Jump to content

Do Search and SpyHunter 4


Recommended Posts

So, I am posting this on behalf of a friend. He came to me because he had a browser hijack called Do Search. We ended up with ''removing'' it by going into Google Chrome's properties and changing the Target bar so it would set Google.no as it's homepage. I guess there is still something on the computer after that.

Also, to top the cake my friend downloaded something called SpyHunter 4 before he came to me. Now he cannot get rid of it, but it is not doing anything, yet, other than coming back after deletion. (We haven't rebooted the PC.) Malwarebytes, Avast nor SUPERantispyware notice the program.

Now, what to do?

Link to post
Share on other sites

  • Root Admin

Hello

 

If you've not already done so please start here and post back the 2 log files DDS.txt and Attach.txt

General P2P/Piracy Warning:
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.




Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)




STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.



STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


 

Link to post
Share on other sites

Here are the two files from DDS:

 

Attach.txt :

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 8
Boot Device: \Device\HarddiskVolume2
Install Date: 06.09.2013 17:24:02
System Uptime: 17.10.2013 14:07:31 (2 hours ago)
.
Motherboard: TOSHIBA |  | QFKAA
Processor: Intel® Core i7-3630QM CPU @ 2.40GHz | SOCKET 0 | 2300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 920 GiB total, 821,859 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP9: 10.10.2013 17:39:13 - Windows Update
RP10: 14.10.2013 21:55:01 - Installed DirectX
RP11: 16.10.2013 20:57:44 - Installed SpyHunter
RP12: 16.10.2013 22:14:22 - Restore Operation
.
==== Installed Programs ======================
.
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
CCleaner
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ENE CIR Receiver Driver
Football Manager 2013
Google Chrome
Google Update Helper
Intel AppUp(SM) center
Intel PROSet Wireless
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® WiDi
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
Java 7 Update 25
Java 7 Update 25 (64-bit)
Java Auto Updater
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
MotioninJoy DS3 driver version 0.6.0005
Nero 12 Essentials Toshiba
Nero BackItUp
Nero BackItUp Help (CHM)
Nero Blu-ray Player
Nero Blu-ray Player Help (CHM)
Nero BurnRights
Nero BurnRights Help (CHM)
Nero ControlCenter
Nero ControlCenter Help (CHM)
Nero Core Components
Nero Express
Nero Express Help (CHM)
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero Kwik Themes Basic
Nero Launcher
Nero RescueAgent
Nero RescueAgent Help (CHM)
Nero SharedVideoCodecs
Nero Update
NVIDIA Control Panel 305.46
NVIDIA Graphics Driver 305.46
NVIDIA Install Application
NVIDIA Optimus 1.10.8
NVIDIA PhysX
NVIDIA PhysX System Software 9.12.0613
NVIDIA Update Components
Prerequisite installer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek PCIE Card Reader
Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition
Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition
Shared C Run-time for x64
Skype™ 6.9
Spotify
SRS Premium Sound Control Panel
Steam
Synaptics Pointing Device Driver
Terraria
TOSHIBA Desktop Assist
TOSHIBA eco Utility
TOSHIBA Flash Cards Support Utility
TOSHIBA Function Key
TOSHIBA HDD Protection
TOSHIBA Manuals
TOSHIBA Password Utility
TOSHIBA PC Health Monitor
TOSHIBA Recovery Media Creator
TOSHIBA Remote Control Manager
TOSHIBA Resolution+ Plug-in for Windows Media Player
TOSHIBA Service Station
TOSHIBA System Driver
TOSHIBA System Settings
Toshiba TEMPRO
TOSHIBA VIDEO PLAYER
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition
Utility Common Driver
War of the Vikings Early Access
Welcome App (Start-up experience)
WinRAR 5.00 (64-bit)
.
==== Event Viewer Messages From Past Week ========
.
17.10.2013 14:07:44, Error: BTHUSB [30]  - The local adapter does not support an important Low Energy controller state. The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff. Low Energy functionality will be disabled.
17.10.2013 00:26:19, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
17.10.2013 00:26:19, Error: Service Control Manager [7000]  - The Steam Client Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
16.10.2013 21:09:30, Error: Service Control Manager [7030]  - The avast! Antivirus service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================
 
 
dds.txt :
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16537  BrowserJavaVersion: 10.25.2
Run by Mathias at 16:46:50 on 2013-10-17
Microsoft Windows 8  6.2.9200.0.1252.47.1044.18.16273.14200 [GMT 2:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\dwm.exe
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\windows\system32\nvvsvc.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\ThpSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\TOSHIBA\Teco\TecoService.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\windows\system32\taskhostex.exe
C:\windows\Explorer.EXE
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\windows\system32\SearchIndexer.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
C:\Program Files\TOSHIBA\Teco\TecoResident.exe
C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
C:\Windows\System32\ThpSrv.exe
C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [spotify Web Helper] "C:\Users\Mathias\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{11EC6F3D-312C-4F7B-B31F-EC69D5F5CCE6} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{11EC6F3D-312C-4F7B-B31F-EC69D5F5CCE6}\75C414E4F534630344 : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
AppInit_DLLs= C:\windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [sRS Premium Sound 3D] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe"  /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_PS3D.zip" /h
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
x64-Run: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
x64-Run: [TODDMain] C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
x64-Run: [ThpSrv] C:\windows\System32\thpsrv /logon
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
x64-Run: [TosPU] C:\Program Files\TOSHIBA\PasswordUtility\TosPU.exe TOSPU
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-2-17 645952]
R0 nvpciflt;nvpciflt;C:\windows\System32\Drivers\nvpciflt.sys [2013-2-17 30056]
R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\System32\Drivers\thpdrv.sys [2012-7-28 48512]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\System32\Drivers\Thpevm.sys [2012-6-25 18304]
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\System32\Drivers\tos_sps64.sys [2013-2-17 499096]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-2-17 128896]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-2-17 165760]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2013-2-17 201360]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\Teco\TecoService.exe [2012-8-24 291240]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\Drivers\TVALZFL.sys [2012-7-21 16768]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-2-17 364416]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-7-18 2699568]
R3 CeKbFilter;CeKbFilter;C:\windows\System32\Drivers\CeKbFilter.sys [2013-2-17 20312]
R3 enecir;ENE CIR Receiver;C:\windows\System32\Drivers\enecir.sys [2012-9-5 72688]
R3 enecirhid;ENE CIR HID Receiver;C:\windows\System32\Drivers\enecirhid.sys [2012-9-5 25296]
R3 IntcDAud;Intel® Skjermlyd;C:\windows\System32\Drivers\IntcDAud.sys [2012-6-19 342528]
R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\Drivers\iwdbus.sys [2012-8-9 25568]
R3 NETwNe64;@oem14.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\windows\System32\Drivers\NETwew00.sys [2012-8-19 4273192]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2013-2-17 690832]
R3 SmbDrvI;SmbDrvI;C:\windows\System32\Drivers\Smb_driver_Intel.sys [2012-8-28 43832]
R3 TMachInfo;TMachInfo;C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-7-27 53384]
R3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2012-7-28 458152]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-9-14 418376]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-9-14 701512]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\Drivers\intelaud.sys [2012-8-9 35296]
S3 MBAMProtector;MBAMProtector;C:\windows\System32\Drivers\mbam.sys [2013-9-14 25928]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\windows\System32\Drivers\MijXfilt.sys [2013-9-6 97040]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-7-18 272176]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\windows\System32\Drivers\RtsP2Stor.sys [2013-2-17 269968]
S3 TemproMonitoringService;TEMPRO Service;C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2012-9-25 114656]
S3 XHCIPort;USB-IF xHCI USB Host Controller;C:\windows\System32\Drivers\xHCIPort.sys [2012-8-9 188384]
.
=============== Created Last 30 ================
.
2013-10-16 22:00:58 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{06D69CCE-B330-47E2-B437-69B035A2F188}\mpengine.dll
2013-10-16 21:53:06 290992 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10221.bin
2013-10-16 20:33:34 9694160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-10-16 19:43:36 -------- d-----w- C:\Users\Mathias\AppData\Local\ElevatedDiagnostics
2013-10-16 19:14:27 -------- d-----w- C:\Users\Mathias\AppData\Roaming\AVAST Software
2013-10-16 19:08:56 -------- d-----w- C:\Program Files\AVAST Software
2013-10-16 19:08:44 -------- d-----w- C:\ProgramData\AVAST Software
2013-10-16 19:06:57 -------- d-----w- C:\Users\Mathias\AppData\Roaming\SUPERAntiSpyware.com
2013-10-16 19:06:49 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2013-10-16 19:06:49 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2013-10-16 18:58:24 -------- d-----w- C:\Program Files\Enigma Software Group
2013-10-14 19:58:10 -------- d-----w- C:\Users\Mathias\AppData\Local\Rockstar Games
2013-10-14 19:57:31 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-10-12 09:52:55 -------- d-----w- C:\Program Files\CCleaner
2013-10-11 13:18:22 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2013-10-10 17:03:34 -------- d-----w- C:\ProgramData\eSafe
2013-10-10 16:55:21 -------- d-----w- C:\Users\Mathias\AppData\Roaming\Nosibay
2013-10-10 16:52:59 -------- d-----w- C:\ProgramData\DSearchLink
2013-10-10 16:52:34 -------- d-----w- C:\ProgramData\Babylon
2013-10-09 20:13:16 785624 ----a-w- C:\windows\System32\drivers\Wdf01000.sys
2013-10-03 15:51:17 965008 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9B16529D-B318-4645-BB8A-CB2264A87C28}\gapaengine.dll
2013-10-02 15:47:14 -------- d-----w- C:\windows\PCHEALTH
2013-10-02 15:44:39 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2013-10-02 15:44:29 -------- d-----w- C:\Users\Mathias\AppData\Local\Microsoft Help
2013-10-02 13:35:33 -------- d-----w- C:\Users\Mathias\AppData\Roaming\Fatshark
2013-09-19 12:59:55 -------- d-----r- C:\Program Files (x86)\Skype
2013-09-17 18:45:44 -------- d-----w- C:\Users\Mathias\AppData\Roaming\Sports Interactive
2013-09-17 18:45:44 -------- d-----w- C:\Users\Mathias\AppData\Local\Sports Interactive
.
==================== Find3M  ====================
.
2013-10-02 01:38:13 78296 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-02 01:38:13 694232 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\windows\System32\jscript9.dll
2013-09-08 10:04:04 108968 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2013-09-08 10:04:00 972712 ----a-w- C:\windows\System32\deployJava1.dll
2013-09-08 10:04:00 1093032 ----a-w- C:\windows\System32\npDeployJava1.dll
2013-09-07 14:38:45 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-07 14:38:45 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll
2013-09-07 14:38:45 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll
2013-08-23 05:11:57 4040192 ----a-w- C:\windows\System32\win32k.sys
2013-08-16 05:41:13 58200 ----a-w- C:\windows\System32\drivers\dam.sys
2013-08-16 05:39:26 2371728 ----a-w- C:\windows\System32\WSService.dll
2013-08-16 05:32:48 209200 ----a-w- C:\windows\System32\NotificationUI.exe
2013-08-16 05:22:22 40448 ----a-w- C:\windows\System32\wuapp.exe
2013-08-16 05:22:11 4917760 ----a-w- C:\windows\System32\sppsvc.exe
2013-08-16 05:20:30 105984 ----a-w- C:\windows\System32\WinSetupUI.dll
2013-08-15 22:43:21 35328 ----a-w- C:\windows\SysWow64\wuapp.exe
2013-08-15 22:43:07 84992 ----a-w- C:\windows\SysWow64\wudriver.dll
2013-08-15 22:43:07 126976 ----a-w- C:\windows\SysWow64\wuwebv.dll
2013-08-15 22:43:03 562688 ----a-w- C:\windows\SysWow64\WSShared.dll
2013-08-15 22:43:03 159232 ----a-w- C:\windows\SysWow64\WSSync.dll
2013-08-15 22:43:02 83968 ----a-w- C:\windows\SysWow64\OEMLicense.dll
2013-08-15 22:43:02 167424 ----a-w- C:\windows\SysWow64\WSClient.dll
2013-08-15 22:43:02 143872 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43:02 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:42:52 76800 ----a-w- C:\windows\SysWow64\setupcln.dll
2013-08-15 22:42:47 91648 ----a-w- C:\windows\SysWow64\sppc.dll
2013-08-10 05:21:51 448512 ----a-w- C:\windows\System32\SettingSync.dll
2013-08-10 05:21:51 128512 ----a-w- C:\windows\System32\SettingSyncInfo.dll
2013-08-10 03:58:51 356352 ----a-w- C:\windows\SysWow64\SettingSync.dll
2013-08-07 05:15:02 144896 ----a-w- C:\windows\System32\tssdisai.dll
2013-08-03 06:40:49 462336 ----a-w- C:\windows\System32\sysmon.ocx
2013-08-03 06:40:17 566784 ----a-w- C:\windows\System32\wvc.dll
2013-08-03 06:40:01 1374208 ----a-w- C:\windows\System32\wdc.dll
2013-08-03 05:14:15 399360 ----a-w- C:\windows\SysWow64\sysmon.ocx
2013-08-03 05:13:57 437248 ----a-w- C:\windows\SysWow64\wvc.dll
2013-08-03 05:13:43 1245696 ----a-w- C:\windows\SysWow64\wdc.dll
2013-08-02 06:28:29 10116608 ----a-w- C:\windows\System32\twinui.dll
2013-08-02 06:26:53 2304512 ----a-w- C:\windows\System32\authui.dll
2013-08-02 05:08:18 8858112 ----a-w- C:\windows\SysWow64\twinui.dll
2013-08-02 05:06:50 2035712 ----a-w- C:\windows\SysWow64\authui.dll
2013-08-01 10:41:31 2233688 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-07-27 03:58:39 2207232 ----a-w- C:\windows\SysWow64\PrintConfig.dll
2013-07-24 23:10:08 158208 ----a-w- C:\windows\SysWow64\mbsmsapi.dll
2013-07-24 23:06:39 225280 ----a-w- C:\windows\System32\mbsmsapi.dll
2013-07-19 22:13:34 124112 ----a-w- C:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-07-19 22:13:15 102608 ----a-w- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
.
============= FINISH: 16:47:23,57 ===============
 
Link to post
Share on other sites

SpyHunter 4 is still saved in the restore point that we earlier left, hand hopefully no trace of it infected the restore point that was made two days before SpyHunter 4 was downloaded and installed.

 

Progress:

 

The system is backed up and are now about to scan with RogueKill, I will post the log when I recieve it form my mate.

Link to post
Share on other sites

Here are the RogueKill scan report:

 

RogueKiller V8.7.4 _x64_ [Oct 16 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
 
Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Mathias [Admin rights]
Mode : Scan -- Date : 10/17/2013 17:50:34
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) (Standard disk drives) - TOSHIBA MQ01ABD100 +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[bSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_10172013_175034.txt >>
Link to post
Share on other sites

  • Root Admin

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

Okay, the Combofix log is down below.

I was wondering about a few things though: Are SpyHunter 4 a bad anti-malware, or is it in fact a rogue. SpyHunter 4 is still on a restore point, so I would like to know if possible.

Also, how come the PRO version of Malwarebytes did not pick up this browser hijacker, is it a new one?

Once last thing, I think I noticed something called Lollipop on the comptuer. (Where you select programs for deletion over at the Control Panel.) I did some search, and I do believe this is a malicious program aswell.

 

File:

 

ComboFix 13-10-16.02 - Mathias 18.10.2013  16:13:29.1.8 - x64
Microsoft Windows 8  6.2.9200.0.1252.47.1044.18.16273.13645 [GMT 2:00]
Kjører fra: c:\users\Mathias\Desktop\stuff and poop\ComboFix.exe
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Andre slettinger   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
.
.
(((((((((((((((((((((((((((   Filer Opprettet Fra 2013-09-18 til 2013-10-18  )))))))))))))))))))))))))))))))))
.
.
2013-10-18 14:16 . 2013-10-18 14:16 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-10-18 12:19 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8649827A-3964-4DD7-8029-EDF8B6B7F911}\mpengine.dll
2013-10-18 11:57 . 2013-10-18 11:57 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2013-10-18 11:57 . 2013-10-18 11:57 -------- d-----w- c:\windows\SysWow64\xlive
2013-10-17 15:11 . 2013-10-17 15:11 -------- d-----w- c:\program files (x86)\ERUNT
2013-10-16 21:53 . 2013-10-16 21:53 290992 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10221.bin
2013-10-16 19:43 . 2013-10-16 19:43 -------- d-----w- c:\users\Mathias\AppData\Local\ElevatedDiagnostics
2013-10-16 19:14 . 2013-10-16 19:14 -------- d-----w- c:\users\Mathias\AppData\Roaming\AVAST Software
2013-10-16 19:08 . 2013-10-16 19:08 -------- d-----w- c:\program files\AVAST Software
2013-10-16 19:08 . 2013-10-16 19:08 -------- d-----w- c:\programdata\AVAST Software
2013-10-16 19:06 . 2013-10-16 19:06 -------- d-----w- c:\users\Mathias\AppData\Roaming\SUPERAntiSpyware.com
2013-10-16 19:06 . 2013-10-16 20:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2013-10-16 19:06 . 2013-10-16 19:06 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2013-10-16 18:58 . 2013-10-16 18:58 -------- d-----w- c:\program files\Enigma Software Group
2013-10-14 19:58 . 2013-10-14 19:58 -------- d-----w- c:\users\Mathias\AppData\Local\Rockstar Games
2013-10-14 19:57 . 2013-10-14 19:57 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2013-10-12 09:52 . 2013-10-12 09:52 -------- d-----w- c:\program files\CCleaner
2013-10-11 13:18 . 2013-10-11 13:18 -------- d-----w- c:\program files (x86)\Microsoft XNA
2013-10-10 17:03 . 2013-10-10 17:18 -------- d-----w- c:\programdata\eSafe
2013-10-10 16:55 . 2013-10-10 16:55 -------- d--h--r- c:\users\Mathias\AppData\Roaming\SecuROM
2013-10-10 16:55 . 2013-10-10 17:20 -------- d-----w- c:\users\Mathias\AppData\Roaming\Nosibay
2013-10-10 16:52 . 2013-10-11 21:45 -------- d-----w- c:\programdata\DSearchLink
2013-10-10 16:52 . 2013-10-10 16:52 -------- d-----w- c:\programdata\Babylon
2013-10-09 20:13 . 2013-06-22 05:45 785624 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-10-03 16:47 . 2013-10-03 16:47 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-10-03 15:51 . 2013-09-04 19:58 965008 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B16529D-B318-4645-BB8A-CB2264A87C28}\gapaengine.dll
2013-10-02 15:47 . 2013-10-02 15:47 -------- d-----w- c:\windows\PCHEALTH
2013-10-02 15:45 . 2013-10-02 15:45 -------- d-----w- c:\program files\Microsoft Office
2013-10-02 15:44 . 2013-10-02 15:44 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2013-10-02 15:44 . 2013-10-02 15:44 -------- d-----w- c:\users\Mathias\AppData\Local\Microsoft Help
2013-10-02 15:44 . 2013-10-10 15:50 -------- d-----w- c:\programdata\Microsoft Help
2013-10-02 13:35 . 2013-10-02 13:35 -------- d-----w- c:\users\Mathias\AppData\Roaming\Fatshark
2013-09-19 12:59 . 2013-10-18 14:12 -------- d-----w- c:\users\Mathias\AppData\Roaming\Skype
2013-09-19 12:59 . 2013-09-19 12:59 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-09-19 12:59 . 2013-10-13 12:38 -------- d-----r- c:\program files (x86)\Skype
2013-09-19 12:59 . 2013-10-13 12:38 -------- d-----w- c:\programdata\Skype
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 15:48 . 2013-09-07 22:18 80541720 ----a-w- c:\windows\system32\MRT.exe
2013-10-02 01:38 . 2013-09-13 20:56 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-02 01:38 . 2013-09-13 20:56 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-09-12 14:29 . 2013-09-12 14:29 82432 ----a-w- c:\users\Mathias\AppData\Roaming\Microsoft\MSXML2\msxml4r.dll
2013-09-12 14:29 . 2013-09-12 14:29 44544 ----a-w- c:\users\Mathias\AppData\Roaming\Microsoft\MSXML2\msxml4a.dll
2013-09-12 14:29 . 2013-09-12 14:29 1275392 ----a-w- c:\users\Mathias\AppData\Roaming\Microsoft\MSXML2\msxml4.dll
2013-09-08 10:04 . 2013-09-08 10:04 108968 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2013-09-08 10:04 . 2013-09-08 10:04 312232 ----a-w- c:\windows\system32\javaws.exe
2013-09-08 10:04 . 2013-09-08 10:04 189352 ----a-w- c:\windows\system32\javaw.exe
2013-09-08 10:04 . 2013-09-08 10:04 188840 ----a-w- c:\windows\system32\java.exe
2013-09-08 10:04 . 2013-09-08 10:04 972712 ----a-w- c:\windows\system32\deployJava1.dll
2013-09-08 10:04 . 2013-09-08 10:04 1093032 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-07 14:38 . 2013-09-07 14:38 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-09-07 14:38 . 2013-09-07 14:38 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-09-07 14:38 . 2013-09-07 14:38 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-07 08:26 . 2013-09-07 08:26 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-09-07 08:26 . 2013-09-07 08:26 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-09-06 15:43 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-08-16 05:41 . 2013-09-12 11:09 58200 ----a-w- c:\windows\system32\drivers\dam.sys
2013-08-16 05:39 . 2013-09-12 11:09 2371728 ----a-w- c:\windows\system32\WSService.dll
2013-08-16 05:39 . 2013-09-12 11:09 59416 ----a-w- c:\windows\system32\wuauclt.exe
2013-08-16 05:32 . 2013-09-12 11:09 209200 ----a-w- c:\windows\system32\NotificationUI.exe
2013-08-16 05:22 . 2013-09-12 11:09 40448 ----a-w- c:\windows\system32\wuapp.exe
2013-08-16 05:22 . 2013-09-12 11:09 4917760 ----a-w- c:\windows\system32\sppsvc.exe
2013-08-16 05:21 . 2013-09-12 11:09 3275776 ----a-w- c:\windows\system32\wuaueng.dll
2013-08-16 05:21 . 2013-09-12 11:09 49664 ----a-w- c:\windows\system32\wups.dll
2013-08-16 05:21 . 2013-09-12 11:09 1621504 ----a-w- c:\windows\system32\wucltux.dll
2013-08-16 05:21 . 2013-09-12 11:09 49152 ----a-w- c:\windows\system32\wups2.dll
2013-08-16 05:21 . 2013-09-12 11:09 252416 ----a-w- c:\windows\system32\WUSettingsProvider.dll
2013-08-16 05:21 . 2013-09-12 11:09 99328 ----a-w- c:\windows\system32\wudriver.dll
2013-08-16 05:21 . 2013-09-12 11:09 142848 ----a-w- c:\windows\system32\wuwebv.dll
2013-08-16 05:21 . 2013-09-12 11:09 773120 ----a-w- c:\windows\system32\wuapi.dll
2013-08-16 05:21 . 2013-09-12 11:09 688640 ----a-w- c:\windows\system32\WSShared.dll
2013-08-16 05:21 . 2013-09-12 11:09 183808 ----a-w- c:\windows\system32\WSSync.dll
2013-08-16 05:21 . 2013-09-12 11:09 204800 ----a-w- c:\windows\system32\WSClient.dll
2013-08-16 05:21 . 2013-09-12 11:09 198656 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.dll
2013-08-16 05:21 . 2013-09-12 11:09 163840 ----a-w- c:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-16 05:21 . 2013-09-12 11:09 174592 ----a-w- c:\windows\system32\storewuauth.dll
2013-08-16 05:21 . 2013-09-12 11:09 1164288 ----a-w- c:\windows\system32\sppobjs.dll
2013-08-16 05:21 . 2013-09-12 11:09 368640 ----a-w- c:\windows\system32\sppwinob.dll
2013-08-16 05:21 . 2013-09-12 11:09 81408 ----a-w- c:\windows\system32\setupcln.dll
2013-08-16 05:21 . 2013-09-12 11:09 120320 ----a-w- c:\windows\system32\sppc.dll
2013-08-16 05:20 . 2013-09-12 11:09 105984 ----a-w- c:\windows\system32\WinSetupUI.dll
2013-08-15 22:43 . 2013-09-12 11:09 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
2013-08-15 22:43 . 2013-09-12 11:09 628736 ----a-w- c:\windows\SysWow64\wuapi.dll
2013-08-15 22:43 . 2013-09-12 11:09 84992 ----a-w- c:\windows\SysWow64\wudriver.dll
2013-08-15 22:43 . 2013-09-12 11:09 20992 ----a-w- c:\windows\SysWow64\wups.dll
2013-08-15 22:43 . 2013-09-12 11:09 126976 ----a-w- c:\windows\SysWow64\wuwebv.dll
2013-08-15 22:43 . 2013-09-12 11:09 562688 ----a-w- c:\windows\SysWow64\WSShared.dll
2013-08-15 22:43 . 2013-09-12 11:09 159232 ----a-w- c:\windows\SysWow64\WSSync.dll
2013-08-15 22:43 . 2013-09-12 11:09 143872 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.dll
2013-08-15 22:43 . 2013-09-12 11:09 167424 ----a-w- c:\windows\SysWow64\WSClient.dll
2013-08-15 22:43 . 2013-09-12 11:09 124928 ----a-w- c:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-08-15 22:43 . 2013-09-12 11:09 83968 ----a-w- c:\windows\SysWow64\OEMLicense.dll
2013-08-15 22:42 . 2013-09-12 11:09 76800 ----a-w- c:\windows\SysWow64\setupcln.dll
2013-08-15 22:42 . 2013-09-12 11:09 91648 ----a-w- c:\windows\SysWow64\sppc.dll
2013-08-07 05:15 . 2013-09-16 19:34 144896 ----a-w- c:\windows\system32\tssdisai.dll
2013-07-27 03:58 . 2012-07-26 07:24 2207232 ----a-w- c:\windows\SysWow64\PrintConfig.dll
.
.
((((((((((((((((((((((((((((((((   Oppstartspunkter I Registeret   )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke  
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-10-09 1813928]
"Spotify Web Helper"="c:\users\Mathias\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-10-04 1140736]
"DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2011-11-10 109640]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\ismagent.exe" [2012-08-01 155488]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2012-07-20 34160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\System32\drivers\MijXfilt.sys;c:\windows\SYSNATIVE\drivers\MijXfilt.sys [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys;c:\windows\SYSNATIVE\DRIVERS\CeKbFilter.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys;c:\windows\SYSNATIVE\DRIVERS\enecirhid.sys [x]
S3 IntcDAud;Intel® Skjermlyd;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\System32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x]
S3 NETwNe64;@oem14.inf,___ %NIC_Service_DispName_WIN8_64%;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;c:\windows\system32\DRIVERS\NETwew00.sys;c:\windows\SYSNATIVE\DRIVERS\NETwew00.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-17 17:56 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
.
2013-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-06 15:46]
.
2013-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-09-06 15:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-08 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-08 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-08 440640]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-09-25 13196432]
"SRS Premium Sound 3D"="c:\program files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" [2012-08-19 2170784]
"TecoResident"="c:\program files\TOSHIBA\Teco\TecoResident.exe" [2012-08-13 169896]
"TSleepSrv"="c:\program files (x86)\TOSHIBA\System Setting\TSleepSrv.exe" [2012-08-04 1548952]
"TODDMain"="c:\program files (x86)\TOSHIBA\System Setting\TODDMain.exe" [2012-08-04 213136]
"TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2012-08-27 751528]
"TosPU"="c:\program files\TOSHIBA\PasswordUtility\TosPU.exe" [2012-08-27 2374552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Tilleggsskanning -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - TOMME PEKERE FJERNET - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\Hotkey\TCrdMain_Win8.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
.
.
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
.
[HKEY_USERS\S-1-5-21-4163163250-1276266440-2742575193-1002CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\License information*]
"datasecu"=hex:57,2d,1a,92,d4,c8,82,ab,c0,fd,e9,8a,79,5b,10,6e,08,42,7b,aa,cf,
   bd,1a,7b,36,62,d5,f9,a7,43,82,5f,fb,41,3f,2a,fe,94,c7,2d,90,c7,61,f6,a9,88,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Tidspunkt ferdig: 2013-10-18  16:17:58
ComboFix-quarantined-files.txt  2013-10-18 14:17
.
Pre-Run: 900 315 205 632 bytes free
Post-Run: 899 955 412 992 bytes free
.
- - End Of File - - 92E34DF5DFBDBCC7726107A4182E392B
Link to post
Share on other sites

  • Root Admin

SpyHunter 4 used to be rogue but as far as I can tell it is not anymore but many users say its worthless (I have no first hand knowledge of it's value)

 

We're not done yet we have more scans to run to look for and remove unwanted items.

 

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

All of the logs will be in the next post.

Saw that one of the tools deleted Lollipop, one of the things that I spotted earlier before these scans. The browser hijacker is not there anymore. (You'll have the chack the logs, as it might be some traces of it left.)

I'll leave it to you, since you know how to handle this ;)

 

Thank you for all the help - so far.

Link to post
Share on other sites

The ESET online scanner did not find anything, neither did Malwarebytes and MBAR. I did not get any log from ESET because of that. I will not include the Malwarebytes and MBAR log since it did not find anything. Tell me if you still want to take a look at them.

 

Junkware Removal Tool:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:3)
OS: Windows 8 x64
Ran by Mathias on 19.10.2013 at 16:16:02,35
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\bi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
 
 
 
~~~ Files
 
Successfully disinfected: [shortcut] C:\Users\Mathias\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Successfully disinfected: [shortcut] C:\Users\Mathias\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Successfully disinfected: [shortcut] C:\Users\Mathias\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Successfully disinfected: [shortcut] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Successfully disinfected: [shortcut] C:\Users\Mathias\AppData\Roaming\microsoft\windows\start menu\Programs\Internet Explorer.lnk
Successfully disinfected: [shortcut] C:\Users\Public\Desktop\Google Chrome.lnk
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\esafe"
Successfully deleted: [Folder] "C:\Users\Mathias\AppData\Roaming\nosibay"
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Mathias\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19.10.2013 at 16:19:41,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Adware Cleaner log:
 
# AdwCleaner v3.008 - Report created 19/10/2013 at 16:24:56
# Updated 17/10/2013 by Xplode
# Operating System : Windows 8  (64 bits)
# Username : Mathias - MATHIAS
# Running from : C:\Users\Mathias\Desktop\stuff and poop\AdwCleaner\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\DSearchLink
File Deleted : C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lollipop.lnk
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\lollipop
Key Deleted : HKCU\Software\Nosibay
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
 
*************************
 
AdwCleaner[R0].txt - [1546 octets] - [19/10/2013 16:23:13]
AdwCleaner[s0].txt - [1203 octets] - [19/10/2013 16:24:56]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1263 octets] ##########
 
Farbar Recovery Scan, Addition.txt:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-10-2013
Ran by Mathias at 2013-10-19 19:01:49
Running from C:\Users\Mathias\Desktop\stuff and poop\FRST
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
Call of Duty: Modern Warfare 2 - Multiplayer (x32)
Call of Duty: Modern Warfare 2 (x32)
CCleaner (Version: 4.06)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
ENE CIR Receiver Driver (Version: 4.1.0.0)
ERUNT 1.1j (x32)
Google Chrome (x32 Version: 30.0.1599.101)
Google Update Helper (x32 Version: 1.3.21.165)
Intel AppUp(SM) center (x32 Version: 3.6.1.33268.15)
Intel PROSet Wireless
Intel® Management Engine Components (x32 Version: 8.1.0.1252)
Intel® Processor Graphics (x32 Version: 9.17.10.2828)
Intel® Rapid Storage Technology (x32 Version: 11.5.2.1001)
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 2.0.0.37149)
Intel® WiDi (Version: 3.5.34.0)
Intel® PROSet/Wireless WiFi Software (Version: 15.05.2000.1462)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
Java 7 Update 25 (64-bit) (Version: 7.0.250)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Microsoft Games for Windows - LIVE (x32 Version: 3.1.186.0)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.1.99.0)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft XNA Framework Redistributable 4.0 (x32 Version: 4.0.20823.0)
MotioninJoy DS3 driver version 0.6.0005 (Version: 0.6.0005)
Nero 12 Essentials Toshiba (x32 Version: 12.0.00600)
Nero BackItUp (x32 Version: 12.0.3000)
Nero BackItUp Help (CHM) (x32 Version: 12.0.3000)
Nero Blu-ray Player (x32 Version: 12.0.17500)
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.4000)
Nero BurnRights (x32 Version: 12.0.5000)
Nero BurnRights Help (CHM) (x32 Version: 12.0.5000)
Nero ControlCenter (x32 Version: 11.0.15300)
Nero ControlCenter Help (CHM) (x32 Version: 12.0.5000)
Nero Core Components (x32 Version: 11.0.18200)
Nero Express (x32 Version: 12.0.20000)
Nero Express Help (CHM) (x32 Version: 12.0.5000)
Nero Kwik Media (x32 Version: 1.18.18900)
Nero Kwik Media Help (CHM) (x32 Version: 12.0.4000)
Nero Kwik Themes Basic (x32 Version: 12.0.11500)
Nero Launcher (x32 Version: 12.2.6000)
Nero RescueAgent (x32 Version: 12.0.9000)
Nero RescueAgent Help (CHM) (x32 Version: 12.0.3000)
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0)
Nero Update (x32 Version: 11.0.11800.31.0)
NVIDIA Control Panel 305.46 (Version: 305.46)
NVIDIA Graphics Driver 305.46 (Version: 305.46)
NVIDIA Install Application (Version: 2.1002.82.513)
NVIDIA Optimus 1.10.8 (Version: 1.10.8)
NVIDIA PhysX (x32 Version: 9.12.0613)
NVIDIA PhysX System Software 9.12.0613 (Version: 9.12.0613)
NVIDIA Update Components (Version: 1.10.8)
Prerequisite installer (x32 Version: 12.0.0002)
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6738)
Realtek PCIE Card Reader (x32 Version: 6.2.8400.29029)
Shared C Run-time for x64 (Version: 10.0.0)
Skype™ 6.9 (x32 Version: 6.9.106)
Spotify (HKCU Version: 0.9.4.178.g259772ba)
SRS Premium Sound Control Panel (Version: 1.12.5000)
Steam (x32 Version: 1.0.0.0)
Synaptics Pointing Device Driver (Version: 16.2.12.3)
Terraria (x32)
TOSHIBA Desktop Assist (Version: 1.00.0007.00002)
TOSHIBA eco Utility (Version: 2.0.0.6415)
TOSHIBA Flash Cards Support Utility (x32 Version: 1.51.8.2C)
TOSHIBA Function Key (Version: 1.00.6625.6402)
TOSHIBA HDD Protection (Version: 2.5.1.1)
TOSHIBA Manuals (x32 Version: 10.10)
TOSHIBA Password Utility (x32 Version: 1.0.0.5C)
TOSHIBA PC Health Monitor (Version: 1.8.17.640104)
TOSHIBA Recovery Media Creator (x32 Version: 2.2.1.54043006)
TOSHIBA Remote Control Manager (x32 Version: 3.0.1014.2)
TOSHIBA Resolution+ Plug-in for Windows Media Player (x32 Version: 1.2.2.00)
TOSHIBA Service Station (Version: 2.4.4)
TOSHIBA System Driver (x32 Version: 1.00.0013)
TOSHIBA System Settings (x32 Version: 1.00.0002.32002)
Toshiba TEMPRO (x32 Version: 4.2.2)
TOSHIBA VIDEO PLAYER (Version: 5.1.0.12-A)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
Utility Common Driver (x32 Version: 1.0.52.6)
War of the Vikings Early Access (x32)
Welcome App (Start-up experience) (x32 Version: 12.0.14000)
WinRAR 5.00 (64-bit) (Version: 5.00.0)
 
==================== Restore Points  =========================
 
10-10-2013 15:39:13 Windows Update
14-10-2013 19:55:01 Installed DirectX
16-10-2013 18:57:44 Installed SpyHunter
16-10-2013 20:14:22 Restore Operation
18-10-2013 11:54:46 Installed DirectX
 
==================== Hosts content: ==========================
 
2012-07-26 07:26 - 2012-07-26 07:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {1CA5718A-56D2-43C1-BFA2-ECB9A372F814} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-06] (Google Inc.)
Task: {1F113A29-46DA-441A-8725-DCF60AF45B04} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-28] (Synaptics Incorporated)
Task: {27F653B1-282F-4299-B025-D376BC2DB2CE} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\windows\System32\lpksetup.exe [2012-09-20] (Microsoft Corporation)
Task: {2AC40365-D9D3-4FA4-8BD6-2E87160A5595} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2012-07-27] (TOSHIBA Corporation)
Task: {3CB6D002-8A03-4430-BF76-23641C4CEC83} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {503F9B8F-4BFF-428F-93E6-DB5EC77650E0} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {9362DED2-0B8F-4720-AEC0-33D77AF78685} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-06] (Google Inc.)
Task: {F32639BC-7CC6-48E8-86A5-1FAAA03F6978} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2012-09-25] (Toshiba Europe GmbH)
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-08-06 07:36 - 2012-08-06 07:36 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-18 20:38 - 2012-07-18 20:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-07-18 20:38 - 2012-07-18 20:38 - 00049064 _____ () C:\Program Files\TOSHIBA\Hotkey\Hotkey\FnZ.dll
2012-08-13 21:13 - 2012-08-13 21:13 - 00018344 _____ () C:\Program Files\TOSHIBA\Teco\TecoMUI.dll
2013-02-17 09:37 - 2012-06-26 02:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-02-17 09:38 - 2012-08-01 03:32 - 00004096 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2013-08-21 14:18 - 2013-10-11 04:20 - 00690176 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-08-28 13:47 - 2013-10-17 21:38 - 01123240 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-08-07 11:31 - 2013-10-16 03:12 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2013-06-14 15:49 - 2013-06-15 01:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/19/2013 05:01:03 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
 
Error: (10/19/2013 05:01:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
 
Error: (10/19/2013 05:00:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
 
Error: (10/19/2013 05:00:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
 
Error: (10/19/2013 05:00:53 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
 
Error: (10/19/2013 05:00:42 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
 
Error: (10/19/2013 05:00:38 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
 
Error: (10/19/2013 05:00:36 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.
 
 
System errors:
=============
Error: (10/19/2013 04:33:02 PM) (Source: Service Control Manager) (User: )
Description: The Steam Client Service service failed to start due to the following error: 
%%1053
 
Error: (10/19/2013 04:33:02 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
 
Error: (10/19/2013 04:28:54 PM) (Source: BTHUSB) (User: )
Description: The local adapter does not support an important Low Energy controller state. The minimum required supported state mask is 0x1f7fffff, got 0x1f3fffff. Low Energy functionality will be disabled.
 
Error: (10/19/2013 04:27:31 PM) (Source: Service Control Manager) (User: )
Description: The TPCH Service service terminated with the following error: 
%%2147746288
 
 
Microsoft Office Sessions:
=========================
Error: (10/19/2013 05:01:03 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Mathias\Desktop\stuff and poop\Eset\esetsmartinstaller_enu.exe
 
Error: (10/19/2013 05:01:01 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Mathias\Desktop\stuff and poop\Eset\esetsmartinstaller_enu.exe
 
Error: (10/19/2013 05:00:56 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Mathias\Desktop\stuff and poop\Eset\esetsmartinstaller_enu.exe
 
Error: (10/19/2013 05:00:56 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Mathias\Desktop\stuff and poop\Eset\esetsmartinstaller_enu.exe
 
Error: (10/19/2013 05:00:53 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Mathias\Desktop\stuff and poop\Eset\esetsmartinstaller_enu.exe
 
Error: (10/19/2013 05:00:42 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Mathias\Desktop\stuff and poop\esetsmartinstaller_enu.exe
 
Error: (10/19/2013 05:00:38 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Mathias\Desktop\esetsmartinstaller_enu.exe
 
Error: (10/19/2013 05:00:36 PM) (Source: SideBySide)(User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Mathias\Downloads\esetsmartinstaller_enu.exe
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 16%
Total physical RAM: 16273.37 MB
Available physical RAM: 13512.79 MB
Total Pagefile: 18577.37 MB
Available Pagefile: 15786.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
 
==================== Drives ================================
 
Drive c: (TI31034700A) (Fixed) (Total:920.25 GB) (Free:838.08 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type
==================== End Of Log ============================
 
Farbar Recovery Scan, FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2013
Ran by Mathias (administrator) on MATHIAS on 19-10-2013 19:00:52
Running from C:\Users\Mathias\Desktop\stuff and poop\FRST
Windows 8 (X64) OS Language: Norwegian Bokmal
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corporation) C:\windows\system32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
() C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe
() C:\Program Files\TOSHIBA\Hotkey\Hotkey\TcrdKBB.exe
() C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [HotKeysCmds] - C:\windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13196432 2012-09-25] (Realtek Semiconductor)
HKLM\...\Run: [sRS Premium Sound 3D] - C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_PS3D.zip [215247 2012-08-19] ()
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2609064 2012-08-30] ()
HKLM\...\Run: [TecoResident] - C:\Program Files\TOSHIBA\Teco\TecoResident.exe [169896 2012-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] - C:\Program Files (x86)\TOSHIBA\System Setting\TSleepSrv.exe [1548952 2012-08-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] - C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [ThpSrv] - C:\windows\system32\thpsrv /logon
HKLM\...\Run: [TosWaitSrv] - C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [356776 2012-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TRCMan] - C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe [751528 2012-08-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosPU] - C:\Program Files\TOSHIBA\PasswordUtility\TosPU.exe [2374552 2012-08-27] (Copyright © TOSHIBA Corp. 2012)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\steam.exe [1820072 2013-10-17] (Valve Corporation)
HKCU\...\Run: [spotify Web Helper] - C:\Users\Mathias\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-04] (Spotify Ltd)
HKCU\...\Run: [DS3 Tool] - C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe [109640 2011-11-10] (www.motioninjoy.com)
HKLM-x32\...\Run: [intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-08-02] (Intel Corporation)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2012-07-20] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Administrator\...\Run: [] - [x]
AppInit_DLLs: C:\Windows\System32\nvinitx.dll [247144 2012-08-01] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [202600 2012-08-01] (NVIDIA Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 
SearchScopes: HKLM - {84BF725B-75F2-404B-AC83-FFF90CFDCDB5} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKLM-x32 - {84BF725B-75F2-404B-AC83-FFF90CFDCDB5} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS
SearchScopes: HKCU - DefaultScope {84BF725B-75F2-404B-AC83-FFF90CFDCDB5} URL = 
SearchScopes: HKCU - {84BF725B-75F2-404B-AC83-FFF90CFDCDB5} URL = 
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
Chrome: 
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll No File
CHR Extension: (Google Drive) - C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Carbon Leather [aero]) - C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmhimegnmbdenbepnnjdpgcmkicechfj\1.0_0
CHR Extension: (Gmail) - C:\Users\Mathias\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
 
==================== Services (Whitelisted) =================
 
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [201360 2012-08-31] (Realtek Semiconductor)
S3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [114656 2012-09-25] (Toshiba Europe GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4273192 2012-08-19] (Intel Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-28] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows ® Win 7 DDK provider)
U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-19 19:00 - 2013-10-19 19:00 - 00000000 ____D C:\FRST
2013-10-19 17:01 - 2013-10-19 17:01 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-19 16:28 - 2013-10-19 16:28 - 00002302 _____ C:\windows\PFRO.log
2013-10-19 16:23 - 2013-10-19 16:25 - 00000000 ____D C:\AdwCleaner
2013-10-19 16:16 - 2013-10-19 16:16 - 00000000 ____D C:\windows\ERUNT
2013-10-19 15:51 - 2013-10-19 15:53 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-19 15:50 - 2013-10-19 15:50 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2013-10-19 01:25 - 2013-10-19 01:25 - 00000000 ____D C:\Users\Mathias\Documents\Skule
2013-10-19 01:24 - 2013-10-19 01:27 - 00000000 ____D C:\Users\Mathias\Documents\Mah stuff
2013-10-18 16:12 - 2013-10-18 16:18 - 00000000 ____D C:\Qoobox
2013-10-18 16:12 - 2011-06-26 08:45 - 00256000 _____ C:\windows\PEV.exe
2013-10-18 16:12 - 2010-11-07 19:20 - 00208896 _____ C:\windows\MBR.exe
2013-10-18 16:12 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2013-10-18 16:12 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2013-10-18 16:12 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2013-10-18 16:12 - 2000-08-31 02:00 - 00212480 _____ (SteelWerX) C:\windows\SWXCACLS.exe
2013-10-18 16:12 - 2000-08-31 02:00 - 00098816 _____ C:\windows\sed.exe
2013-10-18 16:12 - 2000-08-31 02:00 - 00080412 _____ C:\windows\grep.exe
2013-10-18 16:12 - 2000-08-31 02:00 - 00068096 _____ C:\windows\zip.exe
2013-10-18 13:57 - 2013-10-18 13:57 - 00178800 _____ (Sony DADC Austria AG.) C:\windows\SysWOW64\CmdLineExt_x64.dll
2013-10-18 13:57 - 2013-10-18 13:57 - 00000000 ____D C:\windows\SysWOW64\xlive
2013-10-18 13:55 - 2013-10-18 13:55 - 00017589 _____ C:\windows\DirectX.log
2013-10-17 20:03 - 2013-10-19 19:00 - 00000000 ____D C:\Users\Mathias\Desktop\stuff and poop
2013-10-17 17:43 - 2013-10-18 16:16 - 00000000 ____D C:\windows\ERDNT
2013-10-17 17:11 - 2013-10-17 17:11 - 00003132 _____ C:\windows\System32\Tasks\{B0A723CE-C112-4345-896E-E5630BD1AD58}
2013-10-17 17:11 - 2013-10-17 17:11 - 00000899 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2013-10-17 17:11 - 2013-10-17 17:11 - 00000899 _____ C:\Users\Administrator\Desktop\NTREGOPT.lnk
2013-10-17 17:11 - 2013-10-17 17:11 - 00000880 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2013-10-17 17:11 - 2013-10-17 17:11 - 00000880 _____ C:\Users\Administrator\Desktop\ERUNT.lnk
2013-10-17 17:11 - 2013-10-17 17:11 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-10-17 16:43 - 2013-10-19 18:19 - 01020600 _____ C:\windows\WindowsUpdate.log
2013-10-16 21:14 - 2013-10-16 21:14 - 00000000 ____D C:\Users\Mathias\AppData\Roaming\AVAST Software
2013-10-16 21:08 - 2013-10-16 21:08 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-16 21:08 - 2013-10-16 21:08 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-16 21:06 - 2013-10-16 22:32 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-16 21:06 - 2013-10-16 21:06 - 00000000 ____D C:\Users\Mathias\AppData\Roaming\SUPERAntiSpyware.com
2013-10-16 21:06 - 2013-10-16 21:06 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-10-16 20:58 - 2013-10-16 20:58 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-10-16 20:58 - 2013-10-16 20:58 - 00000000 _____ C:\autoexec.bat
2013-10-14 21:58 - 2013-10-14 21:58 - 00000000 ____D C:\Users\Mathias\AppData\Local\Rockstar Games
2013-10-14 21:57 - 2013-10-14 21:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-10-12 21:41 - 2013-08-10 07:21 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2013-10-12 21:41 - 2013-08-10 07:21 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncInfo.dll
2013-10-12 21:41 - 2013-08-10 05:58 - 00356352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2013-10-12 21:41 - 2013-08-03 08:40 - 01374208 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll
2013-10-12 21:41 - 2013-08-03 08:40 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wvc.dll
2013-10-12 21:41 - 2013-08-03 08:40 - 00462336 _____ (Microsoft Corporation) C:\windows\system32\sysmon.ocx
2013-10-12 21:41 - 2013-08-03 07:14 - 00399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysmon.ocx
2013-10-12 21:41 - 2013-08-03 07:13 - 01245696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll
2013-10-12 21:41 - 2013-08-03 07:13 - 00437248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wvc.dll
2013-10-12 21:41 - 2013-08-02 08:28 - 19758080 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-10-12 21:41 - 2013-08-02 08:28 - 10116608 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2013-10-12 21:41 - 2013-08-02 08:28 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-10-12 21:41 - 2013-08-02 08:26 - 02304512 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-10-12 21:41 - 2013-08-02 07:08 - 17561088 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2013-10-12 21:41 - 2013-08-02 07:08 - 08858112 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2013-10-12 21:41 - 2013-08-02 07:08 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2013-10-12 21:41 - 2013-08-02 07:06 - 02035712 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2013-10-12 21:41 - 2013-08-01 12:41 - 02233688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-10-12 21:41 - 2013-07-31 01:30 - 00386923 _____ C:\windows\system32\ApnDatabase.xml
2013-10-12 21:41 - 2013-07-25 01:10 - 00158208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mbsmsapi.dll
2013-10-12 21:41 - 2013-07-25 01:06 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\mbsmsapi.dll
2013-10-12 21:41 - 2013-04-10 01:17 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2013-10-12 21:41 - 2013-04-10 00:29 - 00893952 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2013-10-12 11:52 - 2013-10-12 11:52 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-12 11:52 - 2013-10-12 11:52 - 00000000 ____D C:\Program Files\CCleaner
2013-10-11 23:46 - 2013-10-11 23:46 - 00356288 _____ C:\windows\system32\FNTCACHE.DAT
2013-10-11 23:38 - 2013-10-11 23:38 - 00003100 _____ C:\windows\System32\Tasks\{8518106E-34ED-46EF-A6E1-64757473979C}
2013-10-11 15:18 - 2013-10-11 15:18 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2013-10-10 18:55 - 2013-10-10 19:20 - 00015008 _____ C:\Users\Mathias\AppData\Roaming\Bubble Dock.installation.log
2013-10-10 18:55 - 2013-10-10 18:55 - 00000000 __RHD C:\Users\Mathias\AppData\Roaming\SecuROM
2013-10-10 18:53 - 2013-10-10 18:57 - 00001266 _____ C:\Users\Mathias\AppData\Roaming\Bubble Dock.boostrap.log
2013-10-10 18:53 - 2013-10-10 18:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-09 22:14 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-10-09 22:14 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-10-09 22:14 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-10-09 22:14 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-10-09 22:14 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-10-09 22:14 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-10-09 22:14 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-10-09 22:14 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-10-09 22:14 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-10-09 22:14 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-10-09 22:14 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-10-09 22:14 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-10-09 22:14 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-10-09 22:14 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-10-09 22:14 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-10-09 22:14 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-10-09 22:14 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-10-09 22:14 - 2013-07-06 02:15 - 00652288 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2013-10-09 22:14 - 2013-07-04 04:13 - 00541696 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2013-10-09 22:14 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2013-10-09 22:14 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2013-10-09 22:14 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-10-09 22:14 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-10-09 22:14 - 2013-04-29 00:28 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2013-10-09 22:14 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-10-09 22:14 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-10-09 22:14 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-10-09 22:14 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-10-09 22:14 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-10-09 22:14 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-10-09 22:14 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2013-10-09 22:14 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2013-10-09 22:14 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2013-10-09 22:13 - 2013-08-23 07:11 - 04040192 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-10-09 22:13 - 2013-07-20 00:13 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 22:13 - 2013-07-20 00:13 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 22:13 - 2013-07-06 00:02 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2013-10-09 22:13 - 2013-07-06 00:01 - 00210560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2013-10-09 22:13 - 2013-07-02 03:41 - 00447320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2013-10-09 22:13 - 2013-07-02 03:41 - 00337752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2013-10-09 22:13 - 2013-07-02 03:41 - 00213336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS
2013-10-09 22:13 - 2013-07-02 00:14 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbprint.sys
2013-10-09 22:13 - 2013-07-01 03:42 - 00623448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2013-10-09 22:13 - 2013-07-01 03:42 - 00498008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2013-10-09 22:13 - 2013-07-01 03:42 - 00079192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2013-10-09 22:13 - 2013-07-01 03:42 - 00021848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2013-10-09 22:13 - 2013-06-29 05:08 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2013-10-09 22:13 - 2013-06-29 05:07 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2013-10-09 22:13 - 2013-06-29 05:07 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2013-10-09 22:13 - 2013-06-29 05:06 - 00120832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2013-10-09 22:13 - 2013-06-22 07:45 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2013-10-09 22:13 - 2013-06-22 07:45 - 00054488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys
2013-10-09 22:13 - 2013-05-27 01:17 - 00035328 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2013-10-09 22:13 - 2013-05-27 00:59 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2013-10-09 22:13 - 2013-05-25 05:15 - 00362496 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2013-10-09 22:13 - 2013-05-25 04:32 - 00300032 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2013-10-04 16:49 - 2013-10-04 16:49 - 00675988 _____ C:\Users\Mathias\Downloads\Minecraft.exe
2013-10-03 18:47 - 2013-10-03 18:47 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-10-03 18:47 - 2013-10-03 18:47 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-10-02 17:47 - 2013-10-02 17:47 - 00000000 ____D C:\windows\PCHEALTH
2013-10-02 17:45 - 2013-10-02 17:45 - 00000000 ____D C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-10-02 17:45 - 2013-10-02 17:45 - 00000000 ____D C:\Program Files\Microsoft Office
2013-10-02 17:44 - 2013-10-10 17:50 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-02 17:44 - 2013-10-02 17:44 - 00000000 ____D C:\Users\Mathias\AppData\Local\Microsoft Help
2013-10-02 17:44 - 2013-10-02 17:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-10-02 15:35 - 2013-10-02 15:35 - 00000000 ____D C:\Users\Mathias\AppData\Roaming\Fatshark
2013-09-19 14:59 - 2013-10-19 18:49 - 00000000 ____D C:\Users\Mathias\AppData\Roaming\Skype
2013-09-19 14:59 - 2013-10-13 14:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-09-19 14:59 - 2013-10-13 14:38 - 00000000 ____D C:\ProgramData\Skype
2013-09-19 14:59 - 2013-09-19 14:59 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk
 
==================== One Month Modified Files and Folders =======
 
2013-10-19 19:00 - 2013-10-19 19:00 - 00000000 ____D C:\FRST
2013-10-19 19:00 - 2013-10-17 20:03 - 00000000 ____D C:\Users\Mathias\Desktop\stuff and poop
2013-10-19 19:00 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\sru
2013-10-19 18:56 - 2013-09-06 17:46 - 00001010 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-19 18:49 - 2013-09-19 14:59 - 00000000 ____D C:\Users\Mathias\AppData\Roaming\Skype
2013-10-19 18:19 - 2013-10-17 16:43 - 01020600 _____ C:\windows\WindowsUpdate.log
2013-10-19 18:13 - 2013-09-06 17:49 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-19 17:01 - 2013-10-19 17:01 - 00000000 ____D C:\Program Files (x86)\ESET
2013-10-19 16:29 - 2013-09-06 17:46 - 00001006 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-19 16:29 - 2012-07-26 09:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-10-19 16:28 - 2013-10-19 16:28 - 00002302 _____ C:\windows\PFRO.log
2013-10-19 16:27 - 2012-07-26 07:26 - 00262144 ___SH C:\windows\system32\config\BBI
2013-10-19 16:25 - 2013-10-19 16:23 - 00000000 ____D C:\AdwCleaner
2013-10-19 16:20 - 2013-09-06 18:40 - 00000000 ____D C:\Users\Mathias\AppData\Local\Spotify
2013-10-19 16:20 - 2013-09-06 18:39 - 00000000 ____D C:\Users\Mathias\AppData\Roaming\Spotify
2013-10-19 16:19 - 2013-09-06 17:48 - 00002154 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-19 16:19 - 2013-09-06 17:32 - 00001445 _____ C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-19 16:16 - 2013-10-19 16:16 - 00000000 ____D C:\windows\ERUNT
2013-10-19 16:16 - 2013-09-14 17:48 - 00002030 _____ C:\Users\Public\Desktop\Malwarebyte.lnk
2013-10-19 15:53 - 2013-10-19 15:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-10-19 15:50 - 2013-10-19 15:50 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2013-10-19 01:27 - 2013-10-19 01:24 - 00000000 ____D C:\Users\Mathias\Documents\Mah stuff
2013-10-19 01:27 - 2012-08-02 01:55 - 00449912 _____ C:\windows\system32\perfh014.dat
2013-10-19 01:27 - 2012-08-02 01:55 - 00077052 _____ C:\windows\system32\perfc014.dat
2013-10-19 01:27 - 2012-07-26 09:28 - 01362464 _____ C:\windows\system32\PerfStringBackup.INI
2013-10-19 01:26 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\NDF
2013-10-19 01:25 - 2013-10-19 01:25 - 00000000 ____D C:\Users\Mathias\Documents\Skule
2013-10-19 01:25 - 2013-07-13 11:48 - 00000000 ____D C:\Users\Mathias\Documents\Rockstar Games
2013-10-19 01:25 - 2013-06-27 04:42 - 00000000 ____D C:\Users\Mathias\Documents\My Games
2013-10-18 19:39 - 2013-09-06 17:54 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4163163250-1276266440-2742575193-1002
2013-10-18 16:18 - 2013-10-18 16:12 - 00000000 ____D C:\Qoobox
2013-10-18 16:17 - 2012-07-26 07:37 - 00000000 __RHD C:\Users\Default
2013-10-18 16:16 - 2013-10-17 17:43 - 00000000 ____D C:\windows\ERDNT
2013-10-18 16:16 - 2012-07-26 07:26 - 00000215 _____ C:\windows\system.ini
2013-10-18 13:57 - 2013-10-18 13:57 - 00178800 _____ (Sony DADC Austria AG.) C:\windows\SysWOW64\CmdLineExt_x64.dll
2013-10-18 13:57 - 2013-10-18 13:57 - 00000000 ____D C:\windows\SysWOW64\xlive
2013-10-18 13:55 - 2013-10-18 13:55 - 00017589 _____ C:\windows\DirectX.log
2013-10-17 17:11 - 2013-10-17 17:11 - 00003132 _____ C:\windows\System32\Tasks\{B0A723CE-C112-4345-896E-E5630BD1AD58}
2013-10-17 17:11 - 2013-10-17 17:11 - 00000899 _____ C:\Users\UpdatusUser\Desktop\NTREGOPT.lnk
2013-10-17 17:11 - 2013-10-17 17:11 - 00000899 _____ C:\Users\Administrator\Desktop\NTREGOPT.lnk
2013-10-17 17:11 - 2013-10-17 17:11 - 00000880 _____ C:\Users\UpdatusUser\Desktop\ERUNT.lnk
2013-10-17 17:11 - 2013-10-17 17:11 - 00000880 _____ C:\Users\Administrator\Desktop\ERUNT.lnk
2013-10-17 17:11 - 2013-10-17 17:11 - 00000000 ____D C:\Program Files (x86)\ERUNT
2013-10-17 17:10 - 2013-09-06 17:32 - 00000000 ___RD C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-17 16:35 - 2013-09-06 17:44 - 00000000 ____D C:\Users\Mathias\AppData\Roaming\uTorrent
2013-10-16 23:46 - 2012-07-26 10:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-10-16 22:34 - 2013-09-06 17:22 - 00000000 ____D C:\Users\Mathias
2013-10-16 22:33 - 2012-07-26 10:12 - 00000000 ____D C:\windows\SysWOW64\en-GB
2013-10-16 22:33 - 2012-07-26 10:12 - 00000000 ____D C:\windows\system32\en-GB
2013-10-16 22:32 - 2013-10-16 21:06 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-10-16 22:32 - 2012-12-11 00:07 - 00000000 ____D C:\Users\Administrator
2013-10-16 22:31 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-10-16 22:31 - 2012-07-26 10:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-10-16 22:31 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-10-16 22:29 - 2012-07-26 07:38 - 00000000 ____D C:\windows\system32\Sysprep
2013-10-16 22:23 - 2012-07-26 10:12 - 00000000 ____D C:\windows\registration
2013-10-16 22:18 - 2013-09-07 16:39 - 00000000 ____D C:\Users\Mathias\AppData\Roaming\.minecraft
2013-10-16 21:14 - 2013-10-16 21:14 - 00000000 ____D C:\Users\Mathias\AppData\Roaming\AVAST Software
2013-10-16 21:08 - 2013-10-16 21:08 - 00000000 ____D C:\ProgramData\AVAST Software
2013-10-16 21:08 - 2013-10-16 21:08 - 00000000 ____D C:\Program Files\AVAST Software
2013-10-16 21:06 - 2013-10-16 21:06 - 00000000 ____D C:\Users\Mathias\AppData\Roaming\SUPERAntiSpyware.com
2013-10-16 21:06 - 2013-10-16 21:06 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-10-16 20:58 - 2013-10-16 20:58 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-10-16 20:58 - 2013-10-16 20:58 - 00000000 _____ C:\autoexec.bat
2013-10-14 21:58 - 2013-10-14 21:58 - 00000000 ____D C:\Users\Mathias\AppData\Local\Rockstar Games
2013-10-14 21:57 - 2013-10-14 21:57 - 00000000 ____D C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2013-10-13 22:04 - 2013-09-06 17:32 - 00000000 ___RD C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-13 22:01 - 2012-07-26 10:12 - 00000000 ___RD C:\windows\ToastData
2013-10-13 14:38 - 2013-09-19 14:59 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-13 14:38 - 2013-09-19 14:59 - 00000000 ____D C:\ProgramData\Skype
2013-10-12 11:55 - 2012-12-12 00:40 - 00000000 ____D C:\windows\Panther
2013-10-12 11:52 - 2013-10-12 11:52 - 00000833 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-10-12 11:52 - 2013-10-12 11:52 - 00000000 ____D C:\Program Files\CCleaner
2013-10-11 23:46 - 2013-10-11 23:46 - 00356288 _____ C:\windows\system32\FNTCACHE.DAT
2013-10-11 23:38 - 2013-10-11 23:38 - 00003100 _____ C:\windows\System32\Tasks\{8518106E-34ED-46EF-A6E1-64757473979C}
2013-10-11 15:18 - 2013-10-11 15:18 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2013-10-10 19:20 - 2013-10-10 18:55 - 00015008 _____ C:\Users\Mathias\AppData\Roaming\Bubble Dock.installation.log
2013-10-10 18:57 - 2013-10-10 18:53 - 00001266 _____ C:\Users\Mathias\AppData\Roaming\Bubble Dock.boostrap.log
2013-10-10 18:55 - 2013-10-10 18:55 - 00000000 __RHD C:\Users\Mathias\AppData\Roaming\SecuROM
2013-10-10 18:53 - 2013-10-10 18:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-10 17:50 - 2013-10-02 17:44 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-10 17:49 - 2013-09-08 00:18 - 00000000 ____D C:\windows\system32\MRT
2013-10-10 17:48 - 2013-09-08 00:18 - 80541720 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-10-08 22:51 - 2013-09-06 17:46 - 00003982 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-08 22:51 - 2013-09-06 17:46 - 00003746 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-04 16:49 - 2013-10-04 16:49 - 00675988 _____ C:\Users\Mathias\Downloads\Minecraft.exe
2013-10-03 18:47 - 2013-10-03 18:47 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-10-03 18:47 - 2013-10-03 18:47 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-10-02 17:56 - 2012-12-11 00:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2013-10-02 17:47 - 2013-10-02 17:47 - 00000000 ____D C:\windows\PCHEALTH
2013-10-02 17:45 - 2013-10-02 17:45 - 00000000 ____D C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2013-10-02 17:45 - 2013-10-02 17:45 - 00000000 ____D C:\Program Files\Microsoft Office
2013-10-02 17:45 - 2012-07-26 10:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-10-02 17:44 - 2013-10-02 17:44 - 00000000 ____D C:\Users\Mathias\AppData\Local\Microsoft Help
2013-10-02 17:44 - 2013-10-02 17:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2013-10-02 17:44 - 2012-07-26 11:45 - 00000000 ____D C:\windows\ShellNew
2013-10-02 15:35 - 2013-10-02 15:35 - 00000000 ____D C:\Users\Mathias\AppData\Roaming\Fatshark
2013-10-02 03:38 - 2013-09-13 22:56 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-10-02 03:38 - 2013-09-13 22:56 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-09-28 12:10 - 2013-09-06 21:43 - 00000000 ____D C:\Program Files\MotioninJoy
2013-09-25 00:18 - 2012-07-26 10:12 - 00000000 ____D C:\windows\rescache
2013-09-25 00:14 - 2012-12-11 00:52 - 00000000 ____D C:\ProgramData\McAfee
2013-09-23 01:28 - 2013-10-09 22:14 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-09-23 01:28 - 2013-10-09 22:14 - 01141248 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-09-23 01:27 - 2013-10-09 22:14 - 14335488 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-09-23 01:27 - 2013-10-09 22:14 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-09-23 01:27 - 2013-10-09 22:14 - 02876928 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-09-23 01:27 - 2013-10-09 22:14 - 02048512 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-09-23 01:27 - 2013-10-09 22:14 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-09-23 01:27 - 2013-10-09 22:14 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-09-23 00:55 - 2013-10-09 22:14 - 02241024 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-09-23 00:55 - 2013-10-09 22:14 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-09-23 00:55 - 2013-10-09 22:14 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-09-23 00:54 - 2013-10-09 22:14 - 19252224 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-09-23 00:54 - 2013-10-09 22:14 - 15404544 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-09-23 00:54 - 2013-10-09 22:14 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-09-23 00:54 - 2013-10-09 22:14 - 02647552 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-09-23 00:54 - 2013-10-09 22:14 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-09-23 00:54 - 2013-10-09 22:14 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-09-19 16:13 - 2013-04-17 22:11 - 00000000 ____D C:\Users\Mathias\Documents\Sports Interactive
2013-09-19 14:59 - 2013-09-19 14:59 - 00002515 _____ C:\Users\Public\Desktop\Skype.lnk
 
Files to move or delete:
====================
C:\Users\Mathias\random.dat
C:\Users\Mathias\systemid.dat
 
 
Some content of TEMP:
====================
C:\Users\Mathias\AppData\Local\temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-10-09 14:58
 
==================== End Of Log ============================
 
 
Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-10-2013

Ran by Mathias at 2013-10-20 14:00:00 Run:1

Running from C:\Users\Mathias\Desktop\stuff and poop\FRST

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

DeleteJunctionsInDirectory: C:\Program Files\Windows Defender

DeleteJunctionsInDirectory: C:\Program Files\Microsoft Security Client

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKU\Administrator\...\Run: [] - [x]

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = 

SearchScopes: HKLM - {84BF725B-75F2-404B-AC83-FFF90CFDCDB5} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS

SearchScopes: HKLM-x32 - {84BF725B-75F2-404B-AC83-FFF90CFDCDB5} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MATMJS

SearchScopes: HKCU - DefaultScope {84BF725B-75F2-404B-AC83-FFF90CFDCDB5} URL = 

SearchScopes: HKCU - {84BF725B-75F2-404B-AC83-FFF90CFDCDB5} URL = 

BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

C:\Users\Mathias\random.dat

C:\Users\Mathias\systemid.dat

C:\Users\Mathias\AppData\Local\temp\Quarantine.exe

 

*****************

 

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

"C:\Program Files\Microsoft Security Client" => Not Found

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.

HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.

HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{84BF725B-75F2-404B-AC83-FFF90CFDCDB5} => Key deleted successfully.

HKCR\CLSID\{84BF725B-75F2-404B-AC83-FFF90CFDCDB5} => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{84BF725B-75F2-404B-AC83-FFF90CFDCDB5} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{84BF725B-75F2-404B-AC83-FFF90CFDCDB5} => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{84BF725B-75F2-404B-AC83-FFF90CFDCDB5} => Key deleted successfully.

HKCR\CLSID\{84BF725B-75F2-404B-AC83-FFF90CFDCDB5} => Key not found.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.

HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.

HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key deleted successfully.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.

HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key deleted successfully.

C:\Users\Mathias\random.dat => Moved successfully.

C:\Users\Mathias\systemid.dat => Moved successfully.

C:\Users\Mathias\AppData\Local\temp\Quarantine.exe => Moved successfully.

 

==== End of Fixlog ====

Link to post
Share on other sites

  • Root Admin

  • Please download CKScanner from >>Here<<
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe & select Run as administrator to start.
  • then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved. Please Run the program only once.
  • Copy/paste the contents of CKFiles.txt in your next reply.


 

 

Next, Please download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


 

Link to post
Share on other sites

CKscanner log:

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.MXNAE0
 ----- EOF ----- 
 
Security Check log:
 
 Results of screen317's Security Check version 0.99.74  
   x64 (UAC is enabled)  
 Internet Explorer 10  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java 7 Update 45  
 Java version out of Date! 
 Google Chrome 30.0.1599.101  
 Google Chrome 30.0.1599.69  
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Windows Defender MsMpEng.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
Link to post
Share on other sites

  • Root Admin

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
It will also reset your System Restore by flushing out previous restore points and create a new restore point.
It will also remove all the backups our tools may have created.

Uninstall ComboFix (if used):

  • Turn off all active protection software including your antivirus.
  • Push the "Windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • Please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.

CF-Uninstall.png


 
Remove the rest of the tools used:
 

Please download OTCleanIt and save it to your Desktop. This tool will remove all the tools we used to clean your pc.

  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not go ahead and delete it by yourself.
  • If asked to restart the computer, please do so

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


AdwCleaner Removal:

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with Yes

ESET antivirus Removal:

  • This tool can be uninstalled via the Control Panel, Programs, Uninstall

If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.

If you're not currently using Malwarebytes PRO then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.