Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91699 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Possible malware? [Solved]


  • This topic is locked This topic is locked
31 replies to this topic

#16 HMH22

HMH22

    Authentic Member

  • Authentic Member
  • PipPip
  • 169 posts

Posted 11 June 2014 - 08:02 AM

Ok here is the log and this was the message that popped up when it was running 

 

OTL:OTL.exe- Corrupt File

 

The file or directory C:\found.000 is corrupt and unreadable. Please run Chkdsk utility

 

here is the log:

 

OTL logfile created on: 6/11/2014 9:45:00 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = c:\Users\Family.User-PC\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
2.75 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 44.84% Memory free
5.73 Gb Paging File | 3.96 Gb Available in Paging File | 69.14% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119.70 Gb Total Space | 57.80 Gb Free Space | 48.29% Space Free | Partition Type: NTFS
Drive D: | 103.42 Gb Total Space | 103.20 Gb Free Space | 99.79% Space Free | Partition Type: NTFS
Drive H: | 1.89 Gb Total Space | 1.35 Gb Free Space | 71.55% Space Free | Partition Type: FAT
 
Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - c:\Users\Family.User-PC\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe ()
PRC - C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe (Promethean)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\SysMonitor.exe ()
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files\AVAST Software\Avast\libcef.dll ()
MOD - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
MOD - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\e3180b4230f052996adb81da3dc64ad0\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c933fd5d1d27f268331890d7ddba8fec\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll ()
MOD - C:\Windows\libactivboardex.dll ()
MOD - C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Acer\Empowering Technology\SysMonitor.exe ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll ()
MOD - C:\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll ()
MOD - C:\Acer\Empowering Technology\eSettings\eSettings.View.dll ()
MOD - C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll ()
MOD - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll ()
MOD - C:\Acer\Empowering Technology\MemCheck.Interface.dll ()
MOD - C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (0216941402117894mcinstcleanup) -- C:\Users\User\AppData\Local\Temp\021694~1.EXE (McAfee, Inc.)
SRV - (ActivControl) -- C:\Program Files\Activ Software\ActivDriver\ActivControlsvc.exe (Promethean)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SymIMMP) -- system32\DRIVERS\SymIM.sys File not found
DRV - (SymIM) -- system32\DRIVERS\SymIM.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\User\AppData\Local\Temp\catchme.sys File not found
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswsnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswsp.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswrdr.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswHwid) -- C:\Windows\System32\drivers\aswHwid.sys ()
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys (Malwarebytes Corporation)
DRV - (MBAMWebAccessControl) -- C:\Windows\System32\drivers\mwac.sys (Malwarebytes Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (FAMv4) -- C:\Windows\System32\drivers\FAMv4.sys (FAMv4)
DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio)
DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys (Acer, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-707397312-517837071-3952411271-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-707397312-517837071-3952411271-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-707397312-517837071-3952411271-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-707397312-517837071-3952411271-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-707397312-517837071-3952411271-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-707397312-517837071-3952411271-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7NDKB_enUS526
IE - HKU\S-1-5-21-707397312-517837071-3952411271-1000\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = http://search.yahoo....ms}&fr=chr-acer
IE - HKU\S-1-5-21-707397312-517837071-3952411271-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-707397312-517837071-3952411271-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-707397312-517837071-3952411271-1001\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-707397312-517837071-3952411271-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-707397312-517837071-3952411271-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-707397312-517837071-3952411271-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-707397312-517837071-3952411271-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-707397312-517837071-3952411271-1002\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-707397312-517837071-3952411271-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKU\S-1-5-21-707397312-517837071-3952411271-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...1I7NDKB_enUS526
IE - HKU\S-1-5-21-707397312-517837071-3952411271-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/06/07 00:58:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Components: C:\Users\Guest\AppData\Local\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 29.0.1\extensions\\Plugins: C:\Users\Guest\AppData\Local\Mozilla Firefox\plugins
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Error reading preferences file
CHR - Extension: Google Voice Search Hotword (Beta) = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5019_0\
CHR - Extension: Google Wallet = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
 
O1 HOSTS File: ([2014/03/02 08:56:38 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-707397312-517837071-3952411271-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O4 - HKLM..\Run: [Acer Assist Launcher] C:\Program Files\Acer Assist\launcher.exe ()
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Product Registration] C:\Program Files\Acer Registration\ACE1.exe (Leader Technologies)
O4 - HKLM..\Run: [ActivManager] C:\Program Files\Activ Software\ActivDriver\ActivMgr.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKU\S-1-5-21-707397312-517837071-3952411271-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-707397312-517837071-3952411271-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\System32\WerFault.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-707397312-517837071-3952411271-1001..\RunOnce: [RUN] C:\Windows\Acer_Normal\run_DT.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-707397312-517837071-3952411271-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-707397312-517837071-3952411271-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-707397312-517837071-3952411271-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-707397312-517837071-3952411271-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop...t/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} http://zone.msn.com/...inematycoon.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{429534DA-931A-4D7E-8EC3-75992BA2B5E7}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/06/10 18:18:44 | 000,536,576 | ---- | C] (SQLite Development Team) -- C:\Windows\System32\sqlite3.dll
[2014/06/10 18:17:05 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/06/09 21:54:45 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2014/06/09 21:54:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Dropbox
[2014/06/08 14:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2014/06/08 14:51:29 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2014/06/08 13:19:12 | 000,000,000 | ---D | C] -- C:\Course Technology
[2014/06/07 01:40:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2014/06/07 01:40:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2014/06/07 01:04:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
[2014/06/07 00:59:14 | 036,818,984 | ---- | C] (Dropbox, Inc.) -- C:\Users\Public\Desktop\DropboxInstallerAvast.exe
[2014/06/07 00:58:58 | 000,057,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2014/06/07 00:58:57 | 000,777,488 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys
[2014/06/07 00:58:57 | 000,776,976 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys.1402117467588
[2014/06/07 00:58:57 | 000,411,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014/06/07 00:58:57 | 000,067,824 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/06/07 00:58:57 | 000,054,832 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswrdr.sys.1402117467588
[2014/06/07 00:58:57 | 000,054,832 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswrdr.sys
[2014/06/07 00:58:56 | 000,271,264 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/06/07 00:58:43 | 000,043,152 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/06/07 00:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2014/06/07 00:54:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2014/06/07 00:01:31 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/06/07 00:00:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/06/07 00:00:37 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/06/07 00:00:37 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/06/07 00:00:37 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/06/07 00:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/06/07 00:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/06/04 18:21:26 | 000,000,000 | ---D | C] -- C:\Users\User\Option
[2014/06/04 12:19:59 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2014/06/04 12:19:59 | 000,000,000 | ---D | C] -- C:\Program Files\iolo
[2014/05/28 14:28:10 | 000,000,000 | -HSD | C] -- C:\Users\User\AppData\Roaming\.#
[2014/05/16 08:46:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
 
========== Files - Modified Within 30 Days ==========
 
[2014/06/11 09:24:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cf68a7b8fbbce6.job
[2014/06/11 09:19:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/06/11 09:04:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/06/11 09:04:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/06/11 07:47:16 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/06/11 07:04:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/06/11 07:03:56 | 2951,909,376 | -HS- | M] () -- C:\hiberfil.sys
[2014/06/11 06:52:54 | 265,562,670 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2014/06/08 19:38:08 | 000,607,168 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/06/08 19:38:08 | 000,104,808 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/06/08 14:51:30 | 000,001,078 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/07 01:04:54 | 000,001,877 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/06/07 01:04:27 | 000,777,488 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys
[2014/06/07 01:04:27 | 000,411,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsp.sys
[2014/06/07 01:04:27 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswrdr.sys
[2014/06/07 01:04:03 | 036,818,984 | ---- | M] (Dropbox, Inc.) -- C:\Users\Public\Desktop\DropboxInstallerAvast.exe
[2014/06/07 00:58:44 | 000,776,976 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswsnx.sys.1402117467588
[2014/06/07 00:58:44 | 000,180,632 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/06/07 00:58:44 | 000,067,824 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2014/06/07 00:58:44 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2014/06/07 00:58:44 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswrdr.sys.1402117467588
[2014/06/07 00:58:44 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/06/07 00:58:44 | 000,024,184 | ---- | M] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/06/07 00:58:43 | 000,271,264 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2014/06/07 00:58:43 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2014/06/07 00:02:46 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/06/04 18:21:50 | 000,001,024 | RH-- | M] () -- C:\Windows\System32\NTIOFM4.dll
[2014/05/30 14:55:04 | 000,001,999 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014/05/29 13:06:20 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{68CFDBC1-2EA6-4D14-9144-1989C235FBCA}.job
[2014/05/23 21:31:07 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/05/13 16:21:57 | 000,692,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014/05/13 16:21:57 | 000,070,832 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2014/06/09 10:30:41 | 265,562,670 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2014/06/08 14:51:30 | 000,001,108 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2014/06/08 14:51:30 | 000,001,078 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014/06/07 01:04:54 | 000,001,877 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2014/06/07 00:58:57 | 000,180,632 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2014/06/07 00:58:57 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2014/06/07 00:58:57 | 000,024,184 | ---- | C] () -- C:\Windows\System32\drivers\aswHwid.sys
[2014/05/29 12:59:23 | 2951,909,376 | -HS- | C] () -- C:\hiberfil.sys
[2013/02/28 05:15:27 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2013/02/28 05:15:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2013/02/27 11:53:06 | 000,186,192 | ---- | C] () -- C:\Windows\libactivboardex.dll
[2012/10/12 12:14:53 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2012/10/12 12:14:53 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2012/10/12 12:12:32 | 000,077,824 | ---- | C] () -- C:\Windows\System32\drivers\INT15_DETECT.EXE
[2012/10/12 12:11:32 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2012/10/12 12:11:32 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 11:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 00:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/20 22:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2014/02/11 21:05:46 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Acer
[2008/02/05 15:54:28 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Acer GameZone Console
[2014/02/11 21:05:47 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\ACTIV Software
[2014/02/11 21:05:42 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Leadertech
[2014/04/22 10:16:51 | 000,000,000 | -HSD | M] -- C:\Users\Family.User-PC\AppData\Roaming\.#
[2014/02/14 13:50:37 | 000,000,000 | ---D | M] -- C:\Users\Family.User-PC\AppData\Roaming\Acer
[2008/02/05 15:54:28 | 000,000,000 | ---D | M] -- C:\Users\Family.User-PC\AppData\Roaming\Acer GameZone Console
[2014/02/14 13:50:41 | 000,000,000 | ---D | M] -- C:\Users\Family.User-PC\AppData\Roaming\ACTIV Software
[2014/06/07 01:32:03 | 000,000,000 | ---D | M] -- C:\Users\Family.User-PC\AppData\Roaming\AVAST Software
[2014/06/09 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Family.User-PC\AppData\Roaming\Dropbox
[2014/06/09 21:55:04 | 000,000,000 | ---D | M] -- C:\Users\Family.User-PC\AppData\Roaming\DropboxMaster
[2014/04/06 15:15:12 | 000,000,000 | ---D | M] -- C:\Users\Family.User-PC\AppData\Roaming\eSobi
[2014/02/14 13:50:35 | 000,000,000 | ---D | M] -- C:\Users\Family.User-PC\AppData\Roaming\Leadertech
[2014/03/08 23:39:07 | 000,000,000 | ---D | M] -- C:\Users\Family.User-PC\AppData\Roaming\Lionhead Studios
[2014/04/23 15:08:54 | 000,000,000 | ---D | M] -- C:\Users\Family.User-PC\AppData\Roaming\MakeMusic
[2014/06/04 21:50:13 | 000,000,000 | ---D | M] -- C:\Users\Family.User-PC\AppData\Roaming\Promethean
[2013/02/21 19:50:00 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Acer
[2008/02/05 15:54:28 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Acer GameZone Console
[2013/05/25 13:40:02 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\ACTIV Software
[2013/07/01 14:26:54 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Big Fish Games
[2013/05/02 12:51:02 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\eSobi
[2013/05/04 12:40:28 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\FloodLightGames
[2013/06/10 15:22:57 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Gaijin Ent
[2013/06/10 18:48:10 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\iWin
[2013/02/21 19:49:57 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Leadertech
[2014/02/11 18:33:30 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Lionhead Studios
[2013/05/05 15:56:05 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\MakeMusic
[2013/05/01 15:48:35 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\MusE
[2013/05/02 13:27:09 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\PlayFirst
[2014/05/29 16:39:11 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\Promethean
[2014/02/12 09:23:53 | 000,000,000 | ---D | M] -- C:\Users\Hunter\AppData\Roaming\Acer
[2008/02/05 15:54:28 | 000,000,000 | ---D | M] -- C:\Users\Hunter\AppData\Roaming\Acer GameZone Console
[2014/02/12 09:23:56 | 000,000,000 | ---D | M] -- C:\Users\Hunter\AppData\Roaming\ACTIV Software
[2014/02/12 09:23:49 | 000,000,000 | ---D | M] -- C:\Users\Hunter\AppData\Roaming\Leadertech
[2008/02/05 15:54:28 | 000,000,000 | ---D | M] -- C:\Users\UpdatusUser\AppData\Roaming\Acer GameZone Console
[2014/05/28 14:29:37 | 000,000,000 | -HSD | M] -- C:\Users\User\AppData\Roaming\.#
[2012/10/12 12:17:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Acer
[2008/02/05 15:54:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Acer GameZone Console
[2013/05/23 18:34:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ACTIV Software
[2014/06/09 21:54:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox
[2013/02/17 17:36:53 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\eSobi
[2012/10/12 12:17:04 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech
[2014/02/11 18:32:15 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Lionhead Studios
[2013/04/29 19:39:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MusE
[2014/05/29 16:39:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Promethean
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:EC2246A6
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:3E7393FC
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:193426B4
 
< End of report >
 

    Advertisements

Register to Remove


#17 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 11 June 2014 - 08:13 AM

Open OTL.exe
  •  
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
 
 
:OTL
SRV - (0216941402117894mcinstcleanup) -- C:\Users\User\AppData\Local\Temp\021694~1.EXE (McAfee, Inc.)
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:4BB26BE9
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:EC2246A6
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:C95B63DA
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:373E1720
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:FEBEC560
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:3E7393FC
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:193426B4
 
 
:Services
 
:Reg
 
:Files
ipconfig /flushdns /c
 
 
:Commands
[purity]
[resethosts]
[EMPTYJAVA] 
[emptytemp]
[start explorer]
[Reboot]
 
  • Then click the Run Fix button at the top. <--Not run Scan
  • Let the program run unhindered, reboot when it is done
  • Then post the results of the log it produces

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#18 HMH22

HMH22

    Authentic Member

  • Authentic Member
  • PipPip
  • 169 posts

Posted 11 June 2014 - 09:00 AM

Ok I dis what you asked but that same message popped back up again.  I did not do anything I waited until it finished it said process completed however i did restart the computer myself because it did not seem to want to reboot on its on.  

 

It went through the same process it always does and when I logged back on again there was no file from otl on the desktop and, i also received this message

 

avastui.exe Application Error

 

The application failed to intialize properly 0xc0000005

Click ok to terminate application

 

Do I need to do something with the chkdsk utility?  



#19 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 11 June 2014 - 09:56 AM

The avastui error is related to Avast Anti Virus, do you have the free or paid version ?

 

Do you by chance have the windows CD that came with your system ?

 

Lets hold off on chkdsk for the moment


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#20 HMH22

HMH22

    Authentic Member

  • Authentic Member
  • PipPip
  • 169 posts

Posted 11 June 2014 - 04:19 PM

I have the free version and no I don't have the Windows cd I brought my computer from a pawn shop.and the did not have I am assuming because it was offered with the computer.



#21 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 11 June 2014 - 05:02 PM

Lets run CHKDSK
 
Here is a link to some instructions, what I would like you to do is run it from the Elevated Commmand Prompt
 
 
Go to Start > Look for the Command Prompt >  Right click on it and select RUN AS ADMINISTRATOR
 
 
Then  copy and paste this in chkdsk C: /F   and press enter on your keyboard
 
You will most likely get a message that chkdsk wont run because it being the disk is being used and do you want to run it at Startup, type Y for yes.  Reboot your computer and let it run, do not interuppt it while its running

Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#22 HMH22

HMH22

    Authentic Member

  • Authentic Member
  • PipPip
  • 169 posts

Posted 11 June 2014 - 09:39 PM

Ok, I did what you asked I basically received the same message I have been getting only the file record segment was 5641 instead of 78927. Then it said Windows had finished checking the disk but it started again same exact message but this time the message about Windows finishing didn't show up it just went to the log on page.



#23 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 12 June 2014 - 06:05 AM

I know those windows fly by fast, did you notice if is said anything about windows found and fixed errors ?

 

I noticed on your PcPitStop report that it said you had two memory slots and one had a 2048 MB module and the other had a 1024 MB, not always but most times memory is installed in pairs, did you by chance install more memory or was it like this when you bought the PC ?

 

The malware we found so far and removed are more of a nuisance than anything, I doubt what we removed would have caused these issues.

 

  •  
  • Open Chrome
  • Click the Chrome menu Clipboard01_zps2e55f676.jpgon the browser toolbar.
  • Click on Settings
  • Then Manage Search Engines
  • Highlite MindSpark and select Delete
 


 

 

 

I want to check your system for a Rootkit, thats a type of infection that hides from the Operating System

 
1QYkxTZ.jpg Please download aswMBR to your desktop.
 
  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
 
I just want to see the report....Please Do Not Fix Anything

 

 


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#24 HMH22

HMH22

    Authentic Member

  • Authentic Member
  • PipPip
  • 169 posts

Posted 12 June 2014 - 08:21 AM

Hi, to answer your question about Windows saying it fixed errors no I did not say anything about fixing anything it stayed on the stage 1 of 3 is checking files then it said deleting corrupt attribute record (128,'') from file record segment 5641. They never showed stage 2 or stage 3 and then it said Windows has finished.

 

No I have not installed any memory I am not sure how you even install it

 

Ok, so I went to Google Chrome to delete Mindspark and I did not see it there.  I am not sure if it had already been deleted because I remeber seeing that on the protection log in Malwarebytes and maybe that is why its not there

 

I did the aswMBR and it said that ithe scan was successful I saved to desktop but I don't see it but when I went to look it up again I noticed that its under Hunter Family is where I saved iwhich is the adminstrators account but I am on the Family account do I need to log off and go to that account to post it?

 

ETA: I found it here it is:

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-06-12 09:43:17
-----------------------------
09:43:17.281    OS Version: Windows 6.0.6001 Service Pack 1
09:43:17.281    Number of processors: 2 586 0xF0D
09:43:17.281    ComputerName: USER-PC  UserName: User
09:43:18.295    Initialize success
09:43:23.506    AVAST engine defs: 14061200
09:43:33.240    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005f
09:43:33.240    Disk 0 Vendor: ST325031 3.AA Size: 238475MB BusType: 6
09:43:33.334    Disk 0 MBR read successfully
09:43:33.334    Disk 0 MBR scan
09:43:33.349    Disk 0 unknown MBR code
09:43:33.349    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        10001 MB offset 63
09:43:33.365    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       122570 MB offset 20484096
09:43:33.396    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       105902 MB offset 271507456
09:43:33.427    Disk 0 scanning sectors +488395120
09:43:33.583    Disk 0 scanning C:\Windows\system32\drivers
09:43:42.368    Service scanning
09:44:05.628    Modules scanning
09:44:12.102    Disk 0 trace - called modules:
09:44:12.211    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys 
09:44:12.226    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86b32730]
09:44:12.226    3 CLASSPNP.SYS[8339c745] -> nt!IofCallDriver -> [0x85fc44f0]
09:44:12.242    5 acpi.sys[832966a0] -> nt!IofCallDriver -> \Device\0000005f[0x85f4f308]
09:44:12.960    AVAST engine scan C:\Windows
09:44:14.863    AVAST engine scan C:\Windows\system32
09:46:24.994    AVAST engine scan C:\Windows\system32\drivers
09:46:37.888    AVAST engine scan C:\Users\User
09:47:11.210    AVAST engine scan C:\ProgramData
09:48:02.910    Scan finished successfully
09:48:18.136    Disk 0 MBR has been saved successfully to "C:\Users\User\Documents\MBR.dat"
09:48:18.152    The log file has been saved successfully to "C:\Users\User\Documents\aswMBR.txt"
10:17:32.592    Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\MBR.dat"
10:17:32.606    The log file has been saved successfully to "C:\Users\User\Desktop\aswMBR.txt"

Edited by HMH22, 12 June 2014 - 08:35 AM.


#25 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 12 June 2014 - 11:02 AM

Good, thanks for the log, it looks fine , no rootkit installed .

 

So at this point I do not believe Malware is the cause of your problems.  You have a few options, one is go online to eBay or maybe Amazon and look for a Windows Vista CD , then you could back up any pictures or documents you may want to save to a CD, USB Flash drive or an external Hard Drive. With Windows 7 and 8 out and talk about the new Windows 9 right around the corner you should be able to get that CD very reasonable, but I have to tell you Vista was not one of the best Operating Systems that Microsoft ever came out with.  Another option is to do a Windows 7 upgrade, again I dont believe finding an upgrade disk would be that expensive.

 

You can run the Windows 7 Upgrade advisor here to see if your system meets all the requirements, I do believe that you would have to add more memory to make Win 7 run well.

http://www.microsoft...ails.aspx?id=20

 

If you decide to upgrade memory, its a very simple upgrade, you can go here to Crucial ( I would not buy memory from anyone else ) and let it scan your system and it will tell you the amount it can handle and the cost.  You can always find a HS kid in your neighborhood to install it for you or bring the memory and the PC to a local shop and let them do it for you.

 

Go here and you can download the scanner 

http://www.crucial.com/

 

 

Wet your hand slightly, just damp not wringing  wet and with the computer on hold your wet hand close to  the rear exhaust fan, you should feel cool air coming out , if its hot, I mean real hot than you have a problem

 

You can open the case and very gently clean out all the dust bunnies with canned air, just be gentle and you wont hurt anything.  Heat is a factor and can be devastating to computer system, cleaning inside the case making sure all the vents are clean and free can make a big difference. When you do this you need to shut down the computer and unplug it from the wall.  Hold the power button in for maybe 5 seconds or so to release the charge to your motherboard and components.

 

 

With this all said and done its also possible that there is a hardware issue with your system, maybe a bad memory module, a failing Hard Drive, a bad power supply, most times this will be hard to find unless you take it to a shop , they have all the right testing equipment and can analyze your system for you letting you know if anything is failing.

 

I just jumped in to check your system for Malware, I am going to turn you back over to the windows guys , they can read this thread and see what we have done.

 

Good luck with your system

 

Ken :)


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.

    Advertisements

Register to Remove


#26 HMH22

HMH22

    Authentic Member

  • Authentic Member
  • PipPip
  • 169 posts

Posted 12 June 2014 - 03:39 PM

Thank you so very much for your help ken545, I hope I did not worry you to much I will try the cleaning of the computer first.  I will also look an installation disk for Windows Vista i probably really need one.   ,however, I do have a question about that would I have to get one that is of my make and model computer or does it matter?

 

If I still have any problems I'll just go to repair shop and have my hardware looked at 

 

Again thank you for all you have done

 



#27 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 12 June 2014 - 03:53 PM

Your very welcome.

 

Any disk you purchase has nothing to do with the make and model of your computer.  Since you have Vista installed, whether you decide to stay with Vista or do a Win 7 upgrade all you may need is the upgrade disk which is cheaper then the full installation disk 


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#28 HMH22

HMH22

    Authentic Member

  • Authentic Member
  • PipPip
  • 169 posts

Posted 12 June 2014 - 03:58 PM

Okay thanks for the info just one more question.  Do I need or should I keep everything that you had me perform a scan on?

 



#29 ken545

ken545

    Forum God

  • Classroom Teacher
  • 23,207 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 12 June 2014 - 04:07 PM

You can do this as most of the programs we used are updated quite often and leaving them on your system  really wont do you any good, you can always download a fresh copy in the future if you need it

 

 

 
Double click on AdwCleaner.exe to run the tool again.
  •  
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
 

 

 

 
Open OTL and click on Clean Up and it will remove programs we used to clean your system along with there backups, any programs that where not removed you can just drag to the trash.
 
 
Malwarebytes is the free version and yours to keep and will not be removed
 
 
  •  
How did I get infected in the first place ?    
Read these links and find out how to prevent getting infected again.
 
 
 
Safe Surfn
Ken

 


Jeffce_zpsa19ee2e6.png

 

 

 

Want to help others, Join our Malware Removal Classroom  HERE

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif

 

Find us on Facebook
Please LIKE and SHARE

 

 

Just a reminder that threads will be closed if no reply in 3 days.


#30 HMH22

HMH22

    Authentic Member

  • Authentic Member
  • PipPip
  • 169 posts

Posted 12 June 2014 - 04:15 PM

Ok I will work on it tonight thanks again


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users