My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.
Please stay with this topic until I let you know that your system appears to be "All Clear"
Important:All tools MUST be run from the Desktop.
=========================
What tools have you already run?
Did they generate any logs?
=========================
Security Check
Download Security Check by screen317 from here or here.
Save it to your Desktop.
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
When asked if you want to download Avast's virus definitions please select Yes.
Click Scan
Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply
Results of screen317's Security Check version 0.99.80
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11 ``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date! `````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 51
Adobe Flash Player 12.0.0.70
Adobe Reader XI ````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe Spybot Teatimer.exe is disabled! `````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2% ````````````````````End of Log``````````````````````
Results of screen317's Security Check version 0.99.80
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11 ``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date! `````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 51
Adobe Flash Player 12.0.0.70
Adobe Reader XI ````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe Spybot Teatimer.exe is disabled! `````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2% ````````````````````End of Log``````````````````````
sorry so sloppy im slow.FRST too long. What should i do. Here are some others
OTL logfile created on: 2/11/2014 2:34:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\14healing\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.73 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 47.22% Memory free
1.73 Gb Paging File | 0.74 Gb Available in Paging File | 42.66% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.99 Gb Total Space | 6.13 Gb Free Space | 2.15% Space Free | Partition Type: NTFS
Computer Name: YUANSHEN | User Name: 14daminute | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
OTL Extras logfile created on: 2/11/2014 2:34:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\14healing\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.73 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 47.22% Memory free
1.73 Gb Paging File | 0.74 Gb Available in Paging File | 42.66% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.99 Gb Total Space | 6.13 Gb Free Space | 2.15% Space Free | Partition Type: NTFS
Computer Name: YUANSHEN | User Name: 14daminute | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029CA27F-8D5C-AC3C-319B-FA50664CE9F9}" = AMD Catalyst Install Manager
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975352A0-948D-D5C7-A07E-24B970EDF2A9}" = ccc-utility64
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{CD763F71-AA9E-5124-94CE-03730E766067}" = AMD Media Foundation Decoders
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 10.6.8.1_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}" = EZ Fonts
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{073AB2D7-2B91-D6FF-FE7E-86BF8A7BFBD0}" = CCC Help Hungarian
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{1342B867-AF20-CAB4-5933-118771F81A1B}" = CCC Help Dutch
"{136AF185-A315-345C-4FB8-579F893C3C89}" = CCC Help Greek
"{1816F8CA-43E0-1A7E-86A2-9A29128D2D16}" = Catalyst Control Center InstallProxy
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{204A6124-5CC2-3DAD-9BF0-576C315FF82A}" = CCC Help English
"{2250E769-2D53-80A5-3AF4-07960E1C0BF6}" = CCC Help French
"{27A2CE49-B8FE-40EB-57BF-DD63554ED30D}" = CCC Help Czech
"{31CB830F-FDD6-24DF-EBA2-CF1AEF4F4E4F}" = Catalyst Control Center Graphics Previews Common
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E9EEE15-2E4A-82E8-5BD2-D417E771916B}" = CCC Help Swedish
"{400639AE-E3A0-8B24-5522-80ED9E5546EA}" = CCC Help Japanese
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{45C164A8-E43E-4E1C-B532-C49729ACEDFE}" = Catalyst Control Center - Branding
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4DF4B93E-8A95-4DA0-DEE0-33537DFE5A48}" = CCC Help Thai
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{563C0A16-FCB5-DA60-D5CF-B0E22F7D325A}" = CCC Help Danish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59AAF033-AD0C-F8FA-9C49-AE4FAE1ECF2C}" = CCC Help Norwegian
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{608363EA-6216-B6FB-F870-196A491A0B37}" = CCC Help Russian
"{616A0B52-7317-4293-90C9-1E4A793F4BC2}" = Alcor Micro USB Card Reader
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68559D97-71AF-B70D-2FC1-45370BEE892C}" = AMD VISION Engine Control Center
"{6A8A32FC-C798-3979-EB3A-7FD7A7977ECE}" = CCC Help Chinese Standard
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738E7C33-0368-F7AF-F3D3-0B7D6FCB8CFB}" = CCC Help Polish
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF66E73-B760-4A07-276D-C5FAA401BB54}" = CCC Help Finnish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DBFF182-AE53-88AC-1F65-180130C4170B}" = CCC Help German
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96C52203-0162-677C-3F90-26AACF07FC63}" = CCC Help Italian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78796A8-3827-B1B9-6BB8-06165C809174}" = CCC Help Portuguese
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B07388F8-772A-8E09-8FD7-C9839EB70B18}" = CCC Help Turkish
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{C24C19AA-8612-9FB6-6EAC-BCC4DF33D92C}" = CCC Help Korean
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8C69122-5544-6914-BFF2-EF8D286F0957}" = Catalyst Control Center Localization All
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E68849B1-62A5-C4DD-0450-EF36C21FEDA3}" = CCC Help Spanish
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F77EF646-19EB-11E1-9A9E-984BE15F174E}" = Evernote v. 4.5.2
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{FABC08FE-E097-CEFB-2C37-8D53FC9FBDA9}" = CCC Help Chinese Traditional
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"AmUStor" = Alcor Micro USB Card Reader
"DFX" = DFX
"ERUNT_is1" = ERUNT 1.1j
"Freemake Video Downloader_is1" = Freemake Video Downloader
"Identity Card" = Identity Card
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"KLiteCodecPack_is1" = K-Lite Codec Pack 10.2.0 Basic
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/3/2014 10:22:39 PM | Computer Name = yuanshen | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved
Error - 1/3/2014 10:48:31 PM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =
Error - 1/3/2014 10:57:05 PM | Computer Name = yuanshen | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.
Error - 1/3/2014 11:04:52 PM | Computer Name = yuanshen | Source = ESENT | ID = 489
Description = taskhost (380) An attempt to open the file "C:\Users\healing41\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).
Error - 1/4/2014 12:11:13 AM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =
Error - 1/4/2014 12:19:57 AM | Computer Name = yuanshen | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved
Error - 1/4/2014 2:39:36 PM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =
Error - 1/4/2014 10:20:14 PM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =
Error - 1/4/2014 10:38:09 PM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =
Error - 1/5/2014 1:00:54 AM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =
Error - 1/5/2014 1:04:15 AM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 10/18/2013 9:52:19 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 6:52:18 AM - Error connecting to the internet. 6:52:18 AM - Unable
to contact server..
Error - 10/23/2013 9:46:26 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 6:46:26 AM - Error connecting to the internet. 6:46:26 AM - Unable
to contact server..
Error - 10/28/2013 6:19:40 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 3:19:39 AM - Error connecting to the internet. 3:19:39 AM - Unable
to contact server..
Error - 11/2/2013 5:01:59 PM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 2:01:58 PM - Error connecting to the internet. 2:01:59 PM - Unable
to contact server..
Error - 11/7/2013 6:12:57 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 2:12:56 AM - Error connecting to the internet. 2:12:56 AM - Unable
to contact server..
Error - 11/12/2013 6:06:05 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 2:06:05 AM - Error connecting to the internet. 2:06:05 AM - Unable
to contact server..
Error - 11/17/2013 6:35:18 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 2:35:17 AM - Error connecting to the internet. 2:35:17 AM - Unable
to contact server..
Error - 11/22/2013 6:34:10 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 2:34:10 AM - Error connecting to the internet. 2:34:10 AM - Unable
to contact server..
Error - 11/27/2013 6:21:09 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 2:21:08 AM - Error connecting to the internet. 2:21:08 AM - Unable
to contact server..
Error - 12/3/2013 12:57:20 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 8:57:19 PM - Error connecting to the internet. 8:57:19 PM - Unable
to contact server..
[ Spybot - Search and Destroy Events ]
Error - 4/27/2013 2:03:27 PM | Computer Name = yuanshen | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2
Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2
Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2
Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2
Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2
Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2
Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2
Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2
Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2
Error - 2/11/2014 5:55:28 PM | Computer Name = yuanshen | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80071a30: Security Update for Windows 7 for x64-based Systems (KB2862330).
OTL Extras logfile created on: 2/11/2014 2:34:23 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\14healing\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.73 Gb Total Physical Memory | 0.82 Gb Available Physical Memory | 47.22% Memory free
1.73 Gb Paging File | 0.74 Gb Available in Paging File | 42.66% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.99 Gb Total Space | 6.13 Gb Free Space | 2.15% Space Free | Partition Type: NTFS
Computer Name: YUANSHEN | User Name: 14daminute | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{029CA27F-8D5C-AC3C-319B-FA50664CE9F9}" = AMD Catalyst Install Manager
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{975352A0-948D-D5C7-A07E-24B970EDF2A9}" = ccc-utility64
"{A508D5A2-3AC1-4594-A718-A663D6D3CF11}" = Windows Live Remote Service Resources
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb" = Internet Explorer (Enable DEP)
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{CD763F71-AA9E-5124-94CE-03730E766067}" = AMD Media Foundation Decoders
"{CFF3C688-2198-4BC3-A399-598226949C39}" = Windows Live Remote Client Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 10.6.8.1_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02F5BEE7-0AB6-4E42-9BF8-2588AAECC7F2}" = EZ Fonts
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{073AB2D7-2B91-D6FF-FE7E-86BF8A7BFBD0}" = CCC Help Hungarian
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{1342B867-AF20-CAB4-5933-118771F81A1B}" = CCC Help Dutch
"{136AF185-A315-345C-4FB8-579F893C3C89}" = CCC Help Greek
"{1816F8CA-43E0-1A7E-86A2-9A29128D2D16}" = Catalyst Control Center InstallProxy
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{204A6124-5CC2-3DAD-9BF0-576C315FF82A}" = CCC Help English
"{2250E769-2D53-80A5-3AF4-07960E1C0BF6}" = CCC Help French
"{27A2CE49-B8FE-40EB-57BF-DD63554ED30D}" = CCC Help Czech
"{31CB830F-FDD6-24DF-EBA2-CF1AEF4F4E4F}" = Catalyst Control Center Graphics Previews Common
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E9EEE15-2E4A-82E8-5BD2-D417E771916B}" = CCC Help Swedish
"{400639AE-E3A0-8B24-5522-80ED9E5546EA}" = CCC Help Japanese
"{43B43577-2514-4CE0-B14A-7E85C17C0453}" = Windows Live Essentials
"{45C164A8-E43E-4E1C-B532-C49729ACEDFE}" = Catalyst Control Center - Branding
"{4664ED39-C80A-48F7-93CD-EBDCAFAB6CC5}" = Windows Live Writer Resources
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4DF4B93E-8A95-4DA0-DEE0-33537DFE5A48}" = CCC Help Thai
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{563C0A16-FCB5-DA60-D5CF-B0E22F7D325A}" = CCC Help Danish
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59AAF033-AD0C-F8FA-9C49-AE4FAE1ECF2C}" = CCC Help Norwegian
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{608363EA-6216-B6FB-F870-196A491A0B37}" = CCC Help Russian
"{616A0B52-7317-4293-90C9-1E4A793F4BC2}" = Alcor Micro USB Card Reader
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{644063FA-ABA3-42AC-A8AC-3EDC0706018B}" = Windows Live Mesh
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68559D97-71AF-B70D-2FC1-45370BEE892C}" = AMD VISION Engine Control Center
"{6A8A32FC-C798-3979-EB3A-7FD7A7977ECE}" = CCC Help Chinese Standard
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738E7C33-0368-F7AF-F3D3-0B7D6FCB8CFB}" = CCC Help Polish
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{7FF66E73-B760-4A07-276D-C5FAA401BB54}" = CCC Help Finnish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DBFF182-AE53-88AC-1F65-180130C4170B}" = CCC Help German
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96C52203-0162-677C-3F90-26AACF07FC63}" = CCC Help Italian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DA3F03B-2CEE-4344-838E-117861E61FAF}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A199DB88-E22D-4CE7-90AC-B8BE396D7BF4}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A78796A8-3827-B1B9-6BB8-06165C809174}" = CCC Help Portuguese
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-AB0000000001}" = Adobe Reader XI (11.0.03)
"{B07388F8-772A-8E09-8FD7-C9839EB70B18}" = CCC Help Turkish
"{B33B61FE-701F-425F-98AB-2B85725CBF68}" = Windows Live Photo Common
"{B3BE54A4-8DFE-4593-8E66-56AB7133B812}" = Windows Live Writer
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{C24C19AA-8612-9FB6-6EAC-BCC4DF33D92C}" = CCC Help Korean
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{C8C69122-5544-6914-BFF2-EF8D286F0957}" = Catalyst Control Center Localization All
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3E5A972-9A15-427D-AE78-8181A5FD943C}" = eBay Worldwide
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DF71ABBB-B834-41C0-BB58-80B0545D754C}" = Windows Live UX Platform Language Pack
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E68849B1-62A5-C4DD-0450-EF36C21FEDA3}" = CCC Help Spanish
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F77EF646-19EB-11E1-9A9E-984BE15F174E}" = Evernote v. 4.5.2
"{F7A46527-DF1F-4B0F-9637-98547E189442}" = Windows Live Galeria de Fotos
"{FABC08FE-E097-CEFB-2C37-8D53FC9FBDA9}" = CCC Help Chinese Traditional
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.17
"AmUStor" = Alcor Micro USB Card Reader
"DFX" = DFX
"ERUNT_is1" = ERUNT 1.1j
"Freemake Video Downloader_is1" = Freemake Video Downloader
"Identity Card" = Identity Card
"InstallShield_{A0382E3C-7384-429A-9BFA-AF5888E5A193}" = Acer Crystal Eye Webcam
"KLiteCodecPack_is1" = K-Lite Codec Pack 10.2.0 Basic
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"WinLiveSuite" = Windows Live Essentials
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/3/2014 10:22:39 PM | Computer Name = yuanshen | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved
Error - 1/3/2014 10:48:31 PM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =
Error - 1/3/2014 10:57:05 PM | Computer Name = yuanshen | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.
Error - 1/3/2014 11:04:52 PM | Computer Name = yuanshen | Source = ESENT | ID = 489
Description = taskhost (380) An attempt to open the file "C:\Users\healing41\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat"
for read only access failed with system error 32 (0x00000020): "The process cannot
access the file because it is being used by another process. ". The open file
operation will fail with error -1032 (0xfffffbf8).
Error - 1/4/2014 12:11:13 AM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =
Error - 1/4/2014 12:19:57 AM | Computer Name = yuanshen | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed: The server name or address could not be resolved
Error - 1/4/2014 2:39:36 PM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =
Error - 1/4/2014 10:20:14 PM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =
Error - 1/4/2014 10:38:09 PM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =
Error - 1/5/2014 1:00:54 AM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =
Error - 1/5/2014 1:04:15 AM | Computer Name = yuanshen | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 10/18/2013 9:52:19 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 6:52:18 AM - Error connecting to the internet. 6:52:18 AM - Unable
to contact server..
Error - 10/23/2013 9:46:26 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 6:46:26 AM - Error connecting to the internet. 6:46:26 AM - Unable
to contact server..
Error - 10/28/2013 6:19:40 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 3:19:39 AM - Error connecting to the internet. 3:19:39 AM - Unable
to contact server..
Error - 11/2/2013 5:01:59 PM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 2:01:58 PM - Error connecting to the internet. 2:01:59 PM - Unable
to contact server..
Error - 11/7/2013 6:12:57 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 2:12:56 AM - Error connecting to the internet. 2:12:56 AM - Unable
to contact server..
Error - 11/12/2013 6:06:05 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 2:06:05 AM - Error connecting to the internet. 2:06:05 AM - Unable
to contact server..
Error - 11/17/2013 6:35:18 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 2:35:17 AM - Error connecting to the internet. 2:35:17 AM - Unable
to contact server..
Error - 11/22/2013 6:34:10 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 2:34:10 AM - Error connecting to the internet. 2:34:10 AM - Unable
to contact server..
Error - 11/27/2013 6:21:09 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 2:21:08 AM - Error connecting to the internet. 2:21:08 AM - Unable
to contact server..
Error - 12/3/2013 12:57:20 AM | Computer Name = yuanshen | Source = MCUpdate | ID = 0
Description = 8:57:19 PM - Error connecting to the internet. 8:57:19 PM - Unable
to contact server..
[ Spybot - Search and Destroy Events ]
Error - 4/27/2013 2:03:27 PM | Computer Name = yuanshen | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
[ System Events ]
Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2
Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2
Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2
Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2
Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2
Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2
Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2
Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2
Error - 2/11/2014 5:52:30 PM | Computer Name = yuanshen | Source = Service Control Manager | ID = 7000
Description = The WinPcap Packet Driver (NPF) service failed to start due to the
following error: %%2
Error - 2/11/2014 5:55:28 PM | Computer Name = yuanshen | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80071a30: Security Update for Windows 7 for x64-based Systems (KB2862330).
Please be sure to read through the instructions completely when posting logs. I see you have OTL installed, we can use that program to remove the malware. You don't need to post the FRST logs (FRST.tx & Addition.txt). In the future, if the logs are too big to post just split them into separate replies.
Your aswMBR log should be on your desktop as aswMBR.txt, please post that file. (do not zip that file)
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Shut down your protection software now to avoid potential conflicts.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
=========================
Reboot
=========================
Re-run OTL(it should be located on your desktop).
Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Uncheck the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open one notepad window. OTL.Txt. (No Extras.txt will be produced)
Note:The log can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
Please copy (Edit->Select All, Edit->Copy) the contents of the file, and post it with your next reply.
still cant clean reboot because of device driver, still system boing boing. The logs
OTL logfile created on: 3/7/2014 4:49:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\14daminute\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.73 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 52.14% Memory free
3.68 Gb Paging File | 2.59 Gb Available in Paging File | 70.38% Paging File free
Paging file location(s): c:\pagefile.sys 2000 2500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.99 Gb Total Space | 25.13 Gb Free Space | 8.82% Space Free | Partition Type: NTFS
Computer Name: YUANSHEN | User Name: 14daminute | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 03/07/2014 at 14:40:22.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
OTL logfile created on: 3/7/2014 4:49:16 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\14daminute\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.73 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 52.14% Memory free
3.68 Gb Paging File | 2.59 Gb Available in Paging File | 70.38% Paging File free
Paging file location(s): c:\pagefile.sys 2000 2500 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.99 Gb Total Space | 25.13 Gb Free Space | 8.82% Space Free | Partition Type: NTFS
Computer Name: YUANSHEN | User Name: 14daminute | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days