Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

conduit and other crap [Solved]


  • This topic is locked This topic is locked

#16
odog

odog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Gotcha godawgs, happy new year and here we go ...

1. no more rundll error on startup, yaaaaa

2.rkreport D

RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : thanhnguyen [Admin rights]
Mode : Remove -- Date : 12/31/2013 09:11:08
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKCU\[...]\System : DisableTaskMgr (0) -> DELETED
[HJ POL][PUM] HKCU\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] Updater26278.exe : C:\Users\thanhnguyen\AppData\Local\Updater26278\Updater26278.exe - /extensionid=26278 /extensionname="Solid Savings" /chromeid=cijeeimilokkhlfjombmalgpabbonmah [x][x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HDS721032CLA362 ATA Device +++++
--- User ---
[MBR] 6f7fa6d2543cb65a725ff3434512af44
[BSP] f94b693582bcbe78d8cbbebfaef8565c : Acer MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16384 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 33556480 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 33761280 | Size: 288759 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_12312013_091108.txt >>
RKreport[0]_S_12312013_063431.txt;RKreport[0]_S_12312013_090425.txt


3.rkreport sc

RogueKiller V8.8.0 _x64_ [Dec 27 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : thanhnguyen [Admin rights]
Mode : Shortcuts HJfix -- Date : 12/31/2013 09:12:28
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 0 / Fail 0
Quick launch: Success 0 / Fail 0
Programs: Success 0 / Fail 0
Start menu: Success 0 / Fail 0
User folder: Success 0 / Fail 0
My documents: Success 0 / Fail 0
My favorites: Success 0 / Fail 0
My pictures: Success 0 / Fail 0
My music: Success 0 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 5 / Fail 7
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[D:] \Device\CdRom0 -- 0x5 --> Skipped
[E:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[F:] \Device\HarddiskVolume5 -- 0x2 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[0]_SC_12312013_091228.txt >>
RKreport[0]_D_12312013_091108.txt;RKreport[0]_S_12312013_063431.txt;RKreport[0]_S_12312013_090425.txt



4.MBAM report

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.31.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
thanhnguyen :: EMACHINES [administrator]

12/31/2013 9:18:04 AM
mbam-log-2013-12-31 (09-18-04).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 318819
Time elapsed: 32 minute(s), 22 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


5. eset scan

C:\AdwCleaner\Quarantine\C\Users\thanhnguyen\AppData\LocalLow\VisualBee_V.12\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.6.12\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A application cleaned by deleting - quarantined
C:\OLIVER\ccsetup327.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantined
C:\OLIVER\ccsetup408.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantined
C:\OLIVER\ccsetup409.exe Win32/Bundled.Toolbar.Google.D application cleaned by deleting - quarantined

6. OTL scan

OTL logfile created on: 12/31/2013 11:02:24 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\thanhnguyen\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.97 Gb Total Physical Memory | 0.85 Gb Available Physical Memory | 43.34% Memory free
3.93 Gb Paging File | 2.75 Gb Available in Paging File | 69.94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 281.99 Gb Total Space | 250.39 Gb Free Space | 88.79% Space Free | Partition Type: NTFS

Computer Name: EMACHINES | User Name: thanhnguyen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/18 11:12:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\thanhnguyen\Desktop\OTL.exe
PRC - [2013/12/18 09:30:03 | 003,764,024 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2013/12/18 09:30:02 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/03/25 18:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
PRC - [2009/08/28 01:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/15 15:11:04 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2010/03/25 18:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/03/25 18:29:36 | 000,154,144 | ---- | M] () -- C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyHook.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/12/18 09:30:02 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/01/28 15:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/12/13 15:10:35 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/12/05 11:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/09 23:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 13:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/10/09 18:59:08 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/08/28 01:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/27 07:19:48 | 000,079,672 | ---- | M] (AVAST Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\aswstm.sys -- (aswStm)
DRV:64bit: - [2013/12/18 09:30:06 | 001,034,464 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2013/12/18 09:30:06 | 000,422,216 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2013/12/18 09:30:06 | 000,207,904 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswVmm.sys -- (aswVmm)
DRV:64bit: - [2013/12/18 09:30:06 | 000,078,648 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2013/11/15 15:11:06 | 000,092,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2013/11/15 15:11:06 | 000,065,776 | ---- | M] () [Kernel | Boot | Running] -- C:\windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt)
DRV:64bit: - [2012/01/17 22:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012/01/17 22:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011/02/11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/12/09 01:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emac...45v1j5r4562s38p
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emac...45v1j5r4562s38p
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://in.yahoo.com/?fr=mkg029
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7ACEW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\thanhnguyen\Desktop
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7ACEW_enUS460
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes\{D4820E3D-028A-4D15-AF7F-0A2AB1E5AC0C}: "URL" = http://search.yahoo....p={SearchTerms}
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\..\SearchScopes\{F7743156-08A6-EFA8-2B22-C14CE44F71D8}: "URL" = http://www.bing.com/...eferrer:source}
IE - HKU\S-1-5-21-2038435613-138853392-2710362757-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\thanhnguyen\AppData\Local\Roblox\Versions\version-28a069d7dccb4f92\\NPRobloxProxy.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/12/18 09:30:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/12/17 07:35:15 | 000,000,000 | ---D | M]

[2011/12/02 21:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Extensions
[2013/12/27 09:51:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\thanhnguyen\AppData\Roaming\Mozilla\Firefox\Profiles\oovskqja.default\extensions
[2013/12/27 09:47:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/12/27 09:47:54 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/02/22 16:53:38 | 000,002,024 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\McSiteAdvisor.xml

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\eMachines\OOBEOffer\OOTag.exe (Microsoft)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\eMachines\OOBEOffer\OOTag.exe (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.205 192.168.1.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C43E0BB9-072C-4878-897E-F95BD2D00B47}: DhcpNameServer = 192.168.1.205 192.168.1.206
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{81439ffe-6667-11e3-a14f-4487fcd7c4e4}\Shell - "" = AutoRun
O33 - MountPoints2\{81439ffe-6667-11e3-a14f-4487fcd7c4e4}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2013/12/31 10:04:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/12/31 09:13:43 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\Desktop\OLD REPORTS
[2013/12/31 06:34:27 | 000,016,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\wmilib.sys.bak
[2013/12/31 06:34:26 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\watchdog.sys.bak
[2013/12/31 06:34:26 | 000,042,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys.bak
[2013/12/31 06:34:25 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\videoprt.sys.bak
[2013/12/31 06:34:23 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbport.sys.bak
[2013/12/31 06:34:23 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbrpm.sys.bak
[2013/12/31 06:34:22 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBCAMD2.sys.bak
[2013/12/31 06:34:22 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys.bak
[2013/12/31 06:34:22 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbd.sys.bak
[2013/12/31 06:34:20 | 000,185,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys.bak
[2013/12/31 06:34:20 | 000,068,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\stream.sys.bak
[2013/12/31 06:34:20 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\tape.sys.bak
[2013/12/31 06:34:20 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\tdi.sys.bak
[2013/12/31 06:34:19 | 000,426,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\spsys.sys.bak
[2013/12/31 06:34:19 | 000,024,656 | ---- | C] (Promise Technology) -- C:\windows\SysNative\drivers\stexstor.sys.bak
[2013/12/31 06:34:18 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\smclib.sys.bak
[2013/12/31 06:34:17 | 000,171,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\scsiport.sys.bak
[2013/12/31 06:34:16 | 000,187,392 | ---- | C] (Realtek Corporation ) -- C:\windows\SysNative\drivers\Rt64win7.sys.bak
[2013/12/31 06:34:16 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rmcast.sys.bak
[2013/12/31 06:34:16 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\RNDISMP.sys.bak
[2013/12/31 06:34:16 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rootmdm.sys.bak
[2013/12/31 06:34:12 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\portcls.sys.bak
[2013/12/31 06:34:11 | 000,048,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\pciidex.sys.bak
[2013/12/31 06:34:08 | 000,374,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys.bak
[2013/12/31 06:34:02 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\mcd.sys.bak
[2013/12/31 06:34:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys.bak
[2013/12/31 06:34:00 | 004,865,568 | ---- | C] (Logitech Inc.) -- C:\windows\SysNative\drivers\lvuvc64.sys.bak
[2013/12/31 06:34:00 | 000,351,136 | ---- | C] (Logitech Inc.) -- C:\windows\SysNative\drivers\lvrs64.sys.bak
[2013/12/31 06:34:00 | 000,065,600 | ---- | C] (LSI Corporation) -- C:\windows\SysNative\drivers\lsi_sas2.sys.bak
[2013/12/31 06:33:58 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\irda.sys.bak
[2013/12/31 06:33:55 | 010,628,640 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\drivers\igdkmd64.sys.bak
[2013/12/31 06:33:55 | 000,537,624 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\drivers\iaStor.sys.bak
[2013/12/31 06:33:54 | 000,077,888 | ---- | C] (Hewlett-Packard Company) -- C:\windows\SysNative\drivers\HpSAMD.sys.bak
[2013/12/31 06:33:54 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys.bak
[2013/12/31 06:33:54 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidparse.sys.bak
[2013/12/31 06:33:53 | 000,288,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS.bak
[2013/12/31 06:33:53 | 000,031,232 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\windows\SysNative\drivers\hcw85cir.sys.bak
[2013/12/31 06:33:53 | 000,023,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys.bak
[2013/12/31 06:33:51 | 003,286,016 | ---- | C] (Broadcom Corporation) -- C:\windows\SysNative\drivers\evbda.sys.bak
[2013/12/31 06:33:51 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys.bak
[2013/12/31 06:33:51 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\drmk.sys.bak
[2013/12/31 06:33:51 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxg.sys.bak
[2013/12/31 06:33:51 | 000,055,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dumpfve.sys.bak
[2013/12/31 06:33:51 | 000,028,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Dumpata.sys.bak
[2013/12/31 06:33:51 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Diskdump.sys.bak
[2013/12/31 06:33:51 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxapi.sys.bak
[2013/12/31 06:33:50 | 000,178,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Classpnp.sys.bak
[2013/12/31 06:33:50 | 000,039,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\crashdmp.sys.bak
[2013/12/31 06:33:49 | 000,468,480 | ---- | C] (Broadcom Corporation) -- C:\windows\SysNative\drivers\bxvbda.sys.bak
[2013/12/31 06:33:48 | 000,270,848 | ---- | C] (Broadcom Corporation) -- C:\windows\SysNative\drivers\b57nd60a.sys.bak
[2013/12/31 06:33:48 | 000,155,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\ataport.sys.bak
[2013/12/31 06:33:48 | 000,028,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\battc.sys.bak
[2013/12/31 06:33:47 | 000,194,128 | ---- | C] (AMD Technologies Inc.) -- C:\windows\SysNative\drivers\amdsbs.sys.bak
[2013/12/31 06:33:47 | 000,106,576 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdsata.sys.bak
[2013/12/31 06:33:47 | 000,028,752 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdxata.sys.bak
[2013/12/31 06:33:46 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\1394bus.sys.bak
[2013/12/31 06:32:34 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\Desktop\RK_Quarantine
[2013/12/31 06:16:03 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/12/27 10:00:43 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/12/27 09:47:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/12/27 07:28:14 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/12/27 07:26:28 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\thanhnguyen\Desktop\OTL.exe
[2013/12/24 08:32:03 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\thanhnguyen\Desktop\aswMBR.exe
[2013/12/18 09:30:10 | 000,079,672 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswstm.sys
[2013/12/17 11:35:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/12/17 11:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/17 11:35:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/12/17 09:25:26 | 000,000,000 | ---D | C] -- C:\windows\Microsoft Antimalware
[2013/12/17 08:54:08 | 000,181,064 | ---- | C] (Sysinternals) -- C:\windows\PSEXESVC.EXE
[2013/12/16 12:31:12 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\AppData\Local\Programs
[2013/12/16 08:13:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2013/12/16 08:12:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013/12/16 08:12:39 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/12/16 08:10:05 | 000,000,000 | ---D | C] -- C:\OLIVER
[2013/12/15 10:21:48 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\AppData\Roaming\yahoo!
[2013/12/13 18:11:46 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\AppData\Local\Apps
[2013/12/13 18:11:45 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\AppData\Local\Deployment
[2013/12/13 15:10:20 | 009,272,200 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2013/12/05 17:36:57 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\AppData\Local\Macromedia
[2013/12/05 13:56:33 | 000,000,000 | ---D | C] -- C:\Users\thanhnguyen\AppData\Local\emaze
[2013/12/01 15:52:33 | 000,000,000 | ---D | C] -- C:\temp

========== Files - Modified Within 30 Days ==========

[2013/12/31 10:10:02 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2013/12/31 09:08:30 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/31 09:08:30 | 000,009,920 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/31 09:04:22 | 000,016,464 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\wmilib.sys.bak
[2013/12/31 09:04:21 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\watchdog.sys.bak
[2013/12/31 09:04:21 | 000,042,064 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys.bak
[2013/12/31 09:04:19 | 000,129,024 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\videoprt.sys.bak
[2013/12/31 09:04:18 | 000,324,608 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbport.sys.bak
[2013/12/31 09:04:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbrpm.sys.bak
[2013/12/31 09:04:17 | 000,007,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbd.sys.bak
[2013/12/31 09:04:16 | 000,032,896 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBCAMD2.sys.bak
[2013/12/31 09:04:16 | 000,019,968 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys.bak
[2013/12/31 09:04:14 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\tdi.sys.bak
[2013/12/31 09:04:13 | 000,185,936 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys.bak
[2013/12/31 09:04:13 | 000,068,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\stream.sys.bak
[2013/12/31 09:04:13 | 000,029,184 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\tape.sys.bak
[2013/12/31 09:04:13 | 000,024,656 | ---- | M] (Promise Technology) -- C:\windows\SysNative\drivers\stexstor.sys.bak
[2013/12/31 09:04:12 | 000,426,496 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\spsys.sys.bak
[2013/12/31 09:04:12 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\smclib.sys.bak
[2013/12/31 09:04:11 | 000,171,600 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\scsiport.sys.bak
[2013/12/31 09:04:10 | 000,187,392 | ---- | M] (Realtek Corporation ) -- C:\windows\SysNative\drivers\Rt64win7.sys.bak
[2013/12/31 09:04:10 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rmcast.sys.bak
[2013/12/31 09:04:10 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\RNDISMP.sys.bak
[2013/12/31 09:04:10 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rootmdm.sys.bak
[2013/12/31 09:04:07 | 000,230,400 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\portcls.sys.bak
[2013/12/31 09:04:06 | 000,048,720 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\pciidex.sys.bak
[2013/12/31 09:04:04 | 000,374,864 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys.bak
[2013/12/31 09:04:00 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys.bak
[2013/12/31 09:04:00 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\mcd.sys.bak
[2013/12/31 09:03:59 | 004,865,568 | ---- | M] (Logitech Inc.) -- C:\windows\SysNative\drivers\lvuvc64.sys.bak
[2013/12/31 09:03:59 | 000,351,136 | ---- | M] (Logitech Inc.) -- C:\windows\SysNative\drivers\lvrs64.sys.bak
[2013/12/31 09:03:58 | 000,065,600 | ---- | M] (LSI Corporation) -- C:\windows\SysNative\drivers\lsi_sas2.sys.bak
[2013/12/31 09:03:57 | 000,120,320 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\irda.sys.bak
[2013/12/31 09:03:54 | 010,628,640 | ---- | M] (Intel Corporation) -- C:\windows\SysNative\drivers\igdkmd64.sys.bak
[2013/12/31 09:03:53 | 000,537,624 | ---- | M] (Intel Corporation) -- C:\windows\SysNative\drivers\iaStor.sys.bak
[2013/12/31 09:03:52 | 000,077,888 | ---- | M] (Hewlett-Packard Company) -- C:\windows\SysNative\drivers\HpSAMD.sys.bak
[2013/12/31 09:03:52 | 000,076,288 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys.bak
[2013/12/31 09:03:52 | 000,032,896 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidparse.sys.bak
[2013/12/31 09:03:51 | 000,288,336 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS.bak
[2013/12/31 09:03:51 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) -- C:\windows\SysNative\drivers\hcw85cir.sys.bak
[2013/12/31 09:03:51 | 000,023,104 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys.bak
[2013/12/31 09:03:49 | 003,286,016 | ---- | M] (Broadcom Corporation) -- C:\windows\SysNative\drivers\evbda.sys.bak
[2013/12/31 09:03:48 | 000,265,088 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys.bak
[2013/12/31 09:03:47 | 000,116,224 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\drmk.sys.bak
[2013/12/31 09:03:47 | 000,098,816 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxg.sys.bak
[2013/12/31 09:03:47 | 000,055,128 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dumpfve.sys.bak
[2013/12/31 09:03:47 | 000,028,736 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Dumpata.sys.bak
[2013/12/31 09:03:47 | 000,027,008 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Diskdump.sys.bak
[2013/12/31 09:03:47 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxapi.sys.bak
[2013/12/31 09:03:46 | 000,039,504 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\crashdmp.sys.bak
[2013/12/31 09:03:45 | 000,468,480 | ---- | M] (Broadcom Corporation) -- C:\windows\SysNative\drivers\bxvbda.sys.bak
[2013/12/31 09:03:45 | 000,178,752 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Classpnp.sys.bak
[2013/12/31 09:03:43 | 000,270,848 | ---- | M] (Broadcom Corporation) -- C:\windows\SysNative\drivers\b57nd60a.sys.bak
[2013/12/31 09:03:43 | 000,155,728 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\ataport.sys.bak
[2013/12/31 09:03:43 | 000,028,240 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\battc.sys.bak
[2013/12/31 09:03:42 | 000,194,128 | ---- | M] (AMD Technologies Inc.) -- C:\windows\SysNative\drivers\amdsbs.sys.bak
[2013/12/31 09:03:42 | 000,106,576 | ---- | M] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdsata.sys.bak
[2013/12/31 09:03:42 | 000,028,752 | ---- | M] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdxata.sys.bak
[2013/12/31 09:03:40 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\drivers\1394bus.sys.bak
[2013/12/31 09:01:14 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/12/31 09:01:10 | 1583,276,032 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/27 10:01:32 | 000,984,576 | ---- | M] () -- C:\Users\thanhnguyen\Desktop\MicrosoftFixit50906.msi
[2013/12/27 09:47:56 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/12/27 07:19:48 | 000,079,672 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswstm.sys
[2013/12/24 11:30:44 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\thanhnguyen\Desktop\aswMBR.exe
[2013/12/18 11:12:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\thanhnguyen\Desktop\OTL.exe
[2013/12/18 09:32:22 | 000,343,552 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/12/18 09:30:15 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/12/18 09:30:06 | 001,034,464 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSnx.sys
[2013/12/18 09:30:06 | 000,422,216 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswSP.sys
[2013/12/18 09:30:06 | 000,334,136 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe
[2013/12/18 09:30:06 | 000,207,904 | ---- | M] () -- C:\windows\SysNative\drivers\aswVmm.sys
[2013/12/18 09:30:06 | 000,078,648 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys
[2013/12/18 09:30:05 | 000,043,152 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr
[2013/12/18 09:26:24 | 000,000,831 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/17 12:27:31 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/17 08:57:19 | 000,181,064 | ---- | M] (Sysinternals) -- C:\windows\PSEXESVC.EXE
[2013/12/17 07:09:54 | 000,001,412 | ---- | M] () -- C:\Users\thanhnguyen\Desktop\Internet Explorer.lnk
[2013/12/16 09:13:20 | 000,001,249 | ---- | M] () -- C:\Users\thanhnguyen\Desktop\dfrgui.exe - Shortcut.lnk
[2013/12/16 09:12:16 | 000,001,269 | ---- | M] () -- C:\Users\thanhnguyen\Desktop\cleanmgr.exe - Shortcut.lnk
[2013/12/16 08:12:05 | 000,778,150 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/12/16 08:12:05 | 000,659,580 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/12/16 08:12:05 | 000,120,508 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/12/15 06:38:38 | 000,001,363 | ---- | M] () -- C:\Users\thanhnguyen\Desktop\ROBLOX Player.lnk
[2013/12/15 06:38:38 | 000,001,182 | ---- | M] () -- C:\Users\thanhnguyen\Desktop\ROBLOX Studio 2013.lnk
[2013/12/13 15:10:35 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
[2013/12/13 15:10:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/12/13 15:10:20 | 009,272,200 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerInstaller.exe
[2013/12/05 15:17:51 | 000,771,962 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI

========== Files Created - No Company Name ==========

[2013/12/27 09:47:56 | 000,001,128 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/12/27 09:47:56 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/12/27 07:02:54 | 000,984,576 | ---- | C] () -- C:\Users\thanhnguyen\Desktop\MicrosoftFixit50906.msi
[2013/12/18 09:31:15 | 000,343,552 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/12/17 11:35:09 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/12/17 07:09:54 | 000,001,412 | ---- | C] () -- C:\Users\thanhnguyen\Desktop\Internet Explorer.lnk
[2013/12/16 09:13:20 | 000,001,249 | ---- | C] () -- C:\Users\thanhnguyen\Desktop\dfrgui.exe - Shortcut.lnk
[2013/12/16 09:12:16 | 000,001,269 | ---- | C] () -- C:\Users\thanhnguyen\Desktop\cleanmgr.exe - Shortcut.lnk
[2013/12/16 08:12:41 | 000,000,831 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013/12/05 15:17:49 | 000,771,962 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2013/12/05 13:46:59 | 000,001,975 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013/11/09 21:43:30 | 000,000,646 | ---- | C] () -- C:\Users\thanhnguyen\Minesweeper.lnk
[2012/01/17 22:44:00 | 010,920,984 | ---- | C] () -- C:\windows\SysWow64\LogiDPP.dll
[2012/01/17 22:44:00 | 000,336,408 | ---- | C] () -- C:\windows\SysWow64\DevManagerCore.dll
[2012/01/17 22:44:00 | 000,104,472 | ---- | C] () -- C:\windows\SysWow64\LogiDPPApp.exe

========== ZeroAccess Check ==========

[2009/07/13 20:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2011/08/29 21:21:15 | 014,164,480 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/08/29 20:28:32 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 17:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 17:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 17:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/12/02 22:19:59 | 000,000,000 | ---D | M] -- C:\Users\thanhnguyen\AppData\Roaming\.purple
[2013/11/15 15:56:01 | 000,000,000 | ---D | M] -- C:\Users\thanhnguyen\AppData\Roaming\AVAST Software
[2011/12/23 14:32:17 | 000,000,000 | ---D | M] -- C:\Users\thanhnguyen\AppData\Roaming\Leadertech
[2011/12/02 21:47:28 | 000,000,000 | ---D | M] -- C:\Users\thanhnguyen\AppData\Roaming\OEM
[2012/04/02 17:52:47 | 000,000,000 | ---D | M] -- C:\Users\thanhnguyen\AppData\Roaming\WildTangent

========== Purity Check ==========



========== Custom Scans ==========

< MD5 for: FOO.TXT >
[2013/12/01 15:52:44 | 000,339,606 | ---- | M] () MD5=BC39C6A157942EEBE04F920B998CCCCA -- C:\temp\foo.txt

< End of report >
  • 0

Advertisements


#17
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Thanks for the logs.
Do you know why all of these system files were backed up on Dec 31st.?

[2013/12/31 06:34:27 | 000,016,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\wmilib.sys.bak
[2013/12/31 06:34:26 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\watchdog.sys.bak
[2013/12/31 06:34:26 | 000,042,064 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys.bak
[2013/12/31 06:34:25 | 000,129,024 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\videoprt.sys.bak
[2013/12/31 06:34:23 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbport.sys.bak
[2013/12/31 06:34:23 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbrpm.sys.bak
[2013/12/31 06:34:22 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\USBCAMD2.sys.bak
[2013/12/31 06:34:22 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usb8023.sys.bak
[2013/12/31 06:34:22 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\usbd.sys.bak
[2013/12/31 06:34:20 | 000,185,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\storport.sys.bak
[2013/12/31 06:34:20 | 000,068,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\stream.sys.bak
[2013/12/31 06:34:20 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\tape.sys.bak
[2013/12/31 06:34:20 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\tdi.sys.bak
[2013/12/31 06:34:19 | 000,426,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\spsys.sys.bak
[2013/12/31 06:34:19 | 000,024,656 | ---- | C] (Promise Technology) -- C:\windows\SysNative\drivers\stexstor.sys.bak
[2013/12/31 06:34:18 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\smclib.sys.bak
[2013/12/31 06:34:17 | 000,171,600 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\scsiport.sys.bak
[2013/12/31 06:34:16 | 000,187,392 | ---- | C] (Realtek Corporation ) -- C:\windows\SysNative\drivers\Rt64win7.sys.bak
[2013/12/31 06:34:16 | 000,145,920 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rmcast.sys.bak
[2013/12/31 06:34:16 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\RNDISMP.sys.bak
[2013/12/31 06:34:16 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\rootmdm.sys.bak
[2013/12/31 06:34:12 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\portcls.sys.bak
[2013/12/31 06:34:11 | 000,048,720 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\pciidex.sys.bak
[2013/12/31 06:34:08 | 000,374,864 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\netio.sys.bak
[2013/12/31 06:34:02 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\mcd.sys.bak
[2013/12/31 06:34:01 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys.bak
[2013/12/31 06:34:00 | 004,865,568 | ---- | C] (Logitech Inc.) -- C:\windows\SysNative\drivers\lvuvc64.sys.bak
[2013/12/31 06:34:00 | 000,351,136 | ---- | C] (Logitech Inc.) -- C:\windows\SysNative\drivers\lvrs64.sys.bak
[2013/12/31 06:34:00 | 000,065,600 | ---- | C] (LSI Corporation) -- C:\windows\SysNative\drivers\lsi_sas2.sys.bak
[2013/12/31 06:33:58 | 000,120,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\irda.sys.bak
[2013/12/31 06:33:55 | 010,628,640 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\drivers\igdkmd64.sys.bak
[2013/12/31 06:33:55 | 000,537,624 | ---- | C] (Intel Corporation) -- C:\windows\SysNative\drivers\iaStor.sys.bak
[2013/12/31 06:33:54 | 000,077,888 | ---- | C] (Hewlett-Packard Company) -- C:\windows\SysNative\drivers\HpSAMD.sys.bak
[2013/12/31 06:33:54 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidclass.sys.bak
[2013/12/31 06:33:54 | 000,032,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\hidparse.sys.bak
[2013/12/31 06:33:53 | 000,288,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\FWPKCLNT.SYS.bak
[2013/12/31 06:33:53 | 000,031,232 | ---- | C] (Hauppauge Computer Works, Inc.) -- C:\windows\SysNative\drivers\hcw85cir.sys.bak
[2013/12/31 06:33:53 | 000,023,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\fs_rec.sys.bak
[2013/12/31 06:33:51 | 003,286,016 | ---- | C] (Broadcom Corporation) -- C:\windows\SysNative\drivers\evbda.sys.bak
[2013/12/31 06:33:51 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxgmms1.sys.bak
[2013/12/31 06:33:51 | 000,116,224 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\drmk.sys.bak
[2013/12/31 06:33:51 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxg.sys.bak
[2013/12/31 06:33:51 | 000,055,128 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dumpfve.sys.bak
[2013/12/31 06:33:51 | 000,028,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Dumpata.sys.bak
[2013/12/31 06:33:51 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Diskdump.sys.bak
[2013/12/31 06:33:51 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\dxapi.sys.bak
[2013/12/31 06:33:50 | 000,178,752 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\Classpnp.sys.bak
[2013/12/31 06:33:50 | 000,039,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\crashdmp.sys.bak
[2013/12/31 06:33:49 | 000,468,480 | ---- | C] (Broadcom Corporation) -- C:\windows\SysNative\drivers\bxvbda.sys.bak
[2013/12/31 06:33:48 | 000,270,848 | ---- | C] (Broadcom Corporation) -- C:\windows\SysNative\drivers\b57nd60a.sys.bak
[2013/12/31 06:33:48 | 000,155,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\ataport.sys.bak
[2013/12/31 06:33:48 | 000,028,240 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\battc.sys.bak
[2013/12/31 06:33:47 | 000,194,128 | ---- | C] (AMD Technologies Inc.) -- C:\windows\SysNative\drivers\amdsbs.sys.bak
[2013/12/31 06:33:47 | 000,106,576 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdsata.sys.bak
[2013/12/31 06:33:47 | 000,028,752 | ---- | C] (Advanced Micro Devices) -- C:\windows\SysNative\drivers\amdxata.sys.bak
[2013/12/31 06:33:46 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\1394bus.sys.bak
  • 0

#18
odog

odog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
No, i do not know why they were backed up. Backup and Restore shows that under Backup "Windows Backup has not been setup" and under Restore "Windows could not find a backup for this computer". The time is interesting, this was the first turn on for the day. If I remember correctly, when i ran the OTL file my keyboard mouse locked up after the text file was created and i manually powered off the machine. Hope it helps, the machine seems to be running 100% better than before.
  • 0

#19
odog

odog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
The only other unusual thing i see are two RKreports for 12/31/2013, one for 6:34 and one for 9:04. I can include the earlier report if you like.
  • 0

#20
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
I'm glad it's running better.
I know what those two RKreport.txt files are. It looks like RougeKiller backed them up before it ran the first scan, but I've never seen this. I am gonna ask the tool developer about this.
Run the computer for a while just to make sure everything is working.
I will be back with the clean up instructions and some suggestions to keep the computer more secure.
  • 0

#21
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi odog,

I spoke to the RogueKiller developer and RogueKiller did back those files up but they should have been deleted after RogueKiller finished. So it was a glitch in the last update of the tool. We will remove them along with the foo.txt file that you found. And the last thing we need to check is programs that need to be updated. Then we will be ready to clean up.


Step-1.

Posted Image OTL Fix

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

1. Please copy all of the text in the quote box below (Do Not copy the word Quote. To do this, highlight everything
inside the quote box (except the word Quote) , right click and click Copy.

:COMMANDS
[createrestorepoint]

:FILES
C:\temp\foo.txt
C:\windows\SysNative\drivers\wmilib.sys.bak
C:\windows\SysNative\drivers\watchdog.sys.bak
C:\windows\SysNative\drivers\WdfLdr.sys.bak
C:\windows\SysNative\drivers\videoprt.sys.bak
C:\windows\SysNative\drivers\usbport.sys.bak
C:\windows\SysNative\drivers\usbrpm.sys.bak
C:\windows\SysNative\drivers\USBCAMD2.sys.bak
C:\windows\SysNative\drivers\usb8023.sys.bak
C:\windows\SysNative\drivers\usbd.sys.bak
C:\windows\SysNative\drivers\storport.sys.bak
C:\windows\SysNative\drivers\stream.sys.bak
C:\windows\SysNative\drivers\tape.sys.bak
C:\windows\SysNative\drivers\tdi.sys.bak
C:\windows\SysNative\drivers\spsys.sys.bak
C:\windows\SysNative\drivers\stexstor.sys.bak
C:\windows\SysNative\drivers\smclib.sys.bak
C:\windows\SysNative\drivers\scsiport.sys.bak
C:\windows\SysNative\drivers\Rt64win7.sys.bak
C:\windows\SysNative\drivers\rmcast.sys.bak
C:\windows\SysNative\drivers\RNDISMP.sys.bak
C:\windows\SysNative\drivers\rootmdm.sys.bak
C:\windows\SysNative\drivers\portcls.sys.bak
C:\windows\SysNative\drivers\pciidex.sys.bak
C:\windows\SysNative\drivers\netio.sys.bak
C:\windows\SysNative\drivers\mcd.sys.bak
C:\windows\SysNative\drivers\mbam.sys.bak
C:\windows\SysNative\drivers\lvuvc64.sys.bak
C:\windows\SysNative\drivers\lvrs64.sys.bak
C:\windows\SysNative\drivers\lsi_sas2.sys.bak
C:\windows\SysNative\drivers\irda.sys.bak
C:\windows\SysNative\drivers\igdkmd64.sys.bak
C:\windows\SysNative\drivers\iaStor.sys.bak
C:\windows\SysNative\drivers\HpSAMD.sys.bak
C:\windows\SysNative\drivers\hidclass.sys.bak
C:\windows\SysNative\drivers\hidparse.sys.bak
C:\windows\SysNative\drivers\FWPKCLNT.SYS.bak
C:\windows\SysNative\drivers\hcw85cir.sys.bak
C:\windows\SysNative\drivers\fs_rec.sys.bak
C:\windows\SysNative\drivers\evbda.sys.bak
C:\windows\SysNative\drivers\dxgmms1.sys.bak
C:\windows\SysNative\drivers\drmk.sys.bak
C:\windows\SysNative\drivers\dxg.sys.bak
C:\windows\SysNative\drivers\dumpfve.sys.bak
C:\windows\SysNative\drivers\Dumpata.sys.bak
C:\windows\SysNative\drivers\Diskdump.sys.bak
C:\windows\SysNative\drivers\dxapi.sys.bak
C:\windows\SysNative\drivers\Classpnp.sys.bak
C:\windows\SysNative\drivers\crashdmp.sys.bak
C:\windows\SysNative\drivers\bxvbda.sys.bak
C:\windows\SysNative\drivers\b57nd60a.sys.bak
C:\windows\SysNative\drivers\ataport.sys.bak
C:\windows\SysNative\drivers\battc.sys.bak
C:\windows\SysNative\drivers\amdsbs.sys.bak
C:\windows\SysNative\drivers\amdsata.sys.bak
C:\windows\SysNative\drivers\amdxata.sys.bak
C:\windows\SysNative\drivers\1394bus.sys.bak

:COMMANDS
[emptytemp]


Warning: This fix is relevant for this system and no other. If you are not this user, DO NOT follow these directions as they could damage the workings of your system.

2. Please re-open Posted Image on your desktop. To do that:
  • Vista and 7 users: Right click the icon and click Run as Administrator
3. Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
4. Click the Posted Image button.
5. Let the program run unhindered.
6. OTL may ask to reboot the machine. Please do so if asked.
7. Click the Posted Image button.
8. A report will open. Copy and Paste that report in your next reply.
9. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).


Step-2.

Please look in the C:\Temp folder and let me know if anythig else is in there.


Step-3.

Run Security Check

Download Security Check from here or here and save it to the Desktop.
  • Right click the SecurityCheck icon Posted Image and click Run as Administrator to run the application. Allow any UAC warnings.
  • Follow the onscreen instructions inside of the black box.

    Posted Image
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step-4.

Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Was there anything else in the C:\Temp folder?
2. The OTL fixes log
3. The checkup.txt log
  • 0

#22
odog

odog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
You're the best godawgs ! Here is the info and log files you requested,

1. C:\temp folder is empty

2. OTL log

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\temp\foo.txt moved successfully.
C:\windows\SysNative\drivers\wmilib.sys.bak moved successfully.
C:\windows\SysNative\drivers\watchdog.sys.bak moved successfully.
C:\windows\SysNative\drivers\WdfLdr.sys.bak moved successfully.
C:\windows\SysNative\drivers\videoprt.sys.bak moved successfully.
C:\windows\SysNative\drivers\usbport.sys.bak moved successfully.
C:\windows\SysNative\drivers\usbrpm.sys.bak moved successfully.
C:\windows\SysNative\drivers\USBCAMD2.sys.bak moved successfully.
C:\windows\SysNative\drivers\usb8023.sys.bak moved successfully.
C:\windows\SysNative\drivers\usbd.sys.bak moved successfully.
C:\windows\SysNative\drivers\storport.sys.bak moved successfully.
C:\windows\SysNative\drivers\stream.sys.bak moved successfully.
C:\windows\SysNative\drivers\tape.sys.bak moved successfully.
C:\windows\SysNative\drivers\tdi.sys.bak moved successfully.
C:\windows\SysNative\drivers\spsys.sys.bak moved successfully.
C:\windows\SysNative\drivers\stexstor.sys.bak moved successfully.
C:\windows\SysNative\drivers\smclib.sys.bak moved successfully.
C:\windows\SysNative\drivers\scsiport.sys.bak moved successfully.
C:\windows\SysNative\drivers\Rt64win7.sys.bak moved successfully.
C:\windows\SysNative\drivers\rmcast.sys.bak moved successfully.
C:\windows\SysNative\drivers\RNDISMP.sys.bak moved successfully.
C:\windows\SysNative\drivers\rootmdm.sys.bak moved successfully.
C:\windows\SysNative\drivers\portcls.sys.bak moved successfully.
C:\windows\SysNative\drivers\pciidex.sys.bak moved successfully.
C:\windows\SysNative\drivers\netio.sys.bak moved successfully.
C:\windows\SysNative\drivers\mcd.sys.bak moved successfully.
C:\windows\SysNative\drivers\mbam.sys.bak moved successfully.
C:\windows\SysNative\drivers\lvuvc64.sys.bak moved successfully.
C:\windows\SysNative\drivers\lvrs64.sys.bak moved successfully.
C:\windows\SysNative\drivers\lsi_sas2.sys.bak moved successfully.
C:\windows\SysNative\drivers\irda.sys.bak moved successfully.
C:\windows\SysNative\drivers\igdkmd64.sys.bak moved successfully.
C:\windows\SysNative\drivers\iaStor.sys.bak moved successfully.
C:\windows\SysNative\drivers\HpSAMD.sys.bak moved successfully.
C:\windows\SysNative\drivers\hidclass.sys.bak moved successfully.
C:\windows\SysNative\drivers\hidparse.sys.bak moved successfully.
C:\windows\SysNative\drivers\FWPKCLNT.SYS.bak moved successfully.
C:\windows\SysNative\drivers\hcw85cir.sys.bak moved successfully.
C:\windows\SysNative\drivers\fs_rec.sys.bak moved successfully.
C:\windows\SysNative\drivers\evbda.sys.bak moved successfully.
C:\windows\SysNative\drivers\dxgmms1.sys.bak moved successfully.
C:\windows\SysNative\drivers\drmk.sys.bak moved successfully.
C:\windows\SysNative\drivers\dxg.sys.bak moved successfully.
C:\windows\SysNative\drivers\dumpfve.sys.bak moved successfully.
C:\windows\SysNative\drivers\Dumpata.sys.bak moved successfully.
C:\windows\SysNative\drivers\Diskdump.sys.bak moved successfully.
C:\windows\SysNative\drivers\dxapi.sys.bak moved successfully.
C:\windows\SysNative\drivers\Classpnp.sys.bak moved successfully.
C:\windows\SysNative\drivers\crashdmp.sys.bak moved successfully.
C:\windows\SysNative\drivers\bxvbda.sys.bak moved successfully.
C:\windows\SysNative\drivers\b57nd60a.sys.bak moved successfully.
C:\windows\SysNative\drivers\ataport.sys.bak moved successfully.
C:\windows\SysNative\drivers\battc.sys.bak moved successfully.
C:\windows\SysNative\drivers\amdsbs.sys.bak moved successfully.
C:\windows\SysNative\drivers\amdsata.sys.bak moved successfully.
C:\windows\SysNative\drivers\amdxata.sys.bak moved successfully.
C:\windows\SysNative\drivers\1394bus.sys.bak moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: thanhnguyen
->Temp folder emptied: 3993479 bytes
->Temporary Internet Files folder emptied: 28410712 bytes
->FireFox cache emptied: 22933839 bytes
->Flash cache emptied: 798 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 294954 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 53.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01032014_124004

Files\Folders moved on Reboot...
C:\Users\thanhnguyen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...


3. Checkup.txt

Results of screen317's Security Check version 0.99.78
Windows 7 x64
Out of date service pack!!
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Adobe Flash Player 11.9.900.170
Adobe Reader 10.1.8 Adobe Reader out of Date!
Mozilla Firefox (26.0)
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````


Have a great weekend ! I will be back on Monday.
  • 0

#23
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts

You're the best godawgs !

:blush: Thank you.

Windows needs to be updated to the latest service pack. Since support ended for Windows 7 without service pack 1 on April 9, 2013 Windows Updates probably has not been working for a long time. You will need to download the Service Pack and install it off line. After the service pack has been installed Windows Updates will work again and you will likely have a lot of updates from Microsoft update to install.


Step-1.

Download and Install Window 7 Service Pack 1

  • Click here to go to the Windows 7 Service Pack 1 download webpage on the Microsoft website, and then click Continue.
  • Choose the 64-bit (x64) version of SP1 (windows6.1-KB976932-X64.exe) and then click Download.
  • Save and download the Desktop and then close the browser and all other open windows.
  • Disable the antivirus program. To do that:
    • Right-click on the avast! icon in system tray (looks like this: Posted Image but orange in color starting with v5). Select avast! shields control and there will be options to disable avast for 10 minutes, 1 hour, until the computer is restarted or permanently.
    • Select Permanently and reboot the computer.
  • When you're ready to install SP1, double-click the file you downloaded.
  • On the Install Windows 7 Service Pack 1 page, click Next.
  • Follow the instructions on your screen. Your computer might restart during the installation.
  • After installation is complete, log on to your computer at the Windows logon prompt. You might see a notification indicating whether the update was successful.
  • If you disabled your antivirus software, enable it again.
Let me know if there was a problem downloading or installing SP1.

Step-2.

If the service pack installed successfully, click the Start Orb. In the Start Search box type Windows Update and press the Enter key. The Windows Update page will open. Download and install all Critical or Important updates. I usually only install 1 or 2 at a time and then make sure there isn't a problem with Windows, then install the next 1 or 2.

Once you have gotten this far let me know.
  • 0

#24
odog

odog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Well, that was a heck of a way to start the day ... downloaded and tried to run AND ... blue screen of death ... rebooted and i am back ... when the program opened it said there was a problem and directed me to a link regarding "Check for system update readiness" "http://go.microsoft....?LinkId=122602", clicked on that and then video went crazy and blue screen ...
  • 0

#25
odog

odog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
BTW, i hate windows ... ok now i feel better ... so i guess i need some Microsoft KY jelly prior to the updating ... i see some available, is this it ?

http://www.microsoft...s.aspx?id=20858

It must be an epiphany, HAHAHAHA , today is epiphany day for orthodox christians.
  • 0

Advertisements


#26
odog

odog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
ok, downloaded the microsoft KY jelly, ran it, restarted, then ran SP1, seems to be service packing OK now, AHHHHH, epiphany!
  • 0

#27
odog

odog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
ok, got update to work, groooooan, 118 updates, updating away ...
  • 0

#28
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Yep. I hate updating Windows too. If the SP1 won't install the next thing we recommend is running the System Readiness Tool. I'm glad the SP installed and Microsoft Updates are working again. If SP2 is ever offered you need to make sure it is installed asap as Microsoft will discontinue support for SP1 shortly after SP2 in introduced and the Microsoft Update will stop working again.

Your Adobe Reader is out of date. We will update that then if everything is OK we will clean up the tools used and I will give you some suggestions for keeping the computer secure.


Update Adobe Reader

Earlier versions of Adobe Reader have known security flaws so it is recommended that you update your copy.
  • Click the Start Orb and click Control Panel. Under the Programs heading click Uninstall a program
  • Remove ALL instances of Adobe Reader. The version(s) I see on the computer are:
    • Adobe Reader 10.1.8
  • Right click each program and click Uninstall
  • Re-boot your computer as required.
  • Once ALL versions of Adobe Reader have been uninstalled, download the latest version of Adobe Reader from Here.
  • Remove the check mark next to Yes, install McAfee Security Scan Plus-optional box.
  • Click the Download Now button to download Adobe Reader and follow the directions.
Alternative Option: After uninstalling Adobe Reader, you could try installing Foxit Reader from HERE. Foxit Reader is a much smaller program. It has fewer add-ons therefore loads more quickly.
NOTE: When installing FoxitReader, be careful not to install anything to do with AskBar or any other 3rd party software.


Things For Your Next Post:
Please post the logs in the order requested. Do Not attach the logs unless I request it.
1. Let me know how the update went.
2. Let me know if any issues remain.
  • 0

#29
odog

odog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
I had to download the Systems Readinaess Tool Microsoft KY jelly to get SP1 to work, download finished, now it is installing, ggggggrrrrrrooooooooooaaaaann.
  • 0

#30
odog

odog

    Member

  • Topic Starter
  • Member
  • PipPip
  • 23 posts
Actually, the Windows Update finished downloading and now it is installing the updates ...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP