Jump to content

deethy

Members
  • Posts

    8
  • Joined

  • Last visited

Reputation

0 Neutral

About deethy

  • Birthday 07/28/1992

Profile Information

  • Location
    NJ
  1. I'll definitely read through that! Here are the results from Security Check: Results of screen317's Security Check version 0.99.72 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! AVG AntiVirus Free Edition 2013 Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 25 Adobe Flash Player 11.8.800.94 Adobe Reader XI Google Chrome 28.0.1500.72 Google Chrome 28.0.1500.95 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe AVG avgwdsvc.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````
  2. I went to go post the logs and noticed on there the process the malicious IP was coming from was pandoraservice.exe over and over again so I just uninstalled it and the messages stopped! I attached the logs just in case (they were too long to post), but I think it's fixed! Thanks again for all the help, really appreciate it. protection-log-2013-08-18.txt protection-log-2013-08-17.txt
  3. Oh thank you! I'll definitely do that. The computer's running fine, but I am still getting those pop-ups constantly.
  4. Here are my results, there were no threats found from step 6 so there's no log from that step. Malwarebytes Anti-Rootkit BETA 1.06.1.1005 www.malwarebytes.org Database version: v2013.08.16.07 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16660 Deethers :: DEETHY [administrator] 8/17/2013 2:10:50 AM mbar-log-2013-08-17 (02-10-50).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: PUP Objects scanned: 231278 Time elapsed: 15 minute(s), 35 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.1.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.2.9200 Windows 8 x64 Account is Administrative Internet Explorer version: 10.0.9200.16660 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED CPU speed: 2.594000 GHz Memory total: 6290948096, free: 4020908032 Downloaded database version: v2013.08.16.07 Initializing... ------------ Kernel report ------------ 08/17/2013 02:10:47 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kd.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\System32\drivers\CLFS.SYS \SystemRoot\System32\drivers\tm.sys \SystemRoot\system32\PSHED.dll \SystemRoot\system32\BOOTVID.dll \SystemRoot\system32\CI.dll \SystemRoot\System32\drivers\msrpc.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\System32\Drivers\acpiex.sys \SystemRoot\System32\Drivers\WppRecorder.sys \SystemRoot\System32\drivers\ACPI.sys \SystemRoot\System32\drivers\WMILIB.SYS \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\msisadrv.sys \SystemRoot\System32\drivers\pci.sys \SystemRoot\System32\drivers\vdrvroot.sys \SystemRoot\system32\drivers\pdc.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\System32\drivers\spaceport.sys \SystemRoot\System32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\System32\drivers\iaStorA.sys \SystemRoot\System32\drivers\storport.sys \SystemRoot\System32\drivers\EhStorClass.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\System32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\wfplwfs.sys \SystemRoot\system32\DRIVERS\avgloga.sys \SystemRoot\system32\DRIVERS\avgmfx64.sys \SystemRoot\system32\DRIVERS\avgidsha.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\System32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\DRIVERS\LhdX64.sys \SystemRoot\System32\drivers\disk.sys \SystemRoot\System32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\avgrkx64.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\drivers\cdrom.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\BasicRender.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\System32\drivers\BasicDisplay.sys \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\system32\DRIVERS\avgwfpa.sys \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\afd.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\avgldx64.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\drivers\npsvctrig.sys \SystemRoot\System32\drivers\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\avgidsdrivera.sys \SystemRoot\System32\drivers\XHCIPort.sys \SystemRoot\System32\drivers\USBD.SYS \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\System32\drivers\CompositeBus.sys \SystemRoot\system32\DRIVERS\kdnic.sys \SystemRoot\System32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\System32\drivers\USBXHCI.SYS \SystemRoot\System32\drivers\ucx01000.sys \SystemRoot\System32\drivers\HECIx64.sys \SystemRoot\System32\drivers\usbehci.sys \SystemRoot\System32\drivers\USBPORT.SYS \SystemRoot\System32\drivers\HDAudBus.sys \SystemRoot\system32\DRIVERS\Rt630x64.sys \SystemRoot\system32\DRIVERS\NETwew00.sys \SystemRoot\System32\drivers\vwifibus.sys \SystemRoot\System32\drivers\i8042prt.sys \SystemRoot\System32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\ETD.sys \SystemRoot\System32\drivers\mouclass.sys \SystemRoot\System32\drivers\AcpiVpc.sys \SystemRoot\System32\drivers\CmBatt.sys \SystemRoot\System32\drivers\BATTC.SYS \SystemRoot\System32\drivers\intelppm.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\System32\drivers\swenum.sys \SystemRoot\System32\drivers\ks.sys \SystemRoot\System32\drivers\iwdbus.sys \SystemRoot\System32\drivers\rdpbus.sys \SystemRoot\System32\drivers\AMPPAL.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\System32\drivers\usbhub.sys \SystemRoot\System32\drivers\usb3Hub.sys \SystemRoot\System32\drivers\UsbHub3.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\System32\drivers\usbccgp.sys \SystemRoot\system32\DRIVERS\rtsuvc.sys \SystemRoot\System32\Drivers\fastfat.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\HIDPARSE.SYS \SystemRoot\System32\Drivers\dump_diskdump.sys \SystemRoot\System32\Drivers\dump_iaStorA.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\drivers\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\system32\drivers\luafv.sys \??\C:\windows\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\System32\drivers\condrv.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\drivers\Ndu.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \??\C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\System32\drivers\WUDFRd.sys \SystemRoot\System32\drivers\mshidumdf.sys \SystemRoot\System32\drivers\HIDCLASS.SYS \SystemRoot\System32\drivers\rdpvideominiport.sys \SystemRoot\System32\cdd.dll \SystemRoot\System32\WORKERDD.dll \SystemRoot\system32\DRIVERS\WinUSB.sys \SystemRoot\System32\drivers\WpdUpFltr.sys \??\C:\windows\system32\drivers\mbamchameleon.sys \??\C:\windows\system32\drivers\mbamswissarmy.sys ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8007b73060 Upper Device Driver Name: \Driver\disk\ Lower Device Name: \Device\00000039\ Lower Device Object: 0xfffffa80062502f0 Lower Device Driver Name: \Driver\iaStorA\ <<<2>>> Device number: 0, partition: 5 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8007b73060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007b72b10, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007b72040, DeviceName: Unknown, DriverName: \Driver\LHDmgr\ DevicePointer: 0xfffffa8007b73060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\ DevicePointer: 0xfffffa80062502f0, DeviceName: \Device\00000039\, DriverName: \Driver\iaStorA\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\LHDmgr\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Partition type: GUID <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 5 Partition type: GUID <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\windows\system32\drivers... <<<2>>> Device number: 0, partition: 5 Partition type: GUID <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Read File: File "c:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1) Read File: File "C:\windows\system32\drivers\vwifibus.sys" is compressed (flags = 1) Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: This drive is a GPT Drive. MBR Signature: 55AA Disk Signature: 377881F3 GPT Protective MBR Partition information: Partition 0 type is EFI-GPT (0xee) Partition is NOT ACTIVE. Partition starts at LBA: 1 Numsec = 4294967295 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 GPT Partition information: GPT Header Signature 4546492050415254 GPT Header Revision 65536 Size 92 CRC 2624490694 GPT Header CurrentLba = 1 BackupLba 1465149167 GPT Header FirstUsableLba 34 LastUsableLba 1465149134 GPT Header Guid 2e5c5c17-ad5a-4fec-ab18-ca2d8366b238 GPT Header Contains 128 partition entries starting at LBA 2 GPT Header Partition entry size = 128 Backup GPT header Signature 4546492050415254 Backup GPT header Revision 65536 Size 92 CRC 2624490694 Backup GPT header CurrentLba = 1465149167 BackupLba 1 Backup GPT header FirstUsableLba 34 LastUsableLba 1465149134 Backup GPT header Guid 2e5c5c17-ad5a-4fec-ab18-ca2d8366b238 Backup GPT header Contains 128 partition entries starting at LBA 1465149135 Backup GPT header Partition entry size = 128 Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 2ca117f9-f8df-4783-ab1c-b13768c1ca6 FirstLBA 2048 Last LBA 2050047 Attributes 1 Partition Name Basic data partition Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b Partition ID e74663fb-6a08-4294-bb2b-3f21232c884a FirstLBA 2050048 Last LBA 2582527 Attributes 1 Partition Name EFI system partition GPT Partition 1 is bootable Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22 Partition ID b571518-5c52-43f5-bbbb-e71d4a9808a FirstLBA 2582528 Last LBA 4630527 Attributes 1 Partition Name Basic data partition Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae Partition ID b4535583-2db7-4ff5-aaf7-f9fc752c982 FirstLBA 4630528 Last LBA 4892671 Attributes 0 Partition Name Microsoft reserved partition Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 5b350782-2b0e-4bd8-bac3-1de9304eb10 FirstLBA 4892672 Last LBA 1370775551 Attributes 0 Partition Name Basic data partition Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7 Partition ID 97000fd8-e9a4-47da-a939-1a2bf88256bd FirstLBA 1370775552 Last LBA 1423204351 Attributes 0 Partition Name Basic data partition Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac Partition ID 918c4d80-52c4-47d8-a841-d1d032ac3112 FirstLBA 1423204352 Last LBA 1465147391 Attributes 1 Partition Name Basic data partition Disk Size: 750156374016 bytes Sector size: 512 bytes Done! Read File: File "c:\programdata\avg2013\chjw\6a1aa8a71aa871ad.dat:5c9fdb43-9394-4445-b55f-4a4eb7b21233" is sparse (flags = 32768) Scan finished ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removal finished ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.4.6 (08.15.2013:1) OS: Windows 8 x64 Ran by Deethers on Sat 08/17/2013 at 2:30:33.45 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnu.exe Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1 Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip" Successfully deleted: [Registry Key] "hkey_local_machine\software\pip" ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup" Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 08/17/2013 at 2:34:16.39 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v2.306 - Logfile created 08/17/2013 at 02:43:43 # Updated 19/07/2013 by Xplode # Operating system : Windows 8 (64 bits) # User : Deethers - DEETHY # Boot Mode : Normal # Running from : C:\Users\Deethers\Downloads\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90} ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16660 [OK] Registry is clean. -\\ Google Chrome v28.0.1500.95 File : C:\Users\Deethers\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v12.16.1860.0 File : C:\Users\Deethers\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[s1].txt - [1706 octets] - [17/08/2013 02:43:43] ########## EOF - C:\AdwCleaner[s1].txt - [1766 octets] ########## Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2013 Ran by Deethers (administrator) on 17-08-2013 03:34:11 Running from C:\Users\Deethers\AppData\Local\Opera\Opera\temporary_downloads Windows 8 (X64) OS Language: English(US) Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\windows\system32\WLANExt.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\windows\system32\dashost.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe (Nalpeiron Ltd.) C:\windows\SysWOW64\NLSSRV32.EXE (Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (PandoraTV) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe (Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe (Realtek semiconductor) C:\Windows\RTFTrack.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe (Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe () C:\Users\Deethers\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Opera Software) C:\Program Files (x86)\Opera\opera.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneWlanCfgSvc.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtsFT] - C:\Windows\RTFTrack.exe [6334096 2012-10-17] (Realtek semiconductor) HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2872720 2012-09-05] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13262480 2012-12-07] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1256080 2012-12-03] (Realtek Semiconductor) HKLM\...\Run: [bTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11577216 2012-08-27] (Motorola Solutions, Inc.) HKLM\...\Run: [OnekeyStudio] - C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo) HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-04-25] (Lenovo (Beijing) Limited) HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-04-25] (Lenovo(beijing) Limited) HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation) HKCU\...\Run: [Amazon Cloud Player] - C:\Users\Deethers\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3109376 2013-07-21] () HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.) HKLM-x32\...\Run: [updateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.) HKLM-x32\...\Run: [intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation) HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {F9EF866D-0BD6-42D3-9069-944FB110CA8D} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS SearchScopes: HKLM-x32 - {F9EF866D-0BD6-42D3-9069-944FB110CA8D} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS SearchScopes: HKCU - DefaultScope {F9EF866D-0BD6-42D3-9069-944FB110CA8D} URL = SearchScopes: HKCU - {F9EF866D-0BD6-42D3-9069-944FB110CA8D} URL = BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Chrome: ======= CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll () CHR Plugin: (Exent\u00AE AOD Gecko Plugin) - C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF) CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Extension: (Google Docs) - C:\Users\Deethers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Deethers\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Deethers\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Deethers\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Gmail) - C:\Users\Deethers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-11-15] () R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software) R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-11-15] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.) R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2013-07-09] (AVG Technologies CZ, s.r.o.) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation) S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.) S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-11-22] (Intel Corporation) R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8230160 2012-10-17] (Realtek Semiconductor Corp.) R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows ® Win 7 DDK provider) S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink) R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.) R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.) R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-11-29] (Windows ® Win 7 DDK provider) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-08-17 03:32 - 2013-08-17 03:32 - 01575580 _____ (Farbar) C:\Users\Deethers\Downloads\FRST64.exe 2013-08-17 02:48 - 2013-08-17 02:48 - 00000000 ____D C:\Program Files (x86)\ESET 2013-08-17 02:46 - 2013-08-17 02:46 - 00001831 _____ C:\Users\Deethers\Desktop\AdwCleaner[s1].txt 2013-08-17 02:43 - 2013-08-17 02:44 - 00001831 _____ C:\AdwCleaner[s1].txt 2013-08-17 02:41 - 2013-08-17 02:43 - 00666633 _____ C:\Users\Deethers\Downloads\AdwCleaner.exe 2013-08-17 02:34 - 2013-08-17 02:34 - 00001510 _____ C:\Users\Deethers\Desktop\JRT.txt 2013-08-17 02:30 - 2013-08-17 02:30 - 01159319 _____ (Thisisu) C:\Users\Deethers\Downloads\JRT.exe 2013-08-17 02:30 - 2013-08-17 02:30 - 00000000 ____D C:\windows\ERUNT 2013-08-17 02:10 - 2013-08-17 02:29 - 00000000 ____D C:\Users\Deethers\Downloads\mbar 2013-08-17 02:10 - 2013-08-17 02:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-08-16 12:41 - 2013-08-16 12:41 - 00001974 _____ C:\Users\Deethers\Desktop\RKreport[0]_S_08162013_124105.txt 2013-08-16 12:39 - 2013-08-16 12:41 - 00000000 ____D C:\Users\Deethers\Desktop\RK_Quarantine 2013-08-16 12:38 - 2013-08-16 12:38 - 03800064 _____ C:\Users\Deethers\Downloads\RogueKillerX64.exe 2013-08-16 12:35 - 2013-08-16 12:36 - 00000000 ____D C:\Users\Deethers\Downloads\8-16-2013 2013-08-16 12:35 - 2013-08-16 12:35 - 00000792 _____ C:\Users\Deethers\Desktop\NTREGOPT.lnk 2013-08-16 12:35 - 2013-08-16 12:35 - 00000773 _____ C:\Users\Deethers\Desktop\ERUNT.lnk 2013-08-16 12:35 - 2013-08-16 12:35 - 00000000 ____D C:\Users\Deethers\Downloads\ERUNT 2013-08-16 12:32 - 2013-08-16 12:32 - 00791393 _____ (Lars Hederer ) C:\Users\Deethers\Downloads\erunt-setup.exe 2013-08-16 12:30 - 2013-08-16 12:30 - 00002252 _____ C:\Users\Deethers\Desktop\Rkill.txt 2013-08-16 12:30 - 2013-08-16 12:30 - 00000000 ____D C:\Users\Deethers\Desktop\rkill 2013-08-16 12:29 - 2013-08-16 12:29 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Deethers\Downloads\rkill.exe 2013-08-16 12:26 - 2013-08-16 12:27 - 00020159 _____ C:\Users\Deethers\Desktop\dds.txt 2013-08-16 12:26 - 2013-08-16 12:27 - 00004367 _____ C:\Users\Deethers\Desktop\attach.txt 2013-08-16 12:26 - 2013-08-16 12:26 - 00688992 ____R (Swearware) C:\Users\Deethers\Downloads\dds.scr 2013-08-16 03:29 - 2013-08-16 03:29 - 00000370 _____ C:\windows\PFRO.log 2013-08-16 02:49 - 2013-08-16 02:49 - 00000000 ____D C:\Users\Deethers\AppData\Roaming\Malwarebytes 2013-08-16 02:49 - 2013-08-16 02:49 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-16 02:49 - 2013-08-16 02:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-16 02:49 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2013-08-13 22:13 - 2013-07-26 01:13 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-08-13 22:13 - 2013-07-26 01:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-08-13 22:13 - 2013-07-26 01:13 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll 2013-08-13 22:13 - 2013-07-26 01:13 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll 2013-08-13 22:13 - 2013-07-26 01:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-08-13 22:13 - 2013-07-26 01:12 - 19239424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-08-13 22:13 - 2013-07-26 01:12 - 15405056 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-08-13 22:13 - 2013-07-26 01:12 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-08-13 22:13 - 2013-07-26 01:12 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-08-13 22:13 - 2013-07-26 01:12 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-08-13 22:13 - 2013-07-26 01:12 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-08-13 22:13 - 2013-07-26 01:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-08-13 22:13 - 2013-07-26 01:12 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-08-13 22:13 - 2013-07-25 23:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-08-13 22:13 - 2013-07-25 23:13 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-08-13 22:13 - 2013-07-25 23:13 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-08-13 22:13 - 2013-07-25 23:13 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll 2013-08-13 22:13 - 2013-07-25 23:12 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-08-13 22:13 - 2013-07-25 23:12 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2013-08-13 22:13 - 2013-07-25 23:12 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2013-08-13 22:13 - 2013-07-25 23:12 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2013-08-13 22:13 - 2013-07-25 23:11 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-08-13 22:13 - 2013-07-25 23:11 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2013-08-13 22:13 - 2013-07-25 22:49 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2013-08-13 22:13 - 2013-07-25 20:54 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll 2013-08-13 22:13 - 2013-07-09 02:07 - 02233168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys 2013-08-13 22:13 - 2013-07-01 20:44 - 00036288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys 2013-08-13 22:13 - 2013-07-01 18:08 - 00247216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys 2013-08-13 22:13 - 2013-05-23 19:02 - 01314816 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll 2013-08-13 22:13 - 2013-05-23 18:25 - 00694272 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll 2013-08-13 22:12 - 2013-07-26 01:12 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-08-13 22:12 - 2013-07-26 01:12 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-08-13 22:12 - 2013-07-25 23:12 - 14329344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-08-13 22:12 - 2013-07-25 23:12 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-08-13 22:12 - 2013-07-25 23:12 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-08-13 22:12 - 2013-07-25 23:12 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-08-13 22:11 - 2013-07-13 02:18 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll 2013-08-13 22:11 - 2013-07-13 02:16 - 01889280 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll 2013-08-13 22:11 - 2013-07-13 02:16 - 00068096 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll 2013-08-13 22:11 - 2013-07-13 02:15 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\apprepapi.dll 2013-08-13 22:11 - 2013-07-13 02:15 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\apprepsync.dll 2013-08-13 22:11 - 2013-07-13 00:24 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll 2013-08-13 22:11 - 2013-07-13 00:23 - 01568256 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll 2013-08-13 22:11 - 2013-07-13 00:23 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepapi.dll 2013-08-13 22:11 - 2013-07-13 00:23 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepsync.dll 2013-08-13 13:10 - 2013-08-13 13:10 - 00000000 ____D C:\Users\Deethers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player 2013-08-13 13:10 - 2013-08-13 13:10 - 00000000 ____D C:\Users\Deethers\AppData\Local\Amazon Cloud Player 2013-08-10 21:20 - 2013-08-10 21:23 - 00000000 ____D C:\ProgramData\Adobe 2013-08-10 21:20 - 2013-08-10 21:20 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-08-10 21:17 - 2013-08-10 21:17 - 00000000 ____D C:\Users\Deethers\AppData\Roaming\Nitro 2013-08-08 21:28 - 2013-08-08 21:28 - 673594052 _____ C:\windows\MEMORY.DMP 2013-08-08 21:28 - 2013-08-08 21:28 - 00290216 _____ C:\windows\Minidump\080813-42531-01.dmp 2013-08-08 21:28 - 2013-08-08 21:28 - 00000000 ____D C:\windows\Minidump 2013-08-07 02:51 - 2013-08-07 02:51 - 00000000 ____D C:\windows\SysWOW64\Adobe 2013-08-06 13:10 - 2013-08-06 13:10 - 00000000 ____D C:\Users\Deethers\Downloads\libmp3lame-win-3.98.2 2013-08-06 13:03 - 2013-08-06 13:14 - 00000000 ____D C:\Users\Deethers\AppData\Roaming\Audacity 2013-08-04 12:40 - 2013-08-17 03:15 - 01706296 _____ C:\windows\WindowsUpdate.log 2013-08-03 23:14 - 2013-08-07 02:52 - 00000000 ____D C:\Users\Deethers\AppData\Roaming\Nitro PDF 2013-07-31 16:43 - 2013-07-31 16:43 - 00000000 ____D C:\Users\Deethers\Downloads\RealTemp_370 2013-07-26 23:10 - 2013-06-16 18:41 - 00997632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys 2013-07-26 23:10 - 2013-06-01 07:34 - 02391280 _____ (Microsoft Corporation) C:\windows\explorer.exe 2013-07-26 23:10 - 2013-06-01 07:29 - 00213248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS 2013-07-26 23:10 - 2013-06-01 07:26 - 06987008 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2013-07-26 23:10 - 2013-06-01 07:26 - 00327936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys 2013-07-26 23:10 - 2013-06-01 06:24 - 02106176 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe 2013-07-26 23:10 - 2013-06-01 05:25 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll 2013-07-26 23:10 - 2013-06-01 05:24 - 01453568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll 2013-07-26 23:10 - 2013-06-01 05:24 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll 2013-07-26 23:10 - 2013-06-01 05:23 - 01842176 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll 2013-07-26 23:10 - 2013-06-01 05:23 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\vds.exe 2013-07-26 23:10 - 2013-06-01 05:22 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll 2013-07-26 23:10 - 2013-06-01 05:22 - 00446976 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll 2013-07-26 23:10 - 2013-06-01 05:21 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll 2013-07-26 23:10 - 2013-06-01 05:21 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll 2013-07-26 23:10 - 2013-06-01 05:20 - 02219520 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll 2013-07-26 23:10 - 2013-06-01 05:20 - 01527808 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll 2013-07-26 23:10 - 2013-06-01 05:20 - 01048576 _____ (Microsoft Corporation) C:\windows\system32\mfasfsrcsnk.dll 2013-07-26 23:10 - 2013-06-01 05:20 - 00583168 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll 2013-07-26 23:10 - 2013-06-01 05:19 - 00785408 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll 2013-07-26 23:10 - 2013-05-24 18:09 - 01403296 _____ (Microsoft Corporation) C:\windows\system32\winload.efi 2013-07-26 23:10 - 2013-05-24 18:09 - 01271584 _____ (Microsoft Corporation) C:\windows\system32\winload.exe 2013-07-26 23:10 - 2013-05-24 18:09 - 01217352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi 2013-07-26 23:10 - 2013-05-24 18:09 - 01093904 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe 2013-07-26 23:09 - 2013-06-01 07:54 - 00194816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys 2013-07-26 23:09 - 2013-06-01 07:54 - 00125184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys 2013-07-26 23:09 - 2013-06-01 07:29 - 00337152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS 2013-07-26 23:09 - 2013-06-01 05:25 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll 2013-07-26 23:09 - 2013-06-01 05:24 - 00850944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfasfsrcsnk.dll 2013-07-26 23:09 - 2013-06-01 05:22 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\vdsutil.dll 2013-07-26 23:09 - 2013-06-01 05:22 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\MbaeParserTask.exe 2013-07-26 23:09 - 2013-06-01 05:19 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupManager.dll 2013-07-26 23:09 - 2013-05-31 23:08 - 00037632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthAvrcpTg.sys 2013-07-26 23:09 - 2013-05-19 20:08 - 00386642 _____ C:\windows\system32\ApnDatabase.xml 2013-07-26 00:08 - 2013-07-26 00:12 - 340139332 _____ C:\Users\Deethers\Downloads\National Geographic Predators at War.mp4 2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgloga.sys 2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys 2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgldx64.sys 2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsha.sys 2013-07-19 14:26 - 2013-07-19 14:26 - 00000000 ____D C:\Users\Deethers\AppData\Roaming\Auslogics 2013-07-18 03:01 - 2013-08-14 15:52 - 00000000 ____D C:\windows\system32\MRT ==================== One Month Modified Files and Folders ======= 2013-08-17 03:33 - 2013-08-17 03:33 - 00000000 ____D C:\FRST 2013-08-17 03:32 - 2013-08-17 03:32 - 01575580 _____ (Farbar) C:\Users\Deethers\Downloads\FRST64.exe 2013-08-17 03:17 - 2013-06-14 00:02 - 00000916 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-08-17 03:17 - 2013-06-14 00:02 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-08-17 03:16 - 2013-06-13 23:00 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job 2013-08-17 03:15 - 2013-08-04 12:40 - 01706296 _____ C:\windows\WindowsUpdate.log 2013-08-17 03:00 - 2012-07-26 04:12 - 00000000 ____D C:\windows\system32\sru 2013-08-17 02:48 - 2013-08-17 02:48 - 00000000 ____D C:\Program Files (x86)\ESET 2013-08-17 02:47 - 2013-04-25 06:48 - 00000000 ____D C:\windows\System32\Tasks\Lenovo 2013-08-17 02:46 - 2013-08-17 02:46 - 00001831 _____ C:\Users\Deethers\Desktop\AdwCleaner[s1].txt 2013-08-17 02:45 - 2012-07-26 03:22 - 00000006 ____H C:\windows\Tasks\SA.DAT 2013-08-17 02:44 - 2013-08-17 02:43 - 00001831 _____ C:\AdwCleaner[s1].txt 2013-08-17 02:43 - 2013-08-17 02:41 - 00666633 _____ C:\Users\Deethers\Downloads\AdwCleaner.exe 2013-08-17 02:34 - 2013-08-17 02:34 - 00001510 _____ C:\Users\Deethers\Desktop\JRT.txt 2013-08-17 02:30 - 2013-08-17 02:30 - 01159319 _____ (Thisisu) C:\Users\Deethers\Downloads\JRT.exe 2013-08-17 02:30 - 2013-08-17 02:30 - 00000000 ____D C:\windows\ERUNT 2013-08-17 02:29 - 2013-08-17 02:10 - 00000000 ____D C:\Users\Deethers\Downloads\mbar 2013-08-17 02:29 - 2013-08-17 02:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-08-17 02:08 - 2013-06-13 23:52 - 00000000 ____D C:\ProgramData\MFAData 2013-08-17 02:07 - 2012-07-26 03:28 - 00848230 _____ C:\windows\system32\PerfStringBackup.INI 2013-08-16 12:49 - 2012-07-26 01:26 - 00262144 ___SH C:\windows\system32\config\BBI 2013-08-16 12:41 - 2013-08-16 12:41 - 00001974 _____ C:\Users\Deethers\Desktop\RKreport[0]_S_08162013_124105.txt 2013-08-16 12:41 - 2013-08-16 12:39 - 00000000 ____D C:\Users\Deethers\Desktop\RK_Quarantine 2013-08-16 12:38 - 2013-08-16 12:38 - 03800064 _____ C:\Users\Deethers\Downloads\RogueKillerX64.exe 2013-08-16 12:36 - 2013-08-16 12:35 - 00000000 ____D C:\Users\Deethers\Downloads\8-16-2013 2013-08-16 12:35 - 2013-08-16 12:35 - 00000792 _____ C:\Users\Deethers\Desktop\NTREGOPT.lnk 2013-08-16 12:35 - 2013-08-16 12:35 - 00000773 _____ C:\Users\Deethers\Desktop\ERUNT.lnk 2013-08-16 12:35 - 2013-08-16 12:35 - 00000000 ____D C:\Users\Deethers\Downloads\ERUNT 2013-08-16 12:32 - 2013-08-16 12:32 - 00791393 _____ (Lars Hederer ) C:\Users\Deethers\Downloads\erunt-setup.exe 2013-08-16 12:30 - 2013-08-16 12:30 - 00002252 _____ C:\Users\Deethers\Desktop\Rkill.txt 2013-08-16 12:30 - 2013-08-16 12:30 - 00000000 ____D C:\Users\Deethers\Desktop\rkill 2013-08-16 12:29 - 2013-08-16 12:29 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Deethers\Downloads\rkill.exe 2013-08-16 12:27 - 2013-08-16 12:26 - 00020159 _____ C:\Users\Deethers\Desktop\dds.txt 2013-08-16 12:27 - 2013-08-16 12:26 - 00004367 _____ C:\Users\Deethers\Desktop\attach.txt 2013-08-16 12:26 - 2013-08-16 12:26 - 00688992 ____R (Swearware) C:\Users\Deethers\Downloads\dds.scr 2013-08-16 04:23 - 2012-07-26 04:12 - 00000000 ____D C:\windows\AUInstallAgent 2013-08-16 03:34 - 2013-06-18 03:17 - 00301568 ___SH C:\Users\Deethers\Downloads\Thumbs.db 2013-08-16 03:29 - 2013-08-16 03:29 - 00000370 _____ C:\windows\PFRO.log 2013-08-16 02:49 - 2013-08-16 02:49 - 00000000 ____D C:\Users\Deethers\AppData\Roaming\Malwarebytes 2013-08-16 02:49 - 2013-08-16 02:49 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-08-16 02:49 - 2013-08-16 02:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-15 15:38 - 2013-06-13 23:52 - 00000000 ____D C:\Users\Deethers\AppData\Local\Avg2013 2013-08-14 18:10 - 2012-07-26 04:12 - 00000000 ____D C:\windows\rescache 2013-08-14 15:53 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files\Windows Defender 2013-08-14 15:53 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2013-08-14 15:52 - 2013-07-18 03:01 - 00000000 ____D C:\windows\system32\MRT 2013-08-14 15:51 - 2013-06-15 12:47 - 78161360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2013-08-13 13:36 - 2012-07-26 04:12 - 00000000 ____D C:\windows\system32\NDF 2013-08-13 13:10 - 2013-08-13 13:10 - 00000000 ____D C:\Users\Deethers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player 2013-08-13 13:10 - 2013-08-13 13:10 - 00000000 ____D C:\Users\Deethers\AppData\Local\Amazon Cloud Player 2013-08-12 00:28 - 2013-06-13 22:54 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1533650612-1157666230-1475085810-1001 2013-08-11 13:02 - 2012-07-26 01:26 - 00262144 ___SH C:\windows\system32\config\ELAM 2013-08-10 21:23 - 2013-08-10 21:20 - 00000000 ____D C:\ProgramData\Adobe 2013-08-10 21:22 - 2013-07-12 03:57 - 00000000 ____D C:\Users\Deethers\AppData\Local\Adobe 2013-08-10 21:22 - 2013-06-13 22:41 - 00000000 ____D C:\Users\Deethers\AppData\Roaming\Adobe 2013-08-10 21:20 - 2013-08-10 21:20 - 00000000 ____D C:\Program Files (x86)\Adobe 2013-08-10 21:17 - 2013-08-10 21:17 - 00000000 ____D C:\Users\Deethers\AppData\Roaming\Nitro 2013-08-08 21:28 - 2013-08-08 21:28 - 673594052 _____ C:\windows\MEMORY.DMP 2013-08-08 21:28 - 2013-08-08 21:28 - 00290216 _____ C:\windows\Minidump\080813-42531-01.dmp 2013-08-08 21:28 - 2013-08-08 21:28 - 00000000 ____D C:\windows\Minidump 2013-08-07 02:52 - 2013-08-03 23:14 - 00000000 ____D C:\Users\Deethers\AppData\Roaming\Nitro PDF 2013-08-07 02:51 - 2013-08-07 02:51 - 00000000 ____D C:\windows\SysWOW64\Adobe 2013-08-07 02:51 - 2012-07-26 04:12 - 00000000 ____D C:\windows\SysWOW64\Macromed 2013-08-06 13:14 - 2013-08-06 13:03 - 00000000 ____D C:\Users\Deethers\AppData\Roaming\Audacity 2013-08-06 13:10 - 2013-08-06 13:10 - 00000000 ____D C:\Users\Deethers\Downloads\libmp3lame-win-3.98.2 2013-07-31 16:43 - 2013-07-31 16:43 - 00000000 ____D C:\Users\Deethers\Downloads\RealTemp_370 2013-07-27 04:19 - 2012-07-26 01:38 - 00000000 ____D C:\windows\system32\oobe 2013-07-26 23:01 - 2012-07-26 01:37 - 00000000 ____D C:\windows\servicing 2013-07-26 01:13 - 2013-08-13 22:13 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2013-07-26 01:13 - 2013-08-13 22:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2013-07-26 01:13 - 2013-08-13 22:13 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll 2013-07-26 01:13 - 2013-08-13 22:13 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll 2013-07-26 01:13 - 2013-08-13 22:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2013-07-26 01:12 - 2013-08-13 22:13 - 19239424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2013-07-26 01:12 - 2013-08-13 22:13 - 15405056 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2013-07-26 01:12 - 2013-08-13 22:13 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2013-07-26 01:12 - 2013-08-13 22:13 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2013-07-26 01:12 - 2013-08-13 22:13 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll 2013-07-26 01:12 - 2013-08-13 22:13 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2013-07-26 01:12 - 2013-08-13 22:13 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2013-07-26 01:12 - 2013-08-13 22:13 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2013-07-26 01:12 - 2013-08-13 22:12 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2013-07-26 01:12 - 2013-08-13 22:12 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2013-07-26 00:12 - 2013-07-26 00:08 - 340139332 _____ C:\Users\Deethers\Downloads\National Geographic Predators at War.mp4 2013-07-25 23:35 - 2013-08-13 22:13 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2013-07-25 23:13 - 2013-08-13 22:13 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2013-07-25 23:13 - 2013-08-13 22:13 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2013-07-25 23:13 - 2013-08-13 22:13 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll 2013-07-25 23:12 - 2013-08-13 22:13 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2013-07-25 23:12 - 2013-08-13 22:13 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll 2013-07-25 23:12 - 2013-08-13 22:13 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2013-07-25 23:12 - 2013-08-13 22:13 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2013-07-25 23:12 - 2013-08-13 22:12 - 14329344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2013-07-25 23:12 - 2013-08-13 22:12 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2013-07-25 23:12 - 2013-08-13 22:12 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2013-07-25 23:12 - 2013-08-13 22:12 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2013-07-25 23:11 - 2013-08-13 22:13 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2013-07-25 23:11 - 2013-08-13 22:13 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2013-07-25 22:49 - 2013-08-13 22:13 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2013-07-25 20:54 - 2013-08-13 22:13 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll 2013-07-20 04:27 - 2013-07-15 23:07 - 00000000 ____D C:\Users\Deethers\AppData\Local\Windows Live 2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgloga.sys 2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys 2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgldx64.sys 2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsha.sys 2013-07-19 14:32 - 2012-10-09 20:08 - 00000000 ____D C:\windows\Panther 2013-07-19 14:26 - 2013-07-19 14:26 - 00000000 ____D C:\Users\Deethers\AppData\Roaming\Auslogics ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-08-10 13:35 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2013 Ran by Deethers at 2013-08-17 03:34:40 Running from C:\Users\Deethers\AppData\Local\Opera\Opera\temporary_downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 7-Zip 9.20 (x64 edition) (Version: 9.20.00.0) Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94) Adobe Reader XI (11.0.03) (x32 Version: 11.0.03) Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133) AIM for Windows (HKCU) Amazon Cloud Player (HKCU Version: 1.1.0.337) AVG 2013 (Version: 13.0.3211) AVG 2013 (Version: 13.0.3392) AVG 2013 (Version: 2013.0.3392) CCleaner (Version: 4.02) Convert AVI to MP4 (x32) D3DX10 (x32 Version: 15.4.2368.0902) Dolby Home Theater v4 (x32 Version: 7.2.8000.17) dows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (Version: 06/15/2012 8.1.0.1) Energy Management (x32 Version: 8.0.2.4) ERUNT 1.1j (x32) ETDWare PS/2-X64 11.4.8.1_WHQL (Version: 11.4.8.1) FreeRide Games (x32 Version: 07.05.80.00) Google Chrome (x32 Version: 28.0.1500.95) Google Update Helper (x32 Version: 1.3.21.153) Intel AppUp(SM) center (x32 Version: 3.6.1.33057.10) Intel PROSet Wireless Intel® Management Engine Components (x32 Version: 8.1.0.1252) Intel® Processor Graphics (x32 Version: 9.17.10.2932) Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.5.5.0480) Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 2.6.1209.0268) Intel® Rapid Storage Technology (x32 Version: 11.6.0.1030) Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149) Intel® WiDi (Version: 3.5.41.0) Intel® PROSet/Wireless WiFi Software (Version: 15.05.7000.1709) Intel® Trusted Connect Service Client (Version: 1.24.388.1) Java 7 Update 25 (64-bit) (Version: 7.0.250) Java 7 Update 25 (x32 Version: 7.0.250) Java Auto Updater (x32 Version: 2.1.9.5) Lenovo EasyCamera (x32 Version: 6.2.9200.10192) Lenovo OneKey Recovery (Version: 8.0.0.1219) Lenovo OneKey Recovery (x32 Version: 8.0.0.1219) Lenovo PowerDVD10 (x32 Version: 10.0.4331.52) Lenovo YouCam (x32 Version: 4.1.3423) Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office (x32 Version: 15.0.4420.1017) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Movie Maker (x32 Version: 16.4.3508.0205) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT110 (x32 Version: 16.4.1108.0727) MSVCRT110_amd64 (Version: 16.4.1109.0912) Nitro Pro 8 (Version: 8.0.10.7) Onekey Theater (x32 Version: 3.0.1.0) Opera 12.16 (x32 Version: 12.16.1860) Pandora Service (x32) Photo Gallery (x32 Version: 16.4.3508.0205) Power2Go (x32 Version: 5.6.0.9109) Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6798) Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39029) Shared C Run-time for x64 (Version: 10.0.0) SolveigMM AVI Trimmer (x32 Version: 2.0.1210.11) SugarSync Manager (x32 Version: 1.9.61.90905) swMSM (x32 Version: 12.0.0.1) The KMPlayer (remove only) (x32 Version: 3.6.0.87) UserGuide (x32 Version: 1.0.0.9) Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1) Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (Version: 06/19/2012 10.13.29.733) Windows Live Communications Platform (x32 Version: 16.4.3508.0205) Windows Live Essentials (x32 Version: 16.4.3508.0205) Windows Live Installer (x32 Version: 16.4.3508.0205) Windows Live Photo Common (x32 Version: 16.4.3508.0205) Windows Live PIMT Platform (x32 Version: 16.4.3508.0205) Windows Live SOXE (x32 Version: 16.4.3508.0205) Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205) Windows Live UX Platform (x32 Version: 16.4.3508.0205) Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205) Windows Mobile Device Updater Component (Version: 04.08.2345.00) Zune (Version: 04.08.2345.00) Zune Language Pack (CHS) (Version: 04.08.2345.00) Zune Language Pack (CHT) (Version: 04.08.2345.00) Zune Language Pack (CSY) (Version: 04.08.2345.00) Zune Language Pack (DAN) (Version: 04.08.2345.00) Zune Language Pack (DEU) (Version: 04.08.2345.00) Zune Language Pack (ELL) (Version: 04.08.2345.00) Zune Language Pack (ESP) (Version: 04.08.2345.00) Zune Language Pack (FIN) (Version: 04.08.2345.00) Zune Language Pack (FRA) (Version: 04.08.2345.00) Zune Language Pack (HUN) (Version: 04.08.2345.00) Zune Language Pack (IND) (Version: 04.08.2345.00) Zune Language Pack (ITA) (Version: 04.08.2345.00) Zune Language Pack (JPN) (Version: 04.08.2345.00) Zune Language Pack (KOR) (Version: 04.08.2345.00) Zune Language Pack (MSL) (Version: 04.08.2345.00) Zune Language Pack (NLD) (Version: 04.08.2345.00) Zune Language Pack (NOR) (Version: 04.08.2345.00) Zune Language Pack (PLK) (Version: 04.08.2345.00) Zune Language Pack (PTB) (Version: 04.08.2345.00) Zune Language Pack (PTG) (Version: 04.08.2345.00) Zune Language Pack (RUS) (Version: 04.08.2345.00) Zune Language Pack (SVE) (Version: 04.08.2345.00) ==================== Restore Points ========================= 04-08-2013 05:12:22 Scheduled Checkpoint 12-08-2013 04:28:47 Scheduled Checkpoint ==================== Hosts content: ========================== 2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {046249EA-25E5-416D-9133-A393EAA8E35A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-14] (Google Inc.) Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-25] (Microsoft Corporation) Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation) Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-25] (Microsoft Corporation) Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation) Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-25] (Microsoft Corporation) Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation) Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Task: {7363FF5A-02FD-4601-AC83-A81E62E29019} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update Task: {7A53E474-5B49-454E-811F-8A95AE3D1F56} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance Task: {812BE1E7-1688-4660-A56E-0F9A3B3A32BB} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.) Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance Task: {849068E9-1217-4DEF-B196-FEEF6E79C3CD} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1533650612-1157666230-1475085810-1001 Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode) Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic Task: {9F14FB2E-486B-404B-89CA-CA8F0A34F307} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-25] (Microsoft Corporation) Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan Task: {BC38CEA0-93BD-4BCD-AA3C-9ED14533A695} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-14] (Google Inc.) Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan Task: {C1E83F1A-D86D-47DA-95FB-1C832C07EBCC} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation) Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork Task: {CD79DF02-00F0-410E-A64A-DEB0BFF857C3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd) Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical Task: {DDD61884-07AE-4049-B0DB-3F3281973871} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup Task: {DEB14F64-2DEF-4344-A827-8F3B74CB6B29} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\windows\system32\sc.exe [2012-07-25] (Microsoft Corporation) Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery Task: {DF83B9F4-732D-4BE2-A30E-791636D0DE98} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12] (Adobe Systems Incorporated) Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask Task: {E8AE9237-D83F-4859-B7D3-AB52E711BA70} - System32\Tasks\Lenovo\Lenovo-20527 => C:\ProgramData\Lenovo-20527.vbs [2013-04-25] () Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation) Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation) Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM Task: {F98F7835-64E2-4D6D-ACBD-88A44C5239D4} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] () Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= Name: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter Description: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Intel Corporation Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (08/17/2013 03:17:21 AM) (Source: Application Error) (User: ) Description: Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6c Faulting module name: goopdate.dll, version: 1.3.21.153, time stamp: 0x51de1866 Exception code: 0xc0000005 Fault offset: 0x0009c729 Faulting process id: 0x1538 Faulting application start time: 0xGoogleUpdate.exe0 Faulting application path: GoogleUpdate.exe1 Faulting module path: GoogleUpdate.exe2 Report Id: GoogleUpdate.exe3 Faulting package full name: GoogleUpdate.exe4 Faulting package-relative application ID: GoogleUpdate.exe5 Error: (08/17/2013 03:17:20 AM) (Source: Application Error) (User: ) Description: Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6c Faulting module name: goopdate.dll, version: 1.3.21.153, time stamp: 0x51de1866 Exception code: 0xc0000005 Fault offset: 0x0009c729 Faulting process id: 0x798 Faulting application start time: 0xGoogleUpdate.exe0 Faulting application path: GoogleUpdate.exe1 Faulting module path: GoogleUpdate.exe2 Report Id: GoogleUpdate.exe3 Faulting package full name: GoogleUpdate.exe4 Faulting package-relative application ID: GoogleUpdate.exe5 Error: (08/17/2013 02:48:02 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (08/17/2013 02:48:02 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (08/17/2013 02:48:01 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (08/17/2013 02:47:57 AM) (Source: SideBySide) (User: ) Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. System errors: ============= Error: (08/17/2013 02:44:30 AM) (Source: Service Control Manager) (User: ) Description: The ScRegSetValueExW call failed for FailureActions with the following error: %%5 Microsoft Office Sessions: ========================= Error: (08/17/2013 03:17:21 AM) (Source: Application Error)(User: ) Description: GoogleUpdate.exe1.3.21.1034f3c6d6cgoopdate.dll1.3.21.15351de1866c00000050009c729153801ce9b19c3b7b32bC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.21.153\goopdate.dll0e6882b9-070d-11e3-be87-20898490d82e Error: (08/17/2013 03:17:20 AM) (Source: Application Error)(User: ) Description: GoogleUpdate.exe1.3.21.1034f3c6d6cgoopdate.dll1.3.21.15351de1866c00000050009c72979801ce9b19c3b78c14C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.21.153\goopdate.dll0dd7e914-070d-11e3-be87-20898490d82e Error: (08/17/2013 02:48:02 AM) (Source: SideBySide)(User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Deethers\AppData\Local\Opera\Opera\temporary_downloads\esetsmartinstaller_enu.exe Error: (08/17/2013 02:48:02 AM) (Source: SideBySide)(User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Deethers\AppData\Local\Opera\Opera\temporary_downloads\esetsmartinstaller_enu.exe Error: (08/17/2013 02:48:01 AM) (Source: SideBySide)(User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Deethers\AppData\Local\Opera\Opera\temporary_downloads\esetsmartinstaller_enu.exe Error: (08/17/2013 02:47:57 AM) (Source: SideBySide)(User: ) Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Deethers\AppData\Local\Opera\Opera\temporary_downloads\esetsmartinstaller_enu.exe CodeIntegrity Errors: =================================== Date: 2013-08-06 13:13:04.959 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-06 13:11:54.874 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-06 13:11:40.788 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-06 13:06:32.825 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-06 13:03:57.815 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-06 13:03:56.753 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-06 13:03:55.182 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. Date: 2013-08-06 13:03:54.078 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 39% Total physical RAM: 5999.52 MB Available physical RAM: 3607.82 MB Total Pagefile: 12143.52 MB Available Pagefile: 9607.43 MB Total Virtual: 8192 MB Available Virtual: 8191.76 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:651.3 GB) (Free:596.54 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.25 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 699 GB) (Disk ID: 377881F3) Partition: GPT Partition Type ==================== End Of Log ============================
  5. Hello, thank you for the help! Here are the results: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2 Run by Deethers at 12:27:42 on 2013-08-16 Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.6000.3765 [GMT -4:00] . AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} . ============== Running Processes =============== . C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\system32\dwm.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\WLANExt.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\windows\Explorer.EXE C:\windows\system32\taskhostex.exe C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\windows\system32\dashost.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe C:\windows\SysWOW64\NLSSRV32.EXE C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe C:\windows\system32\wbem\unsecapp.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\WUDFHost.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe C:\windows\system32\SearchIndexer.exe C:\Windows\System32\RuntimeBroker.exe C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe C:\Windows\RTFTrack.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Windows\System32\rundll32.exe C:\Program Files\Elantech\ETDIntelligent.exe C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe C:\Program Files (x86)\Lenovo\Energy Management\utility.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Users\Deethers\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\AVG\AVG2013\avgui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Opera\opera.exe C:\windows\system32\msiexec.exe C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\vssvc.exe C:\windows\System32\svchost.exe -k swprv C:\windows\SysWOW64\NOTEPAD.EXE C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit = userinit.exe, BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [Amazon Cloud Player] C:\Users\Deethers\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe" mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{3655C5D2-10DC-49F2-A666-2D0D502CE802} : DHCPNameServer = 192.168.88.88 TCP: Interfaces\{759B580A-6CC8-42C3-B628-6F5CDDF7B46D} : DHCPNameServer = 75.75.75.75 75.75.76.76 Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [RtsFT] RTFTrack.exe x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp x64-Run: [OnekeyStudio] C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe -start x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe" x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\Drivers\avgidsha.sys [2013-7-20 71480] R0 Avgloga;AVG Logging Driver;C:\windows\System32\Drivers\avgloga.sys [2013-7-20 311608] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\Drivers\avgmfx64.sys [2013-7-1 116536] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\Drivers\avgrkx64.sys [2013-7-10 45880] R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-4-25 647736] R0 LHDmgr;LHDmgr;C:\windows\System32\Drivers\LhdX64.sys [2013-4-25 39008] R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\Drivers\avgidsdrivera.sys [2013-7-20 246072] R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\Drivers\avgldx64.sys [2013-7-20 206648] R1 Avgwfpa;AVG Firewall Driver;C:\windows\System32\Drivers\avgwfpa.sys [2013-7-9 248632] R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-11-13 755240] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136] R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-8-27 1112000] R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-9-6 1124288] R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-15 135984] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-4-25 166720] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-16 418376] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-16 701512] R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2012-12-14 230408] R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-12-14 70152] R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2013-6-13 625304] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-25 365376] R2 X5XSEx_Pr148;X5XSEx_Pr148;C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.sys [2013-4-25 56136] R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-11-15 1153840] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\Drivers\AcpiVpc.sys [2012-5-15 33560] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\windows\System32\Drivers\AmpPal.sys [2012-11-13 156160] R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\Drivers\ETD.sys [2012-9-10 318800] R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-4-25 169752] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2013-2-22 342528] R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\Drivers\iwdbus.sys [2012-11-29 25568] R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-8-16 25928] R3 NETwNe64;@oem42.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\windows\System32\Drivers\NETwew00.sys [2012-11-22 4309032] R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2013-4-25 683664] R3 rtsuvc;Lenovo EasyCamera;C:\windows\System32\Drivers\rtsuvc.sys [2013-4-25 8230160] R3 usb3Hub;USB-IF USB 3.0 Hub;C:\windows\System32\Drivers\usb3Hub.sys [2012-11-29 47072] R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\windows\System32\Drivers\xHCIPort.sys [2012-11-29 188896] S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\windows\System32\Drivers\avgboota.sys [2012-10-26 20912] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312] S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\windows\System32\Drivers\AmpPal.sys [2012-11-13 156160] S3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752] S3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\Drivers\btmaux.sys [2012-8-27 121728] S3 btmhsf;btmhsf;C:\windows\System32\Drivers\btmhsf.sys [2012-8-29 857472] S3 ibtfltcoex;ibtfltcoex;C:\windows\System32\Drivers\iBtFltCoex.sys [2012-8-6 68136] S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\Drivers\intelaud.sys [2012-11-29 35296] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-11-15 272176] S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2013-4-25 315536] S3 wsvd;wsvd;C:\windows\System32\Drivers\wsvd.sys [2013-4-25 102376] . =============== Created Last 30 ================ . 2013-08-16 06:49:48 -------- d-----w- C:\Users\Deethers\AppData\Roaming\Malwarebytes 2013-08-16 06:49:46 -------- d-----w- C:\ProgramData\Malwarebytes 2013-08-16 06:49:45 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-08-16 06:49:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-08-14 02:12:48 3958784 ----a-w- C:\windows\System32\jscript9.dll 2013-08-14 02:12:44 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll 2013-08-14 02:12:44 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll 2013-08-14 02:11:53 87040 ----a-w- C:\windows\SysWow64\apprepapi.dll 2013-08-14 02:11:53 68096 ----a-w- C:\windows\System32\cryptsvc.dll 2013-08-14 02:11:53 337408 ----a-w- C:\windows\System32\wintrust.dll 2013-08-14 02:11:53 261120 ----a-w- C:\windows\SysWow64\wintrust.dll 2013-08-14 02:11:53 1889280 ----a-w- C:\windows\System32\crypt32.dll 2013-08-14 02:11:53 1568256 ----a-w- C:\windows\SysWow64\crypt32.dll 2013-08-14 02:11:53 124416 ----a-w- C:\windows\System32\apprepapi.dll 2013-08-14 02:11:51 98304 ----a-w- C:\windows\System32\apprepsync.dll 2013-08-14 02:11:51 74240 ----a-w- C:\windows\SysWow64\apprepsync.dll 2013-08-13 17:10:39 -------- d-----w- C:\Users\Deethers\AppData\Local\Amazon Cloud Player 2013-08-11 01:17:58 -------- d-----w- C:\Users\Deethers\AppData\Roaming\Nitro 2013-08-07 06:51:07 -------- d-----w- C:\windows\SysWow64\Adobe 2013-08-06 17:03:24 -------- d-----w- C:\Users\Deethers\AppData\Local\Programs 2013-07-27 03:09:59 850944 ----a-w- C:\windows\SysWow64\mfasfsrcsnk.dll 2013-07-27 03:09:59 80896 ----a-w- C:\windows\System32\MbaeParserTask.exe 2013-07-27 03:09:59 337152 ----a-w- C:\windows\System32\drivers\USBXHCI.SYS 2013-07-27 03:09:59 207872 ----a-w- C:\windows\System32\DeviceSetupManager.dll 2013-07-27 03:09:59 194816 ----a-w- C:\windows\System32\drivers\sdbus.sys 2013-07-27 03:09:59 125184 ----a-w- C:\windows\System32\drivers\dumpsd.sys 2013-07-27 03:09:58 67584 ----a-w- C:\windows\SysWow64\samlib.dll 2013-07-27 03:09:58 37632 ----a-w- C:\windows\System32\drivers\BthAvrcpTg.sys 2013-07-27 03:09:58 190976 ----a-w- C:\windows\System32\vdsutil.dll 2013-07-20 05:51:00 311608 ----a-w- C:\windows\System32\drivers\avgloga.sys 2013-07-20 05:50:56 71480 ----a-w- C:\windows\System32\drivers\avgidsha.sys 2013-07-20 05:50:56 246072 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys 2013-07-20 05:50:50 206648 ----a-w- C:\windows\System32\drivers\avgldx64.sys 2013-07-19 18:26:13 -------- d-----w- C:\Users\Deethers\AppData\Roaming\Auslogics 2013-07-18 07:01:41 -------- d-----w- C:\windows\System32\MRT . ==================== Find3M ==================== . 2013-07-26 05:13:37 2241024 ----a-w- C:\windows\System32\wininet.dll 2013-07-26 05:13:28 915968 ----a-w- C:\windows\System32\uxtheme.dll 2013-07-26 05:13:28 53760 ----a-w- C:\windows\System32\UXInit.dll 2013-07-26 05:12:04 136704 ----a-w- C:\windows\System32\iesysprep.dll 2013-07-26 05:12:03 67072 ----a-w- C:\windows\System32\iesetup.dll 2013-07-26 03:35:08 2706432 ----a-w- C:\windows\System32\mshtml.tlb 2013-07-26 03:13:24 1767936 ----a-w- C:\windows\SysWow64\wininet.dll 2013-07-26 03:13:15 44032 ----a-w- C:\windows\SysWow64\UXInit.dll 2013-07-26 03:12:00 61440 ----a-w- C:\windows\SysWow64\iesetup.dll 2013-07-26 03:12:00 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll 2013-07-26 02:49:14 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb 2013-07-26 00:54:34 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll 2013-07-10 05:32:38 45880 ----a-w- C:\windows\System32\drivers\avgrkx64.sys 2013-07-09 06:07:17 2233168 ----a-w- C:\windows\System32\drivers\tcpip.sys 2013-07-09 05:28:50 248632 ----a-w- C:\windows\System32\drivers\avgwfpa.sys 2013-07-02 00:44:14 36288 ----a-w- C:\windows\System32\drivers\WdBoot.sys 2013-07-01 22:08:49 247216 ----a-w- C:\windows\System32\drivers\WdFilter.sys 2013-07-01 05:45:28 116536 ----a-w- C:\windows\System32\drivers\avgmfx64.sys 2013-06-27 22:04:51 78200 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-27 22:04:51 693112 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-06-27 13:47:30 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-27 13:47:30 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2013-06-27 13:47:30 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll 2013-06-27 13:44:54 972712 ----a-w- C:\windows\System32\deployJava1.dll 2013-06-27 13:44:54 1093032 ----a-w- C:\windows\System32\npDeployJava1.dll 2013-06-27 13:44:54 108968 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll 2013-06-16 22:41:31 997632 ----a-w- C:\windows\System32\drivers\ndis.sys 2013-06-01 11:34:21 2391280 ----a-w- C:\windows\explorer.exe 2013-06-01 11:29:35 213248 ----a-w- C:\windows\System32\drivers\UCX01000.SYS 2013-06-01 11:26:33 327936 ----a-w- C:\windows\System32\drivers\volsnap.sys 2013-06-01 11:26:31 6987008 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-06-01 10:24:46 2106176 ----a-w- C:\windows\SysWow64\explorer.exe 2013-06-01 09:25:52 364544 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll 2013-06-01 09:25:03 496640 ----a-w- C:\windows\SysWow64\qedit.dll 2013-06-01 09:24:19 493056 ----a-w- C:\windows\SysWow64\mscms.dll 2013-06-01 09:24:09 1453568 ----a-w- C:\windows\SysWow64\mfcore.dll 2013-06-01 09:23:46 1842176 ----a-w- C:\windows\SysWow64\dwmcore.dll 2013-06-01 09:23:06 680960 ----a-w- C:\windows\System32\vds.exe 2013-06-01 09:22:33 523264 ----a-w- C:\windows\System32\XpsGdiConverter.dll 2013-06-01 09:22:33 446976 ----a-w- C:\windows\System32\wwansvc.dll 2013-06-01 09:21:39 729600 ----a-w- C:\windows\System32\samsrv.dll 2013-06-01 09:21:39 106496 ----a-w- C:\windows\System32\samlib.dll 2013-06-01 09:21:34 595968 ----a-w- C:\windows\System32\qedit.dll 2013-06-01 09:20:45 583168 ----a-w- C:\windows\System32\mscms.dll 2013-06-01 09:20:34 1527808 ----a-w- C:\windows\System32\mfcore.dll 2013-06-01 09:20:34 1048576 ----a-w- C:\windows\System32\mfasfsrcsnk.dll 2013-06-01 09:20:04 2219520 ----a-w- C:\windows\System32\dwmcore.dll 2013-06-01 09:19:42 785408 ----a-w- C:\windows\System32\audiosrv.dll 2013-05-30 23:14:23 4036096 ----a-w- C:\windows\System32\win32k.sys 2013-05-24 22:09:20 1403296 ----a-w- C:\windows\System32\winload.efi 2013-05-24 22:09:20 1271584 ----a-w- C:\windows\System32\winload.exe 2013-05-24 22:09:20 1217352 ----a-w- C:\windows\System32\winresume.efi 2013-05-24 22:09:20 1093904 ----a-w- C:\windows\System32\winresume.exe 2013-05-23 23:02:30 1314816 ----a-w- C:\windows\System32\rpcrt4.dll 2013-05-23 23:01:46 1300992 ----a-w- C:\windows\System32\gdi32.dll 2013-05-23 22:27:05 1022464 ----a-w- C:\windows\SysWow64\gdi32.dll 2013-05-23 22:25:22 694272 ----a-w- C:\windows\SysWow64\rpcrt4.dll . ============= FINISH: 12:27:50.74 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 8 Boot Device: \Device\HarddiskVolume2 Install Date: 6/13/2013 10:40:55 PM System Uptime: 8/16/2013 3:29:26 AM (9 hours ago) . Motherboard: LENOVO | | INVALID Processor: Intel® Core i5-3230M CPU @ 2.60GHz | U3E1 | 1200/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 651 GiB total, 596.975 GiB free. D: is FIXED (NTFS) - 25 GiB total, 22.252 GiB free. E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Description: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter Device ID: USB\VID_8087&PID_07DA\6&2E2F5DEF&0&3 Manufacturer: Intel Corporation Name: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter PNP Device ID: USB\VID_8087&PID_07DA\6&2E2F5DEF&0&3 Service: BTHUSB . ==== System Restore Points =================== . RP12: 8/4/2013 1:12:22 AM - Scheduled Checkpoint RP13: 8/12/2013 12:28:47 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . 7-Zip 9.20 (x64 edition) Adobe Flash Player 11 Plugin Adobe Reader XI (11.0.03) Adobe Shockwave Player 12.0 AIM for Windows Amazon Cloud Player AVG 2013 CCleaner Convert AVI to MP4 D3DX10 Dolby Home Theater v4 Download Updater (AOL Inc.) Energy Management ETDWare PS/2-X64 11.4.8.1_WHQL FreeRide Games Google Chrome Google Update Helper Intel AppUp(SM) center Intel PROSet Wireless Intel® Management Engine Components Intel® Processor Graphics Intel® PROSet/Wireless for Bluetooth® + High Speed Intel® PROSet/Wireless Software for Bluetooth® Technology Intel® Rapid Storage Technology Intel® SDK for OpenCL - CPU Only Runtime Package Intel® WiDi Intel® PROSet/Wireless WiFi Software Intel® Trusted Connect Service Client Java 7 Update 25 Java 7 Update 25 (64-bit) Java Auto Updater Lenovo EasyCamera Lenovo OneKey Recovery Lenovo PowerDVD10 Lenovo YouCam Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft Application Error Reporting Microsoft Office Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Movie Maker MSVCRT MSVCRT110 MSVCRT110_amd64 Nitro Pro 8 Onekey Theater Opera 12.16 Pandora Service Photo Common Photo Gallery Power2Go Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Shared C Run-time for x64 SolveigMM AVI Trimmer SugarSync Manager swMSM The KMPlayer (remove only) UserGuide Visual Studio 2010 x64 Redistributables Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Mobile Device Updater Component Zune Zune Language Pack (CHS) Zune Language Pack (CHT) Zune Language Pack (CSY) Zune Language Pack (DAN) Zune Language Pack (DEU) Zune Language Pack (ELL) Zune Language Pack (ESP) Zune Language Pack (FIN) Zune Language Pack (FRA) Zune Language Pack (HUN) Zune Language Pack (IND) Zune Language Pack (ITA) Zune Language Pack (JPN) Zune Language Pack (KOR) Zune Language Pack (MSL) Zune Language Pack (NLD) Zune Language Pack (NOR) Zune Language Pack (PLK) Zune Language Pack (PTB) Zune Language Pack (PTG) Zune Language Pack (RUS) Zune Language Pack (SVE) . ==== Event Viewer Messages From Past Week ======== . 8/16/2013 3:29:11 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied. . ==== End Of File =========================== RogueKiller V8.6.5 _x64_ [Aug 5 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 8 (6.2.9200 ) 64 bits version Started in : Normal mode User : Deethers [Admin rights] Mode : Scan -- Date : 08/16/2013 12:41:05 | ARK || FAK || MBR | ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH] RTFTrack.exe -- C:\Windows\RTFTrack.exe [7] -> KILLED [TermProc] ¤¤¤ Registry Entries : 4 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : Amazon Cloud Player (C:\Users\Deethers\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [-]) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-1533650612-1157666230-1475085810-1001\[...]\Run : Amazon Cloud Player (C:\Users\Deethers\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [-]) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 2 ¤¤¤ [V2][sUSP PATH] OFFICE2013ACT : C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [-] -> FOUND [V2][sUSP PATH] Lenovo-20527 : C:\ProgramData\Lenovo-20527.vbs [-] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD7500BPVT-24HXZT3 +++++ --- User --- [MBR] e86fc2d5662956d44334c77aa2cfc0a1 [bSP] ccfed9d1a0d19a88826032f9e6636525 : Empty MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_08162013_124105.txt >>
  6. Reading through the forum, I've seen that other people have also had this problem, but I think my computer could be infected with something. Every couple minutes or so I've been getting pop-ups that say "Successfully blocked access to a potentially malicious website." IP address is 111.111.111.111 This message pops up even when all my browsers are closed and I'm basically doing nothing on the computer. Earlier I downloaded Malwarebytes (this is a new computer and I forgot to download it when I first got it- oops!) because when I opened my computer none of the browsers on my laptop would open. I downloaded Malwarebytes, ran a full scan that said I had two infected items- removed them and restarted my computer. Even after the restart I've been constantly getting those messages. Wondering if this is nothing or if it's something malicious that needs to be fixed. Thank you for any and all help!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.