im infected with backdoor win32/fyloski.a please help

[wp6890]

my microsoft security essentials found the backdoor win32/fyloski.a virus i have tried to remove it with rogue killer. If there's a way to delete the virus without reformatting my harddrive im on my tablet and i only have one computer is it safe to upload the logs if needed using that computer thats infected

[Psychotic]

Hi there,
my name is Marius and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.

• First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
• Perform everything in the correct order. Sometimes one step requires the previous one.
• If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
• Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
• Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
• If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
• Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
• My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply
 
 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

• Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  
  • Sections
  • IAT/EAT
  • Show All ( should be unchecked by default )
    

  [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.
  

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

[wp6890]

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16442
Run by wpeterson at 1:59:01 on 2013-07-26
Microsoft Windows 8  6.2.9200.0.1252.1.1033.18.8066.5814 [GMT -5:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Conexant\SA3\CxUtilSvc.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\dwm.exe
C:\Windows\system32\taskhostex.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\caudiofilteragent64.exe
C:\Program Files\Conexant\SA3\SmartAudio3.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


mWinlogon: Userinit = userinit.exe,
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [vmware-tray.exe] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
LSP: %windir%\system32\vsocklib.dll
TCP: NameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{0F01DB49-1E3C-43DA-B883-1B8CE0EFB48D} : DHCPNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [smartAudio] C:\Program Files\CONEXANT\SA3\SACpl.exe /sa3 /nv:3.0+ /dne /s
x64-mPolicies-System: PromptOnSecureDesktop = dword:0
x64-mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\wpeterson\AppData\Roaming\Mozilla\Firefox\Profiles\cvgajcdv.default\
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-06-17 19:43; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\wpeterson\AppData\Roaming\Mozilla\Firefox\Profiles\cvgajcdv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-06-17 22:26; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\wpeterson\AppData\Roaming\Mozilla\Firefox\Profiles\cvgajcdv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF - ExtSQL: 2013-06-17 22:26; https-everywhere@eff.org; C:\Users\wpeterson\AppData\Roaming\Mozilla\Firefox\Profiles\cvgajcdv.default\extensions\https-everywhere@eff.org
FF - ExtSQL: 2013-06-18 23:57; artur.dubovoy@gmail.com; C:\Users\wpeterson\AppData\Roaming\Mozilla\Firefox\Profiles\cvgajcdv.default\extensions\artur.dubovoy@gmail.com.xpi
FF - ExtSQL: 2013-06-30 20:12; tineye@ideeinc.com; C:\Users\wpeterson\AppData\Roaming\Mozilla\Firefox\Profiles\cvgajcdv.default\extensions\tineye@ideeinc.com.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-2-8 647736]
R0 vsock;vSockets Driver;C:\Windows\System32\Drivers\vsock.sys [2013-6-21 70296]
R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2013-2-8 92536]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\Drivers\dtsoftbus01.sys [2013-6-23 283200]
R2 CxUtilSvc;CxUtilSvc;C:\Program Files\CONEXANT\SA3\CxUtilSvc.exe [2013-2-8 109184]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-2-8 14904]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-2-8 166720]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [2013-2-8 1914728]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-2-8 365376]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2012-10-11 918680]
R2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2013-2-26 13242960]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2013-2-8 77824]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2013-2-8 342528]
R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2013-2-8 683664]
R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;C:\Windows\System32\Drivers\RzMaelstromVAD.sys [2013-5-17 40696]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-6-19 173056]
S2 mcbootdelaystartsvc;McAfee Boot Delay Start Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc --> C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [?]
S2 RzMaelstromVADStreamingService;Razer Surround Audio Service;C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [2013-5-17 4241920]
S3 DellRbtn;Airplane Mode Switch;C:\Windows\System32\Drivers\DellRbtn.sys [2013-2-8 10752]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
.
=============== Created Last 30 ================
.
2013-07-26 06:42:01    76232    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{70EBDB6C-FD69-47C0-BD34-AB77F510D79C}\offreg.dll
2013-07-26 06:39:42    9460976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{70EBDB6C-FD69-47C0-BD34-AB77F510D79C}\mpengine.dll
2013-07-26 05:39:50    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-26 05:18:46    9460976    ------w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-07-23 22:35:42    --------    d-----w-    C:\Users\wpeterson\AppData\Local\DOSBox
2013-07-21 10:00:32    5722112    ----a-w-    C:\Users\wpeterson\AppData\Roaming\flmem.exe
2013-07-21 09:58:36    9764864    ----a-w-    C:\Users\wpeterson\AppData\Roaming\FLup.exe
2013-07-12 08:28:03    --------    d-----w-    C:\Users\wpeterson\AppData\Roaming\System
2013-07-12 08:28:02    --------    d-sh--w-    C:\Users\wpeterson\AppData\Roaming\wyUpdate AU
2013-07-12 08:28:02    --------    d-----w-    C:\Users\wpeterson\AppData\Local\Universe Sandbox
2013-07-11 17:55:35    --------    d-----w-    C:\Program Files (x86)\Common Files\Steam
2013-07-11 17:55:34    --------    d-----w-    C:\Program Files (x86)\Steam
2013-07-08 06:48:03    --------    d-----w-    C:\Users\wpeterson\AppData\Roaming\iFunbox_UserCache
2013-07-08 00:31:16    --------    d-----w-    C:\Users\wpeterson\AppData\Local\Apple Computer
2013-07-08 00:30:52    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-07-08 00:30:35    --------    d-----w-    C:\Users\wpeterson\AppData\Local\Apple
2013-07-08 00:08:37    --------    d-----w-    C:\Users\wpeterson\AppData\Roaming\redsn0w
2013-07-05 07:12:41    --------    d-----w-    C:\Users\wpeterson\AppData\Local\A_Collaboration_between_T
2013-07-03 02:49:12    --------    d-----w-    C:\Users\wpeterson\AppData\Local\ElevatedDiagnostics
2013-07-03 02:48:38    --------    d-----w-    C:\Users\wpeterson\AppData\Local\Diagnostics
2013-07-03 02:45:22    --------    d-----w-    C:\Users\wpeterson\AppData\Local\Apps
2013-07-02 06:10:20    --------    d-----w-    C:\Program Files (x86)\Common Files\Enterbrain
2013-07-01 22:21:23    --------    d-----w-    C:\Users\wpeterson\AppData\Roaming\TS3Client
2013-07-01 22:21:14    --------    d-----w-    C:\Program Files (x86)\TeamSpeak 3 Client
2013-06-29 19:54:47    --------    d-----w-    C:\Users\wpeterson\AppData\Local\TADS 3
2013-06-29 19:54:40    --------    d-----w-    C:\Program Files (x86)\TADS 3
2013-06-29 18:43:43    --------    d-----w-    C:\Program Files (x86)\TADS
2013-06-29 12:50:09    --------    d-----w-    C:\Users\wpeterson\MultiMC
2013-06-27 22:32:17    --------    d-----w-    C:\Program Files (x86)\MSECache
2013-06-27 18:32:49    --------    d-----w-    C:\Users\wpeterson\AppData\Roaming\Rags
2013-06-27 18:32:44    --------    d-----w-    C:\Program Files (x86)\RagsGame
2013-06-27 18:32:32    --------    d-----w-    C:\Program Files\Microsoft Synchronization Services
2013-06-27 18:32:32    --------    d-----w-    C:\Program Files\Microsoft SQL Server Compact Edition
2013-06-27 18:32:24    --------    d-----w-    C:\Program Files (x86)\Microsoft Synchronization Services
2013-06-27 17:00:17    --------    d-----w-    C:\Program Files (x86)\Mozilla Maintenance Service
2013-06-26 07:44:01    --------    d-----w-    C:\Users\wpeterson\AppData\Local\Google
.
==================== Find3M  ====================
.
2013-06-23 06:22:24    283200    ----a-w-    C:\Windows\System32\drivers\dtsoftbus01.sys
2013-06-17 08:10:10    971680    ----a-w-    C:\Windows\System32\deployJava1.dll
2013-06-17 08:10:10    1092512    ----a-w-    C:\Windows\System32\npDeployJava1.dll
2013-06-17 08:10:10    108448    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2013-05-17 15:27:56    40696    ----a-w-    C:\Windows\System32\drivers\RzMaelstromVAD.sys
2013-05-17 15:25:52    245248    ----a-w-    C:\Windows\System32\DriverInstallCACMD.exe
2013-05-17 15:25:50    69120    ----a-w-    C:\Windows\System32\DriverInstallCA.dll
2013-05-02 15:29:56    278800    ------w-    C:\Windows\System32\MpSigStub.exe
.
============= FINISH:  1:59:12.18 ===============
 

[wp6890]

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume1
Install Date: 6/16/2013 11:50:33 PM
System Uptime: 7/24/2013 8:17:16 AM (41 hours ago)
.
Motherboard: Dell Inc. |  | 0XR1GT      
Processor: Intel® Core i5-3330 CPU @ 3.00GHz | CPU 1 | 2500/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 922 GiB total, 740.239 GiB free.
D: is Removable
E: is CDROM (CDFS)
F: is CDROM ()
X: is FIXED (NTFS) - 0 GiB total, 0.224 GiB free.
Y: is FIXED (NTFS) - 8 GiB total, 0.293 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter
.
==== System Restore Points ===================
.
RP9: 7/11/2013 12:55:24 PM - Installed Steam
RP10: 7/20/2013 7:23:02 PM - Scheduled Checkpoint
RP11: 7/21/2013 10:41:47 PM - Installed DirectX
RP12: 7/26/2013 12:51:16 AM - Malwarebytes Anti-Rootkit Restore Point
.
==== Installed Programs ======================
.
µTorrent
7-Zip 9.20
Adobe Flash Player 11 Plugin
Apple Application Support
Apple Mobile Device Support
Avanti!
Burnout Paradise The Ultimate Box
CCleaner
Conexant SmartAudio HD
Cry of Fear
CyberLink LabelPrint 2.5
CyberLink Media Suite 10
CyberLink Media Suite Essentials
CyberLink Power2Go 8
CyberLink PowerDirector 10
CyberLink PowerDVD 10
D3DX10
DAEMON Tools Lite
Defiance
DefianceRuntimes
Defraggler
Dell Backup and Recovery
Dell Backup and Recovery - Support Software
Dell Digital Delivery
Dell Product Registration
Dell Support Center
Dell Wireless Driver Installation
DSC/AA Factory Installer
Duke Nukem
Duke Nukem 2
Duke Nukem: Manhattan Project
Google Chrome
Google Earth
Google Update Helper
HTML TADS Player Kit
InBefore404
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® Trusted Connect Service Client
Java 7 Update 21 (64-bit)
Just Cause
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office
Microsoft PowerPoint Viewer
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft Visual Basic PowerPacks 10.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
Movie Maker
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT110
MSVCRT110_amd64
Photo Common
Photo Gallery
Pokemon Game Editor
Project64 1.6
Rags Suite
RPG MAKER VX Ace RTP
RPG Maker VX RTP
SecondLifeViewer (remove only)
Shared C Run-time for x64
Sonic Adventure DX
Sonic Adventure™ 2
Speccy
Star Trek Online
Steam
TADS 3 Author's Kit
Team Fortress 2
TeamSpeak 3 Client
The Sims 2 Open For Business
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 Apartment Life
The Sims™ 2 Bon Voyage
The Sims™ 2 Double Deluxe
The Sims™ 2 FreeTime
The Sims™ 2 Seasons
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
Universe Sandbox
VLC media player 2.0.6
VMware Workstation
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
7/26/2013 12:31:06 AM, Error: Service Control Manager [7034]  - The Razer Surround Audio Service service terminated unexpectedly.  It has done this 1 time(s).
7/25/2013 3:47:10 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RzMaelstromVADStreamingService service.
7/24/2013 8:20:06 AM, Error: Service Control Manager [7034]  - The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).
7/24/2013 8:17:46 AM, Error: Service Control Manager [7000]  - The McAfee Boot Delay Start Service service failed to start due to the following error:  The system cannot find the file specified.
7/24/2013 11:58:01 PM, Error: Microsoft-Windows-Kernel-Power [137]  - The system firmware has changed the processor's memory type range registers (MTRRs) across a sleep state transition (S4). This can result in reduced resume performance.
.
==== End Of File ===========================
 

[wp6890]

when i tried to run gmer my computer gave me a blue screen with a message

[Psychotic]

Skip gmer, do the following:

 

 

Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

• Double click the mbar.zip file to open it, then 'Extract all files'.
• Double click the mbar folder to open it, then double click mbar.exe to start the tool.
  

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply.

[wp6890]

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.07.26.02

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16384
wpeterson :: WP6890 [administrator]

7/26/2013 2:16:20 AM
mbar-log-2013-07-26 (02-16-20).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 233531
Time elapsed: 6 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

[Psychotic]

In which file is MSE showing an infection?

[wp6890]

windows defender says the service wont start

[Psychotic]

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

• Run FRST.
• Don´t change one of the checkboxes and hit Scan.
• Logfiles are created on your desktop.
• Poste the FRST.txt and (after the first scan only!) the Addition.txt.
  

[wp6890]

it gave me an error saying

 

exception EAccessViolation in module ERUNT.exe at 00003A38 Access violation at address 00403A38 in module 'ERUNT.exe'. Read of address 0076005D

[Psychotic]

Reboot and try again.

[wp6890]

for frst.txt it says post too long

[Psychotic]

attach it to your reply using "More reply options"

[wp6890]

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-07-2013
Ran by wpeterson at 2013-07-26 03:04:00
Running from C:\Users\wpeterson\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

   
µTorrent (x32 Version: 3.3.0.29677)
7-Zip 9.20 (x32)
Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.224)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Avanti! (x32 Version: 1.1.1)
Burnout Paradise The Ultimate Box (x32 Version: 1.0.0.0)
Conexant SmartAudio HD (Version: 8.50.12.0)
Cry of Fear (x32)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415a)
CyberLink Media Suite 10 (x32 Version: 10.0.1.1913)
CyberLink Media Suite Essentials (x32 Version: 10.0)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1904)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1904)
CyberLink PowerDVD 10 (x32 Version: 10.0.4318.52)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Lite (x32 Version: 4.47.1.0333)
Defiance (x32)
DefianceRuntimes (x32 Version: 1.0.2)
Defraggler (Version: 2.14)
Dell Backup and Recovery - Support Software (x32 Version: 1.0.0.2)
Dell Backup and Recovery (x32 Version: 1.0.0.2)
Dell Digital Delivery (x32 Version: 2.2.2000.0)
Dell Product Registration (x32 Version: 1.16.1)
Dell Support Center (Version: 3.2.6032.39)
Dell Wireless Driver Installation (x32 Version: 10.0)
DSC/AA Factory Installer (Version: 3.2.6032.39)
Duke Nukem (x32)
Duke Nukem 2 (x32)
Duke Nukem: Manhattan Project (x32)
eaner (Version: 4.01)
Google Chrome (x32 Version: 28.0.1500.72)
Google Earth (x32 Version: 7.1.1.1580)
Google Update Helper (x32 Version: 1.3.21.153)
HTML TADS Player Kit (x32)
InBefore404 (x32 Version: 1.09.1226)
Intel® Control Center (x32 Version: 1.2.1.1008)
Intel® Management Engine Components (x32 Version: 8.1.0.1281)
Intel® Processor Graphics (x32 Version: 9.17.10.2817)
Intel® Rapid Storage Technology (x32 Version: 11.6.0.1030)
Intel® Trusted Connect Service Client (Version: 1.24.738.1)
Java 7 Update 21 (64-bit) (Version: 7.0.210)
Just Cause (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (x32 Version: 14.0.6120.5004)
Microsoft PowerPoint Viewer (x32 Version: 14.0.4763.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0)
Microsoft Visual Basic PowerPacks 10.0 (x32 Version: 10.0.20911)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
Movie Maker (x32 Version: 16.4.3505.0912)
Mozilla Firefox 22.0 (x86 en-US) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
Photo Gallery (x32 Version: 16.4.3505.0912)
Pokemon Game Editor (x32 Version: 1.0.0.0)
Project64 1.6 (x32 Version: 1.6)
Rags Suite (x32 Version: 2.4.0)
RPG MAKER VX Ace RTP (x32 Version: 1.00)
RPG Maker VX RTP (x32 Version: 1.02)
SecondLifeViewer (remove only) (x32)
Shared C Run-time for x64 (Version: 10.0.0)
Sonic Adventure DX (x32)
Sonic Adventure™ 2  (x32)
Speccy (Version: 1.21)
Star Trek Online (x32)
Steam (x32 Version: 1.0.0.0)
TADS 3 Author's Kit (x32)
Team Fortress 2 (x32)
TeamSpeak 3 Client (x32 Version: 3.0.10)
The Sims 2 Open For Business (x32)
The Sims 2 Pets (x32)
The Sims 2 University (x32)
The Sims™ 2 Apartment Life (x32)
The Sims™ 2 Bon Voyage (x32)
The Sims™ 2 Double Deluxe (x32)
The Sims™ 2 FreeTime (x32)
The Sims™ 2 Seasons (x32)
tools-freebsd (x32 Version: 9.2.3.1031769)
tools-linux (x32 Version: 9.2.3.1031769)
tools-netware (x32 Version: 9.2.3.1031769)
tools-solaris (x32 Version: 9.2.3.1031769)
tools-windows (x32 Version: 9.2.3.1031769)
tools-winPre2k (x32 Version: 9.2.3.1031769)
Universe Sandbox (x32)
VLC media player 2.0.6 (x32 Version: 2.0.6)
VMware Workstation (Version: 9.0.2)
VMware Workstation (x32 Version: 9.0.2)
Windows Live Communications Platform (x32 Version: 16.4.3505.0912)
Windows Live Essentials (x32 Version: 16.4.3505.0912)
Windows Live Installer (x32 Version: 16.4.3505.0912)
Windows Live Photo Common (x32 Version: 16.4.3505.0912)
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)
Windows Live SOXE (x32 Version: 16.4.3505.0912)
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)
Windows Live UX Platform (x32 Version: 16.4.3505.0912)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)

==================== Restore Points  =========================

11-07-2013 17:55:24 Installed Steam
21-07-2013 00:23:02 Scheduled Checkpoint
22-07-2013 03:41:47 Installed DirectX
26-07-2013 05:51:16 Malwarebytes Anti-Rootkit Restore Point

==================== Hosts content: ==========================

2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {083CB566-0A33-4534-BA89-3EF276B5CC66} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {10578903-D2B4-4683-8556-A19C0F469860} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\Program Files\Windows Defender\MpCmdRun.exe [2012-07-25] (Microsoft Corporation)
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-25] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {15177147-7214-42B0-BC9B-043F28284FEE} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-992209752-1550255655-241972411-1001
Task: {165E3FBA-F28D-40E1-8AD1-1B1756000DA3} - System32\Tasks\SystemToolsDailyTest => C:\Windows\System32\uaclauncher.exe No File
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {19304E53-1A52-4A5A-963A-06F1C357BDC1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-22] (Google Inc.)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-25] (Microsoft Corporation)
Task: {290BD6B9-D03C-4309-99E2-82CDDD8238E3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2DC5EF29-735C-4065-A33F-71CD71027DB0} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\Program Files\Windows Defender\MpCmdRun.exe [2012-07-25] (Microsoft Corporation)
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {32C666D8-FE3E-4077-875B-95502F1C7827} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\Program Files\Windows Defender\MpCmdRun.exe [2012-07-25] (Microsoft Corporation)
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {4458E57D-87A8-4108-A9C9-5BBC9E96687E} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\Windows\system32\sc.exe [2012-07-25] (Microsoft Corporation)
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {44FABDB6-2E0F-4E76-B236-E65DA541BA65} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2012-07-25] (Microsoft Corporation)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {56A39DB5-29CD-489C-8189-FA61D86AC5BA} - System32\Tasks\Dell\Dell System Registration => C:\Program Files (x86)\System Registration\prodreg.exe [2012-07-09] (Dell, Inc.)
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {621F5908-E17B-46A1-8B93-7650BAA3BD9F} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-07-17] (PC-Doctor, Inc.)
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-25] (Microsoft Corporation)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2013-02-08] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {82FFF3F3-CE02-4B13-B513-394E85167132} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-25] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AB96B97B-39C2-46A2-876A-EEB6AE199033} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup => C:\Windows\System32\dism.exe [2012-07-25] (Microsoft Corporation)
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {BDA87942-3916-45E9-9E12-546234861C03} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {C16CBE0D-C9D2-4220-99C7-A546B0A096A2} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\Program Files\Windows Defender\MpCmdRun.exe [2012-07-25] (Microsoft Corporation)
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {DF73CD65-0506-4BB7-AA99-CA2EF7F8D6E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-22] (Google Inc.)
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2013-02-08] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {F70D553C-A6A6-4CBC-9909-0DF3B48FE69A} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-07-17] (PC-Doctor, Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/26/2013 02:05:52 AM) (Source: Perflib) (User: )
Description: rdyboost4

Error: (07/26/2013 02:05:52 AM) (Source: Perflib) (User: )
Description: BITSbitsperf.dll4

Error: (07/26/2013 01:58:51 AM) (Source: Application Error) (User: )
Description: Faulting application name: dds.scr, version: 2012.11.20.1, time stamp: 0x4b1ae3c6
Faulting module name: System.dll, version: 0.0.0.0, time stamp: 0x4b1ae3ad
Exception code: 0xc0000005
Fault offset: 0x0000186d
Faulting process id: 0x5d8
Faulting application start time: 0xdds.scr0
Faulting application path: dds.scr1
Faulting module path: dds.scr2
Report Id: dds.scr3
Faulting package full name: dds.scr4
Faulting package-relative application ID: dds.scr5

Error: (07/25/2013 02:44:55 PM) (Source: Application Error) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.6871, time stamp: 0x4fee5fd5
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0x30
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5

Error: (07/25/2013 02:44:41 PM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (07/24/2013 08:02:14 PM) (Source: Application Hang) (User: )
Description: The program javaw.exe version 7.0.210.11 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1440

Start Time: 01ce88cfae7c916b

Termination Time: 69

Application Path: C:\Program Files\Java\jre7\bin\javaw.exe

Report Id: d4e939fb-f4c5-11e2-be74-a41f7252b680

Faulting package full name:

Faulting package-relative application ID:

Error: (07/24/2013 06:04:40 PM) (Source: Application Error) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.6871, time stamp: 0x4fee5fd5
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0x1360
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5

Error: (07/24/2013 04:14:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: wp6890)
Description: App microsoft.microsoftskydrive_8wekyb3d8bbwe!Microsoft.MicrosoftSkyDrive did not launch within its allotted time.

Error: (07/24/2013 00:12:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: pcdrsysinfocsmi.p5x, version: 6.0.6032.39, time stamp: 0x4ffe56d2
Faulting module name: MSVCR90.dll, version: 9.0.30729.6871, time stamp: 0x4fee5fd5
Exception code: 0x40000015
Fault offset: 0x000000000004267f
Faulting process id: 0x10a8
Faulting application start time: 0xpcdrsysinfocsmi.p5x0
Faulting application path: pcdrsysinfocsmi.p5x1
Faulting module path: pcdrsysinfocsmi.p5x2
Report Id: pcdrsysinfocsmi.p5x3
Faulting package full name: pcdrsysinfocsmi.p5x4
Faulting package-relative application ID: pcdrsysinfocsmi.p5x5

Error: (07/24/2013 08:18:05 AM) (Source: Perflib) (User: )
Description: rdyboost4


System errors:
=============
Error: (07/26/2013 03:03:56 AM) (Source: Service Control Manager) (User: )
Description: The Dell Digital Delivery Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (07/26/2013 03:01:38 AM) (Source: Service Control Manager) (User: )
Description: The McAfee Boot Delay Start Service service failed to start due to the following error:
%%2

Error: (07/26/2013 03:00:56 AM) (Source: Service Control Manager) (User: )
Description: The $(BrandName) service failed to start due to the following error:
%%1053

Error: (07/26/2013 03:00:56 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the $(BrandName) service to connect.

Error: (07/26/2013 02:35:03 AM) (Source: Service Control Manager) (User: )
Description: The $(BrandName) service failed to start due to the following error:
%%1053

Error: (07/26/2013 02:35:03 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the $(BrandName) service to connect.

Error: (07/26/2013 02:33:55 AM) (Source: Service Control Manager) (User: )
Description: The $(BrandName) service failed to start due to the following error:
%%1053

Error: (07/26/2013 02:33:55 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the $(BrandName) service to connect.

Error: (07/26/2013 02:33:38 AM) (Source: Service Control Manager) (User: )
Description: The $(BrandName) service failed to start due to the following error:
%%1053

Error: (07/26/2013 02:33:38 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the $(BrandName) service to connect.


Microsoft Office Sessions:
=========================
Error: (07/26/2013 02:05:52 AM) (Source: Perflib)(User: )
Description: rdyboost4

Error: (07/26/2013 02:05:52 AM) (Source: Perflib)(User: )
Description: BITSbitsperf.dll4

Error: (07/26/2013 01:58:51 AM) (Source: Application Error)(User: )
Description: dds.scr2012.11.20.14b1ae3c6System.dll0.0.0.04b1ae3adc00000050000186d5d801ce89cd94748edbC:\Users\wpeterson\Downloads\dds.scrC:\Users\WPETER~1\AppData\Local\Temp\nsm1646.tmp\System.dlld3455c39-f5c0-11e2-be74-a41f7252b680

Error: (07/25/2013 02:44:55 PM) (Source: Application Error)(User: )
Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.68714fee5fd540000015000000000004267f3001ce896f6cf9e6e9C:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_08e717a5a83adddf\MSVCR90.dlladafe5f3-f562-11e2-be74-a41f7252b680

Error: (07/25/2013 02:44:41 PM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (07/24/2013 08:02:14 PM) (Source: Application Hang)(User: )
Description: javaw.exe7.0.210.11144001ce88cfae7c916b69C:\Program Files\Java\jre7\bin\javaw.exed4e939fb-f4c5-11e2-be74-a41f7252b680

Error: (07/24/2013 06:04:40 PM) (Source: Application Error)(User: )
Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.68714fee5fd540000015000000000004267f136001ce88c22a7118dfC:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_08e717a5a83adddf\MSVCR90.dll6aa88eac-f4b5-11e2-be74-a41f7252b680

Error: (07/24/2013 04:14:54 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: wp6890)
Description: microsoft.microsoftskydrive_8wekyb3d8bbwe!Microsoft.MicrosoftSkyDrive

Error: (07/24/2013 00:12:15 PM) (Source: Application Error)(User: )
Description: pcdrsysinfocsmi.p5x6.0.6032.394ffe56d2MSVCR90.dll9.0.30729.68714fee5fd540000015000000000004267f10a801ce8890eec616aaC:\Program Files\Dell Support Center\pcdrsysinfocsmi.p5xC:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6871_none_08e717a5a83adddf\MSVCR90.dll2f42fae2-f484-11e2-be74-a41f7252b680

Error: (07/24/2013 08:18:05 AM) (Source: Perflib)(User: )
Description: rdyboost4


==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 8066.03 MB
Available physical RAM: 6631.29 MB
Total Pagefile: 16258.03 MB
Available Pagefile: 14761.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:922.48 GB) (Free:733.33 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: FD23225B)

Partition: GPT Partition Type
==================== End Of Log ============================

[wp6890]

here is the frst.txt

FRST.txt

[Psychotic]

Nothing to see...

 

 

Scan with Farbar´s Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
    
    
    

  
  [*]Press "Scan". [*]It will create a log (FSS.txt) in the same directory the tool is run. [*]Please copy and paste the log to your reply.
  

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

• Turn off the real time scanner of any existing antivirus program while performing the online scan
• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Click Start
• Make sure that the option Remove found threats is unticked
• Click on Advanced Settings and ensure these options are ticked:
  • Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

[wp6890]

Farbar Service Scanner Version: 26-07-2013
Ran by wpeterson (administrator) on 26-07-2013 at 03:44:30
Running from "C:\Users\wpeterson\Downloads"
Microsoft Windows 8  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: "%SystemRoot%\System32\svchost.exe -k secsvcs".


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll
[2012-07-25 19:00] - [2012-07-25 22:05] - 0718848 ____A (Microsoft Corporation) 407F85D5387EDBB665A7969DF4D4712B

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-02-08 08:16] - [2013-02-08 08:16] - 3340288 ____A (Microsoft Corporation) 270282F9357AB356300AD9DB9F0FD665

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MsMpEng.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

[wp6890]

C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe    a variant of Win32/HiddenStart.A application
C:\Users\wpeterson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B5VH62O0\bi_downloader[1].exe    Win32/Somoto.A application
C:\Users\wpeterson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVTFCO90\BiTool[1].dll    Win32/Somoto.B application
C:\Users\wpeterson\AppData\Local\Temp\bitool.dll    Win32/Somoto.B application
C:\Users\wpeterson\AppData\Local\Temp\nsf73FB.tmp    Win32/Somoto.A application
C:\Users\wpeterson\AppData\Roaming\flmem.exe    a variant of MSIL/Injector.BOT trojan
C:\Users\wpeterson\AppData\Roaming\FLup.exe    a variant of MSIL/Injector.BOT trojan
C:\Users\wpeterson\AppData\Roaming\uTorrent\uTorrent.exe    a variant of Win32/Bunndle application
C:\Users\wpeterson\Downloads\DTLite4471-0333.exe    Win32/OpenCandy application
C:\Users\wpeterson\Downloads\utorrent.exe    a variant of Win32/Bunndle application
C:\Users\wpeterson\Downloads\Fuuka\Fuuka.exe    a variant of MSIL/Injector.BOT trojan
C:\Users\wpeterson\Downloads\Kasumi Rebirth\KasumiRebirth.exe    a variant of MSIL/Injector.BOT trojan
C:\Users\wpeterson\Downloads\OS X Mountain Lion 10.8.2 VMware Image\VMware Unlocker - Hardware Virtualization Bypasser\vmware-vmx-patch.exe    a variant of Win32/Tool.TPE.A application
C:\Users\wpeterson\Downloads\VMware Unlocker - Hardware Virtualization Bypasser\vmware-vmx-patch.exe    a variant of Win32/Tool.TPE.A application
 

[Psychotic]

Fix with FRST (normal mode)

• Open notepad (Start =>All Programs => Accessories => Notepad).
• Please copy the entire contents of the code box below.
  (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
• Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.
  
  

  C:\Users\wpeterson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVTFCO90\C:\Users\wpeterson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B5VH62O0C:\Users\wpeterson\AppData\Local\Temp\bitool.dllC:\Users\wpeterson\AppData\Local\Temp\nsf73FB.tmpC:\Users\wpeterson\AppData\Roaming\flmem.exeC:\Users\wpeterson\AppData\Roaming\FLup.exeC:\Users\wpeterson\AppData\Roaming\uTorrent\uTorrent.exeC:\Users\wpeterson\Downloads\DTLite4471-0333.exeC:\Users\wpeterson\Downloads\utorrent.exeC:\Users\wpeterson\Downloads\Fuuka\Fuuka.exeC:\Users\wpeterson\Downloads\Kasumi Rebirth\KasumiRebirth.exeC:\Users\wpeterson\Downloads\OS X Mountain Lion 10.8.2 VMware Image\VMware Unlocker - Hardware Virtualization Bypasser\vmware-vmx-patch.exeC:\Users\wpeterson\Downloads\VMware Unlocker - Hardware Virtualization Bypasser\vmware-vmx-patch.exe

  NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
• Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
• The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.
  

 

 

 

Scan with RogueKiller

Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

• Quit all programs that you may have started.
• Please disconnect any external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select "Run as Administrator to start"
• For Windows XP, double-click to start.
• Wait until Prescan has finished ...
• Then Click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• You´ll find the log as RKreport[1].txt on your desktop also.
• Exit/Close RogueKiller.
  

[wp6890]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-07-2013
Ran by wpeterson at 2013-07-26 05:13:32 Run:1
Running from C:\Users\wpeterson\Downloads
Boot Mode: Normal
==============================================

C:\Users\wpeterson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVTFCO90\ => Moved successfully.
C:\Users\wpeterson\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\B5VH62O0 => Moved successfully.
C:\Users\wpeterson\AppData\Local\Temp\bitool.dll => Moved successfully.
C:\Users\wpeterson\AppData\Local\Temp\nsf73FB.tmp => Moved successfully.
C:\Users\wpeterson\AppData\Roaming\flmem.exe => Moved successfully.
C:\Users\wpeterson\AppData\Roaming\FLup.exe => Moved successfully.
C:\Users\wpeterson\AppData\Roaming\uTorrent\uTorrent.exe => Moved successfully.
C:\Users\wpeterson\Downloads\DTLite4471-0333.exe => Moved successfully.
C:\Users\wpeterson\Downloads\utorrent.exe => Moved successfully.
C:\Users\wpeterson\Downloads\Fuuka\Fuuka.exe => Moved successfully.
C:\Users\wpeterson\Downloads\Kasumi Rebirth\KasumiRebirth.exe => Moved successfully.
C:\Users\wpeterson\Downloads\OS X Mountain Lion 10.8.2 VMware Image\VMware Unlocker - Hardware Virtualization Bypasser\vmware-vmx-patch.exe => Moved successfully.
C:\Users\wpeterson\Downloads\VMware Unlocker - Hardware Virtualization Bypasser\vmware-vmx-patch.exe => Moved successfully.

==== End of Fixlog ====

[wp6890]

RogueKiller V8.6.3 _x64_ [Jul 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : wpeterson [Admin rights]
Mode : Scan -- Date : 07/26/2013 05:17:20
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EZEX-75ZF5A0 +++++
--- User ---
[MBR] 6cb81d5a4d68573805a665d95d92a2c1
[bSP] a0e56969c0407326e75deef73d5e0ade : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_07262013_051720.txt >>
RKreport[0]_D_07262013_003557.txt;RKreport[0]_S_07262013_003306.txt;RKreport[0]_S_07262013_003738.txt



 

[Psychotic]

System File Check

For Windows XP:
 

• Press the Windows- and the R-key simultanously.
• Within the text box that jus opened, write cmd and hit Enter.

For Windows Vista/7/8:
 

• Press the Windows key to open the start menu.
• Don´t highlight anything, just write cmd.
• The start menu will offer you an entry named cmd.
• Right click it and select "run as administrator"

Within the opening window, write the following:
 

sfc /scannow

(See the blank within).

 

• Hit enter. Your system will be checked for damaged system files.
• Tell me the result of that scan in here (as the tool produces no log).

[wp6890]

Windows Resource Protection did not find any integrity violations.

[Psychotic]

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.

• Run adwcleaner.exe.
• Hit delete.
• When the run is finished, it will open up a text file.
• Please post its contents within your next reply.
• You´ll find the log file at C:\AdwCleaner[s1].txt also.
  

SecurityCheck

Please download SecurityCheck: LINK1 LINK2

• Save it to your desktop, start it and follow the instructions in the window.
• After the scan finished the (checkup.txt) will open. Copy its content to your thread.