Jump to content

Might be infected- Constantly Getting "Sucessfully Removed" Pop-Ups


deethy
 Share

Recommended Posts

Reading through the forum, I've seen that other people have also had this problem, but I think my computer could be infected with something. Every couple minutes or so I've been getting pop-ups that say "Successfully blocked access to a potentially malicious website."  IP address is 111.111.111.111 This message pops up even when all my browsers are closed and I'm basically doing nothing on the computer. 

 

 

Earlier I downloaded Malwarebytes (this is a new computer and I forgot to download it when I first got it- oops!) because when I opened my computer none of the browsers on my laptop would open. I downloaded Malwarebytes, ran a full scan that said I had two infected items- removed them and restarted my computer. Even after the restart I've been constantly getting those messages. Wondering if this is nothing or if it's something malicious that needs to be fixed. 

 

Thank you for any and all help! 

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:
If you've not already done so please start here and post back the 2 log files DDS.txt and Attach.txt

P2P/Piracy Warning:
 

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 



Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)


STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.



Link 1
Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.


STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.



  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit



  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.

 

 

Link to post
Share on other sites

Hello, thank you for the help! Here are the results:

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.25.2
Run by Deethers at 12:27:42 on 2013-08-16
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.6000.3765 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\dwm.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\windows\Explorer.EXE
C:\windows\system32\taskhostex.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\windows\system32\dashost.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
C:\windows\SysWOW64\NLSSRV32.EXE
C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\windows\system32\SearchIndexer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Windows\RTFTrack.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Elantech\ETDIntelligent.exe
C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Users\Deethers\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Opera\opera.exe
C:\windows\system32\msiexec.exe
C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\vssvc.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.


mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Amazon Cloud Player] C:\Users\Deethers\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe" /s
mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} -
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{3655C5D2-10DC-49F2-A666-2D0D502CE802} : DHCPNameServer = 192.168.88.88
TCP: Interfaces\{759B580A-6CC8-42C3-B628-6F5CDDF7B46D} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtsFT] RTFTrack.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg_Dolby] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [OnekeyStudio] C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe -start
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\windows\System32\Drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\windows\System32\Drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\System32\Drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\System32\Drivers\avgrkx64.sys [2013-7-10 45880]
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-4-25 647736]
R0 LHDmgr;LHDmgr;C:\windows\System32\Drivers\LhdX64.sys [2013-4-25 39008]
R1 AVGIDSDriver;AVGIDSDriver;C:\windows\System32\Drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\windows\System32\Drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgwfpa;AVG Firewall Driver;C:\windows\System32\Drivers\avgwfpa.sys [2013-7-9 248632]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-11-13 755240]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-8-27 1112000]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-9-6 1124288]
R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-8-15 135984]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-4-25 166720]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-16 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-16 701512]
R2 NitroDriverReadSpool8;NitroPDFDriverCreatorReadSpool8;C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [2012-12-14 230408]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-12-14 70152]
R2 PanService;PandoraService;C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [2013-6-13 625304]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-25 365376]
R2 X5XSEx_Pr148;X5XSEx_Pr148;C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.sys [2013-4-25 56136]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-11-15 1153840]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\Drivers\AcpiVpc.sys [2012-5-15 33560]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter;C:\windows\System32\Drivers\AmpPal.sys [2012-11-13 156160]
R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\Drivers\ETD.sys [2012-9-10 318800]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-4-25 169752]
R3 IntcDAud;Intel® Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2013-2-22 342528]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\Drivers\iwdbus.sys [2012-11-29 25568]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-8-16 25928]
R3 NETwNe64;@oem42.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\windows\System32\Drivers\NETwew00.sys [2012-11-22 4309032]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2013-4-25 683664]
R3 rtsuvc;Lenovo EasyCamera;C:\windows\System32\Drivers\rtsuvc.sys [2013-4-25 8230160]
R3 usb3Hub;USB-IF USB 3.0 Hub;C:\windows\System32\Drivers\usb3Hub.sys [2012-11-29 47072]
R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\windows\System32\Drivers\xHCIPort.sys [2012-11-29 188896]
S0 Avgboota;AVG Early Launch Anti-Malware Driver;C:\windows\System32\Drivers\avgboota.sys [2012-10-26 20912]
S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\windows\System32\Drivers\AmpPal.sys [2012-11-13 156160]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
S3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\Drivers\btmaux.sys [2012-8-27 121728]
S3 btmhsf;btmhsf;C:\windows\System32\Drivers\btmhsf.sys [2012-8-29 857472]
S3 ibtfltcoex;ibtfltcoex;C:\windows\System32\Drivers\iBtFltCoex.sys [2012-8-6 68136]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\Drivers\intelaud.sys [2012-11-29 35296]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-11-15 272176]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\Drivers\RtsUVStor.sys [2013-4-25 315536]
S3 wsvd;wsvd;C:\windows\System32\Drivers\wsvd.sys [2013-4-25 102376]
.
=============== Created Last 30 ================
.
2013-08-16 06:49:48 -------- d-----w- C:\Users\Deethers\AppData\Roaming\Malwarebytes
2013-08-16 06:49:46 -------- d-----w- C:\ProgramData\Malwarebytes
2013-08-16 06:49:45 25928 ----a-w- C:\windows\System32\drivers\mbam.sys
2013-08-16 06:49:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-14 02:12:48 3958784 ----a-w- C:\windows\System32\jscript9.dll
2013-08-14 02:12:44 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-08-14 02:12:44 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2013-08-14 02:11:53 87040 ----a-w- C:\windows\SysWow64\apprepapi.dll
2013-08-14 02:11:53 68096 ----a-w- C:\windows\System32\cryptsvc.dll
2013-08-14 02:11:53 337408 ----a-w- C:\windows\System32\wintrust.dll
2013-08-14 02:11:53 261120 ----a-w- C:\windows\SysWow64\wintrust.dll
2013-08-14 02:11:53 1889280 ----a-w- C:\windows\System32\crypt32.dll
2013-08-14 02:11:53 1568256 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-08-14 02:11:53 124416 ----a-w- C:\windows\System32\apprepapi.dll
2013-08-14 02:11:51 98304 ----a-w- C:\windows\System32\apprepsync.dll
2013-08-14 02:11:51 74240 ----a-w- C:\windows\SysWow64\apprepsync.dll
2013-08-13 17:10:39 -------- d-----w- C:\Users\Deethers\AppData\Local\Amazon Cloud Player
2013-08-11 01:17:58 -------- d-----w- C:\Users\Deethers\AppData\Roaming\Nitro
2013-08-07 06:51:07 -------- d-----w- C:\windows\SysWow64\Adobe
2013-08-06 17:03:24 -------- d-----w- C:\Users\Deethers\AppData\Local\Programs
2013-07-27 03:09:59 850944 ----a-w- C:\windows\SysWow64\mfasfsrcsnk.dll
2013-07-27 03:09:59 80896 ----a-w- C:\windows\System32\MbaeParserTask.exe
2013-07-27 03:09:59 337152 ----a-w- C:\windows\System32\drivers\USBXHCI.SYS
2013-07-27 03:09:59 207872 ----a-w- C:\windows\System32\DeviceSetupManager.dll
2013-07-27 03:09:59 194816 ----a-w- C:\windows\System32\drivers\sdbus.sys
2013-07-27 03:09:59 125184 ----a-w- C:\windows\System32\drivers\dumpsd.sys
2013-07-27 03:09:58 67584 ----a-w- C:\windows\SysWow64\samlib.dll
2013-07-27 03:09:58 37632 ----a-w- C:\windows\System32\drivers\BthAvrcpTg.sys
2013-07-27 03:09:58 190976 ----a-w- C:\windows\System32\vdsutil.dll
2013-07-20 05:51:00 311608 ----a-w- C:\windows\System32\drivers\avgloga.sys
2013-07-20 05:50:56 71480 ----a-w- C:\windows\System32\drivers\avgidsha.sys
2013-07-20 05:50:56 246072 ----a-w- C:\windows\System32\drivers\avgidsdrivera.sys
2013-07-20 05:50:50 206648 ----a-w- C:\windows\System32\drivers\avgldx64.sys
2013-07-19 18:26:13 -------- d-----w- C:\Users\Deethers\AppData\Roaming\Auslogics
2013-07-18 07:01:41 -------- d-----w- C:\windows\System32\MRT
.
==================== Find3M ====================
.
2013-07-26 05:13:37 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-07-26 05:13:28 915968 ----a-w- C:\windows\System32\uxtheme.dll
2013-07-26 05:13:28 53760 ----a-w- C:\windows\System32\UXInit.dll
2013-07-26 05:12:04 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-07-26 05:12:03 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-07-26 03:35:08 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-07-26 03:13:24 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-07-26 03:13:15 44032 ----a-w- C:\windows\SysWow64\UXInit.dll
2013-07-26 03:12:00 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-07-26 03:12:00 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-07-26 02:49:14 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-07-26 00:54:34 534528 ----a-w- C:\windows\SysWow64\uxtheme.dll
2013-07-10 05:32:38 45880 ----a-w- C:\windows\System32\drivers\avgrkx64.sys
2013-07-09 06:07:17 2233168 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-07-09 05:28:50 248632 ----a-w- C:\windows\System32\drivers\avgwfpa.sys
2013-07-02 00:44:14 36288 ----a-w- C:\windows\System32\drivers\WdBoot.sys
2013-07-01 22:08:49 247216 ----a-w- C:\windows\System32\drivers\WdFilter.sys
2013-07-01 05:45:28 116536 ----a-w- C:\windows\System32\drivers\avgmfx64.sys
2013-06-27 22:04:51 78200 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-27 22:04:51 693112 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-06-27 13:47:30 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-27 13:47:30 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-06-27 13:47:30 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-06-27 13:44:54 972712 ----a-w- C:\windows\System32\deployJava1.dll
2013-06-27 13:44:54 1093032 ----a-w- C:\windows\System32\npDeployJava1.dll
2013-06-27 13:44:54 108968 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2013-06-16 22:41:31 997632 ----a-w- C:\windows\System32\drivers\ndis.sys
2013-06-01 11:34:21 2391280 ----a-w- C:\windows\explorer.exe
2013-06-01 11:29:35 213248 ----a-w- C:\windows\System32\drivers\UCX01000.SYS
2013-06-01 11:26:33 327936 ----a-w- C:\windows\System32\drivers\volsnap.sys
2013-06-01 11:26:31 6987008 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-06-01 10:24:46 2106176 ----a-w- C:\windows\SysWow64\explorer.exe
2013-06-01 09:25:52 364544 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2013-06-01 09:25:03 496640 ----a-w- C:\windows\SysWow64\qedit.dll
2013-06-01 09:24:19 493056 ----a-w- C:\windows\SysWow64\mscms.dll
2013-06-01 09:24:09 1453568 ----a-w- C:\windows\SysWow64\mfcore.dll
2013-06-01 09:23:46 1842176 ----a-w- C:\windows\SysWow64\dwmcore.dll
2013-06-01 09:23:06 680960 ----a-w- C:\windows\System32\vds.exe
2013-06-01 09:22:33 523264 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2013-06-01 09:22:33 446976 ----a-w- C:\windows\System32\wwansvc.dll
2013-06-01 09:21:39 729600 ----a-w- C:\windows\System32\samsrv.dll
2013-06-01 09:21:39 106496 ----a-w- C:\windows\System32\samlib.dll
2013-06-01 09:21:34 595968 ----a-w- C:\windows\System32\qedit.dll
2013-06-01 09:20:45 583168 ----a-w- C:\windows\System32\mscms.dll
2013-06-01 09:20:34 1527808 ----a-w- C:\windows\System32\mfcore.dll
2013-06-01 09:20:34 1048576 ----a-w- C:\windows\System32\mfasfsrcsnk.dll
2013-06-01 09:20:04 2219520 ----a-w- C:\windows\System32\dwmcore.dll
2013-06-01 09:19:42 785408 ----a-w- C:\windows\System32\audiosrv.dll
2013-05-30 23:14:23 4036096 ----a-w- C:\windows\System32\win32k.sys
2013-05-24 22:09:20 1403296 ----a-w- C:\windows\System32\winload.efi
2013-05-24 22:09:20 1271584 ----a-w- C:\windows\System32\winload.exe
2013-05-24 22:09:20 1217352 ----a-w- C:\windows\System32\winresume.efi
2013-05-24 22:09:20 1093904 ----a-w- C:\windows\System32\winresume.exe
2013-05-23 23:02:30 1314816 ----a-w- C:\windows\System32\rpcrt4.dll
2013-05-23 23:01:46 1300992 ----a-w- C:\windows\System32\gdi32.dll
2013-05-23 22:27:05 1022464 ----a-w- C:\windows\SysWow64\gdi32.dll
2013-05-23 22:25:22 694272 ----a-w- C:\windows\SysWow64\rpcrt4.dll
.
============= FINISH: 12:27:50.74 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 6/13/2013 10:40:55 PM
System Uptime: 8/16/2013 3:29:26 AM (9 hours ago)
.
Motherboard: LENOVO | | INVALID
Processor: Intel® Core i5-3230M CPU @ 2.60GHz | U3E1 | 1200/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 651 GiB total, 596.975 GiB free.
D: is FIXED (NTFS) - 25 GiB total, 22.252 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Description: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
Device ID: USB\VID_8087&PID_07DA\6&2E2F5DEF&0&3
Manufacturer: Intel Corporation
Name: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
PNP Device ID: USB\VID_8087&PID_07DA\6&2E2F5DEF&0&3
Service: BTHUSB
.
==== System Restore Points ===================
.
RP12: 8/4/2013 1:12:22 AM - Scheduled Checkpoint
RP13: 8/12/2013 12:28:47 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 12.0
AIM for Windows
Amazon Cloud Player
AVG 2013
CCleaner
Convert AVI to MP4
D3DX10
Dolby Home Theater v4
Download Updater (AOL Inc.)
Energy Management
ETDWare PS/2-X64 11.4.8.1_WHQL
FreeRide Games
Google Chrome
Google Update Helper
Intel AppUp(SM) center
Intel PROSet Wireless
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless for Bluetooth® + High Speed
Intel® PROSet/Wireless Software for Bluetooth® Technology
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® WiDi
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
Java 7 Update 25
Java 7 Update 25 (64-bit)
Java Auto Updater
Lenovo EasyCamera
Lenovo OneKey Recovery
Lenovo PowerDVD10
Lenovo YouCam
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Application Error Reporting
Microsoft Office
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
MSVCRT
MSVCRT110
MSVCRT110_amd64
Nitro Pro 8
Onekey Theater
Opera 12.16
Pandora Service
Photo Common
Photo Gallery
Power2Go
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Shared C Run-time for x64
SolveigMM AVI Trimmer
SugarSync Manager
swMSM
The KMPlayer (remove only)
UserGuide
Visual Studio 2010 x64 Redistributables
Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile Device Updater Component
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== Event Viewer Messages From Past Week ========
.
8/16/2013 3:29:11 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
.
==== End Of File ===========================

 

RogueKiller V8.6.5 _x64_ [Aug 5 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Deethers [Admin rights]
Mode : Scan -- Date : 08/16/2013 12:41:05
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[sUSP PATH] RTFTrack.exe -- C:\Windows\RTFTrack.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : Amazon Cloud Player (C:\Users\Deethers\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [-]) -> FOUND
[RUN][sUSP PATH] HKUS\S-1-5-21-1533650612-1157666230-1475085810-1001\[...]\Run : Amazon Cloud Player (C:\Users\Deethers\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [-]) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 2 ¤¤¤
[V2][sUSP PATH] OFFICE2013ACT : C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [-] -> FOUND
[V2][sUSP PATH] Lenovo-20527 : C:\ProgramData\Lenovo-20527.vbs [-] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD7500BPVT-24HXZT3 +++++
--- User ---
[MBR] e86fc2d5662956d44334c77aa2cfc0a1
[bSP] ccfed9d1a0d19a88826032f9e6636525 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08162013_124105.txt >>



 

Link to post
Share on other sites

  • Root Admin

Okay, let me have you run the next following steps please.

 

 

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.


  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 05
Please download AdwCleaner by Xplode to your desktop.


  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • If prompted by the User Account Control click Yes to allow it to run.
  • Under Actions click on the Delete button.
  • Click OK on all prompts.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the entire contents of that logfile to your next reply.
  • You can find the logfile at C:\AdwCleaner[s1].txt where the number in brackets indicates how often it was run.

STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.


  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit


  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 

 

Link to post
Share on other sites

Here are my results, there were no threats found from step 6 so there's no log from that step. 

 

 

Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.16.07

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16660
Deethers :: DEETHY [administrator]

8/17/2013 2:10:50 AM
mbar-log-2013-08-17 (02-10-50).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 231278
Time elapsed: 15 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16660

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.594000 GHz
Memory total: 6290948096, free: 4020908032

Downloaded database version: v2013.08.16.07
Initializing...
------------ Kernel report ------------
08/17/2013 02:10:47
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\system32\DRIVERS\avgloga.sys
\SystemRoot\system32\DRIVERS\avgmfx64.sys
\SystemRoot\system32\DRIVERS\avgidsha.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\DRIVERS\LhdX64.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\avgrkx64.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\avgwfpa.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\avgldx64.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\avgidsdrivera.sys
\SystemRoot\System32\drivers\XHCIPort.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\system32\DRIVERS\NETwew00.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\AcpiVpc.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\iwdbus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\drivers\AMPPAL.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\usb3Hub.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\system32\DRIVERS\rtsuvc.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\luafv.sys
\??\C:\windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\System32\drivers\mshidumdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\WORKERDD.dll
\SystemRoot\system32\DRIVERS\WinUSB.sys
\SystemRoot\System32\drivers\WpdUpFltr.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\mbamswissarmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007b73060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000039\
Lower Device Object: 0xfffffa80062502f0
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Device number: 0, partition: 5
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007b73060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007b72b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007b72040, DeviceName: Unknown, DriverName: \Driver\LHDmgr\
DevicePointer: 0xfffffa8007b73060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa80062502f0, DeviceName: \Device\00000039\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: Unknown, DriverName: \Driver\LHDmgr\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 5
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 5
Partition type: GUID
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "c:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
Read File: File "C:\windows\system32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 377881F3

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 2624490694
GPT Header CurrentLba = 1 BackupLba 1465149167
GPT Header FirstUsableLba 34 LastUsableLba 1465149134
GPT Header Guid 2e5c5c17-ad5a-4fec-ab18-ca2d8366b238
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 2624490694
Backup GPT header CurrentLba = 1465149167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1465149134
Backup GPT header Guid 2e5c5c17-ad5a-4fec-ab18-ca2d8366b238
Backup GPT header Contains 128 partition entries starting at LBA 1465149135
Backup GPT header Partition entry size = 128

Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 2ca117f9-f8df-4783-ab1c-b13768c1ca6
FirstLBA 2048 Last LBA 2050047
Attributes 1
Partition Name Basic data partition

Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID e74663fb-6a08-4294-bb2b-3f21232c884a
FirstLBA 2050048 Last LBA 2582527
Attributes 1
Partition Name EFI system partition

GPT Partition 1 is bootable
Partition 2 Type bfbfafe7-a34f-448a-9a5b-6213eb736c22
Partition ID b571518-5c52-43f5-bbbb-e71d4a9808a
FirstLBA 2582528 Last LBA 4630527
Attributes 1
Partition Name Basic data partition

Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID b4535583-2db7-4ff5-aaf7-f9fc752c982
FirstLBA 4630528 Last LBA 4892671
Attributes 0
Partition Name Microsoft reserved partition

Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 5b350782-2b0e-4bd8-bac3-1de9304eb10
FirstLBA 4892672 Last LBA 1370775551
Attributes 0
Partition Name Basic data partition

Partition 5 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 97000fd8-e9a4-47da-a939-1a2bf88256bd
FirstLBA 1370775552 Last LBA 1423204351
Attributes 0
Partition Name Basic data partition

Partition 6 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 918c4d80-52c4-47d8-a841-d1d032ac3112
FirstLBA 1423204352 Last LBA 1465147391
Attributes 1
Partition Name Basic data partition

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Done!
Read File: File "c:\programdata\avg2013\chjw\6a1aa8a71aa871ad.dat:5c9fdb43-9394-4445-b55f-4a4eb7b21233" is sparse (flags = 32768)
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.6 (08.15.2013:1)
OS: Windows 8 x64
Ran by Deethers on Sat 08/17/2013 at 2:30:33.45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dnu.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdate
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloaduibrowser.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\dnupdater.downloadupdcontroller.1
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\software update utility"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 08/17/2013 at 2:34:16.39
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

# AdwCleaner v2.306 - Logfile created 08/17/2013 at 02:43:43
# Updated 19/07/2013 by Xplode
# Operating system : Windows 8 (64 bits)
# User : Deethers - DEETHY
# Boot Mode : Normal
# Running from : C:\Users\Deethers\Downloads\AdwCleaner.exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16660

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\Deethers\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.16.1860.0

File : C:\Users\Deethers\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [1706 octets] - [17/08/2013 02:43:43]

########## EOF - C:\AdwCleaner[s1].txt - [1766 octets] ##########

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-08-2013
Ran by Deethers (administrator) on 17-08-2013 03:34:11
Running from C:\Users\Deethers\AppData\Local\Opera\Opera\temporary_downloads
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\windows\system32\dashost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\windows\SysWOW64\NLSSRV32.EXE
(Pandora.TV) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(PandoraTV) C:\Program Files (x86)\PANDORA.TV\PanService\PanProcess.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
() C:\Users\Deethers\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Opera Software) C:\Program Files (x86)\Opera\opera.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneWlanCfgSvc.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtsFT] - C:\Windows\RTFTrack.exe [6334096 2012-10-17] (Realtek semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2872720 2012-09-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13262480 2012-12-07] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1256080 2012-12-03] (Realtek Semiconductor)
HKLM\...\Run: [bTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [11577216 2012-08-27] (Motorola Solutions, Inc.)
HKLM\...\Run: [OnekeyStudio] - C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-04-25] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-04-25] (Lenovo(beijing) Limited)
HKLM\...\Run: [Zune Launcher] - C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKCU\...\Run: [Amazon Cloud Player] - C:\Users\Deethers\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3109376 2013-07-21] ()
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [updateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {F9EF866D-0BD6-42D3-9069-944FB110CA8D} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {F9EF866D-0BD6-42D3-9069-944FB110CA8D} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - DefaultScope {F9EF866D-0BD6-42D3-9069-944FB110CA8D} URL =
SearchScopes: HKCU - {F9EF866D-0BD6-42D3-9069-944FB110CA8D} URL =
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Chrome:
=======

CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Exent\u00AE AOD Gecko Plugin) - C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel\u00AE Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Extension: (Google Docs) - C:\Users\Deethers\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Deethers\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Deethers\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Deethers\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\Deethers\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-11-15] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-14] (Nitro PDF Software)
R2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-11-15] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20912 2012-10-26] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [248632 2013-07-09] (AVG Technologies CZ, s.r.o.)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
S3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [121728 2012-08-27] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [857472 2012-08-29] (Motorola Solutions, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-11-22] (Intel Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8230160 2012-10-17] (Realtek Semiconductor Corp.)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows ® Win 7 DDK provider)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-11-29] (Windows ® Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-17 03:32 - 2013-08-17 03:32 - 01575580 _____ (Farbar) C:\Users\Deethers\Downloads\FRST64.exe
2013-08-17 02:48 - 2013-08-17 02:48 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-17 02:46 - 2013-08-17 02:46 - 00001831 _____ C:\Users\Deethers\Desktop\AdwCleaner[s1].txt
2013-08-17 02:43 - 2013-08-17 02:44 - 00001831 _____ C:\AdwCleaner[s1].txt
2013-08-17 02:41 - 2013-08-17 02:43 - 00666633 _____ C:\Users\Deethers\Downloads\AdwCleaner.exe
2013-08-17 02:34 - 2013-08-17 02:34 - 00001510 _____ C:\Users\Deethers\Desktop\JRT.txt
2013-08-17 02:30 - 2013-08-17 02:30 - 01159319 _____ (Thisisu) C:\Users\Deethers\Downloads\JRT.exe
2013-08-17 02:30 - 2013-08-17 02:30 - 00000000 ____D C:\windows\ERUNT
2013-08-17 02:10 - 2013-08-17 02:29 - 00000000 ____D C:\Users\Deethers\Downloads\mbar
2013-08-17 02:10 - 2013-08-17 02:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-16 12:41 - 2013-08-16 12:41 - 00001974 _____ C:\Users\Deethers\Desktop\RKreport[0]_S_08162013_124105.txt
2013-08-16 12:39 - 2013-08-16 12:41 - 00000000 ____D C:\Users\Deethers\Desktop\RK_Quarantine
2013-08-16 12:38 - 2013-08-16 12:38 - 03800064 _____ C:\Users\Deethers\Downloads\RogueKillerX64.exe
2013-08-16 12:35 - 2013-08-16 12:36 - 00000000 ____D C:\Users\Deethers\Downloads\8-16-2013
2013-08-16 12:35 - 2013-08-16 12:35 - 00000792 _____ C:\Users\Deethers\Desktop\NTREGOPT.lnk
2013-08-16 12:35 - 2013-08-16 12:35 - 00000773 _____ C:\Users\Deethers\Desktop\ERUNT.lnk
2013-08-16 12:35 - 2013-08-16 12:35 - 00000000 ____D C:\Users\Deethers\Downloads\ERUNT
2013-08-16 12:32 - 2013-08-16 12:32 - 00791393 _____ (Lars Hederer ) C:\Users\Deethers\Downloads\erunt-setup.exe
2013-08-16 12:30 - 2013-08-16 12:30 - 00002252 _____ C:\Users\Deethers\Desktop\Rkill.txt
2013-08-16 12:30 - 2013-08-16 12:30 - 00000000 ____D C:\Users\Deethers\Desktop\rkill
2013-08-16 12:29 - 2013-08-16 12:29 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Deethers\Downloads\rkill.exe
2013-08-16 12:26 - 2013-08-16 12:27 - 00020159 _____ C:\Users\Deethers\Desktop\dds.txt
2013-08-16 12:26 - 2013-08-16 12:27 - 00004367 _____ C:\Users\Deethers\Desktop\attach.txt
2013-08-16 12:26 - 2013-08-16 12:26 - 00688992 ____R (Swearware) C:\Users\Deethers\Downloads\dds.scr
2013-08-16 03:29 - 2013-08-16 03:29 - 00000370 _____ C:\windows\PFRO.log
2013-08-16 02:49 - 2013-08-16 02:49 - 00000000 ____D C:\Users\Deethers\AppData\Roaming\Malwarebytes
2013-08-16 02:49 - 2013-08-16 02:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-16 02:49 - 2013-08-16 02:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-16 02:49 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-08-13 22:13 - 2013-07-26 01:13 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-08-13 22:13 - 2013-07-26 01:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-08-13 22:13 - 2013-07-26 01:13 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2013-08-13 22:13 - 2013-07-26 01:13 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2013-08-13 22:13 - 2013-07-26 01:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-08-13 22:13 - 2013-07-26 01:12 - 19239424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-08-13 22:13 - 2013-07-26 01:12 - 15405056 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-08-13 22:13 - 2013-07-26 01:12 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-08-13 22:13 - 2013-07-26 01:12 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-08-13 22:13 - 2013-07-26 01:12 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-08-13 22:13 - 2013-07-26 01:12 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-08-13 22:13 - 2013-07-26 01:12 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-08-13 22:13 - 2013-07-26 01:12 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-08-13 22:13 - 2013-07-25 23:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-08-13 22:13 - 2013-07-25 23:13 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-08-13 22:13 - 2013-07-25 23:13 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-08-13 22:13 - 2013-07-25 23:13 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2013-08-13 22:13 - 2013-07-25 23:12 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-08-13 22:13 - 2013-07-25 23:12 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-08-13 22:13 - 2013-07-25 23:12 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-08-13 22:13 - 2013-07-25 23:12 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-08-13 22:13 - 2013-07-25 23:11 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-08-13 22:13 - 2013-07-25 23:11 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-08-13 22:13 - 2013-07-25 22:49 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-08-13 22:13 - 2013-07-25 20:54 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2013-08-13 22:13 - 2013-07-09 02:07 - 02233168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-08-13 22:13 - 2013-07-01 20:44 - 00036288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2013-08-13 22:13 - 2013-07-01 18:08 - 00247216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2013-08-13 22:13 - 2013-05-23 19:02 - 01314816 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2013-08-13 22:13 - 2013-05-23 18:25 - 00694272 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2013-08-13 22:12 - 2013-07-26 01:12 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-08-13 22:12 - 2013-07-26 01:12 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-08-13 22:12 - 2013-07-25 23:12 - 14329344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-08-13 22:12 - 2013-07-25 23:12 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-08-13 22:12 - 2013-07-25 23:12 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-08-13 22:12 - 2013-07-25 23:12 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-08-13 22:11 - 2013-07-13 02:18 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2013-08-13 22:11 - 2013-07-13 02:16 - 01889280 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-08-13 22:11 - 2013-07-13 02:16 - 00068096 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-08-13 22:11 - 2013-07-13 02:15 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\apprepapi.dll
2013-08-13 22:11 - 2013-07-13 02:15 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\apprepsync.dll
2013-08-13 22:11 - 2013-07-13 00:24 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2013-08-13 22:11 - 2013-07-13 00:23 - 01568256 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-08-13 22:11 - 2013-07-13 00:23 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepapi.dll
2013-08-13 22:11 - 2013-07-13 00:23 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepsync.dll
2013-08-13 13:10 - 2013-08-13 13:10 - 00000000 ____D C:\Users\Deethers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2013-08-13 13:10 - 2013-08-13 13:10 - 00000000 ____D C:\Users\Deethers\AppData\Local\Amazon Cloud Player
2013-08-10 21:20 - 2013-08-10 21:23 - 00000000 ____D C:\ProgramData\Adobe
2013-08-10 21:20 - 2013-08-10 21:20 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-10 21:17 - 2013-08-10 21:17 - 00000000 ____D C:\Users\Deethers\AppData\Roaming\Nitro
2013-08-08 21:28 - 2013-08-08 21:28 - 673594052 _____ C:\windows\MEMORY.DMP
2013-08-08 21:28 - 2013-08-08 21:28 - 00290216 _____ C:\windows\Minidump\080813-42531-01.dmp
2013-08-08 21:28 - 2013-08-08 21:28 - 00000000 ____D C:\windows\Minidump
2013-08-07 02:51 - 2013-08-07 02:51 - 00000000 ____D C:\windows\SysWOW64\Adobe
2013-08-06 13:10 - 2013-08-06 13:10 - 00000000 ____D C:\Users\Deethers\Downloads\libmp3lame-win-3.98.2
2013-08-06 13:03 - 2013-08-06 13:14 - 00000000 ____D C:\Users\Deethers\AppData\Roaming\Audacity
2013-08-04 12:40 - 2013-08-17 03:15 - 01706296 _____ C:\windows\WindowsUpdate.log
2013-08-03 23:14 - 2013-08-07 02:52 - 00000000 ____D C:\Users\Deethers\AppData\Roaming\Nitro PDF
2013-07-31 16:43 - 2013-07-31 16:43 - 00000000 ____D C:\Users\Deethers\Downloads\RealTemp_370
2013-07-26 23:10 - 2013-06-16 18:41 - 00997632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2013-07-26 23:10 - 2013-06-01 07:34 - 02391280 _____ (Microsoft Corporation) C:\windows\explorer.exe
2013-07-26 23:10 - 2013-06-01 07:29 - 00213248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS
2013-07-26 23:10 - 2013-06-01 07:26 - 06987008 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-07-26 23:10 - 2013-06-01 07:26 - 00327936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2013-07-26 23:10 - 2013-06-01 06:24 - 02106176 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2013-07-26 23:10 - 2013-06-01 05:25 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2013-07-26 23:10 - 2013-06-01 05:24 - 01453568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2013-07-26 23:10 - 2013-06-01 05:24 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll
2013-07-26 23:10 - 2013-06-01 05:23 - 01842176 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2013-07-26 23:10 - 2013-06-01 05:23 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\vds.exe
2013-07-26 23:10 - 2013-06-01 05:22 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2013-07-26 23:10 - 2013-06-01 05:22 - 00446976 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2013-07-26 23:10 - 2013-06-01 05:21 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2013-07-26 23:10 - 2013-06-01 05:21 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2013-07-26 23:10 - 2013-06-01 05:20 - 02219520 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2013-07-26 23:10 - 2013-06-01 05:20 - 01527808 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2013-07-26 23:10 - 2013-06-01 05:20 - 01048576 _____ (Microsoft Corporation) C:\windows\system32\mfasfsrcsnk.dll
2013-07-26 23:10 - 2013-06-01 05:20 - 00583168 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll
2013-07-26 23:10 - 2013-06-01 05:19 - 00785408 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2013-07-26 23:10 - 2013-05-24 18:09 - 01403296 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2013-07-26 23:10 - 2013-05-24 18:09 - 01271584 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2013-07-26 23:10 - 2013-05-24 18:09 - 01217352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2013-07-26 23:10 - 2013-05-24 18:09 - 01093904 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2013-07-26 23:09 - 2013-06-01 07:54 - 00194816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
2013-07-26 23:09 - 2013-06-01 07:54 - 00125184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
2013-07-26 23:09 - 2013-06-01 07:29 - 00337152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2013-07-26 23:09 - 2013-06-01 05:25 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2013-07-26 23:09 - 2013-06-01 05:24 - 00850944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfasfsrcsnk.dll
2013-07-26 23:09 - 2013-06-01 05:22 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\vdsutil.dll
2013-07-26 23:09 - 2013-06-01 05:22 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\MbaeParserTask.exe
2013-07-26 23:09 - 2013-06-01 05:19 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupManager.dll
2013-07-26 23:09 - 2013-05-31 23:08 - 00037632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthAvrcpTg.sys
2013-07-26 23:09 - 2013-05-19 20:08 - 00386642 _____ C:\windows\system32\ApnDatabase.xml
2013-07-26 00:08 - 2013-07-26 00:12 - 340139332 _____ C:\Users\Deethers\Downloads\National Geographic Predators at War.mp4
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsha.sys
2013-07-19 14:26 - 2013-07-19 14:26 - 00000000 ____D C:\Users\Deethers\AppData\Roaming\Auslogics
2013-07-18 03:01 - 2013-08-14 15:52 - 00000000 ____D C:\windows\system32\MRT

==================== One Month Modified Files and Folders =======

2013-08-17 03:33 - 2013-08-17 03:33 - 00000000 ____D C:\FRST
2013-08-17 03:32 - 2013-08-17 03:32 - 01575580 _____ (Farbar) C:\Users\Deethers\Downloads\FRST64.exe
2013-08-17 03:17 - 2013-06-14 00:02 - 00000916 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-17 03:17 - 2013-06-14 00:02 - 00000912 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-17 03:16 - 2013-06-13 23:00 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-08-17 03:15 - 2013-08-04 12:40 - 01706296 _____ C:\windows\WindowsUpdate.log
2013-08-17 03:00 - 2012-07-26 04:12 - 00000000 ____D C:\windows\system32\sru
2013-08-17 02:48 - 2013-08-17 02:48 - 00000000 ____D C:\Program Files (x86)\ESET
2013-08-17 02:47 - 2013-04-25 06:48 - 00000000 ____D C:\windows\System32\Tasks\Lenovo
2013-08-17 02:46 - 2013-08-17 02:46 - 00001831 _____ C:\Users\Deethers\Desktop\AdwCleaner[s1].txt
2013-08-17 02:45 - 2012-07-26 03:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-08-17 02:44 - 2013-08-17 02:43 - 00001831 _____ C:\AdwCleaner[s1].txt
2013-08-17 02:43 - 2013-08-17 02:41 - 00666633 _____ C:\Users\Deethers\Downloads\AdwCleaner.exe
2013-08-17 02:34 - 2013-08-17 02:34 - 00001510 _____ C:\Users\Deethers\Desktop\JRT.txt
2013-08-17 02:30 - 2013-08-17 02:30 - 01159319 _____ (Thisisu) C:\Users\Deethers\Downloads\JRT.exe
2013-08-17 02:30 - 2013-08-17 02:30 - 00000000 ____D C:\windows\ERUNT
2013-08-17 02:29 - 2013-08-17 02:10 - 00000000 ____D C:\Users\Deethers\Downloads\mbar
2013-08-17 02:29 - 2013-08-17 02:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-17 02:08 - 2013-06-13 23:52 - 00000000 ____D C:\ProgramData\MFAData
2013-08-17 02:07 - 2012-07-26 03:28 - 00848230 _____ C:\windows\system32\PerfStringBackup.INI
2013-08-16 12:49 - 2012-07-26 01:26 - 00262144 ___SH C:\windows\system32\config\BBI
2013-08-16 12:41 - 2013-08-16 12:41 - 00001974 _____ C:\Users\Deethers\Desktop\RKreport[0]_S_08162013_124105.txt
2013-08-16 12:41 - 2013-08-16 12:39 - 00000000 ____D C:\Users\Deethers\Desktop\RK_Quarantine
2013-08-16 12:38 - 2013-08-16 12:38 - 03800064 _____ C:\Users\Deethers\Downloads\RogueKillerX64.exe
2013-08-16 12:36 - 2013-08-16 12:35 - 00000000 ____D C:\Users\Deethers\Downloads\8-16-2013
2013-08-16 12:35 - 2013-08-16 12:35 - 00000792 _____ C:\Users\Deethers\Desktop\NTREGOPT.lnk
2013-08-16 12:35 - 2013-08-16 12:35 - 00000773 _____ C:\Users\Deethers\Desktop\ERUNT.lnk
2013-08-16 12:35 - 2013-08-16 12:35 - 00000000 ____D C:\Users\Deethers\Downloads\ERUNT
2013-08-16 12:32 - 2013-08-16 12:32 - 00791393 _____ (Lars Hederer ) C:\Users\Deethers\Downloads\erunt-setup.exe
2013-08-16 12:30 - 2013-08-16 12:30 - 00002252 _____ C:\Users\Deethers\Desktop\Rkill.txt
2013-08-16 12:30 - 2013-08-16 12:30 - 00000000 ____D C:\Users\Deethers\Desktop\rkill
2013-08-16 12:29 - 2013-08-16 12:29 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Deethers\Downloads\rkill.exe
2013-08-16 12:27 - 2013-08-16 12:26 - 00020159 _____ C:\Users\Deethers\Desktop\dds.txt
2013-08-16 12:27 - 2013-08-16 12:26 - 00004367 _____ C:\Users\Deethers\Desktop\attach.txt
2013-08-16 12:26 - 2013-08-16 12:26 - 00688992 ____R (Swearware) C:\Users\Deethers\Downloads\dds.scr
2013-08-16 04:23 - 2012-07-26 04:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-08-16 03:34 - 2013-06-18 03:17 - 00301568 ___SH C:\Users\Deethers\Downloads\Thumbs.db
2013-08-16 03:29 - 2013-08-16 03:29 - 00000370 _____ C:\windows\PFRO.log
2013-08-16 02:49 - 2013-08-16 02:49 - 00000000 ____D C:\Users\Deethers\AppData\Roaming\Malwarebytes
2013-08-16 02:49 - 2013-08-16 02:49 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-16 02:49 - 2013-08-16 02:49 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-15 15:38 - 2013-06-13 23:52 - 00000000 ____D C:\Users\Deethers\AppData\Local\Avg2013
2013-08-14 18:10 - 2012-07-26 04:12 - 00000000 ____D C:\windows\rescache
2013-08-14 15:53 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-14 15:53 - 2012-07-26 04:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-08-14 15:52 - 2013-07-18 03:01 - 00000000 ____D C:\windows\system32\MRT
2013-08-14 15:51 - 2013-06-15 12:47 - 78161360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-08-13 13:36 - 2012-07-26 04:12 - 00000000 ____D C:\windows\system32\NDF
2013-08-13 13:10 - 2013-08-13 13:10 - 00000000 ____D C:\Users\Deethers\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Player
2013-08-13 13:10 - 2013-08-13 13:10 - 00000000 ____D C:\Users\Deethers\AppData\Local\Amazon Cloud Player
2013-08-12 00:28 - 2013-06-13 22:54 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1533650612-1157666230-1475085810-1001
2013-08-11 13:02 - 2012-07-26 01:26 - 00262144 ___SH C:\windows\system32\config\ELAM
2013-08-10 21:23 - 2013-08-10 21:20 - 00000000 ____D C:\ProgramData\Adobe
2013-08-10 21:22 - 2013-07-12 03:57 - 00000000 ____D C:\Users\Deethers\AppData\Local\Adobe
2013-08-10 21:22 - 2013-06-13 22:41 - 00000000 ____D C:\Users\Deethers\AppData\Roaming\Adobe
2013-08-10 21:20 - 2013-08-10 21:20 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-08-10 21:17 - 2013-08-10 21:17 - 00000000 ____D C:\Users\Deethers\AppData\Roaming\Nitro
2013-08-08 21:28 - 2013-08-08 21:28 - 673594052 _____ C:\windows\MEMORY.DMP
2013-08-08 21:28 - 2013-08-08 21:28 - 00290216 _____ C:\windows\Minidump\080813-42531-01.dmp
2013-08-08 21:28 - 2013-08-08 21:28 - 00000000 ____D C:\windows\Minidump
2013-08-07 02:52 - 2013-08-03 23:14 - 00000000 ____D C:\Users\Deethers\AppData\Roaming\Nitro PDF
2013-08-07 02:51 - 2013-08-07 02:51 - 00000000 ____D C:\windows\SysWOW64\Adobe
2013-08-07 02:51 - 2012-07-26 04:12 - 00000000 ____D C:\windows\SysWOW64\Macromed
2013-08-06 13:14 - 2013-08-06 13:03 - 00000000 ____D C:\Users\Deethers\AppData\Roaming\Audacity
2013-08-06 13:10 - 2013-08-06 13:10 - 00000000 ____D C:\Users\Deethers\Downloads\libmp3lame-win-3.98.2
2013-07-31 16:43 - 2013-07-31 16:43 - 00000000 ____D C:\Users\Deethers\Downloads\RealTemp_370
2013-07-27 04:19 - 2012-07-26 01:38 - 00000000 ____D C:\windows\system32\oobe
2013-07-26 23:01 - 2012-07-26 01:37 - 00000000 ____D C:\windows\servicing
2013-07-26 01:13 - 2013-08-13 22:13 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-07-26 01:13 - 2013-08-13 22:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-07-26 01:13 - 2013-08-13 22:13 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2013-07-26 01:13 - 2013-08-13 22:13 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2013-07-26 01:13 - 2013-08-13 22:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-07-26 01:12 - 2013-08-13 22:13 - 19239424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-07-26 01:12 - 2013-08-13 22:13 - 15405056 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-07-26 01:12 - 2013-08-13 22:13 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-07-26 01:12 - 2013-08-13 22:13 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-07-26 01:12 - 2013-08-13 22:13 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-07-26 01:12 - 2013-08-13 22:13 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-07-26 01:12 - 2013-08-13 22:13 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-07-26 01:12 - 2013-08-13 22:13 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-07-26 01:12 - 2013-08-13 22:12 - 03958784 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-07-26 01:12 - 2013-08-13 22:12 - 02647040 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-07-26 00:12 - 2013-07-26 00:08 - 340139332 _____ C:\Users\Deethers\Downloads\National Geographic Predators at War.mp4
2013-07-25 23:35 - 2013-08-13 22:13 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-07-25 23:13 - 2013-08-13 22:13 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-07-25 23:13 - 2013-08-13 22:13 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-07-25 23:13 - 2013-08-13 22:13 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2013-07-25 23:12 - 2013-08-13 22:13 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-07-25 23:12 - 2013-08-13 22:13 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-07-25 23:12 - 2013-08-13 22:13 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-07-25 23:12 - 2013-08-13 22:13 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-07-25 23:12 - 2013-08-13 22:12 - 14329344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-07-25 23:12 - 2013-08-13 22:12 - 02877440 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-07-25 23:12 - 2013-08-13 22:12 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-07-25 23:12 - 2013-08-13 22:12 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-07-25 23:11 - 2013-08-13 22:13 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-07-25 23:11 - 2013-08-13 22:13 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-07-25 22:49 - 2013-08-13 22:13 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-07-25 20:54 - 2013-08-13 22:13 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2013-07-20 04:27 - 2013-07-15 23:07 - 00000000 ____D C:\Users\Deethers\AppData\Local\Windows Live
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgidsha.sys
2013-07-19 14:32 - 2012-10-09 20:08 - 00000000 ____D C:\windows\Panther
2013-07-19 14:26 - 2013-07-19 14:26 - 00000000 ____D C:\Users\Deethers\AppData\Roaming\Auslogics

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-10 13:35

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-08-2013
Ran by Deethers at 2013-08-17 03:34:40
Running from C:\Users\Deethers\AppData\Local\Opera\Opera\temporary_downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================


7-Zip 9.20 (x64 edition) (Version: 9.20.00.0)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133)
AIM for Windows (HKCU)
Amazon Cloud Player (HKCU Version: 1.1.0.337)
AVG 2013 (Version: 13.0.3211)
AVG 2013 (Version: 13.0.3392)
AVG 2013 (Version: 2013.0.3392)
CCleaner (Version: 4.02)
Convert AVI to MP4 (x32)
D3DX10 (x32 Version: 15.4.2368.0902)
Dolby Home Theater v4 (x32 Version: 7.2.8000.17)
dows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (Version: 06/15/2012 8.1.0.1)
Energy Management (x32 Version: 8.0.2.4)
ERUNT 1.1j (x32)
ETDWare PS/2-X64 11.4.8.1_WHQL (Version: 11.4.8.1)
FreeRide Games (x32 Version: 07.05.80.00)
Google Chrome (x32 Version: 28.0.1500.95)
Google Update Helper (x32 Version: 1.3.21.153)
Intel AppUp(SM) center (x32 Version: 3.6.1.33057.10)
Intel PROSet Wireless
Intel® Management Engine Components (x32 Version: 8.1.0.1252)
Intel® Processor Graphics (x32 Version: 9.17.10.2932)
Intel® PROSet/Wireless for Bluetooth® + High Speed (Version: 15.5.5.0480)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 2.6.1209.0268)
Intel® Rapid Storage Technology (x32 Version: 11.6.0.1030)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® WiDi (Version: 3.5.41.0)
Intel® PROSet/Wireless WiFi Software (Version: 15.05.7000.1709)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Lenovo EasyCamera (x32 Version: 6.2.9200.10192)
Lenovo OneKey Recovery (Version: 8.0.0.1219)
Lenovo OneKey Recovery (x32 Version: 8.0.0.1219)
Lenovo PowerDVD10 (x32 Version: 10.0.4331.52)
Lenovo YouCam (x32 Version: 4.1.3423)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office (x32 Version: 15.0.4420.1017)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Movie Maker (x32 Version: 16.4.3508.0205)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
Nitro Pro 8 (Version: 8.0.10.7)
Onekey Theater (x32 Version: 3.0.1.0)
Opera 12.16 (x32 Version: 12.16.1860)
Pandora Service (x32)
Photo Gallery (x32 Version: 16.4.3508.0205)
Power2Go (x32 Version: 5.6.0.9109)
Realtek Ethernet Controller Driver (x32 Version: 8.2.612.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6798)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.8400.39029)
Shared C Run-time for x64 (Version: 10.0.0)
SolveigMM AVI Trimmer (x32 Version: 2.0.1210.11)
SugarSync Manager (x32 Version: 1.9.61.90905)
swMSM (x32 Version: 12.0.0.1)
The KMPlayer (remove only) (x32 Version: 3.6.0.87)
UserGuide (x32 Version: 1.0.0.9)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (Version: 06/19/2012 10.13.29.733)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)

==================== Restore Points =========================

04-08-2013 05:12:22 Scheduled Checkpoint
12-08-2013 04:28:47 Scheduled Checkpoint

==================== Hosts content: ==========================

2012-07-26 01:26 - 2012-07-26 01:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {046249EA-25E5-416D-9133-A393EAA8E35A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-14] (Google Inc.)
Task: {10D85952-E3F6-47A1-96CF-5E1C2D874EA6} - System32\Tasks\Microsoft\Windows\SystemRestore\SR => C:\Windows\system32\srtasks.exe [2012-07-25] (Microsoft Corporation)
Task: {13A2AC02-B682-48CC-9155-2E2673580117} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
Task: {17644F17-DC4C-4AC8-9444-7AAA52EB5CDC} - System32\Tasks\Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation)
Task: {1DB7C2F1-876C-4F24-AD17-8428211113F9} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
Task: {214B24F4-FEB4-4C59-AF1F-70136065199C} - System32\Tasks\Microsoft\Windows\Shell\IndexerAutomaticMaintenance
Task: {23700E5C-0E77-499D-908A-415D5C6252F4} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Group Policy
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => C:\Windows\System32\rundll32.exe [2012-07-25] (Microsoft Corporation)
Task: {2C6B9EA8-7F5A-4ABA-BF96-8D352D02A743} - System32\Tasks\Microsoft\Windows\Device Setup\Metadata Refresh
Task: {2E030FA7-3D7C-4E1D-8CFE-56ADB26FD402} - System32\Tasks\Microsoft\Windows\PI\Sqm-Tasks
Task: {3054485A-F517-4E95-9977-4DD827B1E9B3} - System32\Tasks\Microsoft\Windows\WS\Badge Update
Task: {378401BA-A703-444A-A79C-3C47AD2DC5B6} - System32\Tasks\Microsoft\Windows\TaskScheduler\Maintenance Configurator
Task: {3AE164E7-30CD-40BC-9422-3EC7A5618965} - System32\Tasks\Microsoft\Windows\WS\WSTask
Task: {3C490ABD-D849-41AF-9AC4-87DD759B0996} - System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
Task: {4073C1B3-6E16-4AA8-B7F3-C6A6D35D5071} - System32\Tasks\Microsoft\Windows\TPM\Tpm-Maintenance
Task: {44B3F1B8-5943-4072-8D8C-A9484676AC44} - System32\Tasks\Microsoft\Windows\Live\Roaming\SynchronizeWithStorage
Task: {483A8F5C-5D26-44B5-B49E-AF6741D1BBEB} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => C:\Windows\System32\MbaeParserTask.exe [2013-06-01] (Microsoft Corporation)
Task: {4B952129-9AE9-41A3-BE2B-8AD2E06F66B6} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
Task: {5755E746-D7ED-4C20-A472-66C11834CDE4} - System32\Tasks\Microsoft\Windows\TaskScheduler\Manual Maintenance
Task: {5C4EFB77-EFA6-45DF-A373-D795C0725BFF} - System32\Tasks\Microsoft\Windows\Plug and Play\Device Install Reboot Required
Task: {627441F3-8526-4B62-BF9A-1A3EA414E71A} - System32\Tasks\Microsoft\Windows\SpacePort\SpaceAgentTask => C:\Windows\system32\SpaceAgent.exe [2012-07-25] (Microsoft Corporation)
Task: {6E9DE125-5583-4031-B572-FEE48F25CFFF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyMonitor => C:\Windows\System32\wpcmon.exe [2012-09-20] (Microsoft Corporation)
Task: {6FDDEA7C-6310-428D-AEB2-54FFC72811EF} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
Task: {7363FF5A-02FD-4601-AC83-A81E62E29019} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {74096F94-B654-4DB0-96F5-3C3408B92FE3} - System32\Tasks\Microsoft\Windows\PI\Secure-Boot-Update
Task: {7A53E474-5B49-454E-811F-8A95AE3D1F56} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUFirmwareInstall
Task: {7D9A9A1C-499C-40A6-8F8A-5BCC4CC9A87C} - System32\Tasks\Microsoft\Windows\TaskScheduler\Regular Maintenance
Task: {812BE1E7-1688-4660-A56E-0F9A3B3A32BB} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {845CB020-68B5-4C6B-9876-7BEC7B3E27AC} - System32\Tasks\Microsoft\Windows\TaskScheduler\Idle Maintenance
Task: {849068E9-1217-4DEF-B196-FEEF6E79C3CD} - System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1533650612-1157666230-1475085810-1001
Task: {87354DAA-66DF-4B41-9346-15958D96E1D2} - System32\Tasks\Microsoft\Windows\FileHistory\File History (maintenance mode)
Task: {921A1D4E-32FB-46D7-B6C0-6F467884074D} - System32\Tasks\Microsoft\Windows\WS\Sync Licenses
Task: {9479EF8E-11D4-41B3-9783-CC65070D592D} - System32\Tasks\Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
Task: {94DCF254-64FB-4C4E-8E12-5F4055C10C2A} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
Task: {989A7C6D-BE82-4C3C-AF96-6116039E336B} - System32\Tasks\Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
Task: {9F14FB2E-486B-404B-89CA-CA8F0A34F307} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUScheduledInstall
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => C:\Windows\System32\rundll32.exe [2012-07-25] (Microsoft Corporation)
Task: {A800277E-E202-4492-AD38-3312641CBC04} - System32\Tasks\Microsoft\Windows\Live\Roaming\MaintenanceTask
Task: {AB62FA47-2C99-44B1-A5D0-D4161423BE43} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyRefresh
Task: {AC6259DE-AC59-459E-849E-6ADFFD1ADE63} - System32\Tasks\Microsoft\Windows\Shell\CreateObjectTask
Task: {AEB0B5BD-B9E5-458A-898A-E559BD9EB51B} - System32\Tasks\Microsoft\Windows\SettingSync\BackgroundUploadTask
Task: {AF549BD8-337C-4BF7-8681-36A182E30507} - System32\Tasks\Microsoft\Windows\Chkdsk\ProactiveScan
Task: {BC38CEA0-93BD-4BCD-AA3C-9ED14533A695} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-06-14] (Google Inc.)
Task: {BC76AEF7-2CF0-4EB6-B65B-A8803E0B5E12} - System32\Tasks\Microsoft\Windows\AppID\SmartScreenSpecific
Task: {C1ACCD1E-4385-4FB2-B5E4-7F2A57A626A2} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
Task: {C1E83F1A-D86D-47DA-95FB-1C832C07EBCC} - System32\Tasks\Microsoft\Windows\WindowsUpdate\AUSessionConnect
Task: {C463FD1E-31C7-4C20-AB65-08E514CA152D} - System32\Tasks\Microsoft\Windows\IME\SQM data sender
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation)
Task: {CD1054FF-8005-4904-8B9C-436EAB1E2021} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
Task: {CD79DF02-00F0-410E-A64A-DEB0BFF857C3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {DBCF6E1B-CE0A-441E-B7A5-219C8BE50C65} - System32\Tasks\Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
Task: {DDD61884-07AE-4049-B0DB-3F3281973871} - System32\Tasks\Microsoft\Windows\Servicing\StartComponentCleanup
Task: {DEB14F64-2DEF-4344-A827-8F3B74CB6B29} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start => C:\windows\system32\sc.exe [2012-07-25] (Microsoft Corporation)
Task: {DECE5921-598D-454B-9A04-B2DE95EFC1B3} - System32\Tasks\Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
Task: {DF83B9F4-732D-4BE2-A30E-791636D0DE98} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-12] (Adobe Systems Incorporated)
Task: {E4DFE66F-E089-4CC3-A70F-957223D565F4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
Task: {E8AE9237-D83F-4859-B7D3-AB52E711BA70} - System32\Tasks\Lenovo\Lenovo-20527 => C:\ProgramData\Lenovo-20527.vbs [2013-04-25] ()
Task: {E8DAA09B-DF2A-4951-9134-6FA9587793F9} - System32\Tasks\Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers => C:\Windows\System32\drvinst.exe [2012-09-20] (Microsoft Corporation)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => C:\Windows\system32\rundll32.exe [2012-07-25] (Microsoft Corporation)
Task: {ED0C1F69-C3A2-41EA-B8C3-3F0D83A1F6C0} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\BthSQM
Task: {F98F7835-64E2-4D6D-ACBD-88A44C5239D4} - System32\Tasks\OFFICE2013ACT => C:\ProgramData\Microsoft\Windows\OFFICEICON.vbs [2012-03-08] ()
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
Description: Intel® Centrino® Wireless Bluetooth® 4.0 + High Speed Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/17/2013 03:17:21 AM) (Source: Application Error) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6c
Faulting module name: goopdate.dll, version: 1.3.21.153, time stamp: 0x51de1866
Exception code: 0xc0000005
Fault offset: 0x0009c729
Faulting process id: 0x1538
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3
Faulting package full name: GoogleUpdate.exe4
Faulting package-relative application ID: GoogleUpdate.exe5

Error: (08/17/2013 03:17:20 AM) (Source: Application Error) (User: )
Description: Faulting application name: GoogleUpdate.exe, version: 1.3.21.103, time stamp: 0x4f3c6d6c
Faulting module name: goopdate.dll, version: 1.3.21.153, time stamp: 0x51de1866
Exception code: 0xc0000005
Fault offset: 0x0009c729
Faulting process id: 0x798
Faulting application start time: 0xGoogleUpdate.exe0
Faulting application path: GoogleUpdate.exe1
Faulting module path: GoogleUpdate.exe2
Report Id: GoogleUpdate.exe3
Faulting package full name: GoogleUpdate.exe4
Faulting package-relative application ID: GoogleUpdate.exe5

Error: (08/17/2013 02:48:02 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/17/2013 02:48:02 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/17/2013 02:48:01 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (08/17/2013 02:47:57 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.


System errors:
=============
Error: (08/17/2013 02:44:30 AM) (Source: Service Control Manager) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5


Microsoft Office Sessions:
=========================
Error: (08/17/2013 03:17:21 AM) (Source: Application Error)(User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cgoopdate.dll1.3.21.15351de1866c00000050009c729153801ce9b19c3b7b32bC:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.21.153\goopdate.dll0e6882b9-070d-11e3-be87-20898490d82e

Error: (08/17/2013 03:17:20 AM) (Source: Application Error)(User: )
Description: GoogleUpdate.exe1.3.21.1034f3c6d6cgoopdate.dll1.3.21.15351de1866c00000050009c72979801ce9b19c3b78c14C:\Program Files (x86)\Google\Update\GoogleUpdate.exeC:\Program Files (x86)\Google\Update\1.3.21.153\goopdate.dll0dd7e914-070d-11e3-be87-20898490d82e

Error: (08/17/2013 02:48:02 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Deethers\AppData\Local\Opera\Opera\temporary_downloads\esetsmartinstaller_enu.exe

Error: (08/17/2013 02:48:02 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Deethers\AppData\Local\Opera\Opera\temporary_downloads\esetsmartinstaller_enu.exe

Error: (08/17/2013 02:48:01 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Deethers\AppData\Local\Opera\Opera\temporary_downloads\esetsmartinstaller_enu.exe

Error: (08/17/2013 02:47:57 AM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Deethers\AppData\Local\Opera\Opera\temporary_downloads\esetsmartinstaller_enu.exe


CodeIntegrity Errors:
===================================
Date: 2013-08-06 13:13:04.959
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-08-06 13:11:54.874
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-08-06 13:11:40.788
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-08-06 13:06:32.825
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-08-06 13:03:57.815
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-08-06 13:03:56.753
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-08-06 13:03:55.182
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.

Date: 2013-08-06 13:03:54.078
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 5999.52 MB
Available physical RAM: 3607.82 MB
Total Pagefile: 12143.52 MB
Available Pagefile: 9607.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:651.3 GB) (Free:596.54 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:22.25 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 377881F3)

Partition: GPT Partition Type
==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Ahh.. I see.  Please open MBAM and go to the Logs tab and there you'll find scan logs and protection logs.

Please post back a couple of the protection logs.

 

If  you close down all browsers and email do you get any of these blocking messages or only while running a Web browser or other web enabled application?

Link to post
Share on other sites

I went to go post the logs and noticed on there the process the malicious IP was coming from was pandoraservice.exe over and over again so I just uninstalled it and the messages stopped! I attached the logs just in case (they were too long to post), but I think it's fixed! Thanks again for all the help, really appreciate it. :)

protection-log-2013-08-18.txt

protection-log-2013-08-17.txt

Link to post
Share on other sites

I'll definitely read through that! Here are the results from Security Check:

 

 

Results of screen317's Security Check version 0.99.72
x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2013
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
Java 7 Update 25
Adobe Flash Player 11.8.800.94
Adobe Reader XI
Google Chrome 28.0.1500.72
Google Chrome 28.0.1500.95
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Link to post
Share on other sites

  • Root Admin

Great that all looks good too.

 

 

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
It will also reset your System Restore by flushing out previous restore points and create a new restore point.
It will also remove all the backups our tools may have created.

Uninstall ComboFix (if used):

  • Turn off all active protection software including your antivirus.
  • Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • Please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

CF-Uninstall.png

Remove the rest of the tools used:

Please download
OTCleanIt
and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not go ahead and delete it by yourself.
  • If asked to restart the computer, please do so


Note:

If you receive a warning from your firewall or other security programs regarding
OTCleanIt
attempting to contact the internet, please allow it to do so.


AdwCleaner Removal:
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes

ESET antivirus Removal:
  • This tool can be uninstalled via the Control Panel, Programs, Uninstall


If there are any other left over Folders, Files, Logs then you can delete them on your own.

Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

Please read the following articles which will help you to better understand how the computer may have become infected as well as how to help prevent future infections. Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.
 

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.