Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91521 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Help with PC Issues running slow and new files appearing [Closed] [Sol


  • This topic is locked This topic is locked
47 replies to this topic

#16 XoXo_LuLu_XoXo

XoXo_LuLu_XoXo

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 11 December 2013 - 11:33 PM

All processes killed
========== OTL ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Rose
->Temp folder emptied: 71598353 bytes
->Temporary Internet Files folder emptied: 4696223 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 425995947 bytes
->Flash cache emptied: 826 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1082221 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 20953 bytes
 
Total Files Cleaned = 480.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12112013_231240
 
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP00000006FE6D6A889A54D04C not found!
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16520  BrowserJavaVersion: 10.45.2
Run by Rose at 23:26:26 on 2013-12-11
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.2038.523 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\notepad.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.bing.com
mStart Page = hxxp://www.google.com
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
uPolicies-Explorer: NoDriveTypeAutoRun = dword:189
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:189
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
mPolicies-System: EnableSecureUIAPath = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AD67D9B2-CA97-45C7-82AF-F82320ED645F} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{E343DDE5-E345-4655-97A9-44B48425462F} : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2013-9-24 572528]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-6-30 21576]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-6-15 37664]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-9-24 213392]
R2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-10-23 281560]
R2 McAPExe;McAfee AP Service;c:\program files\mcafee\msc\McAPExe.exe [2013-10-23 145088]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-10-23 281560]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-10-23 281560]
R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-10-23 281560]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-10-23 281560]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-10-23 638976]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-10-23 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-10-23 172416]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-9-24 60920]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-9-24 236000]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-9-24 365416]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2013-9-20 301248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ekrn;ESET Service;"c:\program files\eset\eset nod32 antivirus\ekrn.exe" --> c:\program files\eset\eset nod32 antivirus\ekrn.exe [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 BAVSvc;Baidu Antivirus Service;c:\program files\baidu security\cloud security\BAVSvc.exe [2013-6-17 1733992]
S3 ezSharedSvc;Easybits Services for Windows;c:\windows\system32\ezSharedSvcHost.exe [2013-2-9 517192]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2012-7-5 19456]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-10-23 147912]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-9-24 65928]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2013-9-20 80656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2013-12-11 02:47:34 7772552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f68451c8-6d2c-4a89-a29d-03d4d074aec6}\mpengine.dll
2013-12-07 12:17:02 -------- d-----w- c:\program files\ESET
2013-12-04 12:05:49 -------- d-----w- c:\users\rose\appdata\local\CrashDumps
2013-11-27 04:34:38 -------- d-----w- C:\AdwCleaner
2013-11-23 21:13:34 -------- d-----w- C:\_OTL
2013-11-18 20:14:07 -------- d-----w- c:\program files\My Dell
2013-11-14 19:17:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-14 19:17:02 768512 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-11-14 19:17:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 19:17:02 149744 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-11-14 19:17:01 194560 ----a-w- c:\program files\internet explorer\IEShims.dll
2013-11-14 19:17:01 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 19:17:00 194560 ----a-w- c:\program files\internet explorer\ieproxy.dll
2013-11-14 19:17:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 19:16:59 757488 ----a-w- c:\program files\internet explorer\iexplore.exe
2013-11-14 19:16:59 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 19:16:58 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2013-11-14 19:16:58 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2013-11-14 19:16:58 104448 ----a-w- c:\program files\internet explorer\jsdebuggeride.dll
2013-11-14 19:16:57 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 00:20:14 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-11-14 00:20:07 993792 ----a-w- c:\windows\system32\crypt32.dll
2013-11-14 00:19:50 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-14 00:19:49 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
.
==================== Find3M  ====================
.
2013-12-11 03:15:30 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 03:15:30 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-11 11:50:18 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-04 23:22:36 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-11-04 23:17:14 213392 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-11-04 23:16:54 172416 ----a-w- c:\windows\system32\mfevtps.exe
2013-11-04 23:12:26 572528 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-11-04 23:10:42 365416 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-11-04 23:10:02 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2013-11-04 23:09:20 236000 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-11-04 23:08:22 133992 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-10-08 12:50:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-23 18:48:38 147912 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2013-09-20 14:37:40 10152 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2013-09-20 14:37:24 80656 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2013-09-20 14:37:10 301248 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
.
============= FINISH: 23:28:49.29 ===============
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16520  BrowserJavaVersion: 10.45.2
Run by Rose at 23:26:26 on 2013-12-11
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.2038.523 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\notepad.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.bing.com
mStart Page = hxxp://www.google.com
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
uPolicies-Explorer: NoDriveTypeAutoRun = dword:189
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:189
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
mPolicies-System: EnableSecureUIAPath = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AD67D9B2-CA97-45C7-82AF-F82320ED645F} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{E343DDE5-E345-4655-97A9-44B48425462F} : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2013-9-24 572528]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-6-30 21576]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-6-15 37664]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-9-24 213392]
R2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-10-23 281560]
R2 McAPExe;McAfee AP Service;c:\program files\mcafee\msc\McAPExe.exe [2013-10-23 145088]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-10-23 281560]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-10-23 281560]
R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-10-23 281560]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-10-23 281560]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-10-23 638976]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-10-23 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-10-23 172416]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-9-24 60920]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-9-24 236000]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-9-24 365416]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2013-9-20 301248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ekrn;ESET Service;"c:\program files\eset\eset nod32 antivirus\ekrn.exe" --> c:\program files\eset\eset nod32 antivirus\ekrn.exe [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 BAVSvc;Baidu Antivirus Service;c:\program files\baidu security\cloud security\BAVSvc.exe [2013-6-17 1733992]
S3 ezSharedSvc;Easybits Services for Windows;c:\windows\system32\ezSharedSvcHost.exe [2013-2-9 517192]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2012-7-5 19456]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-10-23 147912]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-9-24 65928]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2013-9-20 80656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2013-12-11 02:47:34 7772552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f68451c8-6d2c-4a89-a29d-03d4d074aec6}\mpengine.dll
2013-12-07 12:17:02 -------- d-----w- c:\program files\ESET
2013-12-04 12:05:49 -------- d-----w- c:\users\rose\appdata\local\CrashDumps
2013-11-27 04:34:38 -------- d-----w- C:\AdwCleaner
2013-11-23 21:13:34 -------- d-----w- C:\_OTL
2013-11-18 20:14:07 -------- d-----w- c:\program files\My Dell
2013-11-14 19:17:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-14 19:17:02 768512 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-11-14 19:17:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 19:17:02 149744 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-11-14 19:17:01 194560 ----a-w- c:\program files\internet explorer\IEShims.dll
2013-11-14 19:17:01 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 19:17:00 194560 ----a-w- c:\program files\internet explorer\ieproxy.dll
2013-11-14 19:17:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 19:16:59 757488 ----a-w- c:\program files\internet explorer\iexplore.exe
2013-11-14 19:16:59 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 19:16:58 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2013-11-14 19:16:58 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2013-11-14 19:16:58 104448 ----a-w- c:\program files\internet explorer\jsdebuggeride.dll
2013-11-14 19:16:57 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 00:20:14 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-11-14 00:20:07 993792 ----a-w- c:\windows\system32\crypt32.dll
2013-11-14 00:19:50 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-14 00:19:49 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
.
It seems to be running the same as before, at times it runs fine but other times it runs real slow.
 

    Advertisements

Register to Remove


#17 XoXo_LuLu_XoXo

XoXo_LuLu_XoXo

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 13 December 2013 - 12:10 AM

I'm not sure if this could be related or not but today it seems like my fan has been running a lot louder and more often.. and PC has been freezing up.  



#18 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 14 December 2013 - 11:21 AM

Hello, XoXo_LuLu_XoXo.
 
Thank you for the additional information and your log reports.  You sent me the dds.txt report twice.  Can you please look for and send me a copy of attach.txt which is the second report that was produced when you ran DDS?
 
It would be helpful if you can provide me with the following information:

  • How old is your computer?
  • Is it a laptop or desktop?
  • Does it freeze when you work in Safe Mode?
  • Are you receiving any error messages when you are using the internet or other programs, and if so, what are they?
  • When is it freezing--when browsing? when working on documents?

There are still several things we can do to try to remedy your computer's slow performance.  Let's begin with the following:
 
Loud Fan
 
There are many reasons why your computer is running loudly, including a dust-clogged fan, errors on your hard disk, an older and/or overloaded Central Processing Unit, the fan needs replacement, . . . .  You can try to clean your fan using the following illustrated guide found  HERE.
 
Disk Cleanup
 
To remove useless files:

  • Click Start > All Programs > Accessories > System Tools > Disk Cleanup.
  • Click OK to begin the Disk Cleanup

Run CHKDSK
 
This is a built in utility that will check your hard for errors and attempts to repair any problems.

  • Click Start > Computer.
  • Right click on Local Disk C: > Properties > Tools.
  • Under Error-checking, click Check Now. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  • To check for both file errors and physical errors, select both Automatically fix file system errors and Scan for and attempt recovery of bad sectors.
  • Click Start.

    Note: Depending upon the size of your hard disk, this may take several minutes. Do not use your computer for any other tasks while it's checking for errors.

Clear Browser History and Cookies

For any of the following browsers that you may be using:

Internet Explorer

  • Open Internet Explorer.
  • Click Tools > Internet Options found at the bottom.
  • In the General tab, under Browser history, click Delete.
  • Check mark all options and click Delete. If you want to preserve Passwords or Form Data, leave these unchecked.

Firefox

  • Open Firefox.
  • Click Tools > Clear Recent History.
  • Expand the Details option.
  • Check mark Browsing & download history and Cookies.
  • From the drop down menu, select Everything.
  • Click Clear Now.

For Google Chrome

  • Open Chrome.
  • Click the Chrome menu icon (wrench or 3 bars) at the top right of the browser window.
  • Select Tools.
  • Select Clear browsing data. The Clear browsing data dialogue box appears in a new tab.
  • From the drop-down menu next to Obliterate the following items from:, select the beginning of time.
  • Check mark the following items:
    • Empty the cache
    • Delete cookies and other site and plug-in data
    • Click Clear browsing data.

Defragment Hard Disk

  • To open Disk Defragmenter:  Click Start.
  • In the search box, type Disk Defragmenter > Select Disk Defragmenter.
  • Under Current status, select the disk you want to defragment. (ex. C:)
  • To determine if the disk needs to be defragmented or not, click Analyze disk. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
  • Once Windows is finished analyzing the disk,  check the percentage of fragmentation on the disk in the Last Run column. If the number is above 10%, you should defragment the disk:
  • Click Defragment disk.  If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Note:  Disk Defragmenter might take from several minutes to a few hours to finish, depending on the size and degree of fragmentation of your hard disk. You can still use your computer during the defragmentation process.

 

In your next reply, please let me know if  your computer's performance has improved.

 



#19 fbfbfb

fbfbfb

    SuperMember

  • Malware Team
  • 1,218 posts

Posted 18 December 2013 - 04:54 PM

Hello, XoXo_LuLu_XoXo.

 

Are you still with me?  Do you still need help?



#20 XoXo_LuLu_XoXo

XoXo_LuLu_XoXo

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 24 December 2013 - 04:23 AM

Sorry for delayed response, ice storm and no connection should be working again soon. Would you still help me with laptop when connectivity is working right again. Thank You



#21 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,200 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 24 December 2013 - 06:47 AM

Hi,

 

fbfbfb is away and if you dont mind I will be taking over for her, please run her instructions when you can and post back


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#22 XoXo_LuLu_XoXo

XoXo_LuLu_XoXo

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 27 December 2013 - 09:37 PM

  Yes I am, Sorry about the prolonged response. Thank You for keeping thread open and helping me fix PC issues.

I lost connection to internet access and then a ice storm cause connection issues.
 
===============================================
DDS attach.txt log:
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16520  BrowserJavaVersion: 10.45.2
Run by Rose at 23:26:26 on 2013-12-11
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.2038.523 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\notepad.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.bing.com
mStart Page = hxxp://www.google.com
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
uPolicies-Explorer: NoDriveTypeAutoRun = dword:189
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:189
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
mPolicies-System: EnableSecureUIAPath = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AD67D9B2-CA97-45C7-82AF-F82320ED645F} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{E343DDE5-E345-4655-97A9-44B48425462F} : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2013-9-24 572528]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-6-30 21576]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-6-15 37664]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-9-24 213392]
R2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-10-23 281560]
R2 McAPExe;McAfee AP Service;c:\program files\mcafee\msc\McAPExe.exe [2013-10-23 145088]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-10-23 281560]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-10-23 281560]
R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-10-23 281560]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-10-23 281560]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-10-23 638976]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-10-23 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-10-23 172416]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-9-24 60920]
R3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-9-24 236000]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-9-24 365416]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2013-9-20 301248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ekrn;ESET Service;"c:\program files\eset\eset nod32 antivirus\ekrn.exe" --> c:\program files\eset\eset nod32 antivirus\ekrn.exe [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 BAVSvc;Baidu Antivirus Service;c:\program files\baidu security\cloud security\BAVSvc.exe [2013-6-17 1733992]
S3 ezSharedSvc;Easybits Services for Windows;c:\windows\system32\ezSharedSvcHost.exe [2013-2-9 517192]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2012-7-5 19456]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-10-23 147912]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-9-24 65928]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2013-9-20 80656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2013-12-11 02:47:34 7772552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{f68451c8-6d2c-4a89-a29d-03d4d074aec6}\mpengine.dll
2013-12-07 12:17:02 -------- d-----w- c:\program files\ESET
2013-12-04 12:05:49 -------- d-----w- c:\users\rose\appdata\local\CrashDumps
2013-11-27 04:34:38 -------- d-----w- C:\AdwCleaner
2013-11-23 21:13:34 -------- d-----w- C:\_OTL
2013-11-18 20:14:07 -------- d-----w- c:\program files\My Dell
2013-11-14 19:17:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-14 19:17:02 768512 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-11-14 19:17:02 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 19:17:02 149744 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-11-14 19:17:01 194560 ----a-w- c:\program files\internet explorer\IEShims.dll
2013-11-14 19:17:01 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 19:17:00 194560 ----a-w- c:\program files\internet explorer\ieproxy.dll
2013-11-14 19:17:00 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 19:16:59 757488 ----a-w- c:\program files\internet explorer\iexplore.exe
2013-11-14 19:16:59 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 19:16:58 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2013-11-14 19:16:58 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2013-11-14 19:16:58 104448 ----a-w- c:\program files\internet explorer\jsdebuggeride.dll
2013-11-14 19:16:57 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-14 00:20:14 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-11-14 00:20:07 993792 ----a-w- c:\windows\system32\crypt32.dll
2013-11-14 00:19:50 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-14 00:19:49 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
.
==================== Find3M  ====================
.
2013-12-11 03:15:30 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 03:15:30 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-11 11:50:18 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-04 23:22:36 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-11-04 23:17:14 213392 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-11-04 23:16:54 172416 ----a-w- c:\windows\system32\mfevtps.exe
2013-11-04 23:12:26 572528 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-11-04 23:10:42 365416 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-11-04 23:10:02 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2013-11-04 23:09:20 236000 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-11-04 23:08:22 133992 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-10-08 12:50:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-09-23 18:48:38 147912 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2013-09-20 14:37:40 10152 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2013-09-20 14:37:24 80656 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2013-09-20 14:37:10 301248 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
.
============= FINISH: 23:28:49.29 ===============
 
I completed all the steps suggested. And the pc seems to be running a tad bit better, and Fan sound like it is a small bit quieter not much tho. and also I started the defrag and ran an errand for about an hour and when I came back I seen the screen was still on and it was complete defragging the drives (I'm hoping) but bfore I could sit down to check everything out. The screen went black with a blinking verticall white line in the top left hand corner. I had to hard reset the laptop in order to get the OS restarted.


#23 XoXo_LuLu_XoXo

XoXo_LuLu_XoXo

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 28 December 2013 - 04:52 AM

here are the OTL results you requested. But before I post. I apologize for my girlfriend. She has not been able to respond as much, although it's very needed, as she'd like to. Oh sorry I am also a member. oreo918 is my member name. If I have broken any rules by taking over her deal with you all in my own hands. then I sincerely apologize. 
 

To answer the questions that have been asked, specifically "How is the pc running?" 
  Well I have a much faster pc so it's hard to tell, But just doing the last step I noticed that things started to speed up a very small bit if any. When you are browsing it is still very choppy, very laggy for some reason. And I don't know how many times today I have had something pop up, or go to exit a program, and I've had to click the X or whatever popup option atleast 3 times before it caught up. Although one good thing I can say is I have not had this thing crash on me all day long, But I think one of y'all suggested the fan. And low and behold I went START>>>CONTROL PANEL>>>SYSTEM AND MAINTENANCE>>>SYSTEM>>>POWER OPTIONS>>>CHANGE PLAN SETTINGS>>>

>>>ADVANCED POWER  SETTINGS>>> that's where I scrolled down to PROCESSOR POWER MANAGEMENT expanded that folder went and expanded MAX POWER STATE changed the ON BATTERY and PLUGGED IN percentages both to 90%. To keep it from overheating. Will this affect her laptop in a negative way? and how will I get to the point where I can set it back to 100% in the event that I need to keep it as I set it.?

 

Thank You ALL for your time

And Merry Christmas, and 

Happy new years. :c)

 

with out further a do here are the requested information.

 

All processes killed

========== OTL ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: Rose
->Temp folder emptied: 20971990 bytes
->Temporary Internet Files folder emptied: 1469532 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 354035771 bytes
->Flash cache emptied: 826 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23030531 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 14096466 bytes
 
Total Files Cleaned = 394.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12282013_034532
 
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP00000031C19DB07480B9054C not found!
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...
 
=============    DDS LOGFILE    ===========
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16526  BrowserJavaVersion: 10.45.2
Run by Rose at 4:30:40 on 2013-12-28
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.2038.592 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.bing.com
mStart Page = hxxp://www.google.com
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [mcpltui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
uPolicies-Explorer: NoDriveTypeAutoRun = dword:189
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: EnableShellExecuteHooks = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:189
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: HideFastUserSwitching = dword:0
mPolicies-System: EnableSecureUIAPath = dword:1
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AD67D9B2-CA97-45C7-82AF-F82320ED645F} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{E343DDE5-E345-4655-97A9-44B48425462F} : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files\mcafee\msc\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\615\G2AWinLogon.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2013-9-24 572528]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2013-6-30 21576]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2013-6-15 37664]
R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2013-9-24 213392]
R2 HomeNetSvc;McAfee Home Network;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-10-23 281560]
R2 McAPExe;McAfee AP Service;c:\program files\mcafee\msc\McAPExe.exe [2013-10-23 145088]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-10-23 281560]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-10-23 281560]
R2 mcpltsvc;McAfee Platform Services;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-10-23 281560]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\platform\mcsvchost\McSvHost.exe [2013-10-23 281560]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\common files\mcafee\amcore\mcshield.exe [2013-10-23 638976]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2013-10-23 169320]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2013-10-23 172416]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2013-9-24 60920]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2013-9-24 236000]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2013-9-24 365416]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [2013-9-20 301248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 ekrn;ESET Service;"c:\program files\eset\eset nod32 antivirus\ekrn.exe" --> c:\program files\eset\eset nod32 antivirus\ekrn.exe [?]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-5-13 30312]
S3 BAVSvc;Baidu Antivirus Service;c:\program files\baidu security\cloud security\BAVSvc.exe [2013-6-17 1733992]
S3 ezSharedSvc;Easybits Services for Windows;c:\windows\system32\ezSharedSvcHost.exe [2013-2-9 517192]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2012-7-5 19456]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2013-10-23 147912]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2013-9-24 65928]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [2013-9-20 80656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
.
=============== Created Last 30 ================
.
2013-12-27 22:09:28 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{4c47ed29-9732-4d89-9166-3b7e37335b75}\mpengine.dll
2013-12-24 05:40:51 -------- d-----w- c:\windows\Migration
2013-12-12 18:38:12 -------- d-----w- C:\ca6ac47aa4eb98a7db06ca
2013-12-12 18:36:59 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2013-12-12 18:36:59 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2013-12-12 18:36:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-12-11 22:30:29 2050560 ----a-w- c:\windows\system32\win32k.sys
2013-12-11 22:30:22 335360 ----a-w- c:\windows\system32\SysFxUI.dll
2013-12-11 22:30:22 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll
2013-12-11 22:30:21 167936 ----a-w- c:\windows\system32\drivers\portcls.sys
2013-12-11 22:30:20 130048 ----a-w- c:\windows\system32\drivers\drmk.sys
2013-12-11 22:30:07 155648 ----a-w- c:\windows\system32\wscript.exe
2013-12-11 22:30:07 131072 ----a-w- c:\windows\system32\wshom.ocx
2013-12-11 22:30:06 172032 ----a-w- c:\windows\system32\scrrun.dll
2013-12-11 22:30:06 135168 ----a-w- c:\windows\system32\cscript.exe
2013-12-11 22:30:05 36864 ----a-w- c:\windows\system32\wshcon.dll
2013-12-11 22:30:00 158208 ----a-w- c:\windows\system32\imagehlp.dll
2013-12-07 12:17:02 -------- d-----w- c:\program files\ESET
2013-12-04 12:05:49 -------- d-----w- c:\users\rose\appdata\local\CrashDumps
.
==================== Find3M  ====================
.
2013-12-11 03:15:30 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 03:15:30 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-26 18:25:54 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-14 22:50:50 1806848 ----a-w- c:\windows\system32\jscript9.dll
2013-11-14 22:42:41 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-11-14 22:38:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-14 22:38:16 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-11-14 22:35:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-04 23:22:36 60920 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-11-04 23:17:14 213392 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-11-04 23:16:54 172416 ----a-w- c:\windows\system32\mfevtps.exe
2013-11-04 23:12:26 572528 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-11-04 23:10:42 365416 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-11-04 23:10:02 65928 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2013-11-04 23:09:20 236000 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-11-04 23:08:22 133992 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-10-11 02:08:02 444928 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-11 02:07:57 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-08 12:50:41 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-10-03 12:45:50 297984 ----a-w- c:\windows\system32\gdi32.dll
2013-10-03 12:45:45 993792 ----a-w- c:\windows\system32\crypt32.dll
.
============= FINISH:  4:31:53.45 ===============
 

===========  ATTACH LOGFILE ===========

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic 
Boot Device: \Device\HarddiskVolume3
Install Date: 9/2/2009 1:50:35 PM
System Uptime: 12/28/2013 3:48:39 AM (1 hours ago)
.
Motherboard: Dell Inc. |  | 0Y487G
Processor: Intel® Celeron® CPU          560  @ 2.13GHz | Microprocessor | 1851/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 134 GiB total, 81.222 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 8.068 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0002
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0002
Service: tunmp
.
==== System Restore Points ===================
.
RP621: 12/3/2013 6:48:34 AM - Scheduled Checkpoint
RP622: 12/3/2013 7:37:54 AM - Windows Update
RP623: 12/5/2013 2:39:37 AM - Scheduled Checkpoint
RP624: 12/6/2013 8:19:31 AM - Scheduled Checkpoint
RP625: 12/6/2013 5:27:32 PM - Windows Update
RP626: 12/7/2013 6:39:04 AM - Device Driver Package Install: Eset spol s r. o.
RP627: 12/7/2013 6:40:24 AM - Device Driver Package Install: Eset spol s r. o.
RP628: 12/7/2013 6:40:50 AM - Device Driver Package Install: Eset spol s r. o.
RP629: 12/7/2013 6:41:21 AM - Device Driver Package Install: Eset spol s r. o.
RP630: 12/9/2013 3:45:55 AM - Scheduled Checkpoint
RP631: 12/10/2013 8:45:32 PM - Windows Update
RP632: 12/12/2013 12:34:01 PM - Windows Update
RP633: 12/13/2013 3:46:52 AM - Scheduled Checkpoint
RP634: 12/23/2013 11:11:25 PM - McAfee Vulnerability Scanner
RP635: 12/23/2013 11:11:47 PM - Windows Update
RP636: 12/23/2013 11:33:46 PM - Windows Update
RP637: 12/25/2013 1:12:48 AM - Scheduled Checkpoint
RP638: 12/27/2013 4:07:53 PM - Windows Update
RP639: 12/28/2013 4:26:37 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
AVG 2012
Bluetooth Stack for Windows by Toshiba
Canon Easy-PhotoPrint EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MG3100 series MP Drivers
Canon MG3100 series On-screen Manual
Canon MP Navigator EX 5.0
Canon My Printer
Canon Solution Menu EX
Compatibility Pack for the 2007 Office system
Conexant HD Audio
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Backup and Recovery Manager
Dell Driver Download Manager
Dell Touchpad
ESET Online Scanner v3
Google Chrome
Google Update Helper
GoToAssist Corporate
HDAUDIO Soft Data Fax Modem with SmartCP
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
InstallMgr
Java 7 Update 45
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee SecurityCenter
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Default Manager
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft Works 6-9 Converter
MSN Toolbar
OGA Notifier 2.0.0048.0
PowerDVD
Roxio Activation Module
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Drag-to-Disc
Roxio Express Labeler 3
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2837597) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195
.
==== Event Viewer Messages From Past Week ========
.
12/28/2013 3:50:39 AM, Error: Service Control Manager [7000]  - The Parallel port driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
12/28/2013 3:50:39 AM, Error: Service Control Manager [7000]  - The ESET Service service failed to start due to the following error:  The system cannot find the file specified.
12/28/2013 3:49:09 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 126
12/28/2013 3:48:57 AM, Error: volmgr [49]  - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
12/27/2013 9:04:11 PM, Error: EventLog [6008]  - The previous system shutdown at 8:56:56 PM on 12/27/2013 was unexpected.
12/27/2013 3:54:47 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the McAfee Platform Services service to connect.
12/27/2013 3:54:47 PM, Error: Service Control Manager [7000]  - The McAfee Platform Services service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/27/2013 3:54:44 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1053" attempting to start the service mcpltsvc with arguments "" in order to run the server: {20966775-18A4-4299-B8E3-772C336B52A7}
12/27/2013 3:42:53 PM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 10.13.5.164 for the Network Card with network address 0017C4962377 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/27/2013 11:58:14 AM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.2 for the Network Card with network address 0017C4962377 has been denied by the DHCP server 1.1.1.1 (The DHCP Server sent a DHCPNACK message).
12/27/2013 11:56:03 AM, Error: EventLog [6008]  - The previous system shutdown at 9:33:00 AM on 12/27/2013 was unexpected.
12/25/2013 12:00:48 AM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.13 for the Network Card with network address 0017C4962377 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/25/2013 12:00:39 AM, Error: EventLog [6008]  - The previous system shutdown at 9:04:21 PM on 12/24/2013 was unexpected.
12/24/2013 8:17:13 PM, Error: EventLog [6008]  - The previous system shutdown at 8:14:38 PM on 12/24/2013 was unexpected.
12/23/2013 10:52:43 PM, Error: EventLog [6008]  - The previous system shutdown at 10:51:12 PM on 12/23/2013 was unexpected.
.
==== End Of File ===========================

 


Edited by XoXo_LuLu_XoXo, 28 December 2013 - 05:04 AM.


#24 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,200 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 28 December 2013 - 04:53 AM

Good Morning,

 

Empty your recycle bin .  Go to Programs and Features in the control panel and if its listed uninstall StrongVault

 

 

http://www.systemloo...VaultApp.exe&s=

 

 

The rest of your log looks fine.  Heat is one of the main killers of computers, if your still having problems with that noisy fan it may be failing.  Open the case, what fan is making noise, is it the exhaust fan on the rear of the case or the one sitting on top of your Processor ?   You may want to think about taking this computer into a shop and have it replaced.

 

Let me know about StrongVault


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#25 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,200 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 28 December 2013 - 04:53 AM

Looks like we crossed posts.  Thats fine helping your girlfriend.   Forgot to ask, is this a laptop or desktop ?


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove


#26 XoXo_LuLu_XoXo

XoXo_LuLu_XoXo

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 28 December 2013 - 12:06 PM

LoL paths did cross I guess. But no worries. You were correct in your assumption of  it being a Laptop. To be more precise a Dell Vostro A860 laptop computer. 

 

Now what do I do if the StrongVault application is not listed in the Control Panel? Because it is not there. I have everything set to show hidden programs and files. (I think anyways) And You didn't say anything about the link you posted above?? 

 

Sorry for the edit. But I just clicked your link which said it would be located in  \%AppData%\Local\Strongvault\  so I went through My Computer as follows C:\User\Rose\AppData\Local\ and didn't see any StrongVault file or folder located there. With it set to show all hidden files/folders


Edited by XoXo_LuLu_XoXo, 28 December 2013 - 12:36 PM.


#27 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,200 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 28 December 2013 - 12:26 PM

Hey,

 

Try this program to see if it finds it

 

http://www.fileparad...CFYQ7OgodDD0Aaw

 

 

Either way whether if finds it or no go ahead and run a new scan with OTL and post the new log please.  There wont be an extras log this time so dont knock your self out looking for it

 

I just posted the link in my last post to show you that strongvault was an unneeded program and should be removed


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#28 XoXo_LuLu_XoXo

XoXo_LuLu_XoXo

    Authentic Member

  • Authentic Member
  • PipPip
  • 35 posts

Posted 02 January 2014 - 10:52 PM

I could not find and uninstall StrongVault going through the control panel or using the application RevoUninstaller as you suggested here is the log from OTL as you requested

 

OTL logfile created on: 1/2/2014 9:44:59 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Rose\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.01% Memory free
3.42 Gb Paging File | 2.35 Gb Available in Paging File | 68.70% Paging File free
Paging file location(s): c:\pagefile.sys 1530 2000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 134.36 Gb Total Space | 80.16 Gb Free Space | 59.66% Space Free | Partition Type: NTFS
Drive D: | 14.65 Gb Total Space | 7.51 Gb Free Space | 51.30% Space Free | Partition Type: NTFS
 
Computer Name: LULU | User Name: Rose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\ProgramData\Updater\updater.exe (Updater)
PRC - C:\ProgramData\RHelpers\IeHelper\IeHelper.exe (WatchDog)
PRC - C:\ProgramData\RHelpers\FirefoxHelper\FirefoxHelper.exe (WatchDog)
PRC - C:\ProgramData\RHelpers\ChromeHelper\ChromeHelper.exe (WatchDog)
PRC - C:\Users\Rose\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe (McAfee, Inc.)
PRC - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Program Files\WinZip Driver Updater\winzipdu.exe (WinZip Computing, S.L. (WinZip Computing))
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\rstrui.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files\WinZip Driver Updater\asohtm.dll ()
MOD - C:\Program Files\WinZip Driver Updater\unrar.dll ()
MOD - C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\dlaapi_w.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV - (McAPExe) -- C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.)
SRV - (mfecore) -- C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcpltsvc) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (HomeNetSvc) -- C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (BAVSvc) -- C:\Program Files\Baidu Security\Cloud Security\BAVSvc.exe (Baidu, Inc.)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezSharedSvcHost.exe (EasyBits Software AS)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe ()
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\615\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (easytether) -- system32\DRIVERS\easytthr.sys File not found
DRV - (andnetndis) -- system32\DRIVERS\lgandnetndis.sys File not found
DRV - (andnetadb) -- System32\Drivers\lgandnetadb.sys File not found
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (HipShieldK) -- C:\Windows\System32\drivers\HipShieldK.sys (McAfee, Inc.)
DRV - (mfencrk) -- C:\Windows\System32\drivers\mfencrk.sys (McAfee, Inc.)
DRV - (mfencbdc) -- C:\Windows\System32\drivers\mfencbdc.sys (McAfee, Inc.)
DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies)
DRV - (aswKbd) -- C:\Windows\System32\drivers\aswKbd.sys (AVAST Software)
DRV - (FlyUsb) -- C:\Windows\System32\drivers\FlyUsb.sys (LeapFrog)
DRV - (pneteth) -- C:\Windows\System32\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV - (ssadmdm) -- C:\Windows\System32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\Windows\System32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadmdfl) -- C:\Windows\System32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (androidusb) -- C:\Windows\System32\drivers\ssadadb.sys (Google Inc)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (toshidpt) -- C:\Windows\System32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (DLADResM) -- C:\Windows\System32\drivers\DLADResM.SYS (Roxio)
DRV - (DLABMFSM) -- C:\Windows\System32\drivers\DLABMFSM.SYS (Roxio)
DRV - (DLAUDF_M) -- C:\Windows\System32\drivers\DLAUDF_M.SYS (Roxio)
DRV - (DLAUDFAM) -- C:\Windows\System32\drivers\DLAUDFAM.SYS (Roxio)
DRV - (DLAOPIOM) -- C:\Windows\System32\drivers\DLAOPIOM.SYS (Roxio)
DRV - (DLABOIOM) -- C:\Windows\System32\drivers\DLABOIOM.SYS (Roxio)
DRV - (DLAPoolM) -- C:\Windows\System32\drivers\DLAPoolM.SYS (Roxio)
DRV - (DLAIFS_M) -- C:\Windows\System32\drivers\DLAIFS_M.SYS (Roxio)
DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)
DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK [2013/10/23 23:54:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
[2014/01/01 20:11:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\extensions
[2014/01/01 20:11:00 | 000,000,000 | ---D | M] (Websteroids) -- C:\Users\Rose\AppData\Roaming\Mozilla\Firefox\extensions\support@websteroidsapp.com
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U45 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Websteroids = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\default\extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.6.53_0\
CHR - Extension: Google Wallet = C:\Users\Rose\AppData\Local\Google\Chrome\User Data\default\extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\
 
O1 HOSTS File: ([2013/07/20 06:20:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Websteroids) - {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - C:\ProgramData\Websteroids\IE\common.dll (Creative Island Media, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [mcpltui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O4 - HKCU..\Run: [Updater] C:\ProgramData\Updater\updater.exe (Updater)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AD67D9B2-CA97-45C7-82AF-F82320ED645F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E343DDE5-E345-4655-97A9-44B48425462F}: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\615\G2AWinLogon.dll) - C:\Program Files\Citrix\GoToAssist\615\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\Rose\Desktop\+ KaCy'S FoLdeR  +\ALL GRAPHICS\June 2013 newer graphics-wallpapers\love_wallpaper_Black&White.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rose\Desktop\+ KaCy'S FoLdeR  +\ALL GRAPHICS\June 2013 newer graphics-wallpapers\love_wallpaper_Black&White.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/01/02 22:01:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2014/01/02 21:44:32 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\WinZip
[2014/01/01 20:32:03 | 000,000,000 | ---D | C] -- C:\ProgramData\InternetUpdater
[2014/01/01 20:24:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Driver Updater
[2014/01/01 20:22:18 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip Driver Updater
[2014/01/01 20:14:36 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2014/01/01 20:14:36 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Templates\Start Menu\Programs\Revo Uninstaller
[2014/01/01 20:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Updater
[2014/01/01 20:11:08 | 000,000,000 | ---D | C] -- C:\ProgramData\RHelpers
[2014/01/01 20:10:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Websteroids
[2014/01/01 19:23:39 | 000,000,000 | ---D | C] -- C:\Users\Rose\Desktop\Revo_Uninstaller_TSV4W4V2
[2014/01/01 19:20:42 | 000,000,000 | ---D | C] -- C:\Program Files\sweetpacks bundle uninstaller
[2014/01/01 19:15:11 | 001,078,336 | ---- | C] (Conduit) -- C:\Users\Rose\Desktop\Revo_Uninstaller_TSV4W4V2.exe
[2013/12/31 07:06:05 | 000,000,000 | R--D | C] -- C:\Users\Rose\Desktop\Contacts
[2013/12/31 02:45:25 | 000,013,440 | ---- | C] (June Fabrics Technology Inc.) -- C:\Windows\System32\drivers\pneteth.sys
[2013/12/31 02:16:11 | 001,419,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdfcoinstaller01005.dll
[2013/12/29 15:46:24 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Roaming\Microsoft\Windows\Templates\Start Menu\Programs\Google Chrome
[2013/12/28 02:04:04 | 000,000,000 | ---D | C] -- C:\Users\Rose\Desktop\ScanLOGS 4 WHATTHETECH
[2013/12/23 23:40:51 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/12/12 12:38:12 | 000,000,000 | ---D | C] -- C:\ca6ac47aa4eb98a7db06ca
[2013/12/12 12:37:04 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/12/12 12:37:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/12/12 12:37:02 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/12/12 12:37:01 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/12/12 12:37:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013/12/12 12:37:00 | 001,806,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013/12/12 12:37:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/12/12 12:36:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013/12/11 16:30:29 | 002,050,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/12/11 16:30:22 | 001,304,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMALFXGFXDSP.dll
[2013/12/11 16:30:22 | 000,335,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SysFxUI.dll
[2013/12/11 16:30:21 | 000,167,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\portcls.sys
[2013/12/11 16:30:20 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\drmk.sys
[2013/12/11 16:30:06 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cscript.exe
[2013/12/11 16:30:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wshcon.dll
[2013/12/07 06:38:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ESET
[2013/12/07 06:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013/12/04 06:05:49 | 000,000,000 | ---D | C] -- C:\Users\Rose\AppData\Local\CrashDumps
 
========== Files - Modified Within 30 Days ==========
 
[2014/01/02 22:15:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/01/02 22:04:39 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/01/02 22:01:22 | 000,001,713 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Center.lnk
[2014/01/02 21:48:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/01/02 21:42:34 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cef460811b782f.job
[2014/01/02 21:41:53 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/01/02 21:41:53 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/01/01 20:24:24 | 000,000,881 | ---- | M] () -- C:\Users\Rose\Application Data\Microsoft\Internet Explorer\Quick Launch\WinZip Driver Updater.lnk
[2014/01/01 20:24:23 | 000,001,949 | ---- | M] () -- C:\Users\Public\Desktop\WinZip Driver Updater.lnk
[2014/01/01 20:14:37 | 000,001,019 | ---- | M] () -- C:\Users\Rose\Desktop\Revo Uninstaller.lnk
[2014/01/01 19:15:24 | 001,078,336 | ---- | M] (Conduit) -- C:\Users\Rose\Desktop\Revo_Uninstaller_TSV4W4V2.exe
[2013/12/31 02:19:43 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_lgandnetadb_01005.Wdf
[2013/12/29 15:46:24 | 000,001,989 | ---- | M] () -- C:\Users\Rose\Application Data\Microsoft\Internet Explorer\Quick Launch\Chrome App Launcher.lnk
[2013/12/28 04:35:56 | 000,642,974 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/28 04:35:56 | 000,120,134 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/12 13:17:14 | 000,383,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/12/10 21:15:30 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013/12/10 21:15:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2014/01/01 20:24:24 | 000,000,881 | ---- | C] () -- C:\Users\Rose\Application Data\Microsoft\Internet Explorer\Quick Launch\WinZip Driver Updater.lnk
[2014/01/01 20:24:23 | 000,001,949 | ---- | C] () -- C:\Users\Public\Desktop\WinZip Driver Updater.lnk
[2014/01/01 20:14:37 | 000,001,019 | ---- | C] () -- C:\Users\Rose\Desktop\Revo Uninstaller.lnk
[2013/12/31 02:19:43 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_lgandnetadb_01005.Wdf
[2013/12/29 15:46:24 | 000,001,989 | ---- | C] () -- C:\Users\Rose\Application Data\Microsoft\Internet Explorer\Quick Launch\Chrome App Launcher.lnk
[2013/12/08 15:57:36 | 000,000,882 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cef460811b782f.job
[2013/07/13 02:15:24 | 000,000,448 | ---- | C] () -- C:\Users\Rose\Downloads - Shortcut.lnk
[2013/07/11 23:27:42 | 000,003,584 | ---- | C] () -- C:\Users\Rose\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/06/30 00:30:15 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys.sum
[2013/06/30 00:30:15 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSP.sys.sum
[2013/06/30 00:30:15 | 000,000,175 | ---- | C] () -- C:\Windows\System32\drivers\aswSnx.sys.sum
[2013/06/28 18:44:14 | 000,009,878 | ---- | C] () -- C:\Users\Rose\AppData\Roaming\wklnhst.dat
[2013/06/18 23:44:23 | 000,000,680 | ---- | C] () -- C:\Users\Rose\AppData\Local\d3d9caps.dat
[2013/02/09 03:17:36 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2013/02/09 02:35:59 | 000,773,192 | ---- | C] () -- C:\Windows\System32\ezUPBHook64.dll
[2012/12/10 02:25:26 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2012/12/04 21:04:06 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dat
[2012/11/25 09:34:10 | 000,000,006 | ---- | C] () -- C:\Windows\msoffice.ini
[2010/03/22 16:48:36 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/09/10 21:43:14 | 000,000,355 | ---- | C] () -- C:\Users\Rose\Searches.lnk
 
========== ZeroAccess Check ==========
 
[2006/11/02 06:51:16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 11:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
< End of report >


#29 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,200 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 03 January 2014 - 06:09 AM

Good Morning,

 

Your log has changed since your original post, now I am looking at Baidu Anti Virus and ESET running, the ESET online scanner should not be running as a service.

 

You can uninstall them both with this program but keep McAfee

 

Run AppRemover
 
Vista , Win 7 users, right click on the icon and select "run as administrator"
 
Please download AppRemover and save it to your desktop.
  •  
  • Double click on AppRemover.exe to run it.
  • Uncheck "Enable anonymous usage statistics. No personal data will be recorded."
  • Click on the Next button.
  • Click on "Remove Security Application" or "Clean Up a Failed Uninstall" depending on what you want to do. 
  • Click on the Next button.
  • A scan begins, please wait. Once done, click on the Next button.
  • Now you should have a list of your installed security programs, choose the one  you want to uninstall and click on the Next button.
  • Follow the last step and reboot if asked to do so.
 
 
 
 
 
Now I am also looking at Browser extensions for IE, Firefox and Chome , they come from a program called Creative Island Media, LLC, there basically unwanted programs that will bring you adds
 
 
One of the rules when we offer help is to not uninstall or install any other software while we are working it just confuses things. Example these browser extensions are only on your current log so they showed up recently.
 
 
First Uninstall both those Antivirus programs with AppRemover
 
 
Then run this program
 

Download ComboFix from one of these locations:
 
 
 
* IMPORTANT !!! Save ComboFix.exe to your Desktop
 
 
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • See this Link  for programs that need to be disabled and instruction on how to disable them.
  • Remember to re-enable them when we're done.
 
 
  • Double click on ComboFix.exe & follow the prompts.
 
 
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. 
 
 
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  •  
 
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
 
 

RC1.png

 
 
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

 
Click on Yes, to continue scanning for malware.
 
When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.
 
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
 

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#30 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,200 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 08 January 2014 - 08:29 AM

Due to inactivity this topic will be closed.
If you need help please start a new thread.

New members follow the instructions here http://forums.whatth...ed_t106388.html and start a new topic

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users