Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Computer Randomly Shuts Down

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Computer Randomly Shuts Down

Unread postby maximusdowns » November 15th, 2013, 3:49 pm

To whom it may concern,

I inherited a computer a year or so back and found it had some malware on it. Issues included:

- Inability to install the Firefox browser
- Problems with running install browser Google Chrome
- Computer would randomly shut down and have to be restarted
- Installed Malware software would find infected files

I came onto here to try and get help, but apparently the system had some cracked hardware on it that I was unaware of, so the threads were rightfully shut down. So I bit the bullet and went and bought Windows 8 and installed it. This resolved a lot of the issues I was experiencing, but the old files from the Windows 7 were still saved on the computer. I deleted them, but not everything was deleted. What I am worried about is that some of the stuff I can't delete for whatever reason might be some of the old malware files. In addition, the computer, since the OS update, has randomly shut down once. The screens freeze, then one of the screens goes blue (not blue screen of death) and then the system restarts and when it does I get a "Windows has just recovered from an unexpected shutdown" message, which I report to Microsoft. What I am hoping is that whatever malware that was on the old system did not get down to the hardware level. I am here to try and figure out if there is any malware left on my system and, if there is, how to get rid of it. Please find attached the following dds.txt and attach.txt files:

dds

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by Max at 11:27:20 on 2013-11-15
Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.14327.12359 [GMT -8:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\dashost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\System32\dwm.exe
C:\WINDOWS\system32\atieclxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\taskhostex.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{07CF5434-0B6A-4D4F-A3DB-E65011EB131A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{F43A5271-0A56-4489-B9CA-B0A223231C2F} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\0l9afo67.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrlui.dll
FF - plugin: C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMSS.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2012-10-18 239616]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-25 117248]
S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\WINDOWS\System32\Drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2013-11-15 05:34:14 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7038356A-8536-4481-B2B5-CE3A05DF0C30}\mpengine.dll
2013-11-15 03:32:08 965000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0DFE067B-9413-4A63-8AA6-ECCBC7B17065}\gapaengine.dll
2013-11-15 03:31:38 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-11-13 00:50:30 -------- d-----w- C:\Program Files\McAfee Security Scan
2013-11-09 20:06:30 16114176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-11-09 20:06:30 15541248 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-11-09 20:03:43 278800 ------w- C:\WINDOWS\System32\MpSigStub.exe
2013-11-09 20:02:26 -------- d-----w- C:\WINDOWS\System32\MRT
2013-11-09 19:24:07 342704 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10224.bin
2013-11-09 19:08:13 17888 ----a-w- C:\WINDOWS\System32\msvcr100_clr0400.dll
2013-11-09 19:08:12 17888 ----a-w- C:\WINDOWS\SysWow64\msvcr100_clr0400.dll
2013-11-09 19:06:58 911032 ----a-w- C:\Program Files\Windows Defender\MpClient.dll
2013-11-09 19:05:54 83968 ----a-w- C:\WINDOWS\System32\drivers\hidclass.sys
2013-11-09 19:04:56 595968 ----a-w- C:\WINDOWS\System32\qedit.dll
2013-11-09 19:03:59 370688 ----a-w- C:\WINDOWS\SysWow64\WWanAPI.dll
2013-11-09 19:02:37 2893824 ----a-w- C:\WINDOWS\System32\msmpeg2vdec.dll
2013-11-09 19:02:37 2400256 ----a-w- C:\WINDOWS\SysWow64\msmpeg2vdec.dll
2013-11-09 19:02:25 70144 ----a-w- C:\WINDOWS\System32\appinfo.dll
2013-11-09 19:02:25 112872 ----a-w- C:\WINDOWS\System32\consent.exe
2013-11-09 19:02:18 26624 ----a-w- C:\WINDOWS\System32\ReAgentc.exe
2013-11-09 19:02:18 24064 ----a-w- C:\WINDOWS\SysWow64\ReAgentc.exe
2013-11-09 18:58:40 2382336 ----a-w- C:\WINDOWS\SysWow64\esent.dll
2013-11-09 18:58:39 2851840 ----a-w- C:\WINDOWS\System32\esent.dll
2013-11-09 18:57:58 -------- d-----w- C:\Users\Max\AppData\Local\Macromedia
2013-11-09 18:55:27 2361344 ----a-w- C:\WINDOWS\System32\msxml6.dll
2013-11-09 18:55:27 1836032 ----a-w- C:\WINDOWS\System32\msxml3.dll
2013-11-09 18:55:26 2048 ----a-w- C:\WINDOWS\SysWow64\msxml6r.dll
2013-11-09 18:55:26 2048 ----a-w- C:\WINDOWS\SysWow64\msxml3r.dll
2013-11-09 18:55:26 2048 ----a-w- C:\WINDOWS\System32\msxml6r.dll
2013-11-09 18:55:26 2048 ----a-w- C:\WINDOWS\System32\msxml3r.dll
2013-11-09 18:55:26 1802240 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2013-11-09 18:55:26 1438720 ----a-w- C:\WINDOWS\SysWow64\msxml3.dll
2013-11-09 18:51:20 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-11-09 18:51:14 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-11-08 04:36:08 78872 ----a-w- C:\WINDOWS\System32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2013-11-08 04:36:08 50200 ----a-w- C:\WINDOWS\SysWow64\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2013-11-08 04:36:05 79896 ----a-w- C:\WINDOWS\SysWow64\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2013-11-08 04:36:05 111640 ----a-w- C:\WINDOWS\System32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2013-11-08 04:35:33 -------- d-----w- C:\WINDOWS\System32\RsFx
2013-11-08 04:31:46 -------- d-----w- C:\Program Files\Microsoft SQL Server
2013-11-08 04:31:36 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server
2013-11-08 04:30:57 -------- d-----w- C:\Program Files\Microsoft Synchronization Services
2013-11-08 04:30:57 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition
2013-11-08 04:30:48 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services
2013-11-08 04:30:48 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2013-11-08 04:30:38 -------- d-----w- C:\ProgramData\PreEmptive Solutions
2013-11-08 04:27:52 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2013-11-08 04:27:47 -------- d-----w- C:\Program Files\IIS
2013-11-08 04:27:47 -------- d-----w- C:\Program Files (x86)\IIS
2013-11-08 04:27:21 2420672 ----a-w- C:\ProgramData\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2013-11-08 04:22:48 -------- d-----w- C:\WINDOWS\SysWow64\1033
2013-11-08 04:22:13 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 10.0
2013-11-08 04:22:13 -------- d-----w- C:\Program Files (x86)\Microsoft F#
2013-11-08 04:22:13 -------- d-----w- C:\Program Files (x86)\HTML Help Workshop
2013-11-08 04:22:13 -------- d-----w- C:\Program Files (x86)\Common Files\Merge Modules
2013-11-08 04:20:14 -------- d-----w- C:\WINDOWS\System32\1033
2013-11-08 04:20:14 -------- d-----w- C:\Program Files\Microsoft Visual Studio 10.0
2013-11-08 04:20:14 -------- d-----w- C:\Program Files\Microsoft Help Viewer
2013-11-08 04:19:31 -------- d-----w- C:\WINDOWS\PCHEALTH
2013-11-08 03:29:55 -------- d-----w- C:\Users\Max\AppData\Roaming\e-academy Inc
2013-11-08 03:29:55 -------- d-----w- C:\Users\Max\AppData\Local\e-academy Inc
2013-11-08 03:22:58 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2013-11-08 03:22:58 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2013-11-08 03:22:58 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2013-11-08 03:22:58 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2013-11-08 03:22:58 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2013-11-08 03:20:25 -------- d-----w- C:\Users\Max\AppData\Local\Apple Computer
2013-11-08 03:20:21 33240 ----a-w- C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
2013-11-08 03:20:01 -------- d-----w- C:\Program Files\iPod
2013-11-08 03:20:00 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-08 03:20:00 -------- d-----w- C:\Program Files\iTunes
2013-11-08 03:20:00 -------- d-----w- C:\Program Files (x86)\iTunes
2013-11-08 03:19:25 -------- d-----w- C:\Users\Max\AppData\Local\Apple
2013-11-08 03:19:12 -------- d-----w- C:\Program Files\Bonjour
2013-11-08 03:19:12 -------- d-----w- C:\Program Files (x86)\Bonjour
2013-11-08 03:07:33 -------- d-----w- C:\Program Files (x86)\VideoLAN
2013-11-08 03:06:07 -------- d-----w- C:\ProgramData\McAfee Security Scan
2013-11-08 03:05:11 -------- d-----w- C:\Users\Max\AppData\Local\Adobe
2013-11-08 02:59:37 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2013-11-08 02:55:45 -------- d-----r- C:\Users\Max\Searches
2013-11-08 02:55:45 -------- d-----r- C:\Users\Max\Contacts
2013-11-08 02:55:02 -------- d-----w- C:\Users\Max\AppData\Local\VirtualStore
2013-11-08 02:45:36 0 ----a-w- C:\WINDOWS\ativpsrm.bin
2013-11-08 02:43:34 -------- d-----w- C:\Windows.old
2013-11-08 02:28:00 -------- d-----w- C:\WINDOWS\Panther
.
==================== Find3M ====================
.
2013-10-02 01:38:13 78296 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2013-10-02 01:38:13 694232 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06 1767936 ----a-w- C:\WINDOWS\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\WINDOWS\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\WINDOWS\System32\jscript9.dll
2013-08-23 05:11:57 4040192 ----a-w- C:\WINDOWS\System32\win32k.sys
.
============= FINISH: 11:27:38.06 ===============


attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume1
Install Date: 11/7/2013 6:54:38 PM
System Uptime: 11/14/2013 7:13:27 PM (16 hours ago)
.
Motherboard: MSI | | X58A-GD45 (MS-7522)
Processor: Intel(R) Core(TM) i7 CPU 960 @ 3.20GHz | CPU 1 | 3201/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 854.082 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 931 GiB total, 17.124 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP2: 11/14/2013 7:49:58 PM - Windows Update
RP3: 11/14/2013 7:50:11 PM - Windows Modules Installer
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.05)
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Crystal Reports for Visual Studio
Dotfuscator Software Services - Community Edition
iTunes
McAfee Security Scan Plus
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft Help Viewer 1.0
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2008 (64-bit)
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Management Objects (x64)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server System CLR Types (x64)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 (x64)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x64)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual F# 2.0 Runtime
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
Microsoft Visual Studio 2010 Office Developer Tools (x64)
Microsoft Visual Studio 2010 Performance Collection Tools - ENU
Microsoft Visual Studio 2010 Premium - ENU
Microsoft Visual Studio 2010 SharePoint Developer Tools
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Microsoft Visual Studio Macro Tools
Mozilla Firefox 25.0 (x86 en-US)
Mozilla Maintenance Service
QuickTime
Secure Download Manager
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)
Sql Server Customer Experience Improvement Program
Visual Studio 2010 Prerequisites - English
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VLC media player 2.1.0
Web Deployment Tool
.
==== Event Viewer Messages From Past Week ========
.
11/15/2013 1:33:12 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
11/15/2013 1:32:42 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WlanSvc service.
11/14/2013 7:14:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000116 (0xfffffa800bbae4d0, 0xfffff8800433bdb8, 0x0000000000000000, 0x0000000000000002). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 111413-38376-01.
11/12/2013 4:36:06 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================


Any help would be greatly appreciated. Thank you for your time and effort.

Very respectfully,
Max
maximusdowns
Regular Member
 
Posts: 66
Joined: August 4th, 2012, 4:11 pm
Advertisement
Register to Remove

Re: Computer Randomly Shuts Down

Unread postby wannabeageek » November 18th, 2013, 9:15 am

Hello maximusdowns, and Welcome to MalWare Removal forums!

My name is wannabeageek and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:

    Absence of symptoms does not mean that everything is clear.

I am currently reviewing your logs and will return, as soon as possible, with additional instructions. In the meantime...

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Computer Randomly Shuts Down

Unread postby wannabeageek » November 18th, 2013, 11:25 am

maximusdowns,

Please compete the following. You may post the results after each scan due to log size.

Step 1.
Remove Program(s)
  1. If you are at the Start screen, then Right-click in the screen's bottom-right corner. A circle with three lines in it with the text All Appswill pop up at the bottom of the screen. Left Click it and choose the Control Panel from the list of apps that will pop up. You will probably find it all the way to the right. You will probably need to use the scroll bar at the bottom of the screen to get to it. Once at the Control Panel continue the same way as you would if you came from the Desktop
  2. If you are at the Desktop then pull the mouse quickly to the right lower corner of the screen. The panel with a number of choices opens up. Click on settings and a list of Settings is shown. Select Control Panel.
  3. When the Control Panel appears, choose Programs and Features.
  4. Locate the following program:
    McAfee Security Scan Plus
  5. Click it to choose it and then give the permission to go ahead if the computer asks for it.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
  6. When the program(s) have been uninstalled... Close Control Panel.


Step 2.
Download HijackThis
Please download HijackThis.msi © Trend Micro Incorporated. Save it to your desktop. Alternate link site here.

NOTE:If you have used HijackThis before to remove entries, do not uninstall the old version yet.
We may need to see/use it's backups. I will let you know when it's OK to uninstall the old version.

  1. Double click on the HiJackThis.msi icon on your desktop to install. Click Run if you get an Open File security prompt.
    Vista - W7 - W8 users: Right click on HiJackThis.msi and select Run as Administrator, if prompted by Windows UAC, allow it.
  2. Follow the prompts... allow the defaults... once installed ...it will create a HijackThis icon on the desktop. Default install location: C:\Program Files\Trend Micro\HijackThis
  3. Once installed, it will launch HijackThis...if not...double click the HijackThis desktop icon.
      If you are on the "scan & fix stuff" page... Press the "Main Menu"...button.
  4. Click on the "Do a system scan and save a Log file"...button.
    When the scan is finished...Notepad will open with a log file called "hijackthis.log".
  5. In the Hijackthis log, go to the top menu, click on "Format" and uncheck "Word Wrap" if checked.
  6. Copy and paste the contents of hijackthis.log file in your next reply. Save the file in the HijackThis folder.
Do not fix anything yourself... Removing any needed entries... could render your computer inoperable!.


Step 3.
OTL
Instructions are written for Internet Explorer.
Please download OTL ... by Old Timer.
  1. From the delta arrow next to the save button, select "Save as".
  2. From the "Save As" window select "Desktop" Then click on Save.
  3. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  4. Click the Scan All Users checkbox.
  5. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
    Leave the remaining selections to the default settings.
  6. Click on Run Scan at the top left hand corner.
  7. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  8. Please post the contents of both OTL.txt and Extras.txt files in your next reply.


Please include in your next reply:
  1. Remove McAfee Security Scan Plus
  2. Contents of hijackthis.log
  3. Contents of OTL.txt
  4. Contents of Extras.txt
  5. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Computer Randomly Shuts Down

Unread postby maximusdowns » November 19th, 2013, 11:46 pm

Wannabeageek,

Thank you very much for your offer to help. When I last turned on this computer, it experienced an 0xc0000001 error, which caused my computer to enter into a frustrating loop of not loading Windows 8, diagnosising my machine, and then saying that Windows 8 couldn't be restarted. I eventually just re-installed Windows, thought I swear after all the frustration I'm going to go to UNIX one of these days. I would still like to exam my PC for spyware/malware if you're up for it. I'm re-posting my DDS and Attach files:

DDS
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16384
Run by Max at 19:42:13 on 2013-11-19
Microsoft Windows 8 Pro 6.2.9200.0.1252.1.1033.18.14327.12343 [GMT -8:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\servicing\TrustedInstaller.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation
C:\$SysReset\Framework\Stack\SystemResetOSUpdates.exe
C:\WINDOWS\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16384_none_622908ad510eb05b\TiWorker.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\settingsynchost.exe
C:\WINDOWS\system32\vssvc.exe
C:\WINDOWS\system32\taskhostex.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\svchost.exe -k swprv
C:\WINDOWS\system32\taskhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe
TCP: Interfaces\{67C2E777-3C2A-440A-8BDE-083FEBFD7A85} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\174u8fal.default\
.
============= SERVICES / DRIVERS ===============
.
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\Drivers\Rt630x64.sys [2012-6-2 589824]
S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-25 117248]
.
=============== Created Last 30 ================
.
2013-11-20 03:34:59 20080 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2013-11-20 03:31:44 -------- d-----r- C:\Users\Max\Searches
2013-11-20 03:30:21 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-11-20 03:30:14 17536 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-11-20 03:30:02 -------- d-----w- C:\Users\Max\AppData\Local\VirtualStore
2013-11-20 03:29:34 -------- d-----w- C:\ProgramData\PRICache
2013-11-20 03:28:46 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CE8E66BF-D248-4681-B43F-7094ADC52517}\mpengine.dll
2013-11-20 03:24:48 0 ----a-w- C:\WINDOWS\ativpsrm.bin
2013-11-20 03:22:02 -------- d-----w- C:\Windows.old
2013-11-20 03:08:58 -------- d-----w- C:\WINDOWS\Panther
2013-11-20 03:07:08 -------- d--h--w- C:\$SysReset
2013-11-15 19:52:46 300720 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10225.bin
2013-11-08 02:55:45 -------- d-----r- C:\Users\Max\Contacts
2013-11-08 02:54:52 -------- d-----w- C:\Users\Max\AppData\Local\Packages
2013-11-08 02:54:22 -------- d-----r- C:\Users\Max\Videos
2013-11-08 02:54:22 -------- d-----r- C:\Users\Max\Saved Games
2013-11-08 02:54:22 -------- d-----r- C:\Users\Max\Pictures
2013-11-08 02:54:22 -------- d-----r- C:\Users\Max\Music
2013-11-08 02:54:22 -------- d-----r- C:\Users\Max\Links
2013-11-08 02:54:22 -------- d-----r- C:\Users\Max\Downloads
2013-11-08 02:54:22 -------- d-----r- C:\Users\Max\Documents
.
==================== Find3M ====================
.
.
============= FINISH: 19:42:42.05 ===============

Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8 Pro
Boot Device: \Device\HarddiskVolume1
Install Date: 11/19/2013 7:29:04 PM
System Uptime: 11/19/2013 7:26:24 PM (0 hours ago)
.
Motherboard: MSI | | X58A-GD45 (MS-7522)
Processor: Intel(R) Core(TM) i7 CPU 960 @ 3.20GHz | CPU 1 | 3201/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 854.902 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Mozilla Firefox 25.0.1 (x86 en-US)
Mozilla Maintenance Service
.
==== Event Viewer Messages From Past Week ========
.
11/19/2013 7:24:25 PM, Error: Service Control Manager [7023] - The Network List Service service terminated with the following error: The device is not ready.
11/19/2013 7:24:23 PM, Error: Service Control Manager [7023] - The IP Helper service terminated with the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/19/2013 7:24:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xc000021a (0xfffff8a0054d07b0, 0xffffffffc0000428, 0xfffff8a0007ee580, 0x0000000000000000). A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 111913-63149-01.
.
==== End Of File ===========================


I will follow your instructions to the letter. Thank you very much for your assistance.

Very respectfully,
Max Downs
maximusdowns
Regular Member
 
Posts: 66
Joined: August 4th, 2012, 4:11 pm

Re: Computer Randomly Shuts Down

Unread postby wannabeageek » November 20th, 2013, 1:18 am

Hi maximusdowns,

Go ahead and complete what I had asked before. It is listed below. As for a UNIX OS, I would suggest Santa Cruz Operation Unix on a mini-mainframe. But understand this type of unix software is business software. You should probably look at linix instead.

Also, upload as an attachment the file located at:C:\WINDOWS\MEMORY.DMP. Report Id: 111913-63149-01. from the BSOD your machine suffered.
A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 111913-63149-01.
That may help find the issue.
If you cannot find the McAfee program, go to the next step.

Step 1.
Remove Program(s)
  1. If you are at the Start screen, then Right-click in the screen's bottom-right corner. A circle with three lines in it with the text All Appswill pop up at the bottom of the screen. Left Click it and choose the Control Panel from the list of apps that will pop up. You will probably find it all the way to the right. You will probably need to use the scroll bar at the bottom of the screen to get to it. Once at the Control Panel continue the same way as you would if you came from the Desktop
  2. If you are at the Desktop then pull the mouse quickly to the right lower corner of the screen. The panel with a number of choices opens up. Click on settings and a list of Settings is shown. Select Control Panel.
  3. When the Control Panel appears, choose Programs and Features.
  4. Locate the following program:
    McAfee Security Scan Plus
  5. Click it to choose it and then give the permission to go ahead if the computer asks for it.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
  6. When the program(s) have been uninstalled... Close Control Panel.


Step 2.
Download HijackThis
Please download HijackThis.msi © Trend Micro Incorporated. Save it to your desktop. Alternate link site here.

NOTE:If you have used HijackThis before to remove entries, do not uninstall the old version yet.
We may need to see/use it's backups. I will let you know when it's OK to uninstall the old version.

  1. Double click on the HiJackThis.msi icon on your desktop to install. Click Run if you get an Open File security prompt.
    Vista - W7 - W8 users: Right click on HiJackThis.msi and select Run as Administrator, if prompted by Windows UAC, allow it.
  2. Follow the prompts... allow the defaults... once installed ...it will create a HijackThis icon on the desktop. Default install location: C:\Program Files\Trend Micro\HijackThis
  3. Once installed, it will launch HijackThis...if not...double click the HijackThis desktop icon.
      If you are on the "scan & fix stuff" page... Press the "Main Menu"...button.
  4. Click on the "Do a system scan and save a Log file"...button.
    When the scan is finished...Notepad will open with a log file called "hijackthis.log".
  5. In the Hijackthis log, go to the top menu, click on "Format" and uncheck "Word Wrap" if checked.
  6. Copy and paste the contents of hijackthis.log file in your next reply. Save the file in the HijackThis folder.
Do not fix anything yourself... Removing any needed entries... could render your computer inoperable!.


Step 3.
OTL
Instructions are written for Internet Explorer.
Please download OTL ... by Old Timer.
  1. From the delta arrow next to the save button, select "Save as".
  2. From the "Save As" window select "Desktop" Then click on Save.
  3. Right click on OTL.exe select "Run As Administrator" to run it. If prompted by UAC, please allow it.
  4. Click the Scan All Users checkbox.
  5. Check the Extra Registry block to make sure the "Use SafeList" button is highlighted.
    Leave the remaining selections to the default settings.
  6. Click on Run Scan at the top left hand corner.
  7. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  8. Please post the contents of both OTL.txt and Extras.txt files in your next reply.


Please include in your next reply:
  1. Remove McAfee Security Scan Plus
  2. Contents of hijackthis.log
  3. Contents of OTL.txt
  4. Contents of Extras.txt
  5. Any problem executing the instructions?
Thanks,
wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Computer Randomly Shuts Down

Unread postby maximusdowns » November 21st, 2013, 11:44 pm

Hey,

I experience no problems with your instructions. Here are the results of the tests:

Hijacking:
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 7:27:05 PM, on 11/21/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16384)

FIREFOX: 25.0.1 (en-US)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Max\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 4135 bytes



OTC:

OTL logfile created on: 11/21/2013 7:31:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Max\Desktop
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

13.99 Gb Total Physical Memory | 11.63 Gb Available Physical Memory | 83.16% Memory free
27.99 Gb Paging File | 25.44 Gb Available in Paging File | 90.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 852.26 Gb Free Space | 91.50% Space Free | Partition Type: NTFS
Drive D: | 3.34 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: LEVIATHAN | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/21 19:30:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
PRC - [2013/11/12 19:39:06 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/12 19:39:45 | 003,363,952 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/07/25 20:46:56 | 002,366,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/07/25 19:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/25 19:17:59 | 000,015,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV:64bit: - [2012/07/25 19:08:04 | 001,968,128 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2012/07/25 19:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 19:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 19:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 19:07:30 | 000,169,984 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2012/07/25 19:07:27 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2012/07/25 19:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 19:06:36 | 000,463,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2012/07/25 19:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 19:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 19:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 19:06:00 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/07/25 19:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 19:05:38 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/07/25 19:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 19:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/25 19:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 19:05:11 | 000,174,080 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/07/25 19:05:08 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/07/25 19:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 19:05:04 | 000,187,392 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 16:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013/11/12 19:39:36 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/25 19:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 19:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/25 21:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\WINDOWS\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/25 21:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/25 21:00:58 | 000,445,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2012/07/25 21:00:58 | 000,337,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2012/07/25 21:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/25 21:00:58 | 000,212,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/07/25 21:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/25 21:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/25 21:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/25 21:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2012/07/25 21:00:55 | 000,120,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/07/25 21:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2012/07/25 21:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/25 21:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/25 21:00:55 | 000,028,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/07/25 21:00:54 | 000,056,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/07/25 21:00:52 | 003,295,984 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/07/25 21:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/25 21:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/25 21:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/25 21:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/25 21:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/25 21:00:49 | 000,539,376 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/07/25 21:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/25 21:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/25 21:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/25 21:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 20:59:35 | 000,193,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2012/07/25 20:59:35 | 000,148,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2012/07/25 20:59:32 | 000,055,024 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/07/25 20:58:00 | 000,068,848 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2012/07/25 20:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 20:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/25 20:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 20:44:30 | 000,258,288 | ---- | M] (Microsoft Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2012/07/25 20:36:15 | 000,034,216 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2012/07/25 19:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 19:17:38 | 000,027,888 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/07/25 18:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 18:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 18:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 18:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 18:28:27 | 000,031,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2012/07/25 18:27:58 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/07/25 18:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 18:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 18:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 18:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 18:27:31 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/07/25 18:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 18:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 18:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 18:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 18:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 18:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 18:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 18:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 18:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 18:25:54 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/07/25 18:25:26 | 000,203,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\Vid.sys -- (Vid)
DRV:64bit: - [2012/07/25 18:25:22 | 000,067,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\storvsp.sys -- (storvsp)
DRV:64bit: - [2012/07/25 18:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 18:25:12 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmbusr.sys -- (vmbusr)
DRV:64bit: - [2012/07/25 18:25:12 | 000,066,048 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpcivsp.sys -- (vpcivsp)
DRV:64bit: - [2012/07/25 18:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 18:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 18:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/07/25 14:53:22 | 011,926,528 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/28 18:00:48 | 000,360,448 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/06/02 06:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2012/06/02 06:31:32 | 002,935,808 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/05/18 08:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\dc3d.sys -- (dc3d)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC






IE - HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
IE - HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C5 4B 7E 5C A1 E5 CE 01 [binary data]
IE - HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3369700690-3850376273-3648611264-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1
FF - user.js - File not found


FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2013/11/19 19:35:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Extensions
[2013/11/19 19:35:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/19 19:35:00 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2012/07/25 21:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67C2E777-3C2A-440A-8BDE-083FEBFD7A85}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/07/26 00:23:07 | 000,000,128 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/11/21 19:30:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
[2013/11/21 19:24:37 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Max\Desktop\HijackThis.exe
[2013/11/19 19:35:26 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Mozilla
[2013/11/19 19:35:26 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Mozilla
[2013/11/19 19:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/11/19 19:35:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/11/19 19:34:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/19 19:34:11 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Macromedia
[2013/11/19 19:31:44 | 000,000,000 | R--D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/11/19 19:31:44 | 000,000,000 | R--D | C] -- C:\Users\Max\Searches
[2013/11/19 19:31:44 | 000,000,000 | R--D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/11/19 19:31:44 | 000,000,000 | -H-D | C] -- C:\Users\Max\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/11/19 19:31:30 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Adobe
[2013/11/19 19:30:02 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\VirtualStore
[2013/11/19 19:29:34 | 000,000,000 | ---D | C] -- C:\ProgramData\PRICache
[2013/11/19 19:29:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2013/11/19 19:29:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2013/11/19 19:27:46 | 000,000,000 | -HSD | C] -- C:\Users\Max\AppData\Local\Temporary Internet Files
[2013/11/19 19:27:46 | 000,000,000 | -HSD | C] -- C:\Users\Max\Templates
[2013/11/19 19:27:46 | 000,000,000 | -HSD | C] -- C:\Users\Max\Start Menu
[2013/11/19 19:27:46 | 000,000,000 | -HSD | C] -- C:\Users\Max\SendTo
[2013/11/19 19:27:46 | 000,000,000 | -HSD | C] -- C:\Users\Max\Recent
[2013/11/19 19:27:46 | 000,000,000 | -HSD | C] -- C:\Users\Max\PrintHood
[2013/11/19 19:27:46 | 000,000,000 | -HSD | C] -- C:\Users\Max\NetHood
[2013/11/19 19:27:46 | 000,000,000 | -HSD | C] -- C:\Users\Max\Documents\My Videos
[2013/11/19 19:27:46 | 000,000,000 | -HSD | C] -- C:\Users\Max\Documents\My Pictures
[2013/11/19 19:27:46 | 000,000,000 | -HSD | C] -- C:\Users\Max\Documents\My Music
[2013/11/19 19:27:46 | 000,000,000 | -HSD | C] -- C:\Users\Max\My Documents
[2013/11/19 19:27:46 | 000,000,000 | -HSD | C] -- C:\Users\Max\Local Settings
[2013/11/19 19:27:46 | 000,000,000 | -HSD | C] -- C:\Users\Max\AppData\Local\History
[2013/11/19 19:27:46 | 000,000,000 | -HSD | C] -- C:\Users\Max\Cookies
[2013/11/19 19:27:46 | 000,000,000 | -HSD | C] -- C:\Users\Max\Application Data
[2013/11/19 19:27:46 | 000,000,000 | -HSD | C] -- C:\Users\Max\AppData\Local\Application Data
[2013/11/19 19:27:45 | 000,000,000 | --SD | C] -- C:\Users\Max\AppData\Roaming\Microsoft
[2013/11/19 19:27:45 | 000,000,000 | R--D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
[2013/11/19 19:27:45 | 000,000,000 | R--D | C] -- C:\Users\Max\Favorites
[2013/11/19 19:27:45 | 000,000,000 | R--D | C] -- C:\Users\Max\Desktop
[2013/11/19 19:27:45 | 000,000,000 | R--D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/11/19 19:27:45 | 000,000,000 | R--D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
[2013/11/19 19:27:45 | 000,000,000 | -H-D | C] -- C:\Users\Max\AppData
[2013/11/19 19:27:45 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Temp
[2013/11/19 19:27:45 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Microsoft
[2013/11/19 19:27:45 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/11/19 19:24:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/11/19 19:24:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/11/19 19:22:02 | 000,000,000 | ---D | C] -- C:\Windows.old
[2013/11/19 19:08:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\Panther
[2013/11/19 19:07:08 | 000,000,000 | -H-D | C] -- C:\$SysReset
[2013/11/15 11:26:34 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Max\Desktop\dds.scr
[2013/11/07 20:27:21 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Visual Studio 2008
[2013/11/07 20:26:58 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Visual Studio 2010
[2013/11/07 18:55:45 | 000,000,000 | R--D | C] -- C:\Users\Max\Contacts
[2013/11/07 18:54:52 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Packages
[2013/11/07 18:54:22 | 000,000,000 | R--D | C] -- C:\Users\Max\Videos
[2013/11/07 18:54:22 | 000,000,000 | R--D | C] -- C:\Users\Max\Saved Games
[2013/11/07 18:54:22 | 000,000,000 | R--D | C] -- C:\Users\Max\Pictures
[2013/11/07 18:54:22 | 000,000,000 | R--D | C] -- C:\Users\Max\Music
[2013/11/07 18:54:22 | 000,000,000 | R--D | C] -- C:\Users\Max\Links
[2013/11/07 18:54:22 | 000,000,000 | R--D | C] -- C:\Users\Max\Downloads
[2013/11/07 18:54:22 | 000,000,000 | R--D | C] -- C:\Users\Max\Documents

========== Files - Modified Within 30 Days ==========

[2013/11/21 19:30:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
[2013/11/21 19:25:01 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Max\Desktop\HijackThis.exe
[2013/11/21 19:17:32 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/19 19:35:20 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/19 19:33:58 | 000,803,370 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2013/11/19 19:33:58 | 000,682,880 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2013/11/19 19:33:58 | 000,124,762 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2013/11/19 19:33:22 | 000,001,428 | ---- | M] () -- C:\Users\Max\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/19 19:28:08 | 000,009,528 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2013/11/19 19:28:08 | 000,009,528 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2013/11/19 19:26:58 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/11/19 19:26:36 | 3428,515,838 | -HS- | M] () -- C:\hiberfil.sys
[2013/11/19 19:25:00 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013/11/19 19:24:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\ativpsrm.bin
[2013/11/19 19:24:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SysNative\atiicdxx.dat
[2013/11/19 19:23:48 | 371,425,069 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP
[2013/11/15 11:26:38 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Max\Desktop\dds.scr
[2013/11/12 18:22:27 | 010,206,855 | ---- | M] () -- C:\Users\Max\Documents\ebooksclub.org__Discrete_Mathematics_with_Applications.pdf

========== Files Created - No Company Name ==========

[2013/11/19 19:35:20 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/11/19 19:35:18 | 000,001,163 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/11/19 19:33:22 | 000,001,428 | ---- | C] () -- C:\Users\Max\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2013/11/19 19:31:30 | 000,001,434 | ---- | C] () -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/11/19 19:27:46 | 000,000,352 | ---- | C] () -- C:\Users\Max\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/11/19 19:27:46 | 000,000,334 | ---- | C] () -- C:\Users\Max\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/11/19 19:27:44 | 000,009,528 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2013/11/19 19:27:44 | 000,009,528 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2013/11/19 19:25:00 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\SysNative\drivers\Msft_User_WpdFs_01_11_00.Wdf
[2013/11/19 19:24:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013/11/19 19:24:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SysNative\atiicdxx.dat
[2013/11/19 19:23:48 | 371,425,069 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP
[2013/11/12 18:23:41 | 010,206,855 | ---- | C] () -- C:\Users\Max\Documents\ebooksclub.org__Discrete_Mathematics_with_Applications.pdf
[2013/11/07 18:44:47 | 268,435,456 | -HS- | C] () -- C:\swapfile.sys
[2012/07/26 00:13:10 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2012/07/26 00:13:09 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2012/07/25 23:21:26 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/07/25 17:17:42 | 000,043,520 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2012/07/25 16:48:53 | 000,083,968 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2012/07/25 12:37:29 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2012/07/25 12:28:31 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2012/06/02 06:31:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat

========== ZeroAccess Check ==========


[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/07/25 19:07:16 | 019,779,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/07/25 19:19:59 | 017,559,552 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 19:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 19:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 19:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >


Extras

OTL Extras logfile created on: 11/21/2013 7:31:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Max\Desktop
64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16384)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

13.99 Gb Total Physical Memory | 11.63 Gb Available Physical Memory | 83.16% Memory free
27.99 Gb Paging File | 25.44 Gb Available in Paging File | 90.88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 852.26 Gb Free Space | 91.50% Space Free | Partition Type: NTFS
Drive D: | 3.34 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: LEVIATHAN | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3369700690-3850376273-3648611264-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F0278A-9ED7-447C-8DA8-480E98F55CFE}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{10131D2D-AEDB-45D0-B1FE-0ABF64FF0E5F}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{212AD4DC-370D-466A-8F42-941857EEF53F}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{23B8FBCC-ADDF-4D52-9D67-B4A2532E7882}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{3B17D380-61DB-4336-ACD3-DF48E90F66CE}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{4E222DAD-2EFE-488A-8FCE-550176E3B9DA}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{5F22E203-9ABB-4A6D-8137-2AB069BE029E}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{5FCD2345-9191-4BC0-8A4D-90BA8701D829}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{654A9499-DD29-4F0C-9881-50441632B14E}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{8324FEB3-C8E8-4FE4-8EC6-A4893C419DAA}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{9A076A28-6229-42AC-A5B2-2FFB7748E23D}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{AB9A74CE-DA46-4849-AFE1-B4A7E8D4DAAD}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{B7F47CBC-A1B9-4886-B8D8-72B5C43F8B26}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{B911E92C-4917-4574-BC0D-7511D94DE5A1}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{C313D8FB-DCD4-4C3F-A482-2430031A0AA3}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{D02DAF29-1A85-49BD-AD80-784E7CD2BEF4}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{E13265C7-5B37-4E26-BC1E-51E97C17BE54}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{E4DA8046-FD76-4692-A73D-9052A3029964}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 25.0.1 (x86 en-US)" = Mozilla Firefox 25.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service

========== Last 20 Event Log Errors ==========

[ System Events ]
Error - 11/19/2013 11:24:17 PM | Computer Name = Leviathan | Source = BugCheck | ID = 1001
Description =

Error - 11/19/2013 11:24:23 PM | Computer Name = Leviathan | Source = Service Control Manager | ID = 7023
Description = The IP Helper service terminated with the following error: %%1058

Error - 11/19/2013 11:24:25 PM | Computer Name = Leviathan | Source = Service Control Manager | ID = 7023
Description = The Network List Service service terminated with the following error:
%%21


< End of report >

Thank you very much.

Very respectfully,
Max Downs
maximusdowns
Regular Member
 
Posts: 66
Joined: August 4th, 2012, 4:11 pm

Re: Computer Randomly Shuts Down

Unread postby wannabeageek » November 22nd, 2013, 2:45 am

maximusdowns,

You did not upload as an attachment the file I asked for:

Also, upload as an attachment the file located at:C:\WINDOWS\MEMORY.DMP. Report Id: 111913-63149-01. from the BSOD your machine suffered.

A dump was saved in: C:\WINDOWS\MEMORY.DMP. Report Id: 111913-63149-01.
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Computer Randomly Shuts Down

Unread postby maximusdowns » November 22nd, 2013, 8:47 pm

Wannabeageek,

Sorry, my mistake. When I try to upload the file as an attachment, I get an error message saying I don't have access to the file and to contact the file's administrator. This is strange because I should be the administrator of the file. I was going to go into the User Accounts to see if I could figure it out, but then I remembered I would consult with you before any action. Please advise on how to move forward.

Very respectfully,
Max Downs
maximusdowns
Regular Member
 
Posts: 66
Joined: August 4th, 2012, 4:11 pm

Re: Computer Randomly Shuts Down

Unread postby wannabeageek » November 24th, 2013, 2:30 am

Hi maximusdowns.

I am sorry to say that it appears that your issue is not malware related. Without the dump file I will not be able to verify whether it is malware or hardware/driver related.
Therefore I am going to request the thread be closed as there is no signs of malware in your logs.

wbg
wannabeageek
MRU Master
MRU Master
 
Posts: 1871
Joined: November 23rd, 2009, 10:21 pm
Location: California

Re: Computer Randomly Shuts Down

Unread postby Cypher » November 26th, 2013, 6:18 am

As your problems do not appear to be malware related, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware