Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer keeps semi-freezing due to viruses, please help!


  • Please log in to reply
13 replies to this topic

#1 radioactiveratt

radioactiveratt

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 07 May 2014 - 04:56 PM

I know I have a couple of things on my computer that shouldn't be there but I just can't get rid of them myself. The only reason I know they're there is because I've tried to delete them from the list of programs and features and they just wont uninstall. One is "Oxy Updater" and the other is "IdleCrawler". I dont' know if there's anything else on my computer but Antimalware can't find anything which is what I usually use to fix my computer's virus problems. What my computer's doing is it works fine when I start it up but then about five minutes after that it seems like it freezes but it lets me move the mouse around. 30 seconds later the mouse freezes too. It stays that way for two minutes and then it's fine again but after that it's only fine for another five minutes and does it again like it's processing too much information but I only had itunes open to play music and nothing else. I would really really apreciate some help, I've tried so many things and I just can't fix it myself. I ran that DDS thing and here are the logs:

 

Thank you so much for any help!! I really appreciate it! <3 If you need any more info about my computer I'll be more then happy to give it to try and resolve my problems.

 

 

DDS:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.51.2
Run by Crystal at 14:41:23 on 2014-05-07
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4095.2365 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskeng.exe
C:\Users\Crystal\AppData\Local\IdleCrawler\IdleCrawler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files\Tablet\Pen\WacomHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Users\Crystal\AppData\Local\IDLECR~1\CHROME~1\chrome.exe
C:\Users\Crystal\AppData\Local\IDLECR~1\CHROME~1\chrome.exe
C:\Users\Crystal\AppData\Local\IDLECR~1\CHROME~1\chrome.exe
C:\Users\Crystal\AppData\Local\IDLECR~1\CHROME~1\chrome.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
C:\Users\Crystal\AppData\Local\IDLECR~1\CHROME~1\chrome.exe
C:\Windows\system32\sppsvc.exe
C:\Users\Crystal\AppData\Local\IDLECR~1\CHROME~1\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [BackupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{54FE6BC7-B1C7-439D-9AA0-16DC03FA6BAE} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{54FE6BC7-B1C7-439D-9AA0-16DC03FA6BAE}\543747F6E616E284F6573756 : DHCPNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli EgisPwdFilter EgisDSPwdFilter
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\e0y5m85e.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Crystal\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1209149.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-1-25 268512]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 ETService;Empowering Technology Service;C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [2011-8-16 30080]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-8-16 255376]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 133928]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-23 256832]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-11-29 38608]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 TabletServicePen;TabletServicePen;C:\Windows\System32\Pen_Tablet.exe [2013-2-13 1909032]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 WTabletServiceCon;Wacom Consumer Service;C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [2013-2-13 619904]
R3 hidkmdf;KMDF Driver;C:\Windows\System32\drivers\hidkmdf.sys [2013-2-13 13728]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-3-11 347872]
R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;C:\Windows\System32\drivers\RTL8192su.sys [2010-7-8 694888]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 WacHidRouter;Wacom Hid Router;C:\Windows\System32\drivers\wachidrouter.sys [2013-2-13 81824]
R3 wacomrouterfilter;Wacom Router Filter Driver;C:\Windows\System32\drivers\wacomrouterfilter.sys [2013-2-13 15776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-5-7 111616]
S3 LVUVC64;Logitech Webcam 500(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-2-10 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-05-07 21:39:59    75888    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E441EC02-A629-43FC-B9EF-217E945F5A2E}\offreg.dll
2014-05-07 21:19:49    --------    d-----w-    C:\Users\Crystal\AppData\Local\ElevatedDiagnostics
2014-05-07 21:19:04    --------    d-sh--w-    C:\Users\Crystal\AppData\Local\EmieUserList
2014-05-07 21:19:04    --------    d-sh--w-    C:\Users\Crystal\AppData\Local\EmieSiteList
2014-05-07 21:07:06    --------    d-----w-    C:\Users\Crystal\AppData\Local\Apple
2014-05-04 02:14:38    --------    d-----w-    C:\Windows\ERUNT
2014-05-04 02:04:37    536576    ----a-w-    C:\Windows\SysWow64\sqlite3.dll
2014-05-04 02:04:14    --------    d-----w-    C:\AdwCleaner
2014-05-04 01:59:53    --------    d-----w-    C:\FRST
2014-05-04 01:39:32    1031560    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D78AAB76-F45E-4C83-9E99-19BAD4A67108}\gapaengine.dll
2014-05-04 01:38:54    10651704    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E441EC02-A629-43FC-B9EF-217E945F5A2E}\mpengine.dll
2014-04-28 01:52:05    --------    d-----w-    C:\Users\Crystal\AppData\Local\IdleCrawler
2014-04-28 01:51:30    10651704    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-04-26 17:01:50    --------    d-----w-    C:\Users\Crystal\.config
2014-04-26 17:01:28    --------    d-----w-    C:\Users\Crystal\AppData\Local\Chromium
2014-04-26 16:56:30    16896    ----a-w-    C:\Windows\System32\sasnative64.exe
2014-04-19 01:17:01    --------    d-----w-    C:\Windows\Migration
2014-04-18 23:14:38    --------    d-----w-    C:\Users\Crystal\AppData\Roaming\Unity
.
==================== Find3M  ====================
.
2014-05-04 02:23:17    70832    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-04 02:23:17    692400    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-04 02:22:55    17338544    ----a-w-    C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-03-11 16:52:30    133928    ----a-w-    C:\Windows\System32\drivers\NisDrvWFP.sys
2014-03-06 09:32:16    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-03-06 09:31:33    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04    66048    ----a-w-    C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34    548352    ----a-w-    C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:32:07    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-03-06 08:29:40    139264    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14    111616    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15    752640    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54    940032    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41    5784064    ----a-w-    C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34    61952    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33    455168    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01    51200    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43    38400    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36    4254720    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13    112128    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40    592896    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43    32256    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15    2043904    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39    1967104    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40    2260480    ----a-w-    C:\Windows\System32\wininet.dll
2014-03-06 05:41:49    1789440    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-03-04 09:44:21    362496    ----a-w-    C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21    243712    ----a-w-    C:\Windows\System32\wow64.dll
2014-03-04 09:44:21    13312    ----a-w-    C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:03    16384    ----a-w-    C:\Windows\System32\ntvdm64.dll
2014-03-04 09:17:19    14336    ----a-w-    C:\Windows\SysWow64\ntvdm64.dll
2014-03-04 09:17:05    44032    ----a-w-    C:\Windows\apppatch\acwow64.dll
2014-03-04 09:16:54    25600    ----a-w-    C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18    5120    ----a-w-    C:\Windows\SysWow64\wow32.dll
2014-03-04 08:09:30    7680    ----a-w-    C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29    2048    ----a-w-    C:\Windows\SysWow64\user.exe
2014-02-07 01:23:30    3156480    ----a-w-    C:\Windows\System32\win32k.sys
.
============= FINISH: 14:42:45.83 ===============
 

 

 

 

 

 

ATTACH:

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/9/2013 2:53:34 PM
System Uptime: 5/7/2014 2:38:10 PM (0 hours ago)
.
Motherboard: Acer |  | Veriton X275
Processor: Pentium® Dual-Core  CPU      E6600  @ 3.06GHz | CPU 1 | 3066/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 220 GiB total, 53.885 GiB free.
D: is FIXED (NTFS) - 221 GiB total, 220.926 GiB free.
E: is CDROM (UDF)
G: is FIXED (FAT32) - 149 GiB total, 108.546 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&3948EC92&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&3948EC92&0
Service: i8042prt
.
Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}
Description: Standard PS/2 Keyboard
Device ID: ACPI\PNP0303\4&3948EC92&0
Manufacturer: (Standard keyboards)
Name: Standard PS/2 Keyboard
PNP Device ID: ACPI\PNP0303\4&3948EC92&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP168: 4/14/2014 4:42:23 PM - Windows Update
RP169: 4/18/2014 3:46:02 PM - Windows Update
RP170: 4/18/2014 6:15:37 PM - Windows Update
RP171: 4/21/2014 7:03:39 PM - Windows Update
RP172: 4/21/2014 8:34:37 PM - Windows Update
RP173: 4/25/2014 6:31:39 PM - Windows Update
RP174: 5/3/2014 6:38:30 PM - Windows Update
RP175: 5/7/2014 2:09:16 PM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 4.65
Acer Backup Manager
Acer eRecovery Management
Acer Framework
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe Flash Player 12 Plugin
Adobe Flash Player 13 ActiveX
Adobe Help Center 2.0
Adobe Photoshop Elements 4.0
Adobe Reader X (10.1.7) MUI
Adobe Shockwave Player 12.1
Amnesia - The Dark Descent
Amnesia - The Dark Descent
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audacity 2.0.3
Backup Manager V3
Belkin USB Wireless Adaptor
BitTorrent
Bonjour
Canon CanoScan LiDE 200 User Registration
Canon MP Navigator EX 2.0
Canon Utilities Solution Menu
CanoScan LiDE 200 Scanner Driver
Castle Story
Command & Conquer The First Decade
Core Temp 1.0 RC4
D3DX10
Fallout 3 - Game of the Year Edition
FINAL FANTASY VII
Galerie de photos Windows Live
Google Chrome
Google Update Helper
Guild Wars 2
IdleCrawler
Intel® Control Center
Intel® Graphics Media Accelerator Driver
iTunes
Java 7 Update 13 (64-bit)
Java 7 Update 51
Java Auto Updater
join.me
JTablet
Junk Mail filter update
LAME v3.99.3 (for Windows)
Livestream for Producers
Livestream Procaster
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 28.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
NVIDIA 3D Vision Controller Driver 296.69
NVIDIA 3D Vision Driver 311.06
NVIDIA Control Panel 311.06
NVIDIA Graphics Driver 311.06
NVIDIA HD Audio Driver 1.3.14.1
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0213
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.11.3
NVIDIA Update Components
Outlast
Oxy updater
Penumbra
Penumbra: Overture
Portal 2
Portal 2 Publishing Tool
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Scribblenauts Unlimited
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Shared C Run-time for x64
Skype™ 6.11
SPORE™
Steam
Surgeon Simulator 2013
swMSM
TeamSpeak 3 Client
Unity Web Player
VLC media player 2.0.0
Wacom
WebTablet FB Plugin 32 bit
WebTablet FB Plugin 64 bit
Welcome Center
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 (32-bit)
WinZip 17.0
WorldPainter 1.7.1
.
==== Event Viewer Messages From Past Week ========
.
5/7/2014 2:40:53 PM, Error: Service Control Manager [7038]  - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:  Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
5/7/2014 2:40:53 PM, Error: Service Control Manager [7000]  - The NVIDIA Update Service Daemon service failed to start due to the following error:  The service did not start due to a logon failure.
5/7/2014 2:37:38 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.173.1244.0      Update Source: Microsoft Update Server      Update Stage: Download      Source Path: http://www.microsoft.com      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.10502.0      Error code: 0x8024001e      Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
5/7/2014 2:37:38 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.173.1244.0      Update Source: Microsoft Update Server      Update Stage: Download      Source Path: http://www.microsoft.com      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.10502.0      Error code: 0x8024001e      Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
5/7/2014 2:24:46 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.      New Signature Version:       Previous Signature Version: 1.173.1244.0      Update Source: Microsoft Update Server      Update Stage: Search      Source Path: Default URL      Signature Type: AntiVirus      Update Type: Full      User: NT AUTHORITY\SYSTEM      Current Engine Version:       Previous Engine Version: 1.1.10502.0      Error code: 0x8007043c      Error description: This service cannot be started in Safe Mode
5/7/2014 2:24:46 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
5/7/2014 2:21:33 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
5/7/2014 2:17:39 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/7/2014 2:14:57 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
5/7/2014 2:14:57 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
5/7/2014 2:14:57 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
5/7/2014 2:14:57 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
5/7/2014 2:14:46 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/7/2014 2:14:40 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
5/7/2014 2:14:38 PM, Error: Service Control Manager [7001]  - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error:  The dependency service or group failed to start.
5/7/2014 2:14:33 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD CSC DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vpcnfltr vpcvmm vwififlt Wanarpv6 WfpLwf
5/7/2014 2:14:33 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
5/7/2014 2:14:33 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
5/7/2014 2:14:33 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
5/7/2014 2:14:33 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
5/7/2014 2:14:33 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
5/7/2014 2:14:33 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
5/7/2014 2:14:33 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
5/7/2014 2:14:33 PM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
5/7/2014 2:14:33 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
5/7/2014 2:14:33 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
5/7/2014 2:14:33 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
5/7/2014 2:14:33 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The dependency service or group failed to start.
.
==== End Of File ===========================
 



BC AdBot (Login to Remove)

 


#2 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:15 AM

Posted 09 May 2014 - 04:08 PM

Hi radioactiveratt and welcome to BC.

Please take note of the following:

1. Please do not run any other tools unless instructed.
2. Please don't install or uninstall anything unless asked.
3. The cleaning process is not instant. Please continue to review my answers until I tell you that your computer is clean.
4. If there's anything that you don't understand, please ask your question(s) before proceeding with the fixes.
5. Please reply to this thread. Do not start a new topic.


P2P Warning
Please note that as long as you're using any form of Peer-to-Peer networking ( Frostwire, Bearshare, Bit Torrent etc.) and downloading files from non-documented sources, you can expect infestations of malware to occur.
P2P programmes form a direct conduit onto your computer, their security measures are easily circumvented, and Malware writers are increasingly exploiting them to spread their wares onto your computer. Further to that, if your P2P programme is not configured correctly you may be sharing more files than you realise. There have been cases where people's Passwords, Address Books and other personal, private, and financial details have been exposed to the file sharing network by a badly configured programme.

Many of the programmes come bundled with other unwanted programmes, but even the ones free of any bundled software are not safe to use.
When you use them you are downloading software from an unknown source directly onto your computer, bypassing your Firewall and Anti-Virus software. Hardly surprising then that many of these Downloads are being targeted to carry infections.

You may decide to continue P2P sharing, but keep in mind that this practice may be the source of future malware infestation.
If we clean your computer of infection, and you return to us a short time later with an infection contracted by the use of P2P programmes, we may refuse to help you.

If you do decide (unwisely) to keep these programs, please refrain from using them until we have finished cleaning your system.


I see that you have already downloaded AdwCleaner and FRST.

2014-05-04 02:04:14 -------- d-----w- C:\AdwCleaner
2014-05-04 01:59:53 -------- d-----w- C:\FRST

Have you already run AdwCleaner?
if so.... Please post the report that came up after the scan.
A copy of that logfile will also have be saved in the C:\AdwCleaner folder if you need it.

Did you download the 64bit version of FRST?
That's the one you should have.

Please re-run FRST.
  • Make sure that Addition.txt is selected at the bottom
  • Press Scan button.

    max4_zpsc87bf057.png
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • It will also make another log (Addition.txt). Please copy and paste it to your reply also.
.


In your next reply, please submit:
AdwCleaner report
2 new reports from FRST


Thanks.

Edited by Starbuck, 09 May 2014 - 04:09 PM.

BBPP6nz.png


#3 radioactiveratt

radioactiveratt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 09 May 2014 - 07:16 PM

Thank you so much for replying! <3 I kinda sorta knew about the risks of viruses from bit torrent but I never really payed much attention at all I'm afraid :( Now I know better and I would be more then happy to remove any sort of p2p programs I have off of my computer so this doesn't happen again. But as you said in your instructions, I wont delete anything until you tell me to so I don't screw anything up ^_^

 

Here's the reports:

 

# AdwCleaner v3.207 - Report created 09/05/2014 at 17:03:57
# Updated 05/05/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Crystal - AUDRYIII
# Running from : C:\Users\Crystal\Downloads\music 1-15-14\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\e0y5m85e.default\prefs.js ]


-\\ Google Chrome v34.0.1847.131

[ File : C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [3933 octets] - [03/05/2014 19:04:18]
AdwCleaner[R1].txt - [1040 octets] - [09/05/2014 17:01:07]
AdwCleaner[S0].txt - [3912 octets] - [03/05/2014 19:10:31]
AdwCleaner[S1].txt - [963 octets] - [09/05/2014 17:03:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1022 octets] ##########
 

 

 

 

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2014 01
Ran by Crystal (administrator) on AUDRYIII on 09-05-2014 17:17:17
Running from C:\Users\Crystal\Downloads\music 1-15-14
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Wacom Technology, Corp.) C:\Windows\System32\Pen_Tablet.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
() C:\Users\Crystal\AppData\Local\IdleCrawler\IdleCrawler.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\chrome.exe
(Google Inc.) C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9608224 2009-11-17] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [689488 2008-03-10] (CANON INC.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-23] (NTI Corporation)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295072 2013-02-09] (RealNetworks, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-572204437-2333020396-3624162080-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [1825984 2014-04-23] (Valve Corporation)
Lsa: [Notification Packages] scecli EgisPwdFilter EgisDSPwdFilter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\e0y5m85e.default
FF DefaultSearchEngine: Bing
FF SelectedSearchEngine: Bing
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @real.com/nppl3260;version=16.0.0.282 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=16.0.0.282 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Crystal\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: NoScript - C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\e0y5m85e.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-25]
FF Extension: Adblock Plus - C:\Users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\e0y5m85e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-08]
FF HKLM-x32\...\Firefox\Extensions: [{d4da7309-b89a-45ec-8ebb-cfb2ae13618b}] - C:\Program Files\Acer ProShield\FFExt20
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-02-09]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKCU\...\Firefox\Extensions: [uc@uc.com] - C:\Program Files (x86)\Unfriend Checker\FF\

Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U13) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-10]
CHR Extension: (Google Drive) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-10]
CHR Extension: (YouTube) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-10]
CHR Extension: (Adblock Plus) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-02-10]
CHR Extension: (Google Search) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-10]
CHR Extension: (RealDownloader) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-02-10]
CHR Extension: (FastestFox for Chrome) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmffncokckfccddfenhkhnllmlobdahm [2013-03-29]
CHR Extension: (Google Wallet) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-21]
CHR Extension: (TidyNetwork.com) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\oebkaopfneojdngdpmennbjjpnkmkaao [2013-08-02]
CHR Extension: (Gmail) - C:\Users\Crystal\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-10]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor4.0; C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-09-09] ()
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [30080 2011-06-13] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-23] (NTI Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\Crystal\AppData\Local\Temp\ALSysIO64.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-07 18:53 - 2014-05-07 18:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom
2014-05-07 15:34 - 2014-05-07 15:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 14:42 - 2014-05-07 14:42 - 00018372 _____ () C:\Users\Crystal\Desktop\dds.txt
2014-05-07 14:42 - 2014-05-07 14:42 - 00013640 _____ () C:\Users\Crystal\Desktop\attach.txt
2014-05-07 14:32 - 2014-04-13 19:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-07 14:32 - 2014-04-13 19:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 14:19 - 2014-05-07 14:19 - 00000000 __SHD () C:\Users\Crystal\AppData\Local\EmieUserList
2014-05-07 14:19 - 2014-05-07 14:19 - 00000000 __SHD () C:\Users\Crystal\AppData\Local\EmieSiteList
2014-05-07 14:10 - 2014-03-06 03:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-07 14:10 - 2014-03-06 02:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-07 14:10 - 2014-03-06 02:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-07 14:10 - 2014-03-06 02:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-07 14:10 - 2014-03-06 01:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-07 14:10 - 2014-03-06 01:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-07 14:10 - 2014-03-06 01:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-07 14:10 - 2014-03-06 01:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-07 14:10 - 2014-03-06 01:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-07 14:10 - 2014-03-06 01:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-07 14:10 - 2014-03-06 01:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-07 14:10 - 2014-03-06 01:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-07 14:10 - 2014-03-06 01:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-07 14:10 - 2014-03-06 01:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-07 14:10 - 2014-03-06 01:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-07 14:10 - 2014-03-06 01:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-07 14:10 - 2014-03-06 01:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-07 14:10 - 2014-03-06 01:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-07 14:10 - 2014-03-06 01:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-07 14:10 - 2014-03-06 01:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-07 14:10 - 2014-03-06 01:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-07 14:10 - 2014-03-06 01:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-07 14:10 - 2014-03-06 00:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-07 14:10 - 2014-03-06 00:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-07 14:10 - 2014-03-06 00:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-07 14:10 - 2014-03-06 00:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-07 14:10 - 2014-03-06 00:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-07 14:10 - 2014-03-06 00:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-07 14:10 - 2014-03-06 00:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-07 14:10 - 2014-03-06 00:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-07 14:10 - 2014-03-06 00:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-07 14:10 - 2014-03-06 00:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-07 14:10 - 2014-03-06 00:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-07 14:10 - 2014-03-06 00:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-07 14:10 - 2014-03-06 00:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-07 14:10 - 2014-03-06 00:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-07 14:10 - 2014-03-06 00:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-07 14:10 - 2014-03-06 00:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-07 14:10 - 2014-03-05 23:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-07 14:10 - 2014-03-05 23:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-07 14:10 - 2014-03-05 23:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-07 14:10 - 2014-03-05 23:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-07 14:10 - 2014-03-05 23:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-07 14:10 - 2014-03-05 22:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-07 14:10 - 2014-03-05 22:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-07 14:10 - 2014-03-05 22:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-07 14:10 - 2014-03-05 22:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-07 14:10 - 2014-03-05 22:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-07 14:07 - 2014-05-07 14:07 - 00000000 ____D () C:\Users\Crystal\AppData\Local\Apple
2014-05-03 19:23 - 2014-05-03 19:23 - 00001143 _____ () C:\Users\Crystal\Desktop\JRT.txt
2014-05-03 19:14 - 2014-05-03 19:14 - 00000000 ____D () C:\Windows\ERUNT
2014-05-03 19:04 - 2014-05-09 17:04 - 00000000 ____D () C:\AdwCleaner
2014-05-03 19:04 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-03 19:01 - 2014-05-07 14:43 - 00000000 ____D () C:\Users\Crystal\Desktop\virusremoval reports
2014-05-03 18:59 - 2014-05-09 17:17 - 00000000 ____D () C:\FRST
2014-05-03 18:38 - 2014-05-03 18:38 - 00003514 _____ () C:\Windows\System32\Tasks\Windows Updater
2014-04-27 18:54 - 2014-04-27 18:54 - 00003180 _____ () C:\Windows\System32\Tasks\{0ED0789C-AEC1-4E38-BC5B-B1B3EC8B01B0}
2014-04-27 18:52 - 2014-04-27 18:57 - 00000000 ____D () C:\Users\Crystal\AppData\Local\IdleCrawler
2014-04-27 18:52 - 2014-04-27 18:54 - 00000000 ____D () C:\Users\Crystal\Desktop\New folder
2014-04-27 18:52 - 2014-04-27 18:52 - 00004578 _____ () C:\Windows\System32\Tasks\IdleCrawler Runner
2014-04-27 18:48 - 2014-04-27 18:51 - 95740348 ____R () C:\Users\Crystal\Downloads\Jurassic Park Operation Genesis.zip
2014-04-26 10:02 - 2014-04-26 12:18 - 00003454 _____ () C:\Windows\System32\Tasks\RegistryDr_Popup
2014-04-26 10:02 - 2014-04-26 10:02 - 00003604 _____ () C:\Windows\System32\Tasks\Oxy
2014-04-26 10:02 - 2014-04-26 10:02 - 00003516 _____ () C:\Windows\System32\Tasks\RunAsStdUser Task
2014-04-26 10:02 - 2014-04-26 10:02 - 00003190 _____ () C:\Windows\System32\Tasks\RegistryDr_Start
2014-04-26 10:01 - 2014-04-26 10:01 - 00000000 ____D () C:\Users\Crystal\AppData\Local\Chromium
2014-04-26 09:56 - 2012-07-25 12:03 - 00016896 _____ () C:\Windows\system32\sasnative64.exe
2014-04-18 16:14 - 2014-04-18 16:14 - 00000000 ____D () C:\Users\Crystal\AppData\Roaming\Unity
2014-04-09 21:54 - 2014-03-04 02:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 21:54 - 2014-03-04 02:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 21:54 - 2014-03-04 02:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 21:54 - 2014-03-04 02:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 21:54 - 2014-03-04 02:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 21:54 - 2014-03-04 02:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 21:54 - 2014-03-04 02:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 21:54 - 2014-03-04 02:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 21:54 - 2014-03-04 02:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 21:54 - 2014-03-04 01:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 21:54 - 2014-03-04 01:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 21:54 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 21:54 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 21:54 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 21:54 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 21:54 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 21:54 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys

==================== One Month Modified Files and Folders =======

2014-05-09 17:17 - 2014-05-03 18:59 - 00000000 ____D () C:\FRST
2014-05-09 17:17 - 2014-01-15 22:51 - 00000000 ____D () C:\Users\Crystal\Downloads\music 1-15-14
2014-05-09 17:17 - 2012-05-16 20:05 - 01596582 _____ () C:\Windows\WindowsUpdate.log
2014-05-09 17:16 - 2013-02-10 15:18 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-09 17:13 - 2013-02-10 15:18 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-09 17:13 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-09 17:13 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-09 17:11 - 2009-07-13 22:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-09 17:08 - 2013-02-10 15:18 - 00003896 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-05-09 17:08 - 2013-02-10 15:18 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-05-09 17:05 - 2014-03-28 17:08 - 00000384 _____ () C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Crystal.job
2014-05-09 17:05 - 2013-11-26 07:59 - 00003344 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-572204437-2333020396-3624162080-1000
2014-05-09 17:05 - 2013-11-26 07:59 - 00003214 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-572204437-2333020396-3624162080-1000
2014-05-09 17:05 - 2013-08-21 20:57 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-09 17:05 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-09 17:04 - 2014-05-03 19:04 - 00000000 ____D () C:\AdwCleaner
2014-05-09 17:04 - 2013-02-21 13:07 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-09 17:04 - 2010-11-20 20:47 - 00185412 _____ () C:\Windows\PFRO.log
2014-05-09 17:04 - 2009-07-13 21:51 - 00096881 _____ () C:\Windows\setupact.log
2014-05-07 18:53 - 2014-05-07 18:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wacom
2014-05-07 18:53 - 2013-02-13 21:57 - 00000000 ____D () C:\Program Files\Tablet
2014-05-07 18:51 - 2014-02-05 20:32 - 00000000 ____D () C:\Users\Crystal\AppData\Roaming\.minecraft
2014-05-07 18:27 - 2013-02-10 23:21 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-07 15:34 - 2014-05-07 15:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 15:20 - 2013-02-10 23:21 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-07 15:20 - 2013-02-10 23:21 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-07 15:20 - 2011-08-16 12:27 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-07 14:43 - 2014-05-03 19:01 - 00000000 ____D () C:\Users\Crystal\Desktop\virusremoval reports
2014-05-07 14:42 - 2014-05-07 14:42 - 00018372 _____ () C:\Users\Crystal\Desktop\dds.txt
2014-05-07 14:42 - 2014-05-07 14:42 - 00013640 _____ () C:\Users\Crystal\Desktop\attach.txt
2014-05-07 14:19 - 2014-05-07 14:19 - 00000000 __SHD () C:\Users\Crystal\AppData\Local\EmieUserList
2014-05-07 14:19 - 2014-05-07 14:19 - 00000000 __SHD () C:\Users\Crystal\AppData\Local\EmieSiteList
2014-05-07 14:14 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-05-07 14:07 - 2014-05-07 14:07 - 00000000 ____D () C:\Users\Crystal\AppData\Local\Apple
2014-05-03 19:23 - 2014-05-03 19:23 - 00001143 _____ () C:\Users\Crystal\Desktop\JRT.txt
2014-05-03 19:14 - 2014-05-03 19:14 - 00000000 ____D () C:\Windows\ERUNT
2014-05-03 18:38 - 2014-05-03 18:38 - 00003514 _____ () C:\Windows\System32\Tasks\Windows Updater
2014-04-30 16:43 - 2014-03-28 17:07 - 00000378 _____ () C:\Windows\Tasks\ReclaimerUpdateFiles_Crystal.job
2014-04-28 04:38 - 2014-03-28 17:07 - 00002972 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Crystal
2014-04-28 04:38 - 2014-03-28 17:07 - 00002968 _____ () C:\Windows\System32\Tasks\ReclaimerUpdateXML_Crystal
2014-04-28 04:38 - 2014-03-28 17:07 - 00000374 _____ () C:\Windows\Tasks\ReclaimerUpdateXML_Crystal.job
2014-04-28 00:11 - 2013-02-10 15:21 - 00002187 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-27 19:10 - 2013-09-28 12:39 - 00000000 ____D () C:\Users\Crystal\AppData\Roaming\BitTorrent
2014-04-27 18:57 - 2014-04-27 18:52 - 00000000 ____D () C:\Users\Crystal\AppData\Local\IdleCrawler
2014-04-27 18:55 - 2013-07-03 22:39 - 00000000 ____D () C:\Users\Crystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-04-27 18:54 - 2014-04-27 18:54 - 00003180 _____ () C:\Windows\System32\Tasks\{0ED0789C-AEC1-4E38-BC5B-B1B3EC8B01B0}
2014-04-27 18:54 - 2014-04-27 18:52 - 00000000 ____D () C:\Users\Crystal\Desktop\New folder
2014-04-27 18:54 - 2014-04-04 22:55 - 00000000 ____D () C:\Users\Crystal\Desktop\ponies
2014-04-27 18:52 - 2014-04-27 18:52 - 00004578 _____ () C:\Windows\System32\Tasks\IdleCrawler Runner
2014-04-27 18:51 - 2014-04-27 18:48 - 95740348 ____R () C:\Users\Crystal\Downloads\Jurassic Park Operation Genesis.zip
2014-04-26 12:18 - 2014-04-26 10:02 - 00003454 _____ () C:\Windows\System32\Tasks\RegistryDr_Popup
2014-04-26 10:03 - 2013-02-09 15:54 - 00000000 ___RD () C:\Users\Crystal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-26 10:02 - 2014-04-26 10:02 - 00003604 _____ () C:\Windows\System32\Tasks\Oxy
2014-04-26 10:02 - 2014-04-26 10:02 - 00003516 _____ () C:\Windows\System32\Tasks\RunAsStdUser Task
2014-04-26 10:02 - 2014-04-26 10:02 - 00003190 _____ () C:\Windows\System32\Tasks\RegistryDr_Start
2014-04-26 10:01 - 2014-04-26 10:01 - 00000000 ____D () C:\Users\Crystal\AppData\Local\Chromium
2014-04-26 10:01 - 2013-02-09 15:53 - 00000000 ____D () C:\Users\Crystal
2014-04-21 20:35 - 2013-05-06 14:15 - 00777776 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-18 16:14 - 2014-04-18 16:14 - 00000000 ____D () C:\Users\Crystal\AppData\Roaming\Unity
2014-04-17 13:40 - 2013-02-24 23:15 - 00000000 ____D () C:\Users\Crystal\AppData\Local\Procaster
2014-04-16 11:46 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-04-13 19:24 - 2014-05-07 14:32 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-13 19:19 - 2014-05-07 14:32 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-10 17:29 - 2013-02-09 17:57 - 00000000 ____D () C:\Users\Crystal\AppData\Roaming\Skype
2014-04-09 21:57 - 2013-08-14 07:10 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 21:55 - 2013-02-10 18:06 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 13:19 - 2014-02-28 00:41 - 00000000 ____D () C:\Users\Crystal\Documents\desktop slideshow

Some content of TEMP:
====================
C:\Users\Crystal\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-25 10:56

==================== End Of Log ============================

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-05-2014 01
Ran by Crystal at 2014-05-09 17:18:42
Running from C:\Users\Crystal\Downloads\music 1-15-14
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

7-Zip 4.65 (HKLM-x32\...\7-Zip) (Version:  - )
Acer Backup Manager (HKLM-x32\...\InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}) (Version: 3.0.2.99 - NTI Corporation)
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3505 - Acer Incorporated)
Acer Framework (HKLM-x32\...\{8F1B6239-FEA0-450A-A950-B05276CE177C}) (Version: 3.00.5500 - Acer Incorporated)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.04.3503 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0609.2011 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3501 - Acer Incorporated)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Help Center 2.0 (x32 Version: 2.0.0 - Adobe Systems) Hidden
Adobe Photoshop Elements 4.0 (HKLM-x32\...\Adobe Photoshop Elements 4) (Version: 4.0 - Adobe Systems Inc.)
Adobe Photoshop Elements 4.0 (x32 Version: 4.0 - Adobe Systems Inc.) Hidden
Adobe Reader X (10.1.7) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Amnesia - The Dark Descent  (HKLM-x32\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.2 - Frictional Games)
Amnesia - The Dark Descent (HKLM-x32\...\{759FC370-E77F-4FB0-A1E4-C0628A44BA44}) (Version: 1.00.0000 - Valusoft)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Backup Manager V3 (x32 Version: 3.0.2.99 - NTI Corporation) Hidden
Belkin USB Wireless Adaptor (HKLM-x32\...\InstallShield_{8524BBAC-E3A7-42F5-9B9A-5AE50A10C500}) (Version: 1.0.0.10 - Belkin)
Belkin USB Wireless Adaptor (x32 Version: 1.0.0.10 - Belkin) Hidden
BitTorrent (HKCU\...\BitTorrent) (Version: 7.8.2.30332 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon CanoScan LiDE 200 User Registration (HKLM-x32\...\Canon CanoScan LiDE 200 User Registration) (Version:  - )
Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CanoScan LiDE 200 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807) (Version:  - )
Castle Story (HKLM-x32\...\Steam App 227860) (Version:  - Sauropod Studio)
Command & Conquer The First Decade (HKLM-x32\...\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}) (Version: 1.00.0000 - Electronic Arts)
Core Temp 1.0 RC4 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version:  - Square Enix)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
IdleCrawler (HKLM-x32\...\IdleCrawler) (Version: 35.0.0.84 - Internet Deep Research Foundation)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.1995 - Intel Corporation)
iTunes (HKLM\...\{7FCDABCC-1A1E-4D61-909D-BA9495172774}) (Version: 11.0.3.42 - Apple Inc.)
Java 7 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417013FF}) (Version: 7.0.130 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
join.me (HKCU\...\JoinMe) (Version: 1.14.0.132 - LogMeIn, Inc.)
JTablet (HKLM-x32\...\JTablet) (Version:  - )
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Livestream for Producers (HKLM-x32\...\{A5BB86DF-EE99-41EB-9446-B4623A725E2A}) (Version: 0.0.56 - Livestream)
Livestream Procaster (HKLM-x32\...\{68E4C751-272B-44E1-94C7-4E1FDC40F7DA}) (Version: 20.3.25 - Procaster)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NVIDIA 3D Vision Controller Driver 296.69 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.69 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Control Panel 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.14.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.14.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Outlast (HKLM-x32\...\Steam App 238320) (Version:  - Red Barrels)
Oxy updater (HKCU\...\{790875CA-153F-49F0-AAC8-C403494239A1}) (Version:  - AGILITY)
Penumbra (HKLM-x32\...\{79A2AB22-00D8-4F09-A00A-F1CB7DB3E916}_is1) (Version: 1.1 - Frictional Games)
Penumbra: Overture (HKLM-x32\...\Steam App 22180) (Version:  - Frictional Games)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
Portal 2 Publishing Tool (HKLM-x32\...\Steam App 644) (Version:  - )
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5983 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Scribblenauts Unlimited (HKLM-x32\...\Steam App 218680) (Version:  - 5th Cell Media)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SPORE™ (HKLM-x32\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version:  - Bossa Studios)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.11 - TeamSpeak Systems GmbH)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VLC media player 2.0.0 (HKLM-x32\...\VLC media player) (Version: 2.0.0 - VideoLAN)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.2-1 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.2 - Wacom Technology Corp.)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3503 - Acer Incorporated)
Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D9}) (Version: 17.0.10381 - WinZip Computing, S.L. )
WorldPainter 1.7.1 (HKLM-x32\...\4144-4862-0472-7103) (Version: 1.7.1 - pepsoft.org)

==================== Restore Points  =========================

22-04-2014 02:03:39 Windows Update
22-04-2014 03:34:37 Windows Update
26-04-2014 01:31:39 Windows Update
04-05-2014 01:38:30 Windows Update
07-05-2014 21:09:16 Windows Update
07-05-2014 21:49:07 Windows Update
07-05-2014 22:33:59 Windows Update
09-05-2014 23:59:51 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {032F4261-7A11-4145-8191-2DEB3936B39C} - System32\Tasks\RunAsStdUser Task => C:\Users\Crystal\AppData\Local\Oxy\Application\oxy.exe <==== ATTENTION
Task: {28443548-C171-4B50-BFBA-95994451DE9B} - \Advanced System Protector No Task File <==== ATTENTION
Task: {4ADEACC7-056D-4071-8654-239A1CD7BE43} - System32\Tasks\RNUpgradeHelperLogonPrompt_Crystal => C:\Users\Crystal\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-28] (RealNetworks, Inc.)
Task: {595553D1-A666-488C-B609-AA47B3B439D4} - System32\Tasks\{AC0E9123-F7B6-4F24-8977-89B2B1D11E70} => Chrome.exe http://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsMain
Task: {5D6AFD1C-4AEE-4789-8E3A-6FD6850E82BC} - \BonanzaDealsUpdate No Task File <==== ATTENTION
Task: {65DAE415-187D-4649-87F2-4A19F2DB1688} - System32\Tasks\RegistryDr_Start => C:\Program Files (x86)\Registry Dr\RegistryDr.exe <==== ATTENTION
Task: {7E4C1FF9-FFE3-4448-94DA-ABD752D208B1} - \DealPly No Task File <==== ATTENTION
Task: {866621A4-9039-41F3-8F5F-F2521B3B05E3} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {86CBF2F1-8ED4-49FC-9738-4C4627A3C1CD} - System32\Tasks\ReclaimerUpdateFiles_Crystal => C:\Users\Crystal\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-28] (RealNetworks, Inc.)
Task: {8833B231-43B2-4D76-98D2-F132298C3EA7} - System32\Tasks\Windows Updater => C:\Users\Crystal\AppData\Roaming\Oxy\Updater.exe <==== ATTENTION
Task: {9EEEFD0A-8B4B-4A67-B1B4-6091174B700E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-10] (Google Inc.)
Task: {A69BF4B7-7DD4-49FC-A8FD-6235FBA5F39A} - System32\Tasks\ReclaimerUpdateXML_Crystal => C:\Users\Crystal\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-28] (RealNetworks, Inc.)
Task: {A8BD1932-A8C9-4AA4-91CA-5BDFF17E1EDC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AFF67841-245D-4391-B449-D5C2B7A773B5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-10] (Google Inc.)
Task: {B8103D99-8D92-4750-B9F6-EC733F818C41} - System32\Tasks\RegistryDr_Popup => C:\Program Files (x86)\Registry Dr\Splash.exe <==== ATTENTION
Task: {BA1ED605-DA12-4B07-922F-9207B113F41C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-07] (Adobe Systems Incorporated)
Task: {CDFA96B1-EA4C-49AD-ABDB-B70C4DF15DD4} - System32\Tasks\Microsoft\Windows\Maintenance\IdleCrawler Update => %LOCALAPPDATA%\IdleCrawler\IdleCrawler.exe
Task: {CE7E2347-7C34-4476-96FC-BD6352148359} - System32\Tasks\Oxy => C:\Users\Crystal\AppData\Roaming\Oxy\Updater.exe <==== ATTENTION
Task: {D0A9489C-9A86-42A0-8491-E51890D44D49} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-572204437-2333020396-3624162080-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {D875A7AB-F31B-4E6B-9BBD-5F332B44261B} - System32\Tasks\UALU notificatin => C:\Program Files\Acer\Acer Updater\UALU.exe [2012-02-06] (Acer Incorporated)
Task: {D9CE881F-4E94-4435-B274-1C28C4354D27} - System32\Tasks\IdleCrawler Runner => %LOCALAPPDATA%\IdleCrawler\IdleCrawler.exe
Task: {DBB329EF-C981-40F6-861B-B6505C90E3D9} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {E6EF83FF-DB7E-449D-80A3-4CAF69461D8B} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2013-05-10] (Adobe Systems Incorporated)
Task: {EF0D8F80-1A7D-4F7B-97DA-624146FDCD61} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-572204437-2333020396-3624162080-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {EF47B7EA-7857-4036-AE88-D347336D7A57} - System32\Tasks\RNUpgradeHelperResumePrompt_Crystal => C:\Users\Crystal\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-28] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_Crystal.job => C:\Users\Crystal\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_Crystal.job => C:\Users\Crystal\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Crystal.job => C:\Users\Crystal\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe

==================== Loaded Modules (whitelisted) =============

2013-02-21 13:06 - 2013-01-18 08:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2005-09-09 04:24 - 2005-09-09 04:24 - 00102400 _____ () C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
2011-08-16 12:16 - 2011-06-13 17:59 - 00030080 _____ () C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
2011-08-16 12:16 - 2011-08-16 12:16 - 00038312 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.Controller\3.0.5500.0__14bcaafdb44b5951\Framework.Model.Controller.dll
2011-08-16 12:16 - 2011-08-16 12:16 - 00026040 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.5500.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll
2011-08-16 12:16 - 2011-08-16 12:16 - 00066960 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.5500.0__3036420f80dd6947\Framework.Library.dll
2011-08-16 12:16 - 2011-08-16 12:16 - 00034192 _____ () C:\Windows\assembly\GAC_MSIL\Framework.Host\3.0.5500.0__672b450de5a7e94a\Framework.Host.dll
2011-08-16 12:16 - 2011-08-16 12:16 - 00021920 _____ () C:\Windows\assembly\GAC_MSIL\Framework.PluginInterface\3.0.5500.0__9ecdf03bb2054f94\Framework.PluginInterface.dll
2012-11-29 21:31 - 2012-11-29 21:31 - 00038608 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2013-02-13 21:57 - 2012-12-11 13:07 - 01184640 _____ () C:\Program Files\Tablet\Pen\libxml2.dll
2014-04-17 04:19 - 2014-04-17 04:19 - 00422400 _____ () C:\Users\Crystal\AppData\Local\IdleCrawler\IdleCrawler.exe
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-04-23 19:29 - 2011-04-23 19:29 - 00465640 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
2011-04-23 19:29 - 2011-04-23 19:29 - 01081664 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
2011-04-23 19:29 - 2011-04-23 19:29 - 00125760 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
2014-01-07 19:16 - 2014-04-21 15:55 - 00340480 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-04-26 12:14 - 2014-04-21 15:55 - 00471552 _____ () C:\Program Files (x86)\Steam\libavutil-53.dll
2013-07-01 08:20 - 2014-03-31 15:09 - 00754688 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-07-26 14:46 - 2014-04-23 15:01 - 01092288 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-07-15 14:32 - 2014-03-03 12:15 - 20626624 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 15:49 - 2013-06-14 16:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 15:49 - 2013-06-14 16:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 15:49 - 2013-06-14 16:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-04-17 04:19 - 2014-04-17 04:19 - 00271360 _____ () C:\Users\Crystal\AppData\Local\IdleCrawler\Modules\WbSes.dll
2014-03-20 16:16 - 2014-03-20 16:16 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-05-07 15:20 - 2014-05-07 15:20 - 16351920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
2014-04-27 18:57 - 2013-12-03 19:48 - 04055504 _____ () C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\pdf.dll
2014-04-27 18:57 - 2013-12-03 19:48 - 00399312 _____ () C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\ppgooglenaclpluginchrome.dll
2014-04-27 18:57 - 2013-12-03 19:47 - 01619408 _____ () C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\ffmpegsumo.dll
2013-08-13 05:15 - 2013-08-13 05:15 - 00206336 _____ () C:\Users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{B71C9AD5-5560-46E8-9359-467D6E5CB28B}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
2014-04-27 18:57 - 2013-12-03 19:48 - 13586896 _____ () C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (whitelisted) =============

HKU\S-1-5-21-572204437-2333020396-3624162080-1000\Software\Classes\.exe:  =>  <===== ATTENTION!

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Photo Downloader => "C:\Program Files (x86)\Adobe\Photoshop Elements 4.0\apdproxy.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is disabled because the firmware of the device did not give it the required resources. (Code 29)
Resolution: Enable the device in the BIOS of the device.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/09/2014 05:06:41 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2014 05:05:18 PM) (Source: TabletServicePen) (User: ) (EventID: 0)
Description: Could not init tablet driver

Error: (05/09/2014 04:57:36 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2014 04:56:19 PM) (Source: TabletServicePen) (User: ) (EventID: 0)
Description: Could not init tablet driver

Error: (05/07/2014 06:54:14 PM) (Source: Microsoft-Windows-CAPI2) (User: ) (EventID: 512)
Description: The Cryptographic Services service failed to initialize the VSS backup "System Writer" object.


Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.
.

Error: (05/07/2014 06:47:41 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2014 06:29:13 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2014 06:27:56 PM) (Source: TabletServicePen) (User: ) (EventID: 0)
Description: Could not init tablet driver

Error: (05/07/2014 02:40:09 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2014 02:38:45 PM) (Source: TabletServicePen) (User: ) (EventID: 0)
Description: Could not init tablet driver


System errors:
=============
Error: (05/09/2014 05:15:16 PM) (Source: Service Control Manager) (User: ) (EventID: 7009)
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (05/09/2014 05:07:25 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (05/09/2014 05:07:25 PM) (Source: Service Control Manager) (User: ) (EventID: 7038)
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (05/09/2014 04:58:29 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (05/09/2014 04:58:29 PM) (Source: Service Control Manager) (User: ) (EventID: 7038)
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (05/09/2014 04:56:20 PM) (Source: Disk) (User: ) (EventID: 11)
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (05/09/2014 04:56:20 PM) (Source: Disk) (User: ) (EventID: 11)
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (05/07/2014 06:46:32 PM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/07/2014 06:46:32 PM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (05/07/2014 06:46:32 PM) (Source: Service Control Manager) (User: ) (EventID: 7001)
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (05/09/2014 05:06:41 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2014 05:05:18 PM) (Source: TabletServicePen) (User: ) (EventID: 0)
Description: Could not init tablet driver

Error: (05/09/2014 04:57:36 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/09/2014 04:56:19 PM) (Source: TabletServicePen) (User: ) (EventID: 0)
Description: Could not init tablet driver

Error: (05/07/2014 06:54:14 PM) (Source: Microsoft-Windows-CAPI2) (User: ) (EventID: 512)
Description:
Details:
Could not query the status of the EventSystem service.

System Error:
A system shutdown is in progress.

Error: (05/07/2014 06:47:41 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2014 06:29:13 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2014 06:27:56 PM) (Source: TabletServicePen) (User: ) (EventID: 0)
Description: Could not init tablet driver

Error: (05/07/2014 02:40:09 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/07/2014 02:38:45 PM) (Source: TabletServicePen) (User: ) (EventID: 0)
Description: Could not init tablet driver


==================== Memory info ===========================

Percentage of memory in use: 53%
Total physical RAM: 4095.24 MB
Available physical RAM: 1886.52 MB
Total Pagefile: 8188.66 MB
Available Pagefile: 5739.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:220.45 GB) (Free:55.69 GB) NTFS
Drive d: (DATA) (Fixed) (Total:221.21 GB) (Free:220.93 GB) NTFS
Drive e: (SOPRANOS_S1_DISC_2) (CDROM) (Total:7.42 GB) (Free:0 GB) UDF
Drive g: () (Fixed) (Total:149 GB) (Free:108.55 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 168EE3C8)
Partition 1: (Not Active) - (Size=24 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=220 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=221 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 149 GB) (Disk ID: 9CC864DC)
Partition 1: (Not Active) - (Size=149 GB) - (Type=OF Extended)

==================== End Of Log ============================


Edited by radioactiveratt, 09 May 2014 - 07:27 PM.


#4 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:15 AM

Posted 10 May 2014 - 03:01 AM

Hi radioactiveratt

Ok, a little work for you.....
 

I wont delete anything until you tell me to

Thanks. You can uninstall Bit Torrent if you wish.

Step 1
Please download the attached fixlist.txt file (bottom of this post) and save it to your system.
NOTE.
It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
 

Running from C:\Users\Crystal\Downloads\music 1-15-14

This is why the Desktop is so much easier.

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Re-run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log in the same directory that it was run from (Fixlog.txt). Please post this in your next reply


Step 2
  • Click Start >> Computer
  • Right click on your main drive (usually 'C')
  • Select Properties
  • Click on the Tools tab
  • Under Error Checking.. Click Check Now
  • Tick the options that you require ( Please tick both options )
  • Click Start
  • On the screen that comes up.. Click Yes then OK
  • Now restart your computer.
Note: Be patient. Analyzing the drive can be a lengthy process


Step 3
Malwarebytes Anti-Malware version 1.75.0.1300
This is an old version.

Please uninstall this and download the latest version.
  • Download Malwarebytes Anti-Malware Free and save it to your desktop
  • Double click the desktop icon, click Run, then OK
  • Click Next
  • Select I accept the agreement then continue to click Next then finally click Install
  • A 14 day trial of the Premium features is pre-selected. I recommend that you UNtick this option... it will not diminish the scanning and removal capabilities of the program
  • Click Finish
  • If you are notified the Database is out of date click Update Now

    mbamnew_zpsdc989cc1.png
  • Click Scan Now >>
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
.

(Copy to clipboard for pasting into forum replies)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab >> Application Logs.

    mbamapplog_zps222887ef.png
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'

    mbamhis_zps7bfe6503.png
  • Paste the contents of the clipboard into your reply.
In your next reply, please submit:
Fixlog.txt
MBAM scan report

and let me know if there's any improvement in the system.


Thanks.

Attached Files


BBPP6nz.png


#5 radioactiveratt

radioactiveratt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 10 May 2014 - 10:12 AM

Will edit this post with the malwarebytes log momentarily~

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-05-2014
Ran by Crystal at 2014-05-10 07:55:48 Run:1
Running from C:\Users\Crystal\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
() C:\Users\Crystal\AppData\Local\IdleCrawler\IdleCrawler.exe
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKCU\...\Firefox\Extensions: [uc@uc.com] - C:\Program Files (x86)\Unfriend Checker\FF\
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
S3 ALSysIO; \??\C:\Users\Crystal\AppData\Local\Temp\ALSysIO64.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
2014-04-27 18:54 - 2014-04-27 18:54 - 00003180 _____ () C:\Windows\System32\Tasks\{0ED0789C-AEC1-4E38-BC5B-B1B3EC8B01B0}
2014-04-27 18:52 - 2014-04-27 18:57 - 00000000 ____D () C:\Users\Crystal\AppData\Local\IdleCrawler
2014-04-27 18:52 - 2014-04-27 18:52 - 00004578 _____ () C:\Windows\System32\Tasks\IdleCrawler Runner
2014-04-26 10:02 - 2014-04-26 12:18 - 00003454 _____ () C:\Windows\System32\Tasks\RegistryDr_Popup
2014-04-26 10:02 - 2014-04-26 10:02 - 00003604 _____ () C:\Windows\System32\Tasks\Oxy
2014-04-26 10:02 - 2014-04-26 10:02 - 00003516 _____ () C:\Windows\System32\Tasks\RunAsStdUser Task
2014-04-26 10:02 - 2014-04-26 10:02 - 00003190 _____ () C:\Windows\System32\Tasks\RegistryDr_Start
C:\Users\Crystal\AppData\Local\Temp\Quarantine.exe
Task: {032F4261-7A11-4145-8191-2DEB3936B39C} - System32\Tasks\RunAsStdUser Task => C:\Users\Crystal\AppData\Local\Oxy\Application\oxy.exe <==== ATTENTION
Task: {28443548-C171-4B50-BFBA-95994451DE9B} - \Advanced System Protector No Task File <==== ATTENTION
Task: {5D6AFD1C-4AEE-4789-8E3A-6FD6850E82BC} - \BonanzaDealsUpdate No Task File <==== ATTENTION
Task: {65DAE415-187D-4649-87F2-4A19F2DB1688} - System32\Tasks\RegistryDr_Start => C:\Program Files (x86)\Registry Dr\RegistryDr.exe <==== ATTENTION
Task: {7E4C1FF9-FFE3-4448-94DA-ABD752D208B1} - \DealPly No Task File <==== ATTENTION
Task: {8833B231-43B2-4D76-98D2-F132298C3EA7} - System32\Tasks\Windows Updater => C:\Users\Crystal\AppData\Roaming\Oxy\Updater.exe <==== ATTENTION
Task: {B8103D99-8D92-4750-B9F6-EC733F818C41} - System32\Tasks\RegistryDr_Popup => C:\Program Files (x86)\Registry Dr\Splash.exe <==== ATTENTION
Task: {CE7E2347-7C34-4476-96FC-BD6352148359} - System32\Tasks\Oxy => C:\Users\Crystal\AppData\Roaming\Oxy\Updater.exe <==== ATTENTION
Task: {DBB329EF-C981-40F6-861B-B6505C90E3D9} - \Advanced System Protector_startup No Task File <==== ATTENTION
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKU\S-1-5-21-572204437-2333020396-3624162080-1000\Software\Classes\.exe:  =>  <===== ATTENTION!
C:\Program Files (x86)\Registry Dr
C:\Users\Crystal\AppData\Local\Oxy
C:\Users\Crystal\AppData\Roaming\Oxy
Reboot:
*****************

[2524] C:\Users\Crystal\AppData\Local\IdleCrawler\IdleCrawler.exe => Process closed successfully.
HKLM\Software\Wow6432Node\Mozilla\Thunderbird\Extensions\\msktbird@mcafee.com => Value deleted successfully.
HKCU\Software\Mozilla\Firefox\Extensions\\uc@uc.com => Value deleted successfully.
C:\Windows\SysWOW64\npDeployJava1.dll not found.
c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll not found.
ALSysIO => Service deleted successfully.
wacommousefilter => Service deleted successfully.
wacomvhid => Service deleted successfully.
C:\Windows\System32\Tasks\{0ED0789C-AEC1-4E38-BC5B-B1B3EC8B01B0} => Moved successfully.

"C:\Users\Crystal\AppData\Local\IdleCrawler" directory move:

C:\Users\Crystal\AppData\Local\IdleCrawler\IdleCrawler.exe => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\IdleProfile.exe => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\uninstall.exe => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Modules\7z.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Modules\InSes.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Modules\WbSes.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\chrome.exe => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\debug.log => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\First Run => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\wow_helper.exe => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\chrome.dll => Moved successfully.
Could not move "C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\chrome_100_percent.pak" => Scheduled to move on reboot.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\chrome_child.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\chrome_frame_helper.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\chrome_frame_helper.exe => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\chrome_launcher.exe => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\chrome_touch_100_percent.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\d3dcompiler_43.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\d3dcompiler_46.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\delegate_execute.exe => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\ffmpegsumo.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\icudt.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\libegl.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\libglesv2.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\libpeerconnection.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\metro_driver.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\nacl64.exe => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\nacl_irt_x86_32.nexe => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\nacl_irt_x86_64.nexe => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\npchrome_frame.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\pdf.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\ppgooglenaclpluginchrome.dll => Moved successfully.
Could not move "C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\resources.pak" => Scheduled to move on reboot.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\secondarytile.png => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\widevinecdmadapter.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\xinput1_3.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\VisualElements\logo.png => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\VisualElements\smalllogo.png => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\VisualElements\splash-620x300.png => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\PepperFlash\manifest.json => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\PepperFlash\pepflashplayer.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\am.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\am.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\ar.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\ar.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\bg.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\bg.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\bn.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\bn.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\ca.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\ca.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\cs.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\cs.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\da.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\da.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\de.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\de.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\el.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\el.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\en-GB.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\en-GB.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\en-US.dll => Moved successfully.
Could not move "C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\en-US.pak" => Scheduled to move on reboot.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\es-419.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\es-419.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\es.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\es.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\et.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\et.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\fa.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\fa.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\fi.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\fi.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\fil.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\fil.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\fr.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\fr.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\gu.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\gu.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\he.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\he.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\hi.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\hi.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\hr.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\hr.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\hu.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\hu.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\id.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\id.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\it.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\it.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\ja.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\ja.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\kn.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\kn.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\ko.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\ko.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\lt.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\lt.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\lv.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\lv.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\ml.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\ml.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\mr.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\mr.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\ms.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\ms.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\nb.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\nb.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\nl.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\nl.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\pl.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\pl.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\pt-BR.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\pt-BR.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\pt-PT.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\pt-PT.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\ro.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\ro.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\ru.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\ru.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\sk.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\sk.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\sl.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\sl.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\sr.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\sr.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\sv.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\sv.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\sw.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\sw.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\ta.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\ta.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\te.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\te.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\th.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\th.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\tr.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\tr.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\uk.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\uk.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\vi.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\vi.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\zh-CN.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\zh-CN.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\zh-TW.dll => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\zh-TW.pak => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Extensions\external_extensions.json => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\default_apps\docs.crx => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\default_apps\drive.crx => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\default_apps\external_extensions.json => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\default_apps\gmail.crx => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\default_apps\search.crx => Moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\default_apps\youtube.crx => Moved successfully.
Could not move "C:\Users\Crystal\AppData\Local\IdleCrawler" directory. => Scheduled to move on reboot.

C:\Windows\System32\Tasks\IdleCrawler Runner => Moved successfully.
C:\Windows\System32\Tasks\RegistryDr_Popup => Moved successfully.
C:\Windows\System32\Tasks\Oxy => Moved successfully.
C:\Windows\System32\Tasks\RunAsStdUser Task => Moved successfully.
C:\Windows\System32\Tasks\RegistryDr_Start => Moved successfully.
C:\Users\Crystal\AppData\Local\Temp\Quarantine.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{032F4261-7A11-4145-8191-2DEB3936B39C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{032F4261-7A11-4145-8191-2DEB3936B39C} => Key deleted successfully.
C:\Windows\System32\Tasks\RunAsStdUser Task not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{28443548-C171-4B50-BFBA-95994451DE9B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28443548-C171-4B50-BFBA-95994451DE9B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D6AFD1C-4AEE-4789-8E3A-6FD6850E82BC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D6AFD1C-4AEE-4789-8E3A-6FD6850E82BC} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BonanzaDealsUpdate => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{65DAE415-187D-4649-87F2-4A19F2DB1688} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65DAE415-187D-4649-87F2-4A19F2DB1688} => Key deleted successfully.
C:\Windows\System32\Tasks\RegistryDr_Start not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegistryDr_Start => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E4C1FF9-FFE3-4448-94DA-ABD752D208B1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E4C1FF9-FFE3-4448-94DA-ABD752D208B1} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8833B231-43B2-4D76-98D2-F132298C3EA7} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8833B231-43B2-4D76-98D2-F132298C3EA7} => Key deleted successfully.
C:\Windows\System32\Tasks\Windows Updater => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Windows Updater => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B8103D99-8D92-4750-B9F6-EC733F818C41} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B8103D99-8D92-4750-B9F6-EC733F818C41} => Key deleted successfully.
C:\Windows\System32\Tasks\RegistryDr_Popup not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegistryDr_Popup => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE7E2347-7C34-4476-96FC-BD6352148359} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE7E2347-7C34-4476-96FC-BD6352148359} => Key deleted successfully.
C:\Windows\System32\Tasks\Oxy not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Oxy => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DBB329EF-C981-40F6-861B-B6505C90E3D9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBB329EF-C981-40F6-861B-B6505C90E3D9} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup => Key deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => Key deleted successfully.
HKU\S-1-5-21-572204437-2333020396-3624162080-1000\Software\Classes\ => Unable to delete key
HKU\S-1-5-21-572204437-2333020396-3624162080-1000\Software\Classes\.exe => Key not found.
"C:\Program Files (x86)\Registry Dr" => File/Directory not found.
"C:\Users\Crystal\AppData\Local\Oxy" => File/Directory not found.
"C:\Users\Crystal\AppData\Roaming\Oxy" => File/Directory not found.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-05-10 08:03:58)<=

C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\chrome_100_percent.pak => Is moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\resources.pak => Is moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler\Chrome-bin\31.0.1650.63\Locales\en-US.pak => Is moved successfully.
C:\Users\Crystal\AppData\Local\IdleCrawler => Moved successfully.

==== End of Fixlog ====



#6 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:15 AM

Posted 10 May 2014 - 10:37 AM

Will edit this post with the malwarebytes log momentarily~

Thanks.... but now that i've replied, you may have to add a post reply.
Just to let you know that i won't be around this evening, but will be back first thing tomorrow.

BBPP6nz.png


#7 radioactiveratt

radioactiveratt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 10 May 2014 - 11:27 AM

Okay, thanks for letting me know! My computer's running so much smoother now! It's not even freezing any more. Thank you thank you thank you!! <3 Here's the maleware bytes log, didn't even make me restart my computer:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/10/2014
Scan Time: 9:24:52 AM
Logfile: malewarelog.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.10.07
Rootkit Database: v2014.03.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Crystal

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 292978
Time Elapsed: 8 min, 11 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)



#8 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:15 AM

Posted 10 May 2014 - 12:05 PM

Hi radioactiveratt

I just have time to reply before i go out.
 

My computer's running so much smoother now! It's not even freezing any more.

That's good to hear. :)

Step 1
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) 8 Update 5 and save it to your desktop.
  • Scroll down to where it says "Java SE 8 Update 5".
  • Click the "Download JRE " button.
  • Accept the license agreement.
  • select 'Windows x64.exe' from the list.
  • Save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
    .
    Java 7 Update 13 (64-bit)
    Java 7 Update 51

    .
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on downloaded icon to install the newest version.
Step 2
There's a couple of things i'd like to double check:

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

CF_download_FF.gif


CF_download_rename.gif

This is an example, you may rename ComboFix to anything you want.Then:

Double click on Combo-Fix.exe & follow the prompts.

Vista/Win7 users should right click on the icon and select Run as Administrator.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    If running Vista/Win7, you will not see the recovery console screens as they are Win XP related
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    cf1.png

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png

    Click on Yes, to continue scanning for malware.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall


    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


    Note:
    To turn of MSSE.

    Click on the 'Show Hidden Icons' arrow. (Bottom right of your screen)
    and right click on the MSSE icon and select Open.

    On the page that opens..... click on the Settings tab.

    msse1_zps361cb990.png

    On the next screen click on RealTime Protection

    msse2_zpsfa7e45da.png

    Now UNtick Turn on Realtime Protection (Recommended) and then click on Save Changes.

    msse3_zps03970683.png

    If the User Account control is turned on, you will need to click Yes on the next screen.

    Just reverse the process and turn the Realtime Protection back on.


.
In your next reply, please submit:
Combofix.txt


Thanks.

I'll be back tomorrow.

BBPP6nz.png


#9 radioactiveratt

radioactiveratt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 10 May 2014 - 12:52 PM

Ran ComboFix, here's the log:

 

ComboFix 14-05-10.01 - Crystal 05/10/2014  10:32:03.1.2 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4095.2672 [GMT -7:00]
Running from: c:\users\Crystal\Desktop\Combo-Fix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{04ADC5F2-C05B-4FAE-BF70-85FAEC8AA945}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{04ADC5F2-C05B-4FAE-BF70-85FAEC8AA945}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{183465B1-7719-44F0-B9E7-384327706575}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{183465B1-7719-44F0-B9E7-384327706575}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{373E74CF-3D10-4B12-AE00-35721B2ACFEC}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{373E74CF-3D10-4B12-AE00-35721B2ACFEC}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{373E74CF-3D10-4B12-AE00-35721B2ACFEC}\SwiftShader\1.0.5.0\libEGL.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{373E74CF-3D10-4B12-AE00-35721B2ACFEC}\SwiftShader\1.0.5.0\libGLESv2.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{3EA61376-583F-4B09-93F4-FC0DCC0A52CA}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{3EA61376-583F-4B09-93F4-FC0DCC0A52CA}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{45B212AE-A671-4FAF-A9A5-7272790BC97D}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{45B212AE-A671-4FAF-A9A5-7272790BC97D}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{5048CB88-BBDF-47AB-AF0E-AA9785E9ADCD}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{5048CB88-BBDF-47AB-AF0E-AA9785E9ADCD}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{5A7FF6A6-B516-4E17-99B7-6D6C7296A18F}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{5A7FF6A6-B516-4E17-99B7-6D6C7296A18F}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{6A65F0A3-B2C0-4B2F-BDDF-F8638D991194}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{6A65F0A3-B2C0-4B2F-BDDF-F8638D991194}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{6FD1B238-B44E-4F3A-A8DD-76F57566A033}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{6FD1B238-B44E-4F3A-A8DD-76F57566A033}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{B04638DB-E963-4E8C-B9CB-1D226BF69343}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{B04638DB-E963-4E8C-B9CB-1D226BF69343}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{B71C9AD5-5560-46E8-9359-467D6E5CB28B}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{B71C9AD5-5560-46E8-9359-467D6E5CB28B}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{C363B5ED-C0BE-4A4E-A9FA-D1E7A8F15DDB}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{C363B5ED-C0BE-4A4E-A9FA-D1E7A8F15DDB}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{C83C14D1-3085-4B3C-962F-30FC52F571DB}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{C83C14D1-3085-4B3C-962F-30FC52F571DB}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{C97C892C-AD44-4F3C-A969-C60E7CB83F60}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{C97C892C-AD44-4F3C-A969-C60E7CB83F60}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{CC90A619-0708-49C9-8189-FBF63872B202}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{CC90A619-0708-49C9-8189-FBF63872B202}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{D27E5F88-7921-4FC4-BCA2-9C28C3B0B04B}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{D27E5F88-7921-4FC4-BCA2-9C28C3B0B04B}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{D27E5F88-7921-4FC4-BCA2-9C28C3B0B04B}\SwiftShader\1.0.5.0\libEGL.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{D27E5F88-7921-4FC4-BCA2-9C28C3B0B04B}\SwiftShader\1.0.5.0\libGLESv2.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{D9107731-C31E-4435-A4A8-D5BCBF482FF4}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{D9107731-C31E-4435-A4A8-D5BCBF482FF4}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{D9628425-5CA7-4DE1-993A-0BC66B1C1016}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{D9628425-5CA7-4DE1-993A-0BC66B1C1016}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{DAC80D76-535C-4CD2-AC97-7CE517F7DD00}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{DAC80D76-535C-4CD2-AC97-7CE517F7DD00}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{DDCFE503-F62C-407D-88DE-F12666A95AB4}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{DDCFE503-F62C-407D-88DE-F12666A95AB4}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{DEBC58EE-6EB7-4EBC-81EC-FD9B80E46E7E}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{DEBC58EE-6EB7-4EBC-81EC-FD9B80E46E7E}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{DEBC58EE-6EB7-4EBC-81EC-FD9B80E46E7E}\SwiftShader\1.0.5.0\libEGL.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{DEBC58EE-6EB7-4EBC-81EC-FD9B80E46E7E}\SwiftShader\1.0.5.0\libGLESv2.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{E34F32DF-FACD-4CDD-86A1-2D9992F497A7}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{E34F32DF-FACD-4CDD-86A1-2D9992F497A7}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{E614AF68-B2D0-410E-87EF-B2D48E82B282}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{E614AF68-B2D0-410E-87EF-B2D48E82B282}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{E614AF68-B2D0-410E-87EF-B2D48E82B282}\SwiftShader\1.0.5.0\libEGL.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{E614AF68-B2D0-410E-87EF-B2D48E82B282}\SwiftShader\1.0.5.0\libGLESv2.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{ED2D0032-7D5B-40E9-944D-CE4B89F03B3C}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{ED2D0032-7D5B-40E9-944D-CE4B89F03B3C}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{ED2D0032-7D5B-40E9-944D-CE4B89F03B3C}\SwiftShader\1.0.5.0\libEGL.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{ED2D0032-7D5B-40E9-944D-CE4B89F03B3C}\SwiftShader\1.0.5.0\libGLESv2.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{EFB651DC-2CC5-4178-8F58-12E62AE55762}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{EFB651DC-2CC5-4178-8F58-12E62AE55762}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{F0BC0A52-B78D-4D6F-AFC9-676C351E9689}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{F0BC0A52-B78D-4D6F-AFC9-676C351E9689}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{F23B8A18-FF6E-4E97-9A54-F4EB4712CD69}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{F23B8A18-FF6E-4E97-9A54-F4EB4712CD69}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{F36724BA-4ED5-404B-9CD2-91EC3199081C}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{F36724BA-4ED5-404B-9CD2-91EC3199081C}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{F4B6CA1D-4628-47FF-A6AC-45D5DC322F2F}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{F4B6CA1D-4628-47FF-A6AC-45D5DC322F2F}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{F770DBFD-C58F-4287-972D-D3EF9C911F84}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{F770DBFD-C58F-4287-972D-D3EF9C911F84}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{FA2874C3-A5EE-4073-8365-9204644FA057}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{FA2874C3-A5EE-4073-8365-9204644FA057}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{FA500407-9B07-4B97-9440-386D60C07C18}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\apihook.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{FA500407-9B07-4B97-9440-386D60C07C18}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{FA500407-9B07-4B97-9440-386D60C07C18}\SwiftShader\1.0.5.0\libEGL.dll
c:\users\Crystal\AppData\Local\Temp\{BD0F8234-C77E-4D46-A917-B28FCDBE9923}\{FA500407-9B07-4B97-9440-386D60C07C18}\SwiftShader\1.0.5.0\libGLESv2.dll
c:\users\Crystal\AppData\Local\Temp\{E5A0AADD-3717-403D-9758-0EDF28F63171}\en-us\setupres.dll.mui
c:\users\Crystal\AppData\Local\Temp\{E5A0AADD-3717-403D-9758-0EDF28F63171}\EppManifest.dll
c:\users\Crystal\AppData\Local\Temp\{E5A0AADD-3717-403D-9758-0EDF28F63171}\Setup.exe
c:\users\Crystal\AppData\Local\Temp\{E5A0AADD-3717-403D-9758-0EDF28F63171}\SetupRes.dll
c:\users\Crystal\AppData\Local\Temp\{E5A0AADD-3717-403D-9758-0EDF28F63171}\SqmApi.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2014-04-10 to 2014-05-10  )))))))))))))))))))))))))))))))
.
.
2014-05-10 17:20 . 2014-05-10 17:20    --------    d-----w-    c:\program files (x86)\Common Files\Java
2014-05-10 17:20 . 2014-05-10 17:20    313256    ----a-w-    c:\windows\system32\javaws.exe
2014-05-10 17:20 . 2014-05-10 17:20    111016    ----a-w-    c:\windows\system32\WindowsAccessBridge-64.dll
2014-05-10 17:20 . 2014-05-10 17:20    191400    ----a-w-    c:\windows\system32\javaw.exe
2014-05-10 17:20 . 2014-05-10 17:20    190888    ----a-w-    c:\windows\system32\java.exe
2014-05-10 17:20 . 2014-05-10 17:20    --------    d-----w-    c:\program files\Java
2014-05-10 17:07 . 2014-05-10 17:08    --------    d-----w-    c:\users\Crystal\AppData\Local\Adobe
2014-05-10 16:16 . 2014-05-10 16:16    119512    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-10 16:15 . 2014-05-10 16:15    --------    d-----w-    c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-10 16:15 . 2014-04-03 16:51    63192    ----a-w-    c:\windows\system32\drivers\mwac.sys
2014-05-10 16:15 . 2014-04-03 16:51    88280    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2014-05-10 16:15 . 2014-04-03 16:50    25816    ----a-w-    c:\windows\system32\drivers\mbam.sys
2014-05-07 22:34 . 2014-05-07 22:34    --------    d-s---w-    c:\windows\system32\CompatTel
2014-05-07 21:32 . 2014-04-14 02:24    465408    ----a-w-    c:\windows\system32\aepdu.dll
2014-05-07 21:32 . 2014-04-14 02:19    424448    ----a-w-    c:\windows\system32\aeinv.dll
2014-05-07 21:19 . 2014-05-07 21:19    --------    d-----w-    c:\users\Crystal\AppData\Local\ElevatedDiagnostics
2014-05-07 21:19 . 2014-05-07 21:19    --------    d-sh--w-    c:\users\Crystal\AppData\Local\EmieUserList
2014-05-07 21:19 . 2014-05-07 21:19    --------    d-sh--w-    c:\users\Crystal\AppData\Local\EmieSiteList
2014-05-07 21:07 . 2014-05-07 21:07    --------    d-----w-    c:\users\Crystal\AppData\Local\Apple
2014-05-04 02:14 . 2014-05-04 02:14    --------    d-----w-    c:\windows\ERUNT
2014-05-04 02:04 . 2010-08-30 15:34    536576    ----a-w-    c:\windows\SysWow64\sqlite3.dll
2014-05-04 02:04 . 2014-05-10 00:04    --------    d-----w-    C:\AdwCleaner
2014-05-04 01:59 . 2014-05-10 15:03    --------    d-----w-    C:\FRST
2014-04-26 17:01 . 2014-04-26 17:01    --------    d-----w-    c:\users\Crystal\.config
2014-04-26 17:01 . 2014-04-26 17:01    --------    d-----w-    c:\users\Crystal\AppData\Local\Chromium
2014-04-26 16:56 . 2012-07-25 19:03    16896    ----a-w-    c:\windows\system32\sasnative64.exe
2014-04-19 01:17 . 2014-04-19 01:17    --------    d-----w-    c:\windows\Migration
2014-04-18 23:14 . 2014-04-18 23:14    --------    d-----w-    c:\users\Crystal\AppData\Roaming\Unity
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-07 22:20 . 2013-02-11 06:21    692400    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-07 22:20 . 2011-08-16 19:27    70832    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-10 04:55 . 2013-02-11 01:06    90655440    ----a-w-    c:\windows\system32\MRT.exe
2014-03-04 09:44 . 2014-04-10 04:54    362496    ----a-w-    c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-10 04:54    243712    ----a-w-    c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-10 04:54    13312    ----a-w-    c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-10 04:54    16384    ----a-w-    c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-10 04:54    1163264    ----a-w-    c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-10 04:54    14336    ----a-w-    c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-10 04:54    44032    ----a-w-    c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-10 04:54    25600    ----a-w-    c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-10 04:54    5120    ----a-w-    c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-10 04:54    7680    ----a-w-    c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-10 04:54    2048    ----a-w-    c:\windows\SysWow64\user.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-04-23 1825984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2013-02-10 295072]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-03-18 224128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe;c:\program files\Acer\Empowering Technology\Service\ETService.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe;c:\windows\SYSNATIVE\Pen_Tablet.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe;c:\program files\Tablet\Pen\WTabletServiceCon.exe [x]
S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-28 07:08    1078088    ----a-w-    c:\program files (x86)\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-11 22:20]
.
2014-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-10 22:18]
.
2014-05-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-10 22:18]
.
2014-04-30 c:\windows\Tasks\ReclaimerUpdateFiles_Crystal.job
- c:\users\Crystal\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-28 22:30]
.
2014-04-28 c:\windows\Tasks\ReclaimerUpdateXML_Crystal.job
- c:\users\Crystal\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-28 22:30]
.
2014-05-10 c:\windows\Tasks\RNUpgradeHelperLogonPrompt_Crystal.job
- c:\users\Crystal\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.90\agent\rnupgagent.exe [2014-03-28 22:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-13 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-13 390168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-13 409624]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-17 9608224]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Crystal\AppData\Roaming\Mozilla\Firefox\Profiles\e0y5m85e.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-IdleCrawler - c:\users\Crystal\AppData\Local\IDLECR~1\uninstall.exe
AddRemove-{790875CA-153F-49F0-AAC8-C403494239A1} - c:\users\Crystal\AppData\Roaming\Oxy\Updater.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-572204437-2333020396-3624162080-1000\Software\SecuROM\License information*]
"datasecu"=hex:2e,85,d9,12,cd,bd,c6,81,21,0a,f0,2c,7e,44,15,cc,ad,e6,e3,5b,24,
   c4,1e,42,73,95,d2,32,00,f8,51,bc,5b,a8,c0,f8,e2,1b,bf,84,bd,c2,fc,71,3f,dc,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Tablet\Pen\WacomHost.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
.
**************************************************************************
.
Completion time: 2014-05-10  10:46:41 - machine was rebooted
ComboFix-quarantined-files.txt  2014-05-10 17:46
.
Pre-Run: 60,771,090,432 bytes free
Post-Run: 61,200,715,776 bytes free
.
- - End Of File - - E9DF7A9DD4CA61E31ACAFC677FB8A86C
A36C5E4F47E84449FF07ED3517B43A31
 



#10 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:15 AM

Posted 11 May 2014 - 04:47 AM

Hi radioactiveratt

I've tried to delete them from the list of programs and features and they just wont uninstall. One is "Oxy Updater" and the other is "IdleCrawler".

These should now be gone.

Let's clean up the rest of the temp files and get an online scan done.

Step 1
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista/Win7, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Step 2
I'd like you to do an ESET OnlineScan
64Bit users, please see note at the bottom.

You may find it beneficial to close your resident AV program before running the scan.

It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% )
To prevent this happening:
When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

eset.png
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetSmartInstall.png to download the ESET Smart Installer.
      Save it to your desktop.
    • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
  • Click the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Click esetExport.png, and save the file to your desktop using a unique name, such as ESETScan.
    Include the contents of this report in your next reply.
  • Click the esetBack.png button.
  • Click esetFinish.png
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Note:
As you are running a 64bit system:
The ESET Online Scanner is a 32-bit application, which means it must be run through in the 32-bit version of Internet Explorer, and as an Administrator. To do so, right-click on the Internet Explorer (32-bit) icon in the Start Menu and select "Run as administrator" from the context menu.



In your next reply, please submit:
Eset scan report (if anything is found)

Also let me know if there are any outstanding issues with the system.


Thanks.

BBPP6nz.png


#11 radioactiveratt

radioactiveratt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 12 May 2014 - 04:00 AM

Oxy Updater is gone but IdleCrawler is still on my list of programs from the control panel. The only problems I've had with my computer before this happened was that I've had to reinstall the driver for my wacom drawing tablet every few days because the pen pressure stops working but I think that's more of an issue with the tablet I'm using being so old rather then anything else.

ESETScan:

C:\FRST\Quarantine\C\Users\Crystal\AppData\Local\IdleCrawler\IdleCrawler.exe.xBAD    a variant of Win32/GigaClicks.AD potentially unwanted application    deleted - quarantined
C:\Users\Crystal\Downloads\Downloads before 11-20-13\7zip-setup.exe    Win32/DownloadAdmin.G potentially unwanted application    deleted - quarantined
C:\Users\Crystal\Downloads\Downloads before 11-20-13\gimp-setup.exe    Win32/DownloadAdmin.G potentially unwanted application    deleted - quarantined
C:\Users\Crystal\Downloads\Downloads before 11-20-13\vlcmediaplayer-setup.exe    Win32/DownloadAdmin.G potentially unwanted application    deleted - quarantined
C:\Users\Crystal\Downloads\music 1-15-14\Audacity(1).exe    a variant of Win32/Verti.B potentially unwanted application    deleted - quarantined
C:\Users\Crystal\Downloads\music 1-15-14\Audacity.exe    a variant of Win32/Verti.B potentially unwanted application    deleted - quarantined
C:\Users\Crystal\Downloads\music 1-15-14\MediaPlayerClassic.exe    a variant of Win32/Verti.B potentially unwanted application    deleted - quarantined
C:\Users\Crystal\Downloads\music 1-15-14\RealPlayer(1).exe    a variant of Win32/Verti.B potentially unwanted application    deleted - quarantined
C:\Users\Crystal\Downloads\music 1-15-14\RealPlayer.exe    a variant of Win32/Verti.B potentially unwanted application    deleted - quarantined
C:\Users\Crystal\Downloads\music 1-15-14\rpc412.zip    Win32/DownWare.L potentially unwanted application    deleted - quarantined
G:\Dragons End\2 Grey's Journey\printing layout ka_blam\{DATs_Updated_to_ROMs_Number_5900.rar}_downloader_411.exe    a variant of Win32/YourFileDownloader potentially unwanted application    deleted - quarantined
 



#12 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:15 AM

Posted 12 May 2014 - 04:42 PM

Hi radioactiveratt

Apart from a file which was already in quarantine, Eset found some old infected programs on your system.
These have now been dealt with.
 

Oxy Updater is gone but IdleCrawler is still on my list of programs from the control panel.

Strange, the CF report showed it as being removed.

- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-IdleCrawler - c:\users\Crystal\AppData\Local\IDLECR~1\uninstall.exe
AddRemove-{790875CA-153F-49F0-AAC8-C403494239A1} - c:\users\Crystal\AppData\Roaming\Oxy\Updater.exe

All the files relating to IdleCrawler have been removed, so the entry in the Add/Remove is only an orphan entry.
It can't have any effect on the system at all.
 

I've had to reinstall the driver for my wacom drawing tablet every few days because the pen pressure stops working but I think that's more of an issue with the tablet I'm using being so old rather then anything else.

You may be better to check the Wacom forums, there may well be some information relating to your problem there. (plus they are obviously more informed on the software)
http://forum.wacom.eu/index.php?sid=50d21b0031b9b8c7ce83ac0df5940526

Has the system frozen at all since we cleaned it up?

Edited by Starbuck, 12 May 2014 - 04:43 PM.

BBPP6nz.png


#13 radioactiveratt

radioactiveratt
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:15 PM

Posted 12 May 2014 - 09:31 PM

Okay well if it's just a ghost thing and it isn't going to do anything to my computer I can deal with it staying there ^_^

Oh, I never thought to check with their forums, probably would have been a smart thing to do in the first place about that, thanks for the suggestion!

Nope, no problems at all since you had me do all those virus tests! Thank you so much for helping me!! <3 I really appreciate the help! Is there anything else you wanted me to do on my computer?



#14 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:03:15 AM

Posted 13 May 2014 - 10:48 AM

Hi radioactiveratt
 
Hopefully the Wacom forums will be able to offer you some advice.

no problems at all since you had me do all those virus tests!

That's good then. :)
 

Is there anything else you wanted me to do on my computer?

All we need to do now is clean off the tools we have used and set you a fresh restore point.


Step 1
Restart MBAM.
Click on the History tab >> Quarantine
Tick to select any items (if there ) and then click the Delete button.
Close MBAM.


Step 2
Double click on AdwCleaner.exe to run the tool again.
  • Click on the Uninstall button.
  • Click Yes when asked are you sure you want to uninstall.
  • Both AdwCleaner.exe, its folder and all logs will be removed.
Step 3
Please uninstall ComboFix by
Clicking on Start ...then run ... and type in combofix /uninstall (don't forget there's is a gap between x and /) Then press Ok
cfu.png

This action will uninstall Combofix and also perform a few cleanup measures

By default, Windows 7 does not have the "Run" command on the start menu. It's easy to get this back.

1. Open the start menu.
2. Right click on a non-icon area and select "Properties".
3. Press the "Customize" button.
4. Scroll down and find the "Run command" checkbox.
5. Check it and press OK.
6. Press OK.

You now have your run command on the start menu.




Step 4
Download Delfix and save it to your desktop.
Ensure that the following are checked:
  • Remove disinfection tools.
  • Create registry backup
  • Purge system restore

    delf_zpsb39a5ff3.png
    .
  • Click the Run button.
When the tool has finished, a log will open in notepad.... but i don't actually need this report


Eset can be removed using the Remove Programs feature in Control Panel.

I would recommend keeping TFC.
Just run it once a week to keep all the temp files etc down.


To find out how you may have been infected....read this topic:
How did i get infected?


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Use an AntiVirus Software

Only install one AntiVirus program

Update your AntiVirus Software regularly

Use a Firewall

Only install one software Firewall

Scan regularly with a 'Stand Alone' Anti-Malware scanner:
Installing another scanner that you can run once or twice a week is always beneficial.
Something like:
Malwarebytes Anti-Malware
SUPERAntiSypware
Remember to update these programs each time before running.
You can install more than one of these if you only run them as stand alone programs.

Use an alternative browser to Internet Explorer:
Some excellent alternatives to MS Internet Explorer are:

Firefox
For added security, add the NoScript extension to this browser:
Allow active content to run only from sites you trust, and protect yourself against XSS and Clickjacking attacks
also consider adding:
WOT - Safe Browsing Tool

Web of Trust warns you about risky sites that cheat customers, deliver malware or send spam. Millions of members of the WOT community rate sites based on their experience, giving you an extra layer of protection when browsing or searching the Web.
Btw: you don't have to make a contribution.

Opera

Keep a backup of your registry
Keeping a regular backup of your registry will help when something goes wrong.
Use a program like:
Erunt

A full tutorial on how to set up and use Erunt can be found here:
Erunt tutorial

Keep your system clean of temp files etc, using a 'Cleaner':

Cleaners are programs that will help to clean out your:
Windows temp files
Current user temp files
Cookies
Temporary Internet flies
Browser history
Recycle bin
Etc.......
In other words.... all the rubbish that you accumalate over the course of your browsing and day to day usage of your pc.
Programs like:
TFC by OldTimer
ATF Cleaner

Visit Microsoft's Windows Update Site Frequently - It is important that you visit Windowsupdate regularly.
Alternatively, turn on the Automatic Updates.

Peer to Peer programs
Don't be tempted to use Peer to Peer programs.
Many of the downloads are bundled with malware.

Update all your 'Security' programs regularly - Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.

Safe surfing. Computer_addict__by_Sinister_Starfeesh.g

BBPP6nz.png





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users