77-03DF-43C1-9358-F7DD32E88EF5}" = rport=138 | protocol=17 | dir=out | app=system |
"{C6549988-8F93-4CED-8238-D26CA0416AD9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D982494A-3F6A-41CF-A6AD-7E21E531F330}" = lport=137 | protocol=17 | dir=in | app=system |
"{ED131962-FF92-4ED6-BC9F-51AE1381C7BB}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F8EB72D6-B9E6-4BE2-BE3F-5D5BD33C16C0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FA464D37-CBCC-49A9-AEC9-B4E525700E1A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1493E4A1-C1FA-4CF0-8455-A9F3942484CA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{196AD412-EA05-4A5D-9B0B-190DCB8AC7BC}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{1A4B9F3D-DBD7-4F4E-999D-1D9E5EA16078}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{20908255-439B-4B68-8DFF-329F272F3693}" = protocol=58 | dir=in | [email protected],-28545 |
"{32316A1E-E0F1-48D3-A7BF-176165ED871D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3F42F3A3-FF02-469B-9308-B5BA44FDE8F6}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{4760E619-93F4-40E4-8A82-ED58ED3B9891}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{8A1B2283-E64C-43DE-97B9-1C31533AD23C}" = protocol=1 | dir=out | [email protected],-28544 |
"{BFA5A030-2B4B-48E7-B881-598D132E046D}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D3B5BE08-35AE-4747-87F1-AD20FE294848}" = protocol=1 | dir=in | [email protected],-28543 |
"{E7D1416D-5158-41AF-84D2-39F88B6B3501}" = protocol=58 | dir=out | [email protected],-28546 |
"{FFF9A17D-E9B8-4FEB-BABD-04B387523F93}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0A1651F1-7E0F-4613-93FE-967F5BC3C1B7}" = Windows Live Remote Service Resources
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{17504ED4-DB08-40A8-81C2-27D8C01581DA}" = Windows Live Remote Service Resources
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{28921580-E4BB-11E0-9FD7-1CC1DEF07CBE}" = Evernote v. 4.5.1
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{41B72CAF-036B-4E0A-8D22-F5DF7C970434}" = Windows Live Remote Client Resources
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{464B3406-A4D0-4914-910F-7CA4380DCC13}" = Windows Live Remote Client Resources
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4C774C35-E0AF-72E1-136A-2BF666702268}" = Fooz Kids
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5C8BC258-A629-4DF2-97D0-E106C2A9B1BD}" = Windows Live Remote Client Resources
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D68CE08-9A14-4B7B-9857-3C646A2F34C7}" = Fooz Kids Platform
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB93C51F-71F9-4A28-8134-FE1B5B9373E9}" = Windows Live Remote Service Resources
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C28D96C0-6A90-459E-A077-A6706F4EC0FC}" = Bing Bar
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{DFDBE1F9-04CE-4645-BB6C-4590EABC7A9C}" = Windows Live Remote Client Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E6617B44-D556-49AC-B2A3-01451E115043}" = Windows Live Remote Service Resources
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Elantech" = ETDWare PS/2-X86 8.0.6.0_WHQL
"FoozKids" = Fooz Kids
"GIMP-2_is1" = GIMP 2.8.6
"Google Chrome" = Google Chrome
"Identity Card" = Identity Card
"Inkscape" = Inkscape 0.48.4
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MSC" = McAfee Internet Security Suite
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WTA-037dad97-7c61-41e6-a42c-3f0d8a2127e7" = Running Sheep
"WTA-33d777ba-74ce-4f3c-980a-60e9c7f64afe" = Bejeweled 3
"WTA-40c0d62e-a928-427a-9cf1-c0442da22506" = Alice's Magical Mahjong
"WTA-46f3e31f-d312-41af-93b5-21272b6bcff9" = Diego's Ultimate Rescue
"WTA-64950341-94bb-491c-a589-7e463b175e49" = My Farm Life
"WTA-7a30ee0d-0711-46b3-9d83-f156e8af82b0" = Skip-Bo - Castaway Caper
"WTA-8427a7f0-e897-4354-a615-d2eec01f2c36" = Akhra: The Treasures
"WTA-aeb3434b-2fb5-4e21-8db9-e901b6f881c5" = Wedding Dash
"WTA-b5a5c117-0e3e-4e32-aa5d-48305743fa9b" = Chuzzle Deluxe
"WTA-b899d3d7-4a43-4736-b7aa-877f13f49653" = Insaniquarium Deluxe
"WTA-bf2c7424-404b-4243-988a-94b11958410a" = My Kingdom for the Princess 3
"WTA-d644a0d6-efd0-4e2e-9e84-438ee786660e" = Super Granny 6
"WTA-e23f7fa7-c358-4baf-8f6b-f75c1ec1cb1c" = Final Drive: Nitro
"WTA-eb039f3c-6526-4843-975b-c49b42bb1c8a" = Slingo Deluxe

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 03/09/2013 10:50:12 AM | Computer Name = Bria-PC | Source = Application Hang | ID = 1002
Description = The program gimp-2.8.exe version 2.8.6.0 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1e80 Start
Time: 01cea8b400046a59 Termination Time: 1558 Application Path: C:\Program Files\GIMP
2\bin\gimp-2.8.exe Report Id: 6a4f7c84-14a7-11e3-82d4-047d7b4ff539

Error - 05/09/2013 11:31:55 AM | Computer Name = Bria-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 25/09/2013 1:22:18 AM | Computer Name = Bria-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 25/09/2013 1:22:18 AM | Computer Name = Bria-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 25/09/2013 1:22:18 AM | Computer Name = Bria-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 25/09/2013 1:22:18 AM | Computer Name = Bria-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 25/09/2013 1:22:18 AM | Computer Name = Bria-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 25/09/2013 1:22:18 AM | Computer Name = Bria-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 25/09/2013 1:22:18 AM | Computer Name = Bria-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 25/09/2013 1:22:18 AM | Computer Name = Bria-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 25/09/2013 1:22:18 AM | Computer Name = Bria-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 25/09/2013 1:22:18 AM | Computer Name = Bria-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068


< End of report >
  • 0

Advertisements


#2
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello and welcome to Geeks to Go! My nickname is Pystryker :) , and I will be helping you with your issue today.

Please note: I am currently in training and all my fixes must be approved by my teacher before being posted. This gives you the advantage of having two people working to solve your problems.

Before we get started, I have a few things I need to go over with you

  • Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
  • Please subscribe to this topic. By subscribing, the board will notify you when a new reply is added to your topic. You can find instructions on how to do that by clicking here.
  • If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
  • Please read through my instructions carefully and completely before executing them.
  • Please make sure that all the programs I ask you to download are downloaded to and run from your Desktop.
  • Please make sure you print out these instructions so that you will be able to refer to them while working on your machine. Part of the solution(s) to your problem may involve us working in Safe Mode and you will need them to go by.
  • Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
  • Please read through my instructions carefully and make sure you complete them from start to finish. I will make sure that I lay the instructions out in a step by step order to make them easy to follow
  • This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
  • Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms and the machine is perhaps running better, does not indicate a clean machine. I promise to do the same for you.
  • Please make sure you reply within 3 days to my responses, if there is no reply within 3 days, the topic will be closed and you will need to request the topic be reopened.
  • Before we get started, please remember we will do our best to get your machine repaired. However, there are some cases where the only solution is a reformat and reinstall of the operating system. This is a worst case scenario though.
  • It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
  • If possible, please have your original Windows installation disks handy, just in case.
  • If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
  • If you are unsure of an instruction I give you, or if something unexepected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
  • Please copy and paste the contents of any requested logs in your replies. Do not attach the log files in your replies unless requested to do so.
  • Please remember, the fixes are for your machine and your machine ONLY!



Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future

Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way. :)

Now, let's get started, shall we? :thumbsup:

Hello, I'm currently working on a fix for your machine for approval, and will post back when it's approved. :)
  • 0

#3
Delilah45

Delilah45

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Thanks for looking at this :)
  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Thanks for looking at this :)


You are very welcome :) :thumbsup:
  • 0

#5
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi, we have some work to do, so let's get started. :)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: OTL Fix

Let's run an OTL fix:

Warning: This fix is to be used on this system and this system ONLY. Using this fix on any other machine other than yours can seriously damage it.

Be advised that when the fix commences, it will shut down all running processes and you may lose the desktop and icons, they will return on reboot.

Run OTL

  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

Posted Image

:Commands
[createrestorepoint]

:OTL
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

:Commands
[emptytemp]





  • Click the Run Fix button at the top of the OTL control panel.
  • Let the program run until it's finished and then reboot the computer.
  • Once your machine has rebooted, a log will open. Please post that log in your next reply.
  • Open OTL and click the Quick Scan button.
  • When it finishes, it will produce a log. Please post that log in your next reply as well.

If you have any problems, questions, or need further explanation, please post a message in this thread and I will get back to you asap.



Step 2: AdwCleane


Download ADWcleaner by clicking here. Please save it to your Desktop


Posted Image

  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, click the Clean button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
  • Click the Report button and the log will open. Copy and Paste the contents of the log file into your next reply.
This report is also saved at C:\AdwCleaner[R0].txt

Step 3: Junkware Removal Tool


Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Step 4: aswMBR Scan


  • Please download aswMBR.exe to your desktop.
  • Double click the file to run it.
  • It will ask if you want to download the latest Avast! virus definitions, please answer yes.

Posted Image

  • Click the Scan button to begin the scan.

Posted Image

  • Once the scan has finished, click on Save Log, save it to your desktop as asw.txt, and please post it in your next reply.
  • Click Exit


Step 5: OTL Quick Scan


  • Start OTL and this time click the Quick Scan button
  • OTL will scan your system and produce one log when finished.
  • Please post that log in your next reply.


Things I need to see in your next post:

OTL Fix Log

AdwCleaner Log

Junkware Removal Tool Log

aswMBR Log

OTL Quick Scan Log

  • 0

#6
Delilah45

Delilah45

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Bria
->Temp folder emptied: 7038626 bytes
->Temporary Internet Files folder emptied: 21954199 bytes
->Google Chrome cache emptied: 571364129 bytes
->Flash cache emptied: 57289 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 500236708 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,050.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12012013_220646

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\LMutilps32.log scheduled to be moved on reboot.
C:\Windows\temp\mcafee_mngaiBskLjcyaBo moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

# AdwCleaner v3.014 - Report created 02/12/2013 at 12:03:01
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Starter Service Pack 1 (32 bits)
# Username : Bria - BRIA-PC
# Running from : C:\Users\Bria\Downloads\adwcleaner (1).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Public\Desktop\eBay.lnk

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v31.0.1650.57

[ File : C:\Users\Bria\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1097 octets] - [02/12/2013 11:08:54]
AdwCleaner[S0].txt - [1027 octets] - [02/12/2013 12:03:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1087 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Starter x86
Ran by Bria on 02/12/2013 at 12:23:16.79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/12/2013 at 12:34:03.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-12-02 12:51:59
-----------------------------
12:51:59.496 OS Version: Windows 6.1.7601 Service Pack 1
12:51:59.497 Number of processors: 4 586 0x3601
12:51:59.502 ComputerName: BRIA-PC UserName: Bria
12:52:02.980 Initialize success
12:54:01.505 The log file has been saved successfully to "C:\Users\Bria\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-12-02 12:58:41
-----------------------------
12:58:41.310 OS Version: Windows 6.1.7601 Service Pack 1
12:58:41.312 Number of processors: 4 586 0x3601
12:58:41.318 ComputerName: BRIA-PC UserName: Bria
12:58:43.880 Initialize success
13:00:27.235 AVAST engine defs: 13120202
13:00:52.903 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
13:00:52.932 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 3
13:00:53.506 Disk 0 MBR read successfully
13:00:53.514 Disk 0 MBR scan
13:00:56.449 Disk 0 Windows 7 default MBR code
13:00:56.471 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
13:00:58.171 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 27265024
13:00:58.227 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 291831 MB offset 27469824
13:00:58.328 Disk 0 scanning sectors +625139712
13:00:59.871 Disk 0 scanning C:\Windows\system32\drivers
13:02:49.779 Service scanning
13:04:16.842 Modules scanning
13:04:37.184 Disk 0 trace - called modules:
13:04:37.285 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll
13:04:37.305 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85bb3030]
13:04:37.325 3 CLASSPNP.SYS[86dd859e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8443b028]
13:04:40.664 AVAST engine scan C:\Windows
13:04:51.867 AVAST engine scan C:\Windows\system32
13:16:24.099 AVAST engine scan C:\Windows\system32\drivers
13:16:56.240 AVAST engine scan C:\Users\Bria
13:21:11.164 AVAST engine scan C:\ProgramData
13:22:33.967 Scan finished successfully
13:26:34.480 Disk 0 MBR has been saved successfully to "C:\Users\Bria\Desktop\MBR.dat"
13:26:34.556 The log file has been saved successfully to "C:\Users\Bria\Desktop\aswMBR.txt"

OTL logfile created on: 02/12/2013 1:28:51 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bria\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

1012.30 Mb Total Physical Memory | 248.65 Mb Available Physical Memory | 24.56% Memory free
2.02 Gb Paging File | 0.58 Gb Available in Paging File | 28.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 284.99 Gb Total Space | 254.01 Gb Free Space | 89.13% Space Free | Partition Type: NTFS

Computer Name: BRIA-PC | User Name: Bria | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/14 06:29:33 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/11/12 15:30:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bria\Downloads\OTL.exe
PRC - [2013/09/04 09:45:03 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/29 21:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012/05/25 16:13:56 | 000,151,912 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe
PRC - [2012/05/25 16:07:30 | 000,161,664 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
PRC - [2012/05/25 16:07:04 | 000,166,320 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe
PRC - [2012/03/21 20:16:10 | 001,318,816 | ---- | M] (McAfee, Inc.) -- C:\Program Files\mcafee.com\agent\mcagent.exe
PRC - [2012/02/06 16:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/08/02 11:00:04 | 000,715,368 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
PRC - [2011/08/02 11:00:02 | 000,739,944 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
PRC - [2011/08/02 10:59:58 | 000,469,608 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
PRC - [2011/07/13 20:34:17 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/06/30 21:51:14 | 000,418,896 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LMutilps32.exe
PRC - [2011/06/30 21:51:14 | 000,343,632 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LMworker.exe
PRC - [2011/06/30 21:51:12 | 001,103,440 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2011/06/30 21:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\dsiwmis.exe
PRC - [2011/06/06 15:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/29 21:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Registration\GREGsvc.exe
PRC - [2011/05/12 15:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/05/12 01:04:12 | 000,723,560 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\AcerVCM.exe
PRC - [2011/03/28 22:49:06 | 000,408,432 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec IPS\PmmUpdate.exe
PRC - [2011/03/28 22:48:54 | 000,202,608 | ---- | M] (Egis Technology Inc.) -- C:\Program Files\EgisTec IPS\EgisUpdate.exe
PRC - [2011/03/07 03:45:22 | 001,755,136 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
PRC - [2011/01/27 21:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
PRC - [2010/11/12 01:24:10 | 001,602,344 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrlHelper.exe
PRC - [2010/11/12 01:24:08 | 001,812,264 | ---- | M] (ELAN Microelectronics Corp.) -- C:\Program Files\Elantech\ETDCtrl.exe
PRC - [2010/11/06 03:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/07/12 22:30:42 | 000,032,944 | ---- | M] () -- C:\Program Files\BitKinex\bitkinexsvc.exe
PRC - [2010/06/01 18:32:18 | 000,966,488 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe
PRC - [2010/06/01 18:29:24 | 002,057,560 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe
PRC - [2010/01/29 19:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer VCM\RS_Service.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/14 06:29:31 | 000,399,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 06:29:29 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 06:28:37 | 000,702,416 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
MOD - [2013/11/14 06:28:36 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\libegl.dll
MOD - [2013/11/14 06:28:34 | 001,619,408 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2013/08/07 14:25:24 | 000,093,696 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll


========== Services (SafeList) ==========

SRV - [2013/11/30 08:40:44 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/05/26 23:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/08/23 10:55:10 | 000,362,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\virusscan\mcods.exe -- (McODS)
SRV - [2012/05/25 16:13:56 | 000,151,912 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\System32\mfevtps.exe -- (mfevtp)
SRV - [2012/05/25 16:07:30 | 000,161,664 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV - [2012/05/25 16:07:04 | 000,166,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2012/02/06 16:54:04 | 000,255,376 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2011/08/02 11:00:02 | 000,739,944 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2011/06/30 21:51:12 | 000,353,360 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/06/21 15:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/06/07 11:25:12 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/06 15:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/29 21:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/05/12 15:59:00 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/03/08 20:00:46 | 000,203,080 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- c:\Program Files\McAfee\msc\McAWFwk.exe -- (McAWFwk)
SRV - [2011/03/07 03:45:22 | 001,755,136 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/01/27 21:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2011/01/27 21:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2011/01/27 21:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McOobeSv)
SRV - [2011/01/27 21:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2011/01/27 21:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2011/01/27 21:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2011/01/27 21:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2011/01/27 21:28:14 | 000,214,904 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/11/06 03:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/10/12 12:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/07/12 22:30:42 | 000,032,944 | ---- | M] () [Auto | Running] -- C:\Program Files\BitKinex\bitkinexsvc.exe -- (BitKinex)
SRV - [2010/06/01 18:29:24 | 002,057,560 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/01/29 19:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Unknown] -- -- (mfeavfk01)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Bria\AppData\Local\Temp\aswMBR.sys -- (aswMBR)
DRV - [2013/04/04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/02/22 12:29:46 | 000,464,304 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2012/02/22 12:29:46 | 000,340,920 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2012/02/22 12:29:46 | 000,180,848 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2012/02/22 12:29:46 | 000,169,608 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mfewfpk.sys -- (mfewfpk)
DRV - [2012/02/22 12:29:46 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2012/02/22 12:29:46 | 000,087,656 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2012/02/22 12:29:46 | 000,064,912 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfenlfk.sys -- (mfenlfk)
DRV - [2012/02/22 12:29:46 | 000,059,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2012/02/22 12:29:46 | 000,057,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/12/30 05:03:00 | 001,338,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igddim32.sys -- (igddim32)
DRV - [2011/12/19 04:46:13 | 000,062,240 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV - [2011/12/19 04:46:13 | 000,021,600 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV - [2011/12/19 04:46:13 | 000,016,936 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2011/06/09 10:37:56 | 000,278,528 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2011/05/30 03:03:34 | 000,254,056 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 16:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2013/11/10 08:28:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013/12/02 12:56:25 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - Extension: Google Docs = C:\Users\Bria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Bria\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Bria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Bria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: SiteAdvisor = C:\Users\Bria\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1271_1\
CHR - Extension: Lazarus: Form Recovery = C:\Users\Bria\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno\3.0.5_0\
CHR - Extension: Google Wallet = C:\Users\Bria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Users\Bria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 16:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4 - HKLM..\Run: [GfxServiceInstall] C:\Windows\System32\GfxCUIServiceInstall.vbs ()
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Download with BitKinex - C:\Program Files\BitKinex\ieext_cp.htm ()
O8 - Extra context menu item: &Register in BitKinex - C:\Program Files\BitKinex\ieext_reg.htm ()
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CBF583E-75C1-400D-A10C-C4274642BA05}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8CBF583E-75C1-400D-A10C-C4274642BA05}: NameServer = 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F3DD2BF-30AF-491E-A15A-42071BFCFB08}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{552d631b-2168-11e3-abc5-047d7b4ff539}\Shell - "" = AutoRun
O33 - MountPoints2\{552d631b-2168-11e3-abc5-047d7b4ff539}\Shell\AutoRun\command - "" = D:\KODAK_Camera_Setup_App.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/02 12:56:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2013/12/02 12:23:00 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/12/02 11:08:28 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/01 22:06:46 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/11/30 08:31:15 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013/11/13 12:13:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitKinex
[2013/11/13 12:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\BitKinex
[2013/11/13 12:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\BitKinex
[2013/11/13 11:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
[2013/11/12 19:41:01 | 000,000,000 | ---D | C] -- C:\Users\Bria\AppData\Roaming\FileZilla
[2013/11/12 19:40:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2013/11/12 19:40:05 | 000,000,000 | ---D | C] -- C:\Program Files\FileZilla FTP Client

========== Files - Modified Within 30 Days ==========

[2013/12/02 13:26:34 | 000,000,512 | ---- | M] () -- C:\Users\Bria\Desktop\MBR.dat
[2013/12/02 13:03:26 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/02 13:03:26 | 000,016,160 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/02 12:49:50 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/02 12:49:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/02 12:49:07 | 151,818,260 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/12/02 12:49:05 | 796,102,656 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/02 12:40:02 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/02 12:14:57 | 000,628,460 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/02 12:14:57 | 000,110,612 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/02 12:08:13 | 000,259,112 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/11/30 08:40:56 | 000,016,284 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013/11/28 10:30:15 | 000,002,133 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/11/13 12:21:45 | 000,000,061 | ---- | M] () -- C:\Users\Bria\Desktop\Access cPanel Webmail.url
[2013/11/13 12:13:53 | 000,001,957 | ---- | M] () -- C:\Users\Bria\Application Data\Microsoft\Internet Explorer\Quick Launch\BitKinex.lnk
[2013/11/13 11:20:26 | 000,000,000 | -H-- | M] () -- C:\Users\Bria\Documents\Default.rdp
[2013/11/12 20:20:27 | 000,001,548 | ---- | M] () -- C:\Users\Bria\AppData\Local\recently-used.xbel

========== Files Created - No Company Name ==========

[2013/12/02 13:26:34 | 000,000,512 | ---- | C] () -- C:\Users\Bria\Desktop\MBR.dat
[2013/11/30 08:40:56 | 000,016,284 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013/11/30 08:31:03 | 151,818,260 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013/11/13 12:21:45 | 000,000,061 | ---- | C] () -- C:\Users\Bria\Desktop\Access cPanel Webmail.url
[2013/11/13 12:13:53 | 000,001,957 | ---- | C] () -- C:\Users\Bria\Application Data\Microsoft\Internet Explorer\Quick Launch\BitKinex.lnk
[2013/11/13 11:20:26 | 000,000,000 | -H-- | C] () -- C:\Users\Bria\Documents\Default.rdp
[2013/11/12 20:20:27 | 000,001,548 | ---- | C] () -- C:\Users\Bria\AppData\Local\recently-used.xbel
[2013/09/02 08:37:00 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2013/09/02 08:37:00 | 000,039,672 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT
[2013/09/02 08:37:00 | 000,033,076 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE4.DAT
[2013/09/02 08:37:00 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2013/09/02 08:37:00 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat
[2013/09/02 08:37:00 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2013/09/02 08:37:00 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2013/09/02 08:37:00 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2013/09/02 08:37:00 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2013/09/02 08:37:00 | 000,000,032 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2012/01/05 22:16:12 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2012/01/05 22:16:11 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/12/19 04:24:47 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 20:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 16:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/11/13 09:39:02 | 000,000,000 | ---D | M] -- C:\Users\Bria\AppData\Roaming\FileZilla
[2013/09/02 11:13:50 | 000,000,000 | ---D | M] -- C:\Users\Bria\AppData\Roaming\Screensaver
[2013/09/09 10:01:02 | 000,000,000 | ---D | M] -- C:\Users\Bria\AppData\Roaming\TP

========== Purity Check ==========



< End of report >
  • 0

#7
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi :) Thank you for the logs. A quick question: How is the machine running?
  • 0

#8
Delilah45

Delilah45

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Better than before. The memory still seems full, but it freezes less often.
  • 0

#9
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Better than before. The memory still seems full, but it freezes less often.


Ok, thank you :) We've still some work to do then. I've submitted what I want to do next to my teacher for approval, but it will be the morning before he responds. We're getting there. :) :thumbsup:
  • 0

#10
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi, I'd like to take a look with a different tool. :)



Scan with Farbar Recovery Scan Tool

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to your desktop.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.


  • Restart the computer.
  • As soon as the BIOS is loaded, start tapping the F8 key until the Advanced Boot Options Menu appears.
  • Select Safe Mode and hit Enter.
  • Once the computer has booted into Safe Mode double click (or right click and select "Run as Administrator") the FRST tool.
  • FRST will begin scanning when completed, will produce a log called FRST.txt and a log called Additions.txt on your desktop.
  • Please post both logs in your next reply.

  • 0

Advertisements


#11
Delilah45

Delilah45

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
Looking in task manager I saw rundll32.exe

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2013
Ran by Bria (administrator) on BRIA-PC on 03-12-2013 09:52:53
Running from C:\Users\Bria\Desktop
Microsoft Windows 7 Starter Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Windows\System32\userinit.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [mcui_exe] - C:\Program Files\mcafee.com\agent\mcagent.exe [1318816 2012-03-21] (McAfee, Inc.)
HKLM\...\Run: [SuiteTray] - C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM\...\Run: [Norton Online Backup] - C:\Program Files\Symantec\Norton Online Backup\NOBuClient.exe [966488 2010-06-01] (Symantec Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [GfxServiceInstall] - C:\Windows\System32\GfxCUIServiceInstall.vbs [131 2011-12-30] ()
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [1103440 2011-06-30] (Dritek System Inc.)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [1812264 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2011-05-18] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [715368 2011-08-02] (Acer Incorporated)
MountPoints2: {552d631b-2168-11e3-abc5-047d7b4ff539} - D:\KODAK_Camera_Setup_App.exe
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2011-09-12] ()
HKU\Default User\...\RunOnce: [ScrSav] - C:\Program Files\Acer\Screensaver\run_Acer.exe [ 2011-09-12] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{8CBF583E-75C1-400D-A10C-C4274642BA05}: [NameServer]208.67.222.222

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~1\mcafee\msc\npmcsn~1.dll ()
CHR Extension: (Google Docs) - C:\Users\Bria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Bria\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Bria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Bria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (SiteAdvisor) - C:\Users\Bria\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.6.3.1271_1
CHR Extension: (Lazarus: Form Recovery) - C:\Users\Bria\AppData\Local\Google\Chrome\User Data\Default\Extensions\loljledaigphbcpfhfmgopdkppkifgno\3.0.5_0
CHR Extension: (Google Wallet) - C:\Users\Bria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Bria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx

========================== Services (Whitelisted) =================

S2 BitKinex; C:\Program Files\BitKinex\bitkinexsvc.exe [32944 2010-07-12] ()
S3 EgisTec Ticket Service; C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe [173424 2011-06-21] (Egis Technology Inc. )
S2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [739944 2011-08-02] (Acer Incorporated)
S2 GREGService; C:\Program Files\Acer\Registration\GREGsvc.exe [36456 2011-05-29] (Acer Incorporated)
S2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.)
S2 Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [255376 2012-02-06] (Acer Incorporated)
S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [214904 2011-01-27] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\McAfee\msc\McAWFwk.exe [203080 2011-03-08] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [214904 2011-01-27] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [214904 2011-01-27] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [214904 2011-01-27] (McAfee, Inc.)
S2 McNASvc; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [214904 2011-01-27] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [362008 2012-08-23] (McAfee, Inc.)
S2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [214904 2011-01-27] (McAfee, Inc.)
S2 McProxy; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [214904 2011-01-27] (McAfee, Inc.)
S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [166320 2012-05-25] (McAfee, Inc.)
S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [161664 2012-05-25] (McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [151912 2012-05-25] (McAfee, Inc.)
S2 MSK80Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [214904 2011-01-27] (McAfee, Inc.)
S2 NOBU; C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe [2057560 2010-06-01] (Symantec Corporation)
S2 RS_Service; C:\Program Files\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)

==================== Drivers (Whitelisted) ====================

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [57600 2012-02-22] (McAfee, Inc.)
R3 ETD; C:\Windows\System32\DRIVERS\ETD.sys [116008 2010-11-12] (ELAN Microelectronics Corp.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [121544 2012-02-22] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [180848 2012-02-22] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [59456 2012-02-22] (McAfee, Inc.)
S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [340920 2012-02-22] (McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [464304 2012-02-22] (McAfee, Inc.)
S1 mfenlfk; C:\Windows\System32\DRIVERS\mfenlfk.sys [64912 2012-02-22] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [87656 2012-02-22] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [169608 2012-02-22] (McAfee, Inc.)
S1 mwlPSDFilter; C:\Windows\System32\DRIVERS\mwlPSDFilter.sys [21600 2011-12-19] (Egis Technology Inc.)
S1 mwlPSDNServ; C:\Windows\System32\DRIVERS\mwlPSDNServ.sys [16936 2011-12-19] (Egis Technology Inc.)
S1 mwlPSDVDisk; C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys [62240 2011-12-19] (Egis Technology Inc.)
S3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [254056 2011-05-30] (Realtek Semiconductor Corp.)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-03 09:52 - 2013-12-03 09:54 - 00010560 _____ C:\Users\Bria\Desktop\FRST.txt
2013-12-03 09:52 - 2013-12-03 09:52 - 00000000 ____D C:\FRST
2013-12-03 09:45 - 2013-12-03 09:47 - 01092389 _____ (Farbar) C:\Users\Bria\Desktop\FRST.exe
2013-12-02 13:54 - 2013-12-02 13:54 - 00062702 _____ C:\Users\Bria\Desktop\OTL2.Txt
2013-12-02 13:26 - 2013-12-02 13:26 - 00000512 _____ C:\Users\Bria\Desktop\MBR.dat
2013-12-02 12:57 - 2013-12-02 12:58 - 04745728 _____ (AVAST Software) C:\Users\Bria\Downloads\aswmbr (1).exe
2013-12-02 12:53 - 2013-12-02 13:26 - 00002358 _____ C:\Users\Bria\Desktop\aswMBR.txt
2013-12-02 12:49 - 2013-12-02 12:49 - 00144272 _____ C:\Windows\Minidump\120213-24258-01.dmp
2013-12-02 12:36 - 2013-12-02 12:36 - 04745728 _____ (AVAST Software) C:\Users\Bria\Downloads\aswmbr.exe
2013-12-02 12:34 - 2013-12-02 12:34 - 00000892 _____ C:\Users\Bria\Desktop\JRT.txt
2013-12-02 12:23 - 2013-12-02 12:23 - 00000000 ____D C:\Windows\ERUNT
2013-12-02 12:18 - 2013-12-02 12:19 - 01034531 _____ (Thisisu) C:\Users\Bria\Downloads\JRT.exe
2013-12-02 12:11 - 2013-12-02 12:11 - 00001167 _____ C:\Users\Bria\Desktop\AdwCleaner[S0].txt
2013-12-02 11:08 - 2013-12-02 12:03 - 00000000 ____D C:\AdwCleaner
2013-12-02 10:56 - 2013-12-02 10:58 - 01110034 _____ C:\Users\Bria\Downloads\adwcleaner (1).exe
2013-12-02 10:56 - 2013-12-02 10:57 - 01110034 _____ C:\Users\Bria\Downloads\adwcleaner.exe
2013-12-01 22:43 - 2013-12-01 22:43 - 00061292 _____ C:\Users\Bria\Desktop\OTL.Txt
2013-12-01 22:06 - 2013-12-01 22:06 - 00000000 ____D C:\_OTL
2013-11-30 08:41 - 2013-11-30 08:41 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-30 08:41 - 2013-11-30 08:41 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-30 08:41 - 2013-11-30 08:41 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-30 08:41 - 2013-11-30 08:41 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-30 08:41 - 2013-11-30 08:41 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-30 08:41 - 2013-11-30 08:41 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-30 08:41 - 2013-11-30 08:41 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-30 08:41 - 2013-11-30 08:41 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-30 08:41 - 2013-11-30 08:41 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-30 08:41 - 2013-11-30 08:41 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-30 08:41 - 2013-11-30 08:41 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-30 08:41 - 2013-11-30 08:41 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-30 08:41 - 2013-11-30 08:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-30 08:41 - 2013-11-30 08:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-30 08:41 - 2013-11-30 08:41 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-30 08:40 - 2013-11-30 08:41 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-30 08:40 - 2013-11-30 08:40 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-30 08:40 - 2013-11-30 08:40 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-30 08:40 - 2013-11-30 08:40 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-30 08:40 - 2013-11-30 08:40 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-30 08:40 - 2013-11-30 08:40 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-30 08:40 - 2013-11-30 08:40 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-30 08:40 - 2013-11-30 08:40 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-30 08:40 - 2013-11-30 08:40 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-30 08:40 - 2013-11-30 08:40 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-30 08:40 - 2013-11-30 08:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-30 08:40 - 2013-11-30 08:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-30 08:31 - 2013-12-02 12:49 - 151818260 _____ C:\Windows\MEMORY.DMP
2013-11-30 08:31 - 2013-12-02 12:49 - 00000000 ____D C:\Windows\Minidump
2013-11-30 08:31 - 2013-11-30 08:31 - 00140056 _____ C:\Windows\Minidump\113013-34257-01.dmp
2013-11-28 10:17 - 2013-09-03 20:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-28 10:17 - 2013-09-03 20:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-28 10:16 - 2013-09-03 20:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-28 10:16 - 2013-09-03 20:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-28 10:16 - 2013-09-03 20:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-28 10:16 - 2013-09-03 20:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-28 10:16 - 2013-09-03 20:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-28 10:13 - 2013-11-30 08:47 - 00012404 _____ C:\Windows\IE11_main.log
2013-11-13 12:25 - 2013-11-13 12:25 - 00020194 _____ C:\Users\Bria\Downloads\index.php
2013-11-13 12:25 - 2013-11-13 12:25 - 00020194 _____ C:\Users\Bria\Downloads\index (1).php
2013-11-13 12:21 - 2013-11-13 12:21 - 00000061 _____ C:\Users\Bria\Desktop\Access cPanel Webmail.url
2013-11-13 12:13 - 2013-11-13 12:13 - 00000000 ____D C:\ProgramData\BitKinex
2013-11-13 12:13 - 2013-11-13 12:13 - 00000000 ____D C:\Program Files\BitKinex
2013-11-13 12:09 - 2013-11-13 12:10 - 08465752 _____ (Barad-Dur, LLC. ) C:\Users\Bria\Downloads\bitkinex323.exe
2013-11-13 11:54 - 2013-11-13 11:54 - 02424384 _____ (Microsoft Corporation) C:\Users\Bria\Downloads\Webfldrs-KB907306-ENU.exe
2013-11-13 11:54 - 2013-11-13 11:54 - 00000000 ____D C:\Program Files\MSECache
2013-11-13 11:20 - 2013-11-13 11:20 - 00000000 ____H C:\Users\Bria\Documents\Default.rdp
2013-11-13 08:58 - 2013-11-13 08:58 - 00000000 ____D C:\Users\Bria\Downloads\account_link_0.7.9
2013-11-13 08:56 - 2013-11-13 08:57 - 00068043 _____ C:\Users\Bria\Downloads\account_link_0.7.9.zip
2013-11-12 20:20 - 2013-11-12 20:20 - 00001548 _____ C:\Users\Bria\AppData\Local\recently-used.xbel
2013-11-12 20:02 - 2013-11-12 20:02 - 00000000 ____D C:\Users\Bria\Downloads\celticdreams
2013-11-12 19:41 - 2013-11-13 09:39 - 00000000 ____D C:\Users\Bria\AppData\Roaming\FileZilla
2013-11-12 19:40 - 2013-11-12 19:40 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2013-11-12 19:35 - 2013-11-12 19:35 - 01077648 _____ (Ask.com) C:\Users\Bria\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe
2013-11-12 19:08 - 2013-11-12 19:08 - 00000000 ____D C:\Users\Bria\Downloads\DarkFantasy_1.0.18
2013-11-12 19:02 - 2013-11-12 19:02 - 01156823 _____ C:\Users\Bria\Downloads\celticdreams.zip
2013-11-12 19:02 - 2013-11-12 19:02 - 00599317 _____ C:\Users\Bria\Downloads\DarkFantasy_1.0.18.zip
2013-11-12 19:02 - 2013-11-12 19:02 - 00599317 _____ C:\Users\Bria\Downloads\DarkFantasy_1.0.18 (1).zip
2013-11-12 15:59 - 2013-11-12 15:59 - 00041200 _____ C:\Users\Bria\Downloads\Extras.Txt
2013-11-12 15:58 - 2013-12-02 13:46 - 00062702 _____ C:\Users\Bria\Downloads\OTL.Txt
2013-11-12 15:54 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-11-12 15:53 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-12 15:53 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-12 15:53 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-12 15:53 - 2013-09-13 19:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-12 15:53 - 2013-09-07 21:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-11-12 15:53 - 2013-09-07 21:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-11-12 15:53 - 2013-07-02 22:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-11-12 15:53 - 2013-07-02 22:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-11-12 15:52 - 2013-09-24 21:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-12 15:52 - 2013-09-24 21:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-12 15:52 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-12 15:52 - 2013-09-24 20:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-12 15:52 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-12 15:52 - 2013-09-24 20:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-12 15:52 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-12 15:52 - 2013-09-24 19:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-12 15:52 - 2013-09-24 19:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-12 15:52 - 2013-07-04 07:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-12 15:51 - 2013-08-28 20:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-11-12 15:51 - 2013-08-28 20:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-11-12 15:51 - 2013-08-28 20:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-11-12 15:51 - 2013-08-28 20:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-11-12 15:51 - 2013-08-28 20:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-11-12 15:51 - 2013-08-01 06:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-11-12 15:51 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-11-12 15:51 - 2013-06-05 23:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-11-12 15:51 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-11-12 15:51 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-11-12 15:51 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-11-12 15:51 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-11-12 15:50 - 2013-08-27 20:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-11-12 15:50 - 2013-08-27 19:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-11-12 15:49 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-12 15:49 - 2013-10-11 21:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-12 15:49 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-12 15:49 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-12 15:49 - 2013-10-02 20:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-12 15:49 - 2013-07-04 06:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-11-12 15:49 - 2013-07-04 06:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-11-12 15:49 - 2013-07-04 04:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-11-12 15:48 - 2013-07-12 05:08 - 00146816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-11-12 15:48 - 2013-07-12 05:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-11-12 15:48 - 2013-06-25 17:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-11-12 15:30 - 2013-11-12 15:30 - 00602112 _____ (OldTimer Tools) C:\Users\Bria\Downloads\OTL.exe

==================== One Month Modified Files and Folders =======

2013-12-03 09:54 - 2013-12-03 09:52 - 00010560 _____ C:\Users\Bria\Desktop\FRST.txt
2013-12-03 09:52 - 2013-12-03 09:52 - 00000000 ____D C:\FRST
2013-12-03 09:50 - 2013-09-02 08:27 - 01835817 _____ C:\Windows\WindowsUpdate.log
2013-12-03 09:50 - 2009-07-13 23:34 - 00016160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-03 09:50 - 2009-07-13 23:34 - 00016160 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-03 09:47 - 2013-12-03 09:45 - 01092389 _____ (Farbar) C:\Users\Bria\Desktop\FRST.exe
2013-12-03 09:41 - 2013-09-02 11:22 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 01:58 - 2013-09-02 11:22 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-02 13:54 - 2013-12-02 13:54 - 00062702 _____ C:\Users\Bria\Desktop\OTL2.Txt
2013-12-02 13:46 - 2013-11-12 15:58 - 00062702 _____ C:\Users\Bria\Downloads\OTL.Txt
2013-12-02 13:26 - 2013-12-02 13:26 - 00000512 _____ C:\Users\Bria\Desktop\MBR.dat
2013-12-02 13:26 - 2013-12-02 12:53 - 00002358 _____ C:\Users\Bria\Desktop\aswMBR.txt
2013-12-02 12:58 - 2013-12-02 12:57 - 04745728 _____ (AVAST Software) C:\Users\Bria\Downloads\aswmbr (1).exe
2013-12-02 12:49 - 2013-12-02 12:49 - 00144272 _____ C:\Windows\Minidump\120213-24258-01.dmp
2013-12-02 12:49 - 2013-11-30 08:31 - 151818260 _____ C:\Windows\MEMORY.DMP
2013-12-02 12:49 - 2013-11-30 08:31 - 00000000 ____D C:\Windows\Minidump
2013-12-02 12:49 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-02 12:49 - 2009-07-13 23:39 - 00034673 _____ C:\Windows\setupact.log
2013-12-02 12:36 - 2013-12-02 12:36 - 04745728 _____ (AVAST Software) C:\Users\Bria\Downloads\aswmbr.exe
2013-12-02 12:34 - 2013-12-02 12:34 - 00000892 _____ C:\Users\Bria\Desktop\JRT.txt
2013-12-02 12:33 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-02 12:23 - 2013-12-02 12:23 - 00000000 ____D C:\Windows\ERUNT
2013-12-02 12:19 - 2013-12-02 12:18 - 01034531 _____ (Thisisu) C:\Users\Bria\Downloads\JRT.exe
2013-12-02 12:14 - 2010-11-20 16:01 - 00726316 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-02 12:11 - 2013-12-02 12:11 - 00001167 _____ C:\Users\Bria\Desktop\AdwCleaner[S0].txt
2013-12-02 12:08 - 2009-07-13 23:33 - 00259112 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-02 12:03 - 2013-12-02 11:08 - 00000000 ____D C:\AdwCleaner
2013-12-02 10:58 - 2013-12-02 10:56 - 01110034 _____ C:\Users\Bria\Downloads\adwcleaner (1).exe
2013-12-02 10:57 - 2013-12-02 10:56 - 01110034 _____ C:\Users\Bria\Downloads\adwcleaner.exe
2013-12-01 22:43 - 2013-12-01 22:43 - 00061292 _____ C:\Users\Bria\Desktop\OTL.Txt
2013-12-01 22:06 - 2013-12-01 22:06 - 00000000 ____D C:\_OTL
2013-12-01 02:26 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\NDF
2013-11-30 11:32 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache
2013-11-30 08:47 - 2013-11-28 10:13 - 00012404 _____ C:\Windows\IE11_main.log
2013-11-30 08:41 - 2013-11-30 08:41 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-30 08:41 - 2013-11-30 08:41 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-30 08:41 - 2013-11-30 08:41 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-30 08:41 - 2013-11-30 08:41 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-30 08:41 - 2013-11-30 08:41 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-30 08:41 - 2013-11-30 08:41 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-30 08:41 - 2013-11-30 08:41 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-30 08:41 - 2013-11-30 08:41 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-30 08:41 - 2013-11-30 08:41 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-30 08:41 - 2013-11-30 08:41 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-30 08:41 - 2013-11-30 08:41 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-30 08:41 - 2013-11-30 08:41 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-30 08:41 - 2013-11-30 08:41 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-30 08:41 - 2013-11-30 08:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-30 08:41 - 2013-11-30 08:41 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-30 08:41 - 2013-11-30 08:40 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-30 08:40 - 2013-11-30 08:40 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-30 08:40 - 2013-11-30 08:40 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-30 08:40 - 2013-11-30 08:40 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-30 08:40 - 2013-11-30 08:40 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-30 08:40 - 2013-11-30 08:40 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-30 08:40 - 2013-11-30 08:40 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-30 08:40 - 2013-11-30 08:40 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-30 08:40 - 2013-11-30 08:40 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-30 08:40 - 2013-11-30 08:40 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-30 08:40 - 2013-11-30 08:40 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-30 08:40 - 2013-11-30 08:40 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-30 08:40 - 2013-11-30 08:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-30 08:31 - 2013-11-30 08:31 - 00140056 _____ C:\Windows\Minidump\113013-34257-01.dmp
2013-11-28 10:30 - 2013-09-02 11:24 - 00002133 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-13 12:25 - 2013-11-13 12:25 - 00020194 _____ C:\Users\Bria\Downloads\index.php
2013-11-13 12:25 - 2013-11-13 12:25 - 00020194 _____ C:\Users\Bria\Downloads\index (1).php
2013-11-13 12:21 - 2013-11-13 12:21 - 00000061 _____ C:\Users\Bria\Desktop\Access cPanel Webmail.url
2013-11-13 12:13 - 2013-11-13 12:13 - 00000000 ____D C:\ProgramData\BitKinex
2013-11-13 12:13 - 2013-11-13 12:13 - 00000000 ____D C:\Program Files\BitKinex
2013-11-13 12:10 - 2013-11-13 12:09 - 08465752 _____ (Barad-Dur, LLC. ) C:\Users\Bria\Downloads\bitkinex323.exe
2013-11-13 11:56 - 2009-07-13 21:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-11-13 11:54 - 2013-11-13 11:54 - 02424384 _____ (Microsoft Corporation) C:\Users\Bria\Downloads\Webfldrs-KB907306-ENU.exe
2013-11-13 11:54 - 2013-11-13 11:54 - 00000000 ____D C:\Program Files\MSECache
2013-11-13 11:20 - 2013-11-13 11:20 - 00000000 ____H C:\Users\Bria\Documents\Default.rdp
2013-11-13 09:39 - 2013-11-12 19:41 - 00000000 ____D C:\Users\Bria\AppData\Roaming\FileZilla
2013-11-13 08:58 - 2013-11-13 08:58 - 00000000 ____D C:\Users\Bria\Downloads\account_link_0.7.9
2013-11-13 08:57 - 2013-11-13 08:56 - 00068043 _____ C:\Users\Bria\Downloads\account_link_0.7.9.zip
2013-11-12 20:49 - 2013-09-03 09:44 - 00000000 ____D C:\Users\Bria\.gimp-2.8
2013-11-12 20:20 - 2013-11-12 20:20 - 00001548 _____ C:\Users\Bria\AppData\Local\recently-used.xbel
2013-11-12 20:20 - 2013-09-03 09:58 - 00000000 ____D C:\Users\Bria\AppData\Local\gtk-2.0
2013-11-12 20:02 - 2013-11-12 20:02 - 00000000 ____D C:\Users\Bria\Downloads\celticdreams
2013-11-12 19:40 - 2013-11-12 19:40 - 00000000 ____D C:\Program Files\FileZilla FTP Client
2013-11-12 19:35 - 2013-11-12 19:35 - 01077648 _____ (Ask.com) C:\Users\Bria\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe
2013-11-12 19:08 - 2013-11-12 19:08 - 00000000 ____D C:\Users\Bria\Downloads\DarkFantasy_1.0.18
2013-11-12 19:02 - 2013-11-12 19:02 - 01156823 _____ C:\Users\Bria\Downloads\celticdreams.zip
2013-11-12 19:02 - 2013-11-12 19:02 - 00599317 _____ C:\Users\Bria\Downloads\DarkFantasy_1.0.18.zip
2013-11-12 19:02 - 2013-11-12 19:02 - 00599317 _____ C:\Users\Bria\Downloads\DarkFantasy_1.0.18 (1).zip
2013-11-12 15:59 - 2013-11-12 15:59 - 00041200 _____ C:\Users\Bria\Downloads\Extras.Txt
2013-11-12 15:30 - 2013-11-12 15:30 - 00602112 _____ (OldTimer Tools) C:\Users\Bria\Downloads\OTL.exe
2013-11-12 10:20 - 2011-12-19 04:33 - 00000000 ____D C:\Program Files\McAfee
2013-11-10 08:28 - 2010-11-20 16:48 - 00010140 _____ C:\Windows\PFRO.log

Some content of TEMP:
====================
C:\Users\Bria\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-11-30 09:23

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-12-2013
Ran by Bria at 2013-12-03 09:55:09
Running from C:\Users\Bria\Desktop
Boot Mode: Safe Mode (minimal)
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {86355677-4064-3EA7-ABB3-1B136EB04637}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall (Enabled) {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

==================== Installed Programs ======================

Acer Crystal Eye Webcam (Version: 1.5.2108.00)
Acer ePower Management (Version: 6.00.3008)
Acer eRecovery Management (Version: 5.00.3504)
Acer Games (Version: 1.0.2.5)
Acer Registration (Version: 1.04.3504)
Acer ScreenSaver (Version: 20.12.0110.1025)
Acer Updater (Version: 1.02.3501)
Acer VCM (Version: 4.05.3501)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.55)
Adobe Reader X (10.1.0) MUI (Version: 10.1.0)
Akhra: The Treasures (Version: 2.2.0.98)
Alice's Magical Mahjong (Version: 2.2.0.98)
Bejeweled 3 (Version: 2.2.0.98)
Bing Bar (Version: 7.0.765.0)
BitKinex (Version: 3.2.3)
Chuzzle Deluxe (Version: 2.2.0.95)
D3DX10 (Version: 15.4.2368.0902)
Diego's Ultimate Rescue (Version: 2.2.0.95)
eBay Worldwide (Version: 2.2.0409)
ETDWare PS/2-X86 8.0.6.0_WHQL (Version: 8.0.6.0)
Evernote v. 4.5.1 (Version: 4.5.1.5451)
FileZilla Client 3.7.3 (Version: 3.7.3)
Final Drive: Nitro (Version: 2.2.0.95)
Fooz Kids (Version: 3.0.8)
Fooz Kids Platform (Version: 2.1)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922)
Galerie de photos Windows Live (Version: 15.4.3502.0922)
GIMP 2.8.6 (Version: 2.8.6)
Google Chrome (Version: 31.0.1650.57)
Google Update Helper (Version: 1.3.21.165)
Identity Card (Version: 1.00.3501)
Inkscape 0.48.4 (Version: 0.48.4)
Insaniquarium Deluxe (Version: 2.2.0.97)
Intel® Control Center (Version: 1.2.1.1007)
Intel® Graphics Media Accelerator Driver (Version: 8.14.8.1065)
Intel® Rapid Storage Technology (Version: 10.1.0.1008)
Junk Mail filter update (Version: 15.4.3502.0922)
Launch Manager (Version: 5.1.7)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Internet Security Suite (Version: 11.0.678)
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.0.50401.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.4518.1014)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
MSVCRT (Version: 15.4.2862.0708)
My Farm Life (Version: 2.2.0.97)
My Kingdom for the Princess 3 (Version: 2.2.0.98)
MyWinLocker 4 (Version: 4.0.14.27)
MyWinLocker Suite (Version: 4.0.14.19)
newsXpresso (Version: 1.0.0.40)
Norton Online Backup (Version: 2.1.17869)
Realtek Ethernet Controller Driver (Version: 7.49.927.2011)
Realtek High Definition Audio Driver (Version: 6.0.1.6374)
Realtek PCIE Card Reader (Version: 6.1.7601.83)
Running Sheep (Version: 2.2.0.98)
Shredder (Version: 2.0.8.9)
Skip-Bo - Castaway Caper (Version: 2.2.0.95)
Skype™ 5.5 (Version: 5.5.117)
Slingo Deluxe (Version: 2.2.0.95)
Super Granny 6 (Version: 2.2.0.97)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3)
Update Installer for WildTangent Games App
Wedding Dash (Version: 2.2.0.95)
Welcome Center (Version: 1.02.3504)
WildTangent Games App (Acer Games) (Version: 4.0.5.32)
Windows Live (Version: 15.4.3502.0922)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live Galeria de Fotos (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)

==================== Restore Points =========================

02-09-2013 14:06:12 Windows Update
02-09-2013 16:17:48 Windows Update
04-09-2013 14:23:25 Windows Update
08-09-2013 00:56:25 Windows Update
09-09-2013 22:14:11 Windows Update
10-09-2013 12:48:43 Windows Modules Installer
12-09-2013 23:35:51 Windows Update
02-10-2013 18:34:41 Windows Update
03-10-2013 02:58:04 Windows Update
03-10-2013 12:33:03 Windows Modules Installer
13-11-2013 16:55:04 Installed Microsoft Software Update for Web Folders (English) 12
13-11-2013 17:11:03 Installed BitKinex
27-11-2013 16:56:02 Windows Modules Installer
28-11-2013 15:08:25 Windows Update
30-11-2013 13:35:12 Windows Update
02-12-2013 03:07:18 OTL Restore Point - 01/12/2013 10:07:15 PM
02-12-2013 15:50:52 Windows Update

==================== Hosts content: ==========================

2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {0BDD3D69-4B88-42F8-943A-1412427EF3B7} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {2D1CA1A4-8E0B-4FF5-AE7F-21FE03A1AC7C} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {32A010A4-8309-470F-A1A0-62BA959A9335} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-02] (Google Inc.)
Task: {3F6A04A3-538F-420A-BB2F-67A79C518057} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {6B418FB2-AD75-4106-872E-DE0BAF7A318F} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PmmUpdate.exe [2011-03-28] (Egis Technology Inc.)
Task: {A19B1977-2C65-45A9-9FD3-5EB59A337314} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-09-02] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-07 14:25 - 2013-08-07 14:25 - 00093696 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"

==================== Faulty Device Manager Devices =============

Name: McAfee Inc. mfehidk
Description: McAfee Inc. mfehidk
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: mfehidk
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (12/03/2013 09:52:35 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/03/2013 09:52:35 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/03/2013 09:52:35 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/03/2013 09:52:35 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/03/2013 09:52:35 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/03/2013 09:52:35 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/03/2013 09:52:34 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (12/03/2013 09:52:35 AM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (12/03/2013 09:52:34 AM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (12/03/2013 09:52:33 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 43%
Total physical RAM: 1012.3 MB
Available physical RAM: 576.41 MB
Total Pagefile: 2036.3 MB
Available Pagefile: 1618.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.22 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:254.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 9544A772)
Partition 1: (Not Active) - (Size=13 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=285 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#12
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Looking in task manager I saw rundll32.exe


Hi :)

That program is legitimate. You’ve seen the zillions of *.dll (Dynamic Link Library) files in every application folder, which are used to store common pieces of application logic that can be accessed from multiple applications.


Since there’s no way to directly launch a DLL file, the rundll32.exe application is simply used to launch functionality stored in shared .dll files. This executable is a valid part of Windows.


I'm looking over your log and will confer with my teacher about what we should do next. :)
  • 0

#13
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi, let's run a sweep for remnants and check for any out of date programs on your machine. :)

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Malwarebytes


I see you have Malwarebytes' Anti-Malware installed.

  • Please open the program.
  • Click on the Update tab then click Check for Updates

    Posted Image
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, check the following settings:
    • On the Settings tab, Scanner Settings, leave the default boxes checked but change the drop-down boxes to Show in results list and check for removal.

    Posted Image
  • On the Scanner tab, check Perform quick scan.

    Posted Image
  • When the scan is complete, click OK, then Show Results to view the results.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.

    Posted Image
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply.



Step 2: ESET Online Virus Scan

Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->Posted Image

  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.


Step 3: SecurityCheck Scan


Download Security CheckPosted Image by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Things I need to see in your next post:

  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#14
Delilah45

Delilah45

    Member

  • Topic Starter
  • Member
  • PipPip
  • 26 posts
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=9d30961305db54439f195b235457c9c5
# engine=16135
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-04 07:35:22
# local_time=2013-12-04 02:35:22 (-0500, Eastern Standard Time)
# country="Canada"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5122 16777213 100 97 6869127 135902080 0 0
# compatibility_mode=5893 16776574 66 85 6869570 137730513 0 0
# scanned=96873
# found=1
# cleaned=0
# scan_time=12215
sh=AAA2470E8D17E2620679D4BD97AB966CC1CE3262 ft=1 fh=5c7e288c9fd44e76 vn="a variant of Win32/Bundled.Toolbar.Ask.D application" ac=I fn="C:\Users\Bria\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe"

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.04.06

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16428
Bria :: BRIA-PC [administrator]

04/12/2013 10:31:50 AM
mbam-log-2013-12-04 (10-31-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 195002
Time elapsed: 25 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Bria\Downloads\SFInstaller_SFFZ_filezilla_8992693_.exe (PUP.Optional.Spigot.A) -> No action taken.

(end)

Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
McAfee Anti-Virus and Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Reader 10.1.0 Adobe Reader out of Date!
Google Chrome 31.0.1650.48
Google Chrome 31.0.1650.57
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
Symantec Norton Online Backup NOBuAgent.exe
Symantec Norton Online Backup NOBuClient.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 4%
````````````````````End of Log``````````````````````
  • 0

#15
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hi, :)

Ok, here's what we're going to do next. :) We're going to clean boot your machine and see if there's a service running that is causing the memory issue. These steps will disable all services except what is needed by Windows. When the machine has rebooted, please let me know if it is running any faster.



Step 1: Start MSConfig

Click Start, type msconfig in the Start Search box, and then press ENTER.
If you are prompted for an administrator password or for a confirmation, type the password, or provide confirmation.

Step 2: Configure Selective Startup options

1.In the System Configuration Utility dialog box, click Selective Startup on the General tab.

Posted Image

2.Click to clear the Load Startup Items check box.
Note The Use Original Boot.ini check box is unavailable.

3.Click the Services tab.

Posted Image

4.Click to select the Hide All Microsoft Services check box.
5.Click Disable All, and then click OK.
6. When you are prompted, click Restart.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP