Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91979 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Possible malware? [Solved]


  • This topic is locked This topic is locked
31 replies to this topic

#1 HMH22

HMH22

    Authentic Member

  • Authentic Member
  • PipPip
  • 169 posts

Posted 08 June 2014 - 09:59 AM

Hi I am not sure if I have any malware on here or not but it was suggested that I come here and find out. I originally posted in the Microsoft windows forum here is my

link: http://forums.whatth...howtopic=128258

 

The blue screens and freezing has seemed to stop for the most part occasionally i will get a couple freezes but, it has not been as bad as it was before.  

 

I am having trouble trying to do the Auslogics defrag i think it was not installed correctly.

 

One other thing about a day after I started my topic when I start my computer it starts  but then it goes to a black screen saying it needs to check the file system c because one of the disk needs to be checked for consistency and it seems to take about 5-10 minutes doing checking it before I get to the log on page.

 

Anyway just wanted to let you know and thanks in advance

 

ETA: Sorry I was in a hurry to post this topic and I forgot to do the logs but here you go and, just wanted to let you know there was a problem that came up with all of them.  For OTL it said something about a corrupt file .000 in C I believe and said i should use CHKDSK to check it out, for HiJackthis something about it could not run but it did give me a log, and for D.D.S..  Windows could not open this file: PEV.DAT and ask what program it should use.  I didn't do anything so I have no log for that not sure what I should do for it.

 

ETA I was able to D.D,S. with the second link I posted them on down.

 

OTL Extras logfile created on: 6/8/2014 10:29:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Family.User-PC\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.75 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 76.19% Memory free
5.72 Gb Paging File | 4.25 Gb Available in Paging File | 74.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119.70 Gb Total Space | 58.07 Gb Free Space | 48.52% Space Free | Partition Type: NTFS
Drive D: | 103.42 Gb Total Space | 103.20 Gb Free Space | 99.79% Space Free | Partition Type: NTFS
Drive H: | 1.89 Gb Total Space | 1.35 Gb Free Space | 71.55% Space Free | Partition Type: FAT
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F039C34-56E5-4C23-A0F9-241C1F112BA4}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1BC41A91-5633-402D-BCAE-3694F37BF5E1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2F7F4435-373D-41FF-9663-98332626EF21}" = rport=445 | protocol=6 | dir=out | app=system | 
"{34CCA815-67F6-42C9-B07E-BEF569E3D108}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5B5AFB8E-C137-47C4-B1F9-A1DDB3DDD818}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5BBDFDC2-5DE4-4E5A-AB8B-025F754897AD}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5DC78142-5C3C-4840-81AD-2986D396390F}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{7127F03F-1FCE-48EE-8A8F-8C6B8D7C91F8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7C4CF7C3-01B9-40A6-BEC9-2968CD22D4C4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7DA809EE-2CDC-44C1-8F11-A17DB6905B1D}" = rport=137 | protocol=17 | dir=out | app=system | 
"{89EDA2CB-72B1-4758-AD19-1FB87829AFA1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{913528BC-1F95-49C0-8347-51E1F22B6F7F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{981B21D8-8F14-4D44-9DDA-4A804B7EA378}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A2F8D20E-B7A7-4FAA-917D-89B25E289259}" = lport=137 | protocol=17 | dir=in | app=system | 
"{AD9C1CB7-C5C7-4F0A-AFD5-FE7C3C592441}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{AE53EE72-598E-4E2D-9DC5-7DC336B63662}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DDB40C69-1FD8-4054-A25D-C396F87FA03B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E35070D3-E603-42D5-A59C-148156A7845B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F69DEC9D-10C9-4287-A8D9-65F875DFBA3D}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B4998B-5924-450F-AEF9-4BDA12EFD12F}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | 
"{10CDB30A-84CF-4DA3-835E-BC1692B24E47}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe | 
"{19B4CE13-048A-4191-BD57-D7E32FD79815}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1D77E521-D2DF-43B7-AE81-574AA49F7CD5}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{1FE901D8-D7A9-4281-9428-AFBF435BFC9D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2E9A4533-1359-46B6-B326-2B899D73FD10}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{3B669851-018A-4040-9571-5404D19BD764}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{4159B829-1096-46FB-954D-B187B7B0252D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{505ED723-A2BA-473E-AEAE-3BD5181A5754}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | 
"{6299EEE5-1856-4B10-9916-798B1C1AEF89}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{6383B295-BB65-4F28-8CE6-87852904AFC6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{708ABF94-8F1B-4663-99CB-CBDE0C7A8EB0}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{7BB3097A-3125-4981-9834-679B5636377D}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe | 
"{7D1CE16D-8631-458E-8382-54CE0C38BDEB}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 
"{81B6CD0B-8F08-4C12-8532-E56DF5350339}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe | 
"{8BCD640B-594A-465F-8A9E-E5A6C07DC081}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | 
"{8FFE3A8A-4C75-43A0-BFF3-95FDFDA33BE2}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe | 
"{948000F3-8719-4206-B4C5-6506B663184F}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"{ADE9CF49-7A0E-4076-9B85-7648EC5E7736}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B0FC188F-249E-43D9-859D-89A0F334AEDC}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 
"{CB9791DA-21DC-43B2-AB15-F686C82A082C}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D430641B-178B-4C39-B53C-F6B3221DB01A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | 
"{D487D8E1-D633-424C-A312-3EEAE09D757D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{EDAD7C9C-2B42-422A-A171-019C0C88A98B}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe | 
"{F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | 
"TCP Query User{5E3B79FF-3FC8-4C18-8575-9573A9498629}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"TCP Query User{EF28F392-0934-4ED4-A4F3-2894DF0DB4DF}C:\program files\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"UDP Query User{63EC79FD-A794-4B5E-B99E-460459D8788E}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
"UDP Query User{73FB1A43-FD1B-48E2-ABA5-5DD0AB6D0334}C:\program files\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files\google\chrome\application\chrome.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01358C56-44F4-B8B3-8757-06F2A864A863}" = ATI Catalyst Install Manager
"{0556F885-2415-4666-B53E-33727E46AEA1}" = The Movies™
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83217055FF}" = Java 7 Update 55
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CC9C896-21C0-4F9F-AEB8-EB3BF9B0AD36}" = ActivInspire v1
"{3D8C96C4-CEB6-4B97-BA4C-9BB7DF083224}" = ActivInspire HWR Resources (ENU) v1
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}_STANDARD_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_STANDARD_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_STANDARD_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}_STANDARD_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}_STANDARD_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B0CB0468-17F6-4D83-8D44-7B9CB66D4D1B}" = ActivDriver x86 v5.9
"{B0FA2C62-A4DA-4805-96CC-C6B42CBB5CC1}" = ActivInspire Help (USA) v1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 307.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{FCD243AC-C4FF-48B5-AE57-7B91EDD2EE90}" = ActivInspire Core Resources (ENU) v1
"Acer Assist" = Acer Assist
"Acer Registration" = Acer Registration
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 13 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 13 Plugin
"Avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"Finale 2012" = Finale 2012
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 29.0.1 (x86 en-US)" = Mozilla Firefox 29.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyPC Backup" = MyPC Backup 
"NTI Open File Manager" = NTI Open File Manager (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"STANDARD" = Microsoft Office Standard 2007
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 6/6/2014 2:02:00 PM | Computer Name = User-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 6/6/2014 2:02:00 PM | Computer Name = User-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 6/6/2014 3:00:58 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/6/2014 3:31:14 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/6/2014 4:53:23 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/6/2014 5:54:41 PM | Computer Name = User-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 7.0.6001.18639 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Problem Reports and Solutions control panel.  Process
 ID: 10ec  Start Time: 01cf81d0b283388e  Termination Time: 15
 
Error - 6/6/2014 6:56:07 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 6/6/2014 11:00:04 PM | Computer Name = User-PC | Source = Perflib | ID = 1008
Description = 
 
Error - 6/6/2014 11:00:04 PM | Computer Name = User-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 6/6/2014 11:00:08 PM | Computer Name = User-PC | Source = Perflib | ID = 1008
Description = 
 
[ System Events ]
Error - 6/8/2014 10:42:51 PM | Computer Name = User-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume C:.
 
Error - 6/8/2014 10:42:51 PM | Computer Name = User-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume ACER.
 
Error - 6/8/2014 10:42:51 PM | Computer Name = User-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume ACER.
 
Error - 6/8/2014 10:42:51 PM | Computer Name = User-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume C:.
 
Error - 6/8/2014 10:42:51 PM | Computer Name = User-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume C:.
 
Error - 6/8/2014 10:42:51 PM | Computer Name = User-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume ACER.
 
Error - 6/8/2014 10:42:51 PM | Computer Name = User-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume C:.
 
Error - 6/8/2014 10:42:51 PM | Computer Name = User-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume ACER.
 
Error - 6/8/2014 10:42:51 PM | Computer Name = User-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume ACER.
 
Error - 6/8/2014 10:50:18 PM | Computer Name = User-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable.  Please
 run the chkdsk utility on the volume C:.
 
 
< End of report >

OTL logfile created on: 6/8/2014 10:29:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Family.User-PC\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.75 Gb Total Physical Memory | 2.09 Gb Available Physical Memory | 76.19% Memory free
5.72 Gb Paging File | 4.25 Gb Available in Paging File | 74.30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119.70 Gb Total Space | 58.07 Gb Free Space | 48.52% Space Free | Partition Type: NTFS
Drive D: | 103.42 Gb Total Space | 103.20 Gb Free Space | 99.79% Space Free | Partition Type: NTFS
Drive H: | 1.89 Gb Total Space | 1.35 Gb Free Space | 71.55% Space Free | Partition Type: FAT
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Family.User-PC\Downloads\OTL (1).exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe ()
PRC - C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe (Promethean)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\SysMonitor.exe ()
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Program Files\Acer Assist\AcerAssist.exe (Acer Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Windows\libactivboardex.dll ()
MOD - C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Acer\Empowering Technology\SysMonitor.exe ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll ()
MOD - C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.View.dll ()
MOD - C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll ()
MOD - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll ()
MOD - C:\Acer\Empowering Technology\MemCheck.Interface.dll ()
MOD - C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (0216941402117894mcinstcleanup) -- C:\Users\User\AppData\Local\Temp\021694~1.EXE (McAfee, Inc.)
SRV - (BackupStack) -- C:\Program Files\MyPC Backup\BackupStack.exe (Just Develop It)
SRV - (ActivControl) -- C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe (Promethean)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\User\AppData\Local\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswsnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswsp.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswrdr.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswHwid) -- C:\Windows\System32\drivers\aswHwid.sys ()
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV - (MBAMWebAccessControl) -- C:\Windows\System32\drivers\mwac.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (FAMv4) -- C:\Windows\System32\drivers\FAMv4.sys (FAMv4)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio)
DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7NDKB_enUS526
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-acer
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Users\Guest\AppData\Local\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Users\Guest\AppData\Local\Mozilla Firefox\plugins
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: Google Wallet = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
 
O1 HOSTS File: ([2014/03/02 08:56:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [ActivManager] C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKCU..\RunOnce: [JRTcleanup] C:\Users\User\AppData\Local\Temp\jrt\JRT.bat ()
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk = C:\Program Files\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/...inematycoon.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{429534DA-931A-4D7E-8EC3-75992BA2B5E7}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERAR~1\ACERDV~2\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: wave2 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/08 14:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/06/08 14:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/06/08 13:19:12 | 000,000,000 | ---D | C] -- C:\Course Technology
[2014/06/07 01:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/06/07 01:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/06/07 01:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/06/07 00:59:14 | 036,818,984 | ---- | C] (Dropbox, Inc.) -- C:\Users\Public\Desktop\DropboxInstallerAvast.exe
[2014/06/07 00:58:58 | 000,057,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2014/06/07 00:58:57 | 000,777,488 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys
[2014/06/07 00:58:57 | 000,776,976 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys.1402117467588
[2014/06/07 00:58:57 | 000,411,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014/06/07 00:58:57 | 000,067,824 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/06/07 00:58:57 | 000,054,832 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswrdr.sys.1402117467588
[2014/06/07 00:58:57 | 000,054,832 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswrdr.sys
[2014/06/07 00:58:56 | 000,271,264 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/06/07 00:58:43 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/06/07 00:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/06/07 00:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/06/07 00:01:31 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/06/07 00:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/06/07 00:00:37 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/06/07 00:00:37 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/06/07 00:00:37 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/06/07 00:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/06/07 00:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/06/04 18:21:26 | 000,000,000 | ---D | C] -- C:\Users\User\Option
[2014/06/04 12:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2014/06/04 12:19:59 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2014/05/28 14:28:10 | 000,000,000 | -HSD | C] -- C:\Users\User\AppData\Roaming\.#
[2014/05/16 08:46:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/08 22:24:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf68a7b8fbbce6.job
[2014/06/08 22:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/08 22:09:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/08 20:41:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/08 20:41:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/08 19:38:08 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/06/08 19:38:08 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/06/08 17:24:01 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/08 14:51:30 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/08 08:41:14 | 2951,946,240 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/07 01:04:54 | 000,001,877 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/06/07 01:04:27 | 000,777,488 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys
[2014/06/07 01:04:27 | 000,411,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014/06/07 01:04:27 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswrdr.sys
[2014/06/07 01:04:03 | 036,818,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\Public\Desktop\DropboxInstallerAvast.exe
[2014/06/07 00:58:44 | 000,776,976 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys.1402117467588
[2014/06/07 00:58:44 | 000,180,632 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/06/07 00:58:44 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/06/07 00:58:44 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2014/06/07 00:58:44 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswrdr.sys.1402117467588
[2014/06/07 00:58:44 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/06/07 00:58:44 | 000,024,184 | ---- | M] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/06/07 00:58:43 | 000,271,264 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/06/07 00:58:43 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/06/07 00:02:46 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/06/04 18:21:50 | 000,001,024 | RH-- | M] () -- C:\Windows\System32\NTIOFM4.dll
[2014/05/30 14:55:04 | 000,001,999 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/29 13:06:20 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{68CFDBC1-2EA6-4D14-9144-1989C235FBCA}.job
[2014/05/23 21:31:07 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/13 16:21:57 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/13 16:21:57 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014/05/12 07:26:04 | 000,051,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/05/12 07:25:58 | 000,074,456 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2014/06/08 14:51:30 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/06/08 14:51:30 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/07 01:04:54 | 000,001,877 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/06/07 00:58:57 | 000,180,632 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/06/07 00:58:57 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/06/07 00:58:57 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/05/29 12:59:23 | 2951,946,240 | -HS- | C] () -- C:\hiberfil.sys
[2013/02/28 05:15:27 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013/02/28 05:15:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2013/02/27 11:53:06 | 000,186,192 | ---- | C] () -- C:\Windows\libactivboardex.dll
[2012/10/12 12:14:53 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2012/10/12 12:14:53 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2012/10/12 12:12:32 | 000,077,824 | ---- | C] () -- C:\Windows\System32\drivers\INT15_DETECT.EXE
[2012/10/12 12:11:32 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2012/10/12 12:11:32 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 11:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 00:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 22:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/05/28 14:29:37 | 000,000,000 | -HSD | M] -- C:\Users\User\AppData\Roaming\.#
[2012/10/12 12:17:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Acer
[2008/02/05 15:54:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Acer GameZone Console
[2013/05/23 18:34:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ACTIV Software
[2013/02/17 17:36:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\eSobi
[2012/10/12 12:17:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2014/02/11 18:32:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Lionhead Studios
[2013/04/29 19:39:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MusE
[2014/04/17 13:05:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Optimizer Pro
[2014/05/29 16:39:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Promethean
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %USERPROFILE%\..|smtmp;true;true;true /FP >
 
< %temp%\smtmp\*.* /s > >
 
< MD5 for: EXPLORER.EXE  >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\erdnt\cache\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008/01/20 22:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: EXPLORER.EXE.HU.KDMP  >
[2014/02/12 09:04:54 | 052,402,949 | ---- | M] () MD5=907072276C31F7B51E28F3642F55D04D -- C:\Users\Family\AppData\Local\Microsoft\Windows\WER\ReportQueue\Report132dbebc\Explorer.EXE.hu.kdmp
 
< MD5 for: EXPLORER.EXE.MUI  >
[2006/11/02 08:41:18 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\en-US\explorer.exe.mui
[2006/11/02 08:41:18 | 000,036,864 | ---- | M] (Microsoft Corporation) MD5=192DD053B43250E264383CDC3D564A18 -- C:\Windows\winsxs\x86_microsoft-windows-explorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_03bbc52176b6ba20\explorer.exe.mui
 
< MD5 for: EXPLORER.EXE.XML  >
[2014/02/12 09:04:54 | 000,003,412 | ---- | M] () MD5=5F8C3516EF389D5AE78BF3624503E7EA -- C:\Users\Family\AppData\Local\Microsoft\Windows\WER\ReportQueue\Report132dbebc\Explorer.EXE.xml
 
< MD5 for: IEXPLORE.BAT  >
[2014/04/06 01:13:18 | 000,031,401 | ---- | M] () MD5=335DFF8F23E5EC02B5426362F0F8509B -- C:\Users\User\AppData\Local\temp\jrt\iexplore.bat
 
< MD5 for: IEXPLORE.EXE  >
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\iexplore.exe
[2009/04/11 02:27:44 | 000,636,080 | ---- | M] (Microsoft Corporation) MD5=2C5168C856455CC43C4B4E1CC1920001 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[2008/01/20 22:23:50 | 000,625,664 | ---- | M] (Microsoft Corporation) MD5=5B92133D3E7FB2644677686305E29E81 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
[2011/04/21 10:34:57 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=6C93AC7C0A8718E2A1543DB1B1B3B19F -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22905_none_2ff0ad763317887e\iexplore.exe
[2011/04/21 11:02:30 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=77B9A891222FB46B13E414B99E1AF842 -- C:\Program Files\Internet Explorer\iexplore.exe
[2011/04/21 11:02:30 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=77B9A891222FB46B13E414B99E1AF842 -- C:\Windows\erdnt\cache\iexplore.exe
[2011/04/21 11:02:30 | 000,634,648 | ---- | M] (Microsoft Corporation) MD5=77B9A891222FB46B13E414B99E1AF842 -- C:\Windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18639_none_2f4a9e431a0ea795\iexplore.exe
 
< MD5 for: IEXPLORE.EXE.MUI  >
[2006/11/02 08:41:15 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=3CCDDDBC49DEACA370F39A9F0E146A1B -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
[2006/11/02 08:41:15 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=3CCDDDBC49DEACA370F39A9F0E146A1B -- C:\Windows\winsxs\x86_microsoft-windows-i..texplorer.resources_31bf3856ad364e35_6.0.6000.16386_en-us_3b55b11a57da5590\iexplore.exe.mui
 
< MD5 for: SERVICES  >
[2006/09/18 17:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\System32\drivers\etc\services
[2006/09/18 17:41:30 | 000,017,244 | ---- | M] () MD5=9F534244B7F8F55D5C0BB498D8D481E7 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.0.6000.16386_none_024e4071fa6fea95\services
 
< MD5 for: SERVICES.DAT  >
[2014/04/06 00:32:27 | 000,004,173 | ---- | M] () MD5=ED018DB6916ACAB46011A330B4B116AA -- C:\Users\User\AppData\Local\temp\jrt\services.dat
 
< MD5 for: SERVICES.DOCX  >
[2010/01/19 21:59:04 | 000,019,237 | ---- | M] () MD5=9046C486AA4E53FE25090C454149E5A7 -- C:\Course Technology\New Perspectives\NP on Microsoft Office 2010 First Course\Data Files\Data Files for Text\Word2\Review\Services.docx
[2010/01/19 21:59:04 | 000,019,237 | ---- | M] () MD5=9046C486AA4E53FE25090C454149E5A7 -- C:\Users\Family.User-PC\Desktop\CIS 110\Word2\Review\Services.docx
 
< MD5 for: SERVICES.EXE  >
[2008/01/20 22:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\erdnt\cache\services.exe
[2008/01/20 22:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\System32\services.exe
[2008/01/20 22:24:48 | 000,279,040 | ---- | M] (Microsoft Corporation) MD5=2B336AB6286D6C81FA02CBAB914E3C6C -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.exe
[2009/04/11 02:27:59 | 000,279,552 | ---- | M] (Microsoft Corporation) MD5=D4E6D91C1349B7BFB3599A6ADA56851B -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe
 
< MD5 for: SERVICES.EXE.MUI  >
[2006/11/02 08:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\System32\en-US\services.exe.mui
[2006/11/02 08:40:53 | 000,017,920 | ---- | M] (Microsoft Corporation) MD5=1626EACF0E7E59F85C59DDDD27C4169C -- C:\Windows\winsxs\x86_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.0.6000.16386_en-us_67c6851b290a1ced\services.exe.mui
 
< MD5 for: SERVICES.LNK  >
[2008/01/20 22:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
[2008/01/20 22:42:58 | 000,001,688 | ---- | M] () MD5=C50AE46E57C3F3FB61A3B3A1E5D9C412 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
 
< MD5 for: SERVICES.MOF  >
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\System32\wbem\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6001.18000_none_cf5fc067cd49010a\services.mof
[2006/09/18 17:46:11 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.mof
 
< MD5 for: SERVICES.MSC  >
[2006/11/02 08:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\en-US\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\System32\services.msc
[2006/11/02 08:41:29 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.0.6000.16386_en-us_a2085506ff73b6e0\services.msc
[2006/09/18 17:29:40 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.0.6001.18000_none_cf63e2a445bae4e3\services.msc
 
< MD5 for: WINLOGON.EXE  >
[2014/05/12 07:24:30 | 000,750,392 | ---- | M] (MalwareBytes) MD5=09882E8EDD1144E6EF1AF6D1F98305EE -- C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\bcfed137e95e2bc1b83ef80262a82b16\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\erdnt\cache\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008/01/20 22:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WINLOGON.EXE.MUI  >
[2008/01/20 22:25:40 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\System32\en-US\winlogon.exe.mui
[2008/01/20 22:25:40 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=26AC28BF50DC112BAA794A83E08588F0 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6001.18000_en-us_caf8918b0416723a\winlogon.exe.mui
[2006/11/02 08:40:50 | 000,028,672 | ---- | M] (Microsoft Corporation) MD5=A1D2856F3EC3C86EBBF1442B0245A8B3 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.0.6000.16386_en-us_c8c1cf8f072b6166\winlogon.exe.mui
 
< MD5 for: WINLOGON.MOF  >
[2006/09/18 17:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\System32\wbem\winlogon.mof
[2006/09/18 17:41:56 | 000,002,794 | ---- | M] () MD5=545C578F290B9CDD280966939935B9EA -- C:\Windows\winsxs\x86_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.0.6000.16386_none_7e0207d478fccc94\winlogon.mof
 
< %SYSTEMDRIVE%\*.* >
[2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/20 22:24:42 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2008/02/05 14:07:22 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2014/03/05 08:32:52 | 000,001,369 | ---- | M] () -- C:\DelFix.txt
[2014/06/08 08:41:14 | 2951,946,240 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/07 17:35:20 | 000,000,090 | ---- | M] () -- C:\MDisc.log
[2007/06/28 04:44:50 | 000,000,512 | ---- | M] () -- C:\MDR.iss
[2014/06/07 17:36:27 | 000,000,090 | ---- | M] () -- C:\MDR.log
[2014/06/08 08:41:12 | 3265,802,240 | -HS- | M] () -- C:\pagefile.sys
[2008/02/05 15:27:11 | 000,000,426 | ---- | M] () -- C:\RHDSetup.log
 
< %systemroot%\Fonts\*.com >
[2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 08:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\Fonts\*.exe >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/20 22:23:14 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2006/10/26 23:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.jpg >
 
< %systemroot%\*.png >
 
< %systemroot%\*.scr >
[2006/10/19 10:00:56 | 000,187,392 | ---- | M] () -- C:\Windows\Acer(Normal).scr
[2006/10/19 10:00:56 | 000,187,392 | ---- | M] () -- C:\Windows\Acer(Wide).scr
[2014/06/07 00:58:43 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2008/01/20 22:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< dir "%systemdrive%\*" /S /A:L /C >
 Volume in drive C is ACER
 Volume Serial Number is 2021-A846
 Directory of C:\
11/02/2006  09:02 AM    <JUNCTION>     Documents and Settings [C:\Users]
               0 File(s)              0 bytes
 
< %systemroot%\System32\config\*.sav >
[2008/02/05 14:07:13 | 012,820,480 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/02/05 14:07:09 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/02/05 14:07:13 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2008/02/05 14:07:19 | 017,186,816 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2008/02/05 14:07:20 | 006,639,616 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %PROGRAMFILES%\bak. /s >
 
< %systemroot%\system32\bak. /s >
 
< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
 
< %systemroot%\system32\config\systemprofile\*.dat /x >
 
< %systemroot%\*.config >
 
< %systemroot%\system32\*.db >
 
< %PROGRAMFILES%\Internet Explorer\*.dat >
 
< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2013/02/16 16:48:55 | 000,000,286 | -HS- | M] () -- C:\Users\User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
 
< %USERPROFILE%\Desktop\*.exe >
[2014/04/19 14:41:53 | 027,761,056 | ---- | M] (Microsoft Corporation) -- C:\Users\User\Desktop\ZooTycoon.exe
 
< %PROGRAMFILES%\Common Files\*.* >
 
< %systemroot%\*.src >
 
< %systemroot%\install\*.* >
 
< %systemroot%\system32\DLL\*.* >
 
< %systemroot%\system32\HelpFiles\*.* >
 
< %systemroot%\system32\rundll\*.* >
 
< %systemroot%\winn32\*.* >
 
< %systemroot%\Java\*.* >
 
< %systemroot%\system32\test\*.* >
 
< %systemroot%\system32\Rundll32\*.* >
 
< %systemroot%\AppPatch\Custom\*.* >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2014-06-07 21:22:52
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:EC2246A6
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:3E7393FC
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:193426B4
 
< End of report >
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:58:58 PM, on 6/8/2014
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18639)
Boot mode: Normal
 
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Family.User-PC\Downloads\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [BkupTray] "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Acer Product Registration] "C:\Program Files\Acer Registration\ACE1.exe" /startup
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ActivManager] C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...t/PCPitStop.CAB
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset...lineScanner.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - http://zone.msn.com/...inematycoon.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: McAfee Application Installer Cleanup (0216941402117894) (0216941402117894mcinstcleanup) - Unknown owner - C:\Users\User\AppData\Local\Temp\021694~1.EXE (file missing)
O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: ActivControl - Promethean - C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Computer Backup (MyPC Backup) (BackupStack) - Just Develop It - C:\Program Files\MyPC Backup\BackupStack.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
 
--
End of file - 10302 bytes
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 7.0.6001.18639  BrowserJavaVersion: 10.55.2
Run by User at 22:48:03 on 2014-06-09
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.2815.1779 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
C:\Acer\Empowering Technology\SysMonitor.exe
C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\nvraidservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\Explorer.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\svchost.exe -k wdisvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRunOnce: [JRTcleanup] c:\users\user\appdata\local\temp\jrt\JRT.bat
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [BkupTray] "c:\program files\newtech infosystems\nti backup now 5\BkupTray.exe"
mRun: [Acer Empowering Technology Monitor] c:\acer\empowering technology\SysMonitor.exe
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [PCMMediaSharing] c:\program files\acer arcade live\acer homemedia connect\kernel\dms\PCMMediaSharing.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup
mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe
mRun: [NVRaidService] c:\windows\system32\nvraidservice.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ActivManager] c:\program files\activ software\activdriver\ActivMgr.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRunOnce: [*WerKernelReporting] c:\windows\system32\WerFault.exe -k -rq
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\mypcba~1.lnk - c:\program files\mypc backup\MyPC Backup.exe
StartupFolder: c:\users\user\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} - hxxp://zone.msn.com/bingame/cnma/default/cinematycoon.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{429534DA-931A-4D7E-8EC3-75992BA2B5E7} : DHCPNameServer = 192.168.1.254
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\35.0.1916.114\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - 
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-6-7 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-6-7 180632]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2014-6-7 777488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-6-7 411680]
R1 FAMv4;FAMv4;c:\windows\system32\drivers\FAMv4.sys [2007-12-14 132120]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2008-2-5 269448]
R2 ActivControl;ActivControl;c:\program files\activ software\activdriver\ActivControlsvc.exe [2013-2-27 21328]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-6-7 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-6-7 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-6-7 50344]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\newtech infosystems\nti backup now 5\client\Agentsvc.exe [2007-12-30 21752]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes anti-malware\mbamscheduler.exe [2014-6-7 1809720]
R2 MBAMService;MBAMService;c:\program files\malwarebytes anti-malware\mbamservice.exe [2014-6-7 860472]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2007-12-30 54520]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2007-12-30 136440]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-6-7 23256]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-6-7 51928]
S2 0216941402117894mcinstcleanup;McAfee Application Installer Cleanup (0216941402117894);c:\users\user\appdata\local\temp\021694~1.exe -cleanup -nolog --> c:\users\user\appdata\local\temp\021694~1.EXE -cleanup -nolog [?]
S2 BackupStack;Computer Backup (MyPC Backup);c:\program files\mypc backup\BackupStack.exe [2014-2-18 36392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-6-7 110296]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2014-06-10 01:54:45 -------- d-----w- c:\program files\Dropbox
2014-06-10 01:54:43 -------- d-----w- c:\users\user\appdata\roaming\Dropbox
2014-06-08 18:51:29 -------- d-----w- c:\program files\Mozilla Maintenance Service
2014-06-08 17:19:12 -------- d-----w- C:\Course Technology
2014-06-07 05:40:44 -------- d-----w- c:\program files\CCleaner
2014-06-07 04:58:57 777488 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-06-07 04:58:57 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-06-07 04:58:57 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-06-07 04:58:57 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-06-07 04:58:57 180632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-06-07 04:58:43 43152 ----a-w- c:\windows\avastSS.scr
2014-06-07 04:57:24 -------- d-----w- c:\program files\AVAST Software
2014-06-07 04:54:08 -------- d-----w- c:\programdata\AVAST Software
2014-06-07 04:01:31 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-07 04:00:37 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-07 04:00:37 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-07 04:00:37 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-07 04:00:36 -------- d-----w- c:\programdata\Malwarebytes
2014-06-07 04:00:36 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2014-06-06 13:23:56 8073384 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{0ea3c426-ee5e-4a79-b4a4-cb95f51b3da6}\mpengine.dll
2014-06-04 22:21:26 -------- d-----w- c:\users\user\Option
2014-06-04 16:19:59 -------- d-----w- c:\programdata\iolo
2014-06-04 16:19:59 -------- d-----w- c:\program files\iolo
2014-05-28 18:28:10 -------- d-sh--w- c:\users\user\appdata\roaming\.#
.
==================== Find3M  ====================
.
2014-06-07 04:58:44 776976 ----a-w- c:\windows\system32\drivers\aswsnx.sys.1402117467588
2014-06-07 04:58:44 54832 ----a-w- c:\windows\system32\drivers\aswrdr.sys.1402117467588
2014-06-04 22:21:50 1024 ---h--r- c:\windows\system32\NTIOFM4.dll
2014-05-13 20:21:57 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 20:21:57 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-04-23 21:11:44 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-01 02:46:48 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-04-01 02:46:48 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-03-31 13:35:10 231584 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 22:49:08.78 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium 
Boot Device: \Device\HarddiskVolume2
Install Date: 10/12/2012 4:02:53 PM
System Uptime: 6/9/2014 5:10:23 PM (5 hours ago)
.
Motherboard: ACER |  | MCP73
Processor: Intel® Pentium® Dual  CPU  E2160  @ 1.80GHz | SOCKET775 M/B | 1803/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 120 GiB total, 57.668 GiB free.
D: is FIXED (NTFS) - 103 GiB total, 103.201 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0002
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0002
Service: tunmp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0003
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0003
Service: tunmp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0004
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0004
Service: tunmp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0005
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0005
Service: tunmp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0006
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0006
Service: tunmp
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0007
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0007
Service: tunmp
.
==== System Restore Points ===================
.
RP306: 5/31/2014 6:47:05 PM - Scheduled Checkpoint
RP307: 6/1/2014 8:50:49 PM - Scheduled Checkpoint
RP308: 6/3/2014 1:22:37 PM - Scheduled Checkpoint
RP309: 6/3/2014 2:26:56 PM - Windows Update
RP310: 6/4/2014 11:50:22 AM - Scheduled Checkpoint
RP311: 6/4/2014 11:56:15 AM - Windows Update
RP312: 6/5/2014 11:16:48 AM - Windows Update
RP313: 6/6/2014 9:22:41 AM - Windows Update
RP315: 6/7/2014 12:56:56 AM - avast! antivirus system restore point
RP316: 6/7/2014 2:34:23 PM - Scheduled Checkpoint
RP317: 6/7/2014 5:14:16 PM - Windows Update
RP319: 6/7/2014 11:28:31 PM - Removed Bee Movie™ Game Demo
RP320: 6/8/2014 10:31:59 PM - OTL Restore Point - 6/8/2014 10:31:58 PM
RP321: 6/9/2014 11:46:41 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Acer Arcade Live Main Page
Acer Assist
Acer DV Magician
Acer eDataSecurity Management
Acer Empowering Technology
Acer ePerformance Management
Acer eSettings Management
Acer HomeMedia
Acer HomeMedia Connect
Acer HomeMedia Trial Creator
Acer Registration
Acer ScreenSaver
Acer SlideShow DVD
Acer VideoMagician
Activation Assistant for the 2007 Microsoft Office suites
ActivDriver x86 v5.9
ActivInspire Core Resources (ENU) v1
ActivInspire Help (USA) v1
ActivInspire HWR Resources (ENU) v1
ActivInspire v1
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader 8.1.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI Catalyst Install Manager
avast! Free Antivirus
Bonjour
CCleaner
ESET Online Scanner v3
eSobi v2
Finale 2012
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
iTunes
Java 7 Update 55
Java Auto Updater
LightScribe  1.4.142.1
Malwarebytes Anti-Malware version 2.0.2.1012
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Works
Motorola SM56 Speakerphone Modem
Mozilla Firefox 29.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyPC Backup 
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NTI Open File Manager (remove only)
NVIDIA Control Panel 307.83
NVIDIA Drivers
NVIDIA Graphics Driver 307.83
NVIDIA Install Application
NVIDIA Update 1.10.8
NVIDIA Update Components
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2817641) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2878236) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2878237) 32-Bit Edition 
The Movies™
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2880505) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
6/6/2014 9:07:43 AM, Error: EventLog [6008]  - The previous system shutdown at 9:02:08 AM on 6/6/2014 was unexpected.
6/6/2014 8:56:27 AM, Error: EventLog [6008]  - The previous system shutdown at 8:51:25 AM on 6/6/2014 was unexpected.
6/6/2014 4:52:37 PM, Error: EventLog [6008]  - The previous system shutdown at 4:09:14 PM on 6/6/2014 was unexpected.
6/6/2014 3:51:54 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the McAfee Home Network service to connect.
6/6/2014 3:51:54 PM, Error: Service Control Manager [7000]  - The McAfee Home Network service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/6/2014 3:51:09 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the McAfee Proxy Service service to connect.
6/6/2014 3:51:09 PM, Error: Service Control Manager [7000]  - The McAfee Proxy Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/6/2014 3:31:46 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the McAfee Anti-Malware Core service to connect.
6/6/2014 3:31:46 PM, Error: Service Control Manager [7000]  - The McAfee Anti-Malware Core service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/6/2014 3:30:29 PM, Error: EventLog [6008]  - The previous system shutdown at 3:06:59 PM on 6/6/2014 was unexpected.
6/6/2014 12:26:58 PM, Error: EventLog [6008]  - The previous system shutdown at 12:20:40 PM on 6/6/2014 was unexpected.
6/6/2014 12:17:19 PM, Error: EventLog [6008]  - The previous system shutdown at 12:10:52 PM on 6/6/2014 was unexpected.
6/6/2014 12:11:42 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
6/6/2014 1:58:44 PM, Error: EventLog [6008]  - The previous system shutdown at 1:52:44 PM on 6/6/2014 was unexpected.
6/6/2014 1:41:59 PM, Error: EventLog [6008]  - The previous system shutdown at 1:33:37 PM on 6/6/2014 was unexpected.
6/6/2014 1:13:54 PM, Error: EventLog [6008]  - The previous system shutdown at 1:08:44 PM on 6/6/2014 was unexpected.
6/5/2014 9:56:27 AM, Error: EventLog [6008]  - The previous system shutdown at 9:53:37 AM on 6/5/2014 was unexpected.
6/5/2014 9:51:45 AM, Error: EventLog [6008]  - The previous system shutdown at 8:45:21 PM on 6/4/2014 was unexpected.
6/5/2014 5:58:49 PM, Error: Microsoft-Windows-Dhcp-Client [1002]  - The IP address lease 192.168.1.5 for the Network Card with network address 001D9246A9D4 has been denied by the DHCP server 192.168.1.254 (The DHCP Server sent a DHCPNACK message).
6/5/2014 4:26:25 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
6/5/2014 4:26:24 PM, Error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume ACER.
6/5/2014 4:22:10 PM, Error: EventLog [6008]  - The previous system shutdown at 4:16:12 PM on 6/5/2014 was unexpected.
6/5/2014 4:14:25 PM, Error: EventLog [6008]  - The previous system shutdown at 3:47:17 PM on 6/5/2014 was unexpected.
6/5/2014 3:47:17 PM, Error: EventLog [6008]  - The previous system shutdown at 3:45:29 PM on 6/5/2014 was unexpected.
6/5/2014 11:02:26 AM, Error: EventLog [6008]  - The previous system shutdown at 10:38:31 AM on 6/5/2014 was unexpected.
6/5/2014 10:31:11 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
6/5/2014 10:31:11 AM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/5/2014 10:27:38 AM, Error: EventLog [6008]  - The previous system shutdown at 10:23:47 AM on 6/5/2014 was unexpected.
6/5/2014 10:20:55 AM, Error: EventLog [6008]  - The previous system shutdown at 10:19:57 AM on 6/5/2014 was unexpected.
6/5/2014 10:15:05 AM, Error: EventLog [6008]  - The previous system shutdown at 10:12:36 AM on 6/5/2014 was unexpected.
6/5/2014 10:06:43 AM, Error: EventLog [6008]  - The previous system shutdown at 9:57:20 AM on 6/5/2014 was unexpected.
6/4/2014 8:36:29 PM, Error: EventLog [6008]  - The previous system shutdown at 8:30:51 PM on 6/4/2014 was unexpected.
6/4/2014 6:20:26 PM, Error: EventLog [6008]  - The previous system shutdown at 6:05:24 PM on 6/4/2014 was unexpected.
6/4/2014 5:52:55 PM, Error: Microsoft-Windows-Windows Defender [2004]  - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.   Signatures Attempted: Current   Error Code: 0x8050a001   Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.   Signatures loading: Backup   Loading signature version: 1.175.864.0   Loading engine version: 1.1.10600.0
6/4/2014 5:31:13 PM, Error: EventLog [6008]  - The previous system shutdown at 5:26:52 PM on 6/4/2014 was unexpected.
6/4/2014 5:19:00 PM, Error: EventLog [6008]  - The previous system shutdown at 5:16:32 PM on 6/4/2014 was unexpected.
6/4/2014 5:12:40 PM, Error: EventLog [6008]  - The previous system shutdown at 5:10:43 PM on 6/4/2014 was unexpected.
6/4/2014 5:05:51 PM, Error: EventLog [6008]  - The previous system shutdown at 5:02:57 PM on 6/4/2014 was unexpected.
6/4/2014 3:26:02 PM, Error: Microsoft-Windows-Windows Defender [2004]  - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.   Signatures Attempted: Current   Error Code: 0x8050a001   Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.   Signatures loading: Backup   Loading signature version: 1.175.864.0   Loading engine version: 1.1.10600.0
6/4/2014 3:02:21 PM, Error: Microsoft-Windows-Windows Defender [2004]  - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.   Signatures Attempted: Current   Error Code: 0x8050a001   Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.   Signatures loading: Backup   Loading signature version: 1.175.864.0   Loading engine version: 1.1.10600.0
6/4/2014 2:38:06 PM, Error: EventLog [6008]  - The previous system shutdown at 2:32:52 PM on 6/4/2014 was unexpected.
6/4/2014 2:30:00 PM, Error: EventLog [6008]  - The previous system shutdown at 2:27:48 PM on 6/4/2014 was unexpected.
6/4/2014 2:21:56 PM, Error: EventLog [6008]  - The previous system shutdown at 2:19:41 PM on 6/4/2014 was unexpected.
6/4/2014 2:16:16 PM, Error: Service Control Manager [7031]  - The McAfee VirusScan Announcer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/4/2014 2:16:16 PM, Error: Service Control Manager [7031]  - The McAfee Proxy Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/4/2014 2:16:16 PM, Error: Service Control Manager [7031]  - The McAfee Platform Services service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/4/2014 2:16:16 PM, Error: Service Control Manager [7031]  - The McAfee Home Network service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
6/4/2014 10:22:09 AM, Error: Microsoft-Windows-Windows Defender [2004]  - Windows Defender has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures.   Signatures Attempted: Current   Error Code: 0x8050a001   Error description: The program can't find definition files that help detect unwanted software. Check for updates to the definition files, and then try again. For information on installing updates, see Help and Support.   Signatures loading: Backup   Loading signature version: 1.175.864.0   Loading engine version: 1.1.10600.0
6/4/2014 10:06:23 AM, Error: EventLog [6008]  - The previous system shutdown at 10:04:45 AM on 6/4/2014 was unexpected.
6/4/2014 10:02:53 AM, Error: EventLog [6008]  - The previous system shutdown at 10:02:09 AM on 6/4/2014 was unexpected.
6/4/2014 1:25:27 PM, Error: EventLog [6008]  - The previous system shutdown at 1:24:20 PM on 6/4/2014 was unexpected.
6/3/2014 9:51:28 AM, Error: EventLog [6008]  - The previous system shutdown at 9:46:51 AM on 6/3/2014 was unexpected.
6/3/2014 9:50:46 PM, Error: EventLog [6008]  - The previous system shutdown at 9:49:21 PM on 6/3/2014 was unexpected.
6/3/2014 9:37:27 PM, Error: EventLog [6008]  - The previous system shutdown at 9:32:38 PM on 6/3/2014 was unexpected.
6/3/2014 6:03:34 PM, Error: EventLog [6008]  - The previous system shutdown at 6:01:15 PM on 6/3/2014 was unexpected.
6/3/2014 5:52:46 PM, Error: EventLog [6008]  - The previous system shutdown at 5:38:09 PM on 6/3/2014 was unexpected.
6/3/2014 12:52:02 PM, Error: EventLog [6008]  - The previous system shutdown at 12:43:12 PM on 6/3/2014 was unexpected.
6/3/2014 12:40:16 PM, Error: EventLog [6008]  - The previous system shutdown at 12:37:41 PM on 6/3/2014 was unexpected.
6/3/2014 11:46:58 AM, Error: EventLog [6008]  - The previous system shutdown at 11:33:00 AM on 6/3/2014 was unexpected.
6/3/2014 11:25:08 AM, Error: EventLog [6008]  - The previous system shutdown at 11:22:16 AM on 6/3/2014 was unexpected.
6/3/2014 11:17:24 AM, Error: EventLog [6008]  - The previous system shutdown at 11:11:02 AM on 6/3/2014 was unexpected.
6/3/2014 11:07:10 AM, Error: EventLog [6008]  - The previous system shutdown at 11:05:34 AM on 6/3/2014 was unexpected.
6/3/2014 10:09:06 PM, Error: EventLog [6008]  - The previous system shutdown at 10:05:48 PM on 6/3/2014 was unexpected.
6/3/2014 10:02:55 PM, Error: EventLog [6008]  - The previous system shutdown at 10:00:38 PM on 6/3/2014 was unexpected.
6/2/2014 8:10:31 PM, Error: EventLog [6008]  - The previous system shutdown at 8:08:17 PM on 6/2/2014 was unexpected.
6/2/2014 7:59:25 PM, Error: EventLog [6008]  - The previous system shutdown at 7:58:02 PM on 6/2/2014 was unexpected.
6/2/2014 7:45:09 PM, Error: EventLog [6008]  - The previous system shutdown at 7:33:57 PM on 6/2/2014 was unexpected.
6/2/2014 6:24:05 PM, Error: EventLog [6008]  - The previous system shutdown at 5:52:49 PM on 6/2/2014 was unexpected.
6/2/2014 5:23:12 PM, Error: EventLog [6008]  - The previous system shutdown at 5:21:53 PM on 6/2/2014 was unexpected.
6/2/2014 5:10:00 PM, Error: EventLog [6008]  - The previous system shutdown at 5:02:36 PM on 6/2/2014 was unexpected.
6/2/2014 4:54:44 PM, Error: EventLog [6008]  - The previous system shutdown at 4:52:45 PM on 6/2/2014 was unexpected.
6/2/2014 4:51:53 PM, Error: EventLog [6008]  - The previous system shutdown at 3:57:11 PM on 6/2/2014 was unexpected.
6/2/2014 3:48:18 PM, Error: EventLog [6008]  - The previous system shutdown at 3:45:58 PM on 6/2/2014 was unexpected.
6/2/2014 3:44:06 PM, Error: EventLog [6008]  - The previous system shutdown at 3:42:41 PM on 6/2/2014 was unexpected.
6/2/2014 3:37:48 PM, Error: EventLog [6008]  - The previous system shutdown at 3:32:14 PM on 6/2/2014 was unexpected.
6/2/2014 3:30:13 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Computer Backup (MyPC Backup) service to connect.
6/2/2014 3:30:13 PM, Error: Service Control Manager [7000]  - The Computer Backup (MyPC Backup) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
6/2/2014 3:24:38 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  i8042prt
6/2/2014 3:23:37 PM, Error: ACPI [5]  - AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0x70), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
6/2/2014 3:23:37 PM, Error: ACPI [4]  - AMLI: ACPI BIOS is attempting to read from an illegal IO port address (0x71), which lies in the 0x70 - 0x71 protected address range. This could lead to system instability. Please contact your system vendor for technical assistance.
.
==== End Of File ===========================
 
 

Edited by HMH22, 09 June 2014 - 08:57 PM.

    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 June 2014 - 01:03 PM

:welcome:

 

I can see you have lots of problems, looks like some of them where taken care of in the windows forum ( great bunch of guys that know there stuff )

 

First I would go to Program and Features in the Control Panel and uninstall MyPcBackup, its loaded with adware

http://www.systemloo...=MyPC Backup&s=

 

 

Lets run a few scans and see what they come up with

 

Don't remove anything with this program, I would like to see the report first

 

-AdwCleaner-by Xplode
 
Click on this link to download : ADWCleaner
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.
 
Do not click on any links in the top Advertisment.
 
 
  •  
  • Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
 

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#3 HMH22

HMH22

    Authentic Member

  • Authentic Member
  • PipPip
  • 169 posts

Posted 10 June 2014 - 04:30 PM

Hi ken545 thank you for the response.  I have the logfile you wanted.  I dont think there is anything on here that i need but i am not sure about the one that has classes listed because my sister is taking a class online and im not sure if that is the program she uses when she gets on.

 

# AdwCleaner v3.212 - Report created 10/06/2014 at 18:17:10
# Updated 05/06/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# Username : User - USER-PC
# Running from : C:\Users\Family.User-PC\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Found : C:\Program Files\Optimizer Pro
Folder Found : C:\Users\User\AppData\Roaming\Optimizer Pro
Folder Found : C:\Users\User\Documents\Optimizer Pro

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\WEDLMNGR
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6001.18639

-\\ Google Chrome v35.0.1916.114

[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2099 octets] - [10/06/2014 18:17:10]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [2159 octets] ##########

:

 

 



#4 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 June 2014 - 05:12 PM

Hi,

 

Classes is just a windows registry entry, has nothing to do with your sisters classes

 

 

 HKLM\SOFTWARE\Classes

  •  
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
 
 
 
 
 
thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  •  
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#5 HMH22

HMH22

    Authentic Member

  • Authentic Member
  • PipPip
  • 169 posts

Posted 10 June 2014 - 06:35 PM

Ok just a couple things I need to ask about.  First, when I rebooted my computer I had to do it a couple of times one because of blue screen and the second time because of what I posted up earlier on thread about the CHKDSK it seemed to freeze so i shut it down and started over again. Anyway the txt file did not stgart automatically so I the folder you said it would be and I see four items there but none with [S1].txt here are the ones listed: 

 

Quarantine             6\10\2014  7:27 PM   File Folder

AdwCleaner[R0]     6\10\2014  6:18 PM   Text Document  3KB

AdwCleaner[R1]     6\10\2014  7:26 PM   Text Document  3KB

AdwCleaner[S0]      6\10\2014  7:27 PM   Text Document  3KB

 

The second question is doi need to uninstall and reinstall Junkware Removal Tool because, I already have it on my desktop?  Or could I proceed with the rest you asked of me?



#6 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 10 June 2014 - 07:23 PM

Junkware removal tool.  Its not installed, its just on your desktop but it looks like they had you run it before, if you have not run it than go ahead and run it, no need to re download it 

 

 

Then run Malwarebytes

 

GUZVCQN.jpg Please download Malwarebytes Anti-Malware to your desktop.
 
MBAM_zps65e8300e.jpg
 
  •  
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following: Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click Update Now
  • After the update completes, click the Scan Now Button.
 
 
MBAM2_zpsabeea657.jpg
 
 
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
 

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#7 HMH22

HMH22

    Authentic Member

  • Authentic Member
  • PipPip
  • 169 posts

Posted 10 June 2014 - 08:56 PM

Ok I did the Junkware removal tool and it said it was successful and produced a log but, it said something about a bad module during the process and asked if it should reboot now so I rebooted but I don't see the log.

 

I also have Malwarebytes Anti-Malware on my computer desktop as well 



#8 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 11 June 2014 - 03:47 AM

Hi,

 

I would like to see some of the logs from the scans please

You can find the logfile at C:\AdwCleaner[S1].txt

 

The Junkware removal tool may be on your desktop

 

Does your copy of Malwarebytes look like the pictures I posted, if so no need to redownload it, just follow the instructions to update it and run the Threat Scan, if it does not look like the pictures I posted it will be an older version so if it is you can go to Programs and Features in the Control Panel and uninstall it and then download the newer version.


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#9 HMH22

HMH22

    Authentic Member

  • Authentic Member
  • PipPip
  • 169 posts

Posted 11 June 2014 - 05:26 AM

Hi I still do noy see the log files that you mentioned unless the AdwCleaner[S1].txt is the one in the Quarantined Folder that I mentioned in my earlier post but, here is the last one I mentioned AdwCleaner[S0].txt:

 

# AdwCleaner v3.212 - Report created 10/06/2014 at 19:27:12
# Updated 05/06/2014 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 1 (32 bits)
# Username : User - USER-PC
# Running from : C:\Users\Family.User-PC\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files\Optimizer Pro
Folder Deleted : C:\Users\User\AppData\Roaming\Optimizer Pro
Folder Deleted : C:\Users\User\Documents\Optimizer Pro
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\WEDLMNGR
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v7.0.6001.18639
 
 
-\\ Google Chrome v35.0.1916.114
 
[ File : C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2237 octets] - [10/06/2014 18:17:10]
AdwCleaner[R1].txt - [2297 octets] - [10/06/2014 19:24:44]
AdwCleaner[S0].txt - [2256 octets] - [10/06/2014 19:27:12]
 
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [2316 octets] ##########
 
 
I really think I cant find the log file for Junkware Removal Tool because of that reboot because I did run the program and it did give me a log that was put on my desktop but, my computer rebooted and i had those problems that I mentioned earlier and now its not on my desktop.  Do I need to run it again?
 
Yes the picture that you posted of Malwarebytes is the one I have
 
ETA I just wanted you to the exact message I receive when I start my computer
 
Checking file system on C:
The type of the file systems is NTFS
 
One of your disks needs to be checked for consistency  You may cancel the disk check, but it is strongly recommended that you continue. Windows will now check the disk
 
CHKDSK is verifying files stage(1 of 3)
Deleting corrupt attribute record (128, "")
from file record segment 78927

Edited by HMH22, 11 June 2014 - 06:12 AM.


#10 HMH22

HMH22

    Authentic Member

  • Authentic Member
  • PipPip
  • 169 posts

Posted 11 June 2014 - 06:03 AM

Here you go:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
 
Protection, 6/11/2014 6:43:11 AM, SYSTEM, USER-PC, Protection, Malware Protection, Starting, 
Protection, 6/11/2014 6:43:11 AM, SYSTEM, USER-PC, Protection, Malware Protection, Started, 
Protection, 6/11/2014 6:43:11 AM, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting, 
Protection, 6/11/2014 6:43:30 AM, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started, 
Protection, 6/11/2014 6:54:17 AM, SYSTEM, USER-PC, Protection, Malware Protection, Starting, 
Protection, 6/11/2014 6:54:17 AM, SYSTEM, USER-PC, Protection, Malware Protection, Started, 
Protection, 6/11/2014 6:54:17 AM, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting, 
Protection, 6/11/2014 6:54:34 AM, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started, 
Protection, 6/11/2014 7:05:21 AM, SYSTEM, USER-PC, Protection, Malware Protection, Starting, 
Protection, 6/11/2014 7:05:21 AM, SYSTEM, USER-PC, Protection, Malware Protection, Started, 
Protection, 6/11/2014 7:05:21 AM, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting, 
Protection, 6/11/2014 7:05:42 AM, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started, 
Update, 6/11/2014 7:08:06 AM, SYSTEM, USER-PC, Scheduler, Malware Database, 2014.6.10.8, 2014.6.11.3, 
Protection, 6/11/2014 7:08:26 AM, SYSTEM, USER-PC, Protection, Refresh, Starting, 
Protection, 6/11/2014 7:08:26 AM, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 6/11/2014 7:08:26 AM, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopped, 
Protection, 6/11/2014 7:08:37 AM, SYSTEM, USER-PC, Protection, Refresh, Success, 
Protection, 6/11/2014 7:08:37 AM, SYSTEM, USER-PC, Protection, Malicious Website Protection, Starting, 
Protection, 6/11/2014 7:08:38 AM, SYSTEM, USER-PC, Protection, Malicious Website Protection, Started, 
Update, 6/11/2014 8:00:36 AM, SYSTEM, USER-PC, Scheduler, Malware Database, 2014.6.11.3, 2014.6.11.4, 
Protection, 6/11/2014 8:00:58 AM, SYSTEM, USER-PC, Protection, Refresh, Starting, 
Protection, 6/11/2014 8:00:58 AM, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopping, 
Protection, 6/11/2014 8:00:59 AM, SYSTEM, USER-PC, Protection, Malicious Website Protection, Stopped, 
 
(end)

    Advertisements

Register to Remove


#11 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 11 June 2014 - 06:16 AM

You posted the log for Malwarebytes Protection log, I need to see the log from the scan you ran

 

Open up Malwarebytes and on the Dashboard go to the History tab...then the Application Logs and look for the latest SCAN Log that you just ran...check the date.  Doubleclick it to open and then select COPY TO CLIPBOARD and them paste it into this thread

 


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#12 HMH22

HMH22

    Authentic Member

  • Authentic Member
  • PipPip
  • 169 posts

Posted 11 June 2014 - 06:54 AM

 
Ok here you go the scan log did not show before
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 6/11/2014
Scan Time: 7:48:40 AM
Logfile: 
Administrator: No
 
Version: 2.00.2.1012
Malware Database: v2014.06.11.03
Rootkit Database: v2014.06.02.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows Vista Service Pack 1
CPU: x86
File System: NTFS
User: Family
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 229964
Time Elapsed: 7 min, 23 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 35
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\common, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\common\components, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\common\components\menu, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\common\components\menu\images, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\common\widget-api, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\common\widget-api\widgets, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\common\widget-api\widgets\radio, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\common\widget-api\widgets\radio\css, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\common\widget-api\widgets\rss, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\common\widget-api\widgets\test, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\common\widget-api\widgets\topapps, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\common\widget-api\widgets\topapps\css, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\common\widget-api\widgets\weather, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\common\widget-api\widgets\weather\css, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\components, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\components\api, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\components\api\window, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\components\defaultSearch, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\components\defaultSearch\foreground, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\components\moviereviews, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\components\moviereviews\css, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\components\moviereviews\html, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\components\radio, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\components\radio\css, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\components\radio\radioWrapper, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\components\search, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\components\search\html, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\components\supertab, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\components\supertab\css, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\components\supertab\html, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\icons, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\images, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
PUP.Optional.MindSpark.A, C:\Users\Family.User-PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehjkfdmkpocpileolmldepapdjbfegei\8.27.3.62781_0\plugins, Quarantined, [9897d4a3512a280ed979fe940ef425db], 
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#13 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 11 June 2014 - 07:03 AM

OK, thanks.  Go ahead and run a new scan with OTL and post the NEW LOG, there wont be an extras log this time so dont knock yourself out looking for it


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#14 HMH22

HMH22

    Authentic Member

  • Authentic Member
  • PipPip
  • 169 posts

Posted 11 June 2014 - 07:25 AM

Ok do i need to check or uncheck anything before i run?



#15 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 11 June 2014 - 07:40 AM

  •  

     

  • When the window appears, underneath Output at the top change it to Minimal Output.

     

     
  • Click the "Scan All Users" checkbox.
     
  • Check the boxes beside LOP Check and Purity Check.
     
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
     

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users