Jump to content

Recommended Posts

  • Root Admin

Hello and :welcome:

If you've not already done so please start here and post back the 2 log files DDS.txt and Attach.txt

P2P/Piracy Warning:
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.




Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)




STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.



STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


 

Link to post
Share on other sites

Ok im now having the reoccurring virus. i will now show you my DDS text.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16736  BrowserJavaVersion: 10.25.2
Run by Justin at 7:54:31 on 2013-11-14
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.16347.13060 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Justin\AppData\Local\Akamai\netsession_win.exe
C:\Users\Justin\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Java\jre7\bin\javaw.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
Q:\140066.enu\Office14\WINWORDC.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\System32\WUDFHost.exe
Q:\140066.enu\Office14\OffSpon.EXE
C:\Windows\splwow64.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\Justin\AppData\Local\Temp\MSDCSC\msdcsc.EXe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Users\Justin\AppData\Local\Temp\MSDCSC\msdcsc.EXe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer, enhanced for Bing and MSN
uProxyOverride = <local>;*.local
uURLSearchHooks: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
mURLSearchHooks: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: WhiteSmoke US New Toolbar: {462BE121-2B54-4218-BF00-B9BF8135B23F} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
TB: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
uRun: [DownloadManager] "C:\Program Files (x86)\Zoom Downloader\DownloadManager.exe" /as
uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Akamai NetSession Interface] "C:\Users\Justin\AppData\Local\Akamai\netsession_win.exe"
uRun: [NetUserData] C:\Users\Justin\AppData\Local\Temp\MSDCSC\msdcsc.exe
uRun: [winlogin] "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Justin\AppData\Local\Temp\winlogin1021247238194591884.jar"
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [shwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [startCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
Trusted Zone: dell.com
TCP: Interfaces\{D18190DE-EA11-4470-8F4C-2EADC13162A9} : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4 
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-7-5 16152]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-6-18 247216]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-7-5 98208]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-7-5 204288]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2011-12-29 106144]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2013-8-7 199176]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-11-11 2756944]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-5 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-3-16 161560]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2013-10-11 377104]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-1-20 139616]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-7-5 1695040]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-5 363800]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-29 158880]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2012-7-5 76960]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-12-29 36000]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-7-5 93712]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-12-29 338592]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-12-29 110752]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-12-29 30368]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-12-29 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-12-29 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-12-29 280992]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-12-29 548000]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-7-5 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-7-5 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-7-5 787736]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-8-12 366600]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-5 648808]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2012/07/05 20:29:08;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2011-11-29 248304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-10-13 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-10-13 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-10-13 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-25 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-11-14 12:48:20 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{885F496B-9C4E-4050-B13D-8F772AD81BFB}\offreg.dll
2013-11-14 01:40:55 -------- d-----w- C:\Users\Justin\AppData\Roaming\dclogs
2013-11-13 21:26:33 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2013-11-13 14:34:59 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-11-13 14:34:59 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-11-13 14:34:59 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2013-11-13 14:34:58 2241536 ----a-w- C:\Windows\System32\wininet.dll
2013-11-13 14:34:58 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-13 13:54:55 404480 ----a-w- C:\Windows\System32\gdi32.dll
2013-11-13 13:54:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-11-13 13:54:47 859648 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-11-13 13:54:47 830464 ----a-w- C:\Windows\System32\nshwfp.dll
2013-11-13 13:54:47 656896 ----a-w- C:\Windows\SysWow64\nshwfp.dll
2013-11-13 13:54:47 324096 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-11-13 13:54:47 216576 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-11-13 01:58:11 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{885F496B-9C4E-4050-B13D-8F772AD81BFB}\mpengine.dll
2013-11-11 21:34:46 10280728 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-11-11 03:18:59 -------- d-----w- C:\Users\Justin\.idlerc
2013-11-09 12:30:11 -------- d-sh--w- C:\found.001
2013-11-06 23:06:14 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{96A5486B-B589-4D57-B7F6-DB211F210477}\gapaengine.dll
2013-11-05 22:36:34 -------- d-----w- C:\Users\Justin\AppData\Roaming\Wing 101 4
2013-11-05 22:36:34 -------- d-----w- C:\Users\Justin\AppData\Local\Wing 101 4
2013-11-05 22:36:17 -------- d-----w- C:\Program Files (x86)\Wing IDE 101 4.1
2013-11-05 22:34:37 98304 ----a-r- C:\Users\Justin\AppData\Roaming\Microsoft\Installer\{AE3AAD33-1790-415F-A3D0-63FC889FD49E}\python_icon.exe
2013-11-05 22:34:06 -------- d-----w- C:\Python32
2013-10-23 00:40:09 -------- d-----w- C:\Users\Justin\AppData\Local\{AC5607AE-E101-4575-823C-0D2958DD9DC1}
2013-10-23 00:39:42 -------- d-----w- C:\Users\Justin\AppData\Local\{6FC26D8E-AAEC-45DF-89F9-ED019E62AD73}
2013-10-19 19:58:07 -------- d-sh--w- C:\found.000
2013-10-15 23:20:24 -------- d-----w- C:\Users\Justin\AppData\Local\{FE31A663-2797-431B-9D3F-AB60320B35FD}
2013-10-15 23:20:24 -------- d-----w- C:\Users\Justin\AppData\Local\{4555C4D4-FC54-4085-8C19-266CF438F493}
.
==================== Find3M  ====================
.
2013-11-01 21:01:39 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2013-11-01 21:01:39 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2013-11-01 20:59:51 283032 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2013-10-12 08:43:37 3959808 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-12 08:43:32 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-10-12 08:43:32 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-10-12 07:02:33 2877952 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-12 07:02:29 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-10-12 07:02:29 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-10-12 06:35:26 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-12 06:08:58 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-12 05:44:38 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-10-12 05:15:39 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-10-05 20:25:35 1474048 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-05 19:57:25 1168384 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-10-04 02:28:31 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2013-10-04 02:25:17 197120 ----a-w- C:\Windows\System32\credui.dll
2013-10-04 02:24:49 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-10-04 01:58:50 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56:25 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2013-10-04 01:56:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-09-28 01:09:10 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-25 02:26:40 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2013-09-25 02:26:40 154560 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2013-09-25 02:23:33 28672 ----a-w- C:\Windows\System32\sspisrv.dll
2013-09-25 02:23:33 135680 ----a-w- C:\Windows\System32\sspicli.dll
2013-09-25 02:23:01 28160 ----a-w- C:\Windows\System32\secur32.dll
2013-09-25 02:22:59 340992 ----a-w- C:\Windows\System32\schannel.dll
2013-09-25 02:21:50 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2013-09-25 02:21:07 1447936 ----a-w- C:\Windows\System32\lsasrv.dll
2013-09-25 01:58:17 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2013-09-25 01:57:26 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2013-09-25 01:57:24 247808 ----a-w- C:\Windows\SysWow64\schannel.dll
2013-09-25 01:56:42 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2013-09-25 01:03:24 30720 ----a-w- C:\Windows\System32\lsass.exe
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-04 01:37:55 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-09-04 01:37:36 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-09-04 01:37:29 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-09-04 01:37:25 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-09-04 01:37:22 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-09-04 01:37:22 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-09-04 01:37:18 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
.
============= FINISH:  7:55:15.39 ===============
 
 
Now my attach.
 
 
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX 64-bit
Adobe Reader X MUI
Adobe Shockwave Player 12.0
Akamai NetSession Interface
AMD APP SDK Runtime
AMD AVIVO64 Codecs
AMD Catalyst Install Manager
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Bluetooth Suite (64)
Blacklight: Retribution
Bonjour
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
CyberLink PowerDVD 9.5
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Digital Delivery
Dell Edoc Viewer
Dell Support Center
Dell System Detect
Dell WLAN and Bluetooth Client Installation
eBay
Flyff
Google Chrome
Google Update Helper
Intel® Control Center
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
Java 7 Update 25
Java Auto Updater
JavaFX 2.1.1
Junk Mail filter update
LogMeIn Hamachi
Malwarebytes Anti-Malware version 1.75.0.1300
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
MSVCRT
MSVCRT_amd64
Multimedia Card Reader
NVIDIA PhysX
PunkBuster Services
Python 3.2.5
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Shared C Run-time for x64
Skype™ 6.10
Steam
swMSM
Team Fortress 2
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
WhiteSmoke US New Toolbar
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Wing IDE 101 4.1.14-1
.
==== Event Viewer Messages From Past Week ========
.
13/11/2013 4:27:08 PM, Error: Service Control Manager [7030]  - The LogMeIn Hamachi Tunneling Engine service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
12/11/2013 8:45:15 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:   Previous Signature Version: 1.161.1874.0   Update Source: Microsoft Update Server   Update Stage: Search   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:   Previous Engine Version: 1.1.10003.0   Error code: 0x8024001e   Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support. 
12/11/2013 4:54:20 PM, Error: Microsoft-Windows-WMPNSS-Service [14365]  - Proximity detection failed due to unknown error '0x80004004'.  The best proximity time detected was -1 milliseconds.
11/11/2013 6:24:11 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
11/11/2013 6:17:49 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
11/11/2013 6:17:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/11/2013 6:17:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/11/2013 6:17:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/11/2013 6:17:31 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/11/2013 6:17:30 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/11/2013 6:17:25 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/11/2013 6:17:19 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
11/11/2013 6:17:19 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
11/11/2013 6:17:19 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
11/11/2013 6:17:19 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
11/11/2013 6:17:19 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
11/11/2013 6:17:19 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
11/11/2013 6:17:19 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
11/11/2013 6:17:19 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
11/11/2013 6:17:19 PM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
11/11/2013 6:17:19 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
11/11/2013 6:17:19 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
11/11/2013 6:17:19 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
11/11/2013 6:17:19 PM, Error: Service Control Manager [7001]  - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error:  The dependency service or group failed to start.
10/11/2013 4:20:34 PM, Error: Microsoft-Windows-Bits-Client [16398]  - A new BITS job could not be created. The current job count for the user Justin-PC\Justin (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.
10/11/2013 10:03:28 PM, Error: Service Control Manager [7023]  - The Peer Name Resolution Protocol service terminated with the following error:  %%-2140966905
10/11/2013 10:03:28 PM, Error: Service Control Manager [7001]  - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error:  %%-2140966905
.
==== End Of File ===========================
 
Thank you for looking at my problem. I will reply as soon as possible. Have a nice day.
 
Link to post
Share on other sites

  • Root Admin

It depends on what type of backup you've done.  Data alone backups will not typically contain an infection.  Full system backups will.

 

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

RogueKiller V8.7.8 _x64_ [Nov 14 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com




 

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Justin [Admin rights]

Mode : Scan -- Date : 11/14/2013 21:39:45

| ARK || FAK || MBR |

 

¤¤¤ Bad processes : 0 ¤¤¤

 

¤¤¤ Registry Entries : 8 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : winlogin ("C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Justin\AppData\Local\Temp\winlogin1021247238194591884.jar" [7][-]) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-692511941-3776590084-1118887934-1000\[...]\Run : winlogin ("C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Justin\AppData\Local\Temp\winlogin1021247238194591884.jar" [7][-]) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableTaskMgr (0) -> FOUND

[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

 

¤¤¤ Scheduled tasks : 0 ¤¤¤

 

¤¤¤ Startup Entries : 0 ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ Particular Files / Folders: ¤¤¤

 

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

 

¤¤¤ External Hives: ¤¤¤

 

¤¤¤ Infection :  ¤¤¤

 

¤¤¤ HOSTS File: ¤¤¤

--> %SystemRoot%\System32\drivers\etc\hosts

 

 

 

 

¤¤¤ MBR Check: ¤¤¤

 

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST2000DM001-9YN164 +++++

--- User ---

[MBR] f5f09c284ac7b1c7591df70a81de6416

[bSP] 6a326f18d8c4d1cc7cea7264bf00e677 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 12544 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 25772032 | Size: 1895144 Mo

User = LL1 ... OK!

User = LL2 ... OK!

 

Finished : << RKreport[0]_S_11142013_213945.txt >>
Link to post
Share on other sites

  • Root Admin

I'm going to be going on vacation here in a couple days so let's try to get you fixed up before I leave.

 

 

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

ComboFix 13-11-16.01 - Justin 17/11/2013  22:07:44.1.8 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.2.1033.18.16347.13440 [GMT -5:00]

Running from: c:\users\Justin\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}

SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\END

c:\users\Justin\AppData\Roaming\Microsoft\Windows\Recent\Team Fortress 2.url

c:\users\Justin\AppData\Roaming\technic-launcher.jar

c:\users\Justin\Documents\~WRL1015.tmp

c:\users\Justin\Documents\~WRL3678.tmp

c:\windows\RPSETUP.EXE.LOG

c:\windows\security\Database\tmp.edb

c:\windows\SysWow64\FlashPlayerApp.exe

.

.

(((((((((((((((((((((((((   Files Created from 2013-10-18 to 2013-11-18  )))))))))))))))))))))))))))))))

.

.

2013-11-18 03:11 . 2013-11-18 03:11 -------- d-----w- c:\users\Marcus\AppData\Local\temp

2013-11-18 03:11 . 2013-11-18 03:11 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-11-18 03:01 . 2013-11-18 03:01 75888 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{26CDE71A-5B8B-4905-800B-D0715169544B}\offreg.dll

2013-11-17 23:44 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{26CDE71A-5B8B-4905-800B-D0715169544B}\mpengine.dll

2013-11-16 13:13 . 2013-10-14 07:12 10280728 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-11-16 13:05 . 2013-11-16 13:05 -------- d-----w- c:\program files (x86)\Dell Digital Delivery

2013-11-15 02:44 . 2013-11-18 00:20 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-11-15 02:43 . 2013-11-18 00:10 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-11-15 02:31 . 2013-11-15 02:32 -------- d-----w- c:\program files (x86)\ERUNT

2013-11-13 21:26 . 2013-11-13 21:26 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi

2013-11-13 14:34 . 2013-10-12 08:45 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-11-13 14:34 . 2013-10-12 08:45 1364992 ----a-w- c:\windows\system32\urlmon.dll

2013-11-13 14:34 . 2013-10-12 08:43 53248 ----a-w- c:\windows\system32\jsproxy.dll

2013-11-13 14:34 . 2013-10-12 07:03 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-11-13 14:34 . 2013-10-12 07:02 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll

2013-11-13 14:34 . 2013-10-12 08:45 2241536 ----a-w- c:\windows\system32\wininet.dll

2013-11-13 14:34 . 2013-10-12 07:03 1767936 ----a-w- c:\windows\SysWow64\wininet.dll

2013-11-13 14:34 . 2013-10-12 08:43 19269632 ----a-w- c:\windows\system32\mshtml.dll

2013-11-13 14:34 . 2013-10-12 08:43 15404544 ----a-w- c:\windows\system32\ieframe.dll

2013-11-13 13:54 . 2013-10-03 02:23 404480 ----a-w- c:\windows\system32\gdi32.dll

2013-11-13 13:54 . 2013-10-03 02:00 311808 ----a-w- c:\windows\SysWow64\gdi32.dll

2013-11-13 13:54 . 2013-10-12 02:30 830464 ----a-w- c:\windows\system32\nshwfp.dll

2013-11-13 13:54 . 2013-10-12 02:29 859648 ----a-w- c:\windows\system32\IKEEXT.DLL

2013-11-13 13:54 . 2013-10-12 02:29 324096 ----a-w- c:\windows\system32\FWPUCLNT.DLL

2013-11-13 13:54 . 2013-10-12 02:03 656896 ----a-w- c:\windows\SysWow64\nshwfp.dll

2013-11-13 13:54 . 2013-10-12 02:01 216576 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL

2013-11-11 03:18 . 2013-11-11 03:19 -------- d-----w- c:\users\Justin\.idlerc

2013-11-09 12:30 . 2013-11-09 12:30 -------- d-----w- C:\found.001

2013-11-06 23:06 . 2013-10-20 15:37 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{96A5486B-B589-4D57-B7F6-DB211F210477}\gapaengine.dll

2013-11-05 22:36 . 2013-11-10 20:14 -------- d-----w- c:\users\Justin\AppData\Roaming\Wing 101 4

2013-11-05 22:36 . 2013-11-10 20:14 -------- d-----w- c:\users\Justin\AppData\Local\Wing 101 4

2013-11-05 22:36 . 2013-11-05 22:36 -------- d-----w- c:\program files (x86)\Wing IDE 101 4.1

2013-11-05 22:34 . 2013-11-05 22:34 98304 ----a-r- c:\users\Justin\AppData\Roaming\Microsoft\Installer\{AE3AAD33-1790-415F-A3D0-63FC889FD49E}\python_icon.exe

2013-11-05 22:34 . 2013-11-05 22:34 -------- d-----w- C:\Python32

2013-10-19 19:58 . 2013-10-19 19:58 -------- d-----w- C:\found.000

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-16 15:25 . 2013-02-15 18:02 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-11-16 15:25 . 2013-02-15 17:38 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-11-16 14:26 . 2013-02-15 17:38 283032 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2013-11-13 14:33 . 2012-11-29 13:11 82896128 ----a-w- c:\windows\system32\MRT.exe

2013-10-20 15:37 . 2013-06-14 11:58 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-09-27 14:53 . 2013-09-27 14:53 248240 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-09-27 14:53 . 2013-01-20 19:59 134944 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2013-09-08 02:30 . 2013-10-10 12:09 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-09-08 02:27 . 2013-10-10 12:09 327168 ----a-w- c:\windows\system32\mswsock.dll

2013-09-08 02:03 . 2013-10-10 12:09 231424 ----a-w- c:\windows\SysWow64\mswsock.dll

2013-09-04 01:37 . 2013-10-13 22:20 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys

2013-09-04 01:37 . 2013-10-13 22:20 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2013-09-04 01:37 . 2013-10-13 22:20 325120 ----a-w- c:\windows\system32\drivers\usbport.sys

2013-09-04 01:37 . 2013-10-13 22:20 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys

2013-09-04 01:37 . 2013-10-13 22:20 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys

2013-09-04 01:37 . 2013-10-13 22:20 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys

2013-09-04 01:37 . 2013-10-13 22:20 7808 ----a-w- c:\windows\system32\drivers\usbd.sys

2013-08-29 02:17 . 2013-10-10 12:09 5549504 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-29 02:16 . 2013-10-10 12:09 1732032 ----a-w- c:\windows\system32\ntdll.dll

2013-08-29 02:16 . 2013-10-10 12:09 243712 ----a-w- c:\windows\system32\wow64.dll

2013-08-29 02:16 . 2013-10-10 12:09 859648 ----a-w- c:\windows\system32\tdh.dll

2013-08-29 02:13 . 2013-10-10 12:09 878080 ----a-w- c:\windows\system32\advapi32.dll

2013-08-29 01:51 . 2013-10-10 12:09 3969472 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-08-29 01:51 . 2013-10-10 12:09 3914176 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-08-29 01:50 . 2013-10-10 12:09 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-08-29 01:50 . 2013-10-10 12:09 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll

2013-08-29 01:50 . 2013-10-10 12:09 619520 ----a-w- c:\windows\SysWow64\tdh.dll

2013-08-29 01:48 . 2013-10-10 12:09 640512 ----a-w- c:\windows\SysWow64\advapi32.dll

2013-08-29 01:48 . 2013-10-10 12:09 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-08-29 00:49 . 2013-10-10 12:09 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-08-29 00:49 . 2013-10-10 12:09 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-08-29 00:49 . 2013-10-10 12:09 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-08-29 00:49 . 2013-10-10 12:09 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-08-28 01:21 . 2013-10-10 12:09 3155968 ----a-w- c:\windows\system32\win32k.sys

2013-08-28 01:12 . 2013-10-10 12:09 461312 ----a-w- c:\windows\system32\scavengeui.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{462be121-2b54-4218-bf00-b9bf8135b23f}]

2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\WhiteSmoke_US_New\prxtbWhit.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{462be121-2b54-4218-bf00-b9bf8135b23f}"= "c:\program files (x86)\WhiteSmoke_US_New\prxtbWhit.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{462be121-2b54-4218-bf00-b9bf8135b23f}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-10-30 1820584]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-10-21 20549280]

"Akamai NetSession Interface"="c:\users\Justin\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]

"winlogin"="c:\program files (x86)\Java\jre7\bin\javaw.exe" [2013-06-26 175016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]

"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-17 291608]

"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-26 343168]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]

"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2011-11-29 75048]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2013-11-11 2349392]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/07/05 20:29;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [x]

S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - CLKMDRV10_9EC60124

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-11-15 23:48 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-06 01:06]

.

2013-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24 13:17]

.

2013-11-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24 13:17]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-23 6457960]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-16 1156712]

"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-12-29 1014432]

"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-12-29 800416]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>;*.local

Trusted Zone: dell.com

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-DownloadManager - c:\program files (x86)\Zoom Downloader\DownloadManager.exe

Wow6432Node-HKLM-Run-mcui_exe - c:\program files\McAfee.com\Agent\mcagent.exe

Toolbar-Locked - (no file)

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-11-17  22:13:35

ComboFix-quarantined-files.txt  2013-11-18 03:13

.

Pre-Run: 1,689,537,916,928 bytes free

Post-Run: 1,690,586,857,472 bytes free

.

- - End Of File - - BBB919F6D9A5706558979B64F31C9296

 

 

 

Thank you again for your help. 

Link to post
Share on other sites

  • Root Admin

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

Then Please run the STEPS 4 through 7 again now and post back all of the logs.

Link to post
Share on other sites

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{462be121-2b54-4218-bf00-b9bf8135b23f}

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetup.exe

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasapi32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\wajamupdater_rasmancs

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3244149

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASAPI32

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ApnSetup_RASMANCS

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{17B4D302-7C07-4A08-A046-A9652065DA7E}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{462BE121-2B54-4218-BF00-B9BF8135B23F}

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{462be121-2b54-4218-bf00-b9bf8135b23f}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{462be121-2b54-4218-bf00-b9bf8135b23f}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

Successfully deleted: [Folder] "C:\ProgramData\apn"

Successfully deleted: [Folder] "C:\Users\Justin\appdata\local\conduit"

Successfully deleted: [Folder] "C:\Users\Justin\appdata\locallow\conduit"

Successfully deleted: [Folder] "C:\Users\Justin\appdata\locallow\pricegong"

Successfully deleted: [Folder] "C:\Users\Justin\appdata\locallow\whitesmoke_us_new"

Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"

Successfully deleted: [Folder] "C:\Program Files (x86)\whitesmoke_us_new"

Successfully deleted: [Empty Folder] C:\Users\Justin\appdata\local\{4555C4D4-FC54-4085-8C19-266CF438F493}

Successfully deleted: [Empty Folder] C:\Users\Justin\appdata\local\{60B8E0D4-2DC5-4813-9388-7586F27B7EC0}

Successfully deleted: [Empty Folder] C:\Users\Justin\appdata\local\{6FC26D8E-AAEC-45DF-89F9-ED019E62AD73}

Successfully deleted: [Empty Folder] C:\Users\Justin\appdata\local\{AC5607AE-E101-4575-823C-0D2958DD9DC1}

Successfully deleted: [Empty Folder] C:\Users\Justin\appdata\local\{FE31A663-2797-431B-9D3F-AB60320B35FD}

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 18/11/2013 at 19:08:32.60

End of JRT log

 

 

 


# AdwCleaner v3.012 - Report created 18/11/2013 at 19:10:03

# Updated 11/11/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Justin - JUSTIN-PC

# Running from : C:\Users\Justin\Downloads\AdwCleaner.exe

# Option : Scan

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

File Found : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage

File Found : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal

Folder Found C:\Users\Justin\AppData\Local\Zoom_Downloader

Folder Found C:\Users\Marcus\AppData\LocalLow\Conduit

Folder Found C:\Users\Marcus\AppData\LocalLow\PriceGong

Folder Found C:\Users\Marcus\AppData\LocalLow\WhiteSmoke_US_New

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Found : HKCU\Software\AppDataLow\Software\WhiteSmoke_US_New

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764}

Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D9AE4B5-D7B8-4921-840F-A56853795496}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F096C143-1B1A-4AA5-8A76-C8328D0C990C}

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US_New Toolbar

Key Found : HKLM\Software\WhiteSmoke_US_New

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{462BE121-2B54-4218-BF00-B9BF8135B23F}]

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16736

 

 

-\\ Google Chrome v31.0.1650.57

 

[ File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

[ File : C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Found : homepage


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Link to post
Share on other sites

# AdwCleaner v3.012 - Report created 18/11/2013 at 19:13:51

# Updated 11/11/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Justin - JUSTIN-PC

# Running from : C:\Users\Justin\Downloads\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Users\Justin\AppData\Local\Zoom_Downloader

Folder Deleted : C:\Users\Marcus\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Marcus\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Marcus\AppData\LocalLow\WhiteSmoke_US_New

File Deleted : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage

File Deleted : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.wajam.com_0.localstorage-journal

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F096C143-1B1A-4AA5-8A76-C8328D0C990C}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D9AE4B5-D7B8-4921-840F-A56853795496}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{462BE121-2B54-4218-BF00-B9BF8135B23F}]

Key Deleted : HKCU\Software\AppDataLow\Software\WhiteSmoke_US_New

Key Deleted : HKLM\Software\WhiteSmoke_US_New

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US_New Toolbar

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v10.0.9200.16736

 

 

-\\ Google Chrome v31.0.1650.57

 

[ File : C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

 

[ File : C:\Users\Marcus\AppData\Local\Google\Chrome\User Data\Default\preferences ]

 

Deleted : homepage

 

*************************

 

AdwCleaner[R0].txt - [2492 octets] - [18/11/2013 19:10:03]

AdwCleaner[s0].txt - [2423 octets] - [18/11/2013 19:13:51]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2483 octets] ##########

 

 

 

Ok this was the quick scan and nothing appeared. 

 


Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.11.18.10

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16736

Justin :: JUSTIN-PC [administrator]

 

18/11/2013 7:24:50 PM

mbam-log-2013-11-18 (19-24-50).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 232692

Time elapsed: 1 minute(s), 17 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Link to post
Share on other sites

  • Root Admin

Please restart the computer and run the following.

 

Please download MiniToolBox save it to your desktop and run it.

Checkmark the following check-boxes:

  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files


Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using Reset FF Proxy Settings option Firefox should be closed.
 

Link to post
Share on other sites

ESET report 

 

C:\AdwCleaner\Quarantine\C\Users\Marcus\AppData\LocalLow\WhiteSmoke_US_New\ldrtbWhit.dll.vir a variant of Win32/Toolbar.Conduit.P application
C:\AdwCleaner\Quarantine\C\Users\Marcus\AppData\LocalLow\WhiteSmoke_US_New\tbWhit.dll.vir a variant of Win32/Toolbar.Conduit.B application
C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-11-2013

Ran by Justin (administrator) on JUSTIN-PC on 18-11-2013 20:50:35

Running from C:\Users\Justin\Downloads

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 10

Boot Mode: Normal

 

==================== Processes (Whitelisted) =================

 

(AMD) C:\Windows\system32\atiesrxx.exe

(AMD) C:\Windows\system32\atieclxx.exe

(Microsoft Corporation) C:\Windows\system32\WLANExt.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Intel® Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe

(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe

(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe

(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe

(Akamai Technologies, Inc.) C:\Users\Justin\AppData\Local\Akamai\netsession_win.exe

(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe

(Akamai Technologies, Inc.) C:\Users\Justin\AppData\Local\Akamai\netsession_win.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe

(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe

(Advanced Micro Devices Inc.) c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

(Dell Products, LP.) c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE

() C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe

(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor)

HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)

HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations)

HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)

HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)

HKCU\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1820584 2013-10-30] (Valve Corporation)

HKCU\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20549280 2013-10-21] (Skype Technologies S.A.)

HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Justin\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)

HKCU\...\Run: [winlogin] - "C:\Program Files (x86)\Java\jre7\bin\javaw.exe" -jar "C:\Users\Justin\AppData\Local\Temp\winlogin1021247238194591884.jar" <===== ATTENTION

HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_228_ActiveX.exe -update activex [630432 2012-07-05] (Adobe Systems Incorporated)

HKCU\...\Policies\system: [LogonHoursAction] 2

HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKLM-x32\...\Run: [iAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)

HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)

HKLM-x32\...\Run: [shwiconXP9106] - C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)

HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-10-25] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)

HKLM-x32\...\Run: [PDVD9LanguageShortcut] - C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)

HKLM-x32\...\Run: [bDRegion] - C:\Program Files (x86)\CyberLink\Shared files\brs.exe [75048 2011-11-29] (cyberlink)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)

HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2349392 2013-11-11] (LogMeIn Inc.)

HKU\Marcus\...\Policies\system: [LogonHoursAction] 2

HKU\Marcus\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

 

==================== Internet (Whitelisted) ====================

 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=UP76DHP&pc=UP76&dt=061313

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

SearchScopes: HKLM - DefaultScope {C76AAF4E-8001-4E68-A9A9-4E0EC5508571} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDR&src=IE-SearchBox

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 

SearchScopes: HKCU - DefaultScope {C76AAF4E-8001-4E68-A9A9-4E0EC5508571} URL = 

SearchScopes: HKCU - {C76AAF4E-8001-4E68-A9A9-4E0EC5508571} URL = 

BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)

BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

 

Chrome: 

=======


CHR Extension: (Google Docs) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1

CHR Extension: (Google Drive) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1

CHR Extension: (YouTube) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1

CHR Extension: (Google Search) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1

CHR Extension: (Daum Equation Editor) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\dinfmiceliiomokeofbocegmacmagjhe\2.0.1_0

CHR Extension: (AdBlock) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0

CHR Extension: (Google Wallet) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

CHR Extension: (Psykopaint) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil\0.0.0.10_0

CHR Extension: (Gmail) - C:\Users\Justin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_2

 

==================== Services (Whitelisted) =================

 

S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [248304 2011-11-29] (CyberLink)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-21] (Intel Corporation)

R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)

R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)

S3 npggsvc; C:\Windows\SysWow64\GameMon.des [4703728 2012-11-15] (INCA Internet Co., Ltd.)

R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-15] ()

R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros)

R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros)

 

==================== Drivers (Whitelisted) ====================

 

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)

R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)

S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)

S3 catchme; \??\C:\ComboFix\catchme.sys [x]

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2013-11-18 20:50 - 2013-11-18 20:51 - 00014232 _____ C:\Users\Justin\Downloads\FRST.txt

2013-11-18 20:50 - 2013-11-18 20:50 - 00000000 ____D C:\FRST

2013-11-18 20:49 - 2013-11-18 20:49 - 01957964 _____ (Farbar) C:\Users\Justin\Downloads\FRST64.exe

2013-11-18 20:47 - 2013-11-18 20:47 - 00000517 _____ C:\Users\Justin\Documents\ESET.txt

2013-11-18 19:36 - 2013-11-18 19:36 - 02347384 _____ (ESET) C:\Users\Justin\Downloads\esetsmartinstaller_enu.exe

2013-11-18 19:36 - 2013-11-18 19:36 - 00000000 ____D C:\Program Files (x86)\ESET

2013-11-18 19:16 - 2013-11-18 19:16 - 00000000 ___RD C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

2013-11-18 19:09 - 2013-11-18 19:14 - 00000000 ____D C:\AdwCleaner

2013-11-18 19:09 - 2013-11-18 19:09 - 01085542 _____ C:\Users\Justin\Downloads\AdwCleaner.exe

2013-11-18 19:08 - 2013-11-18 19:08 - 00004178 _____ C:\Users\Justin\Desktop\JRT.txt

2013-11-18 19:05 - 2013-11-18 19:05 - 00000000 ____D C:\Windows\ERUNT

2013-11-18 19:04 - 2013-11-18 19:04 - 01034531 _____ (Thisisu) C:\Users\Justin\Downloads\JRT.exe

2013-11-17 22:13 - 2013-11-17 22:13 - 00024226 _____ C:\ComboFix.txt

2013-11-17 22:06 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe

2013-11-17 22:06 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe

2013-11-17 22:06 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2013-11-17 22:06 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2013-11-17 22:06 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2013-11-17 22:06 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe

2013-11-17 22:06 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe

2013-11-17 22:06 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe

2013-11-17 22:05 - 2013-11-17 22:03 - 05146587 ____R (Swearware) C:\Users\Justin\Desktop\ComboFix.exe

2013-11-17 22:04 - 2013-11-17 22:13 - 00000000 ____D C:\Qoobox

2013-11-16 08:05 - 2013-11-16 08:05 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery

2013-11-14 21:45 - 2013-11-14 21:45 - 00000000 ____D C:\Users\Justin\Desktop\Anti malwarebytes folder in general

2013-11-14 21:44 - 2013-11-17 19:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-11-14 21:43 - 2013-11-17 19:20 - 00000000 ____D C:\Users\Justin\Desktop\mbar

2013-11-14 21:43 - 2013-11-17 19:10 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-11-14 21:43 - 2013-11-14 21:43 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Justin\Downloads\mbar-1.07.0.1007.exe

2013-11-14 21:37 - 2013-11-14 21:41 - 00000000 ____D C:\Users\Justin\Desktop\RK_Quarantine

2013-11-14 21:37 - 2013-11-14 21:37 - 04161024 _____ C:\Users\Justin\Downloads\RogueKillerX64.exe

2013-11-14 21:33 - 2013-11-17 22:12 - 00000000 ____D C:\Windows\ERDNT

2013-11-14 21:31 - 2013-11-14 21:32 - 00000000 ____D C:\Program Files (x86)\ERUNT

2013-11-14 21:31 - 2013-11-14 21:31 - 00000926 _____ C:\Users\Marcus\Desktop\NTREGOPT.lnk

2013-11-14 21:31 - 2013-11-14 21:31 - 00000926 _____ C:\Users\Justin\Desktop\NTREGOPT.lnk

2013-11-14 21:31 - 2013-11-14 21:31 - 00000907 _____ C:\Users\Marcus\Desktop\ERUNT.lnk

2013-11-14 21:31 - 2013-11-14 21:31 - 00000907 _____ C:\Users\Justin\Desktop\ERUNT.lnk

2013-11-14 21:30 - 2013-11-14 21:30 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Justin\Downloads\erunt-setup.exe

2013-11-14 21:27 - 2013-11-14 21:27 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Justin\Downloads\rkill.exe

2013-11-14 21:27 - 2013-11-14 21:27 - 00000000 ____D C:\Users\Justin\Desktop\rkill

2013-11-14 07:57 - 2013-11-14 07:57 - 00024673 _____ C:\Users\Justin\Documents\DDS 1.txt

2013-11-14 07:57 - 2013-11-14 07:57 - 00013997 _____ C:\Users\Justin\Documents\DDS Attached 1.txt

2013-11-14 07:54 - 2013-11-14 07:54 - 00688992 ____R (Swearware) C:\Users\Justin\Downloads\dds.scr

2013-11-13 16:26 - 2013-11-13 16:26 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2013-11-13 09:35 - 2013-10-12 03:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2013-11-13 09:35 - 2013-10-12 03:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2013-11-13 09:35 - 2013-10-12 03:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2013-11-13 09:35 - 2013-10-12 03:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2013-11-13 09:35 - 2013-10-12 03:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2013-11-13 09:35 - 2013-10-12 03:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2013-11-13 09:35 - 2013-10-12 03:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2013-11-13 09:35 - 2013-10-12 03:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2013-11-13 09:35 - 2013-10-12 03:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2013-11-13 09:35 - 2013-10-12 02:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-11-13 09:35 - 2013-10-12 02:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-11-13 09:35 - 2013-10-12 02:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-11-13 09:35 - 2013-10-12 02:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-11-13 09:35 - 2013-10-12 02:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-11-13 09:35 - 2013-10-12 02:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-11-13 09:35 - 2013-10-12 02:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-11-13 09:35 - 2013-10-12 02:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-11-13 09:35 - 2013-10-12 02:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-11-13 09:35 - 2013-10-12 01:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2013-11-13 09:35 - 2013-10-12 01:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-11-13 09:35 - 2013-10-12 00:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe

2013-11-13 09:35 - 2013-10-12 00:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-11-13 09:34 - 2013-10-12 03:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2013-11-13 09:34 - 2013-10-12 03:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2013-11-13 09:34 - 2013-10-12 03:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2013-11-13 09:34 - 2013-10-12 03:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2013-11-13 09:34 - 2013-10-12 03:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2013-11-13 09:34 - 2013-10-12 02:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-11-13 09:34 - 2013-10-12 02:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-11-13 09:34 - 2013-10-12 02:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-11-13 09:34 - 2013-10-12 02:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-11-13 08:55 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll

2013-11-13 08:55 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2013-11-13 08:55 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll

2013-11-13 08:55 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll

2013-11-13 08:55 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2013-11-13 08:55 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll

2013-11-13 08:55 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-11-13 08:55 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll

2013-11-13 08:55 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys

2013-11-13 08:55 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2013-11-13 08:55 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2013-11-13 08:55 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2013-11-13 08:55 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2013-11-13 08:55 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2013-11-13 08:55 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2013-11-13 08:55 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2013-11-13 08:55 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2013-11-13 08:55 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2013-11-13 08:55 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2013-11-13 08:55 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2013-11-13 08:55 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2013-11-13 08:55 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2013-11-13 08:55 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2013-11-13 08:54 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll

2013-11-13 08:54 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL

2013-11-13 08:54 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL

2013-11-13 08:54 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll

2013-11-13 08:54 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL

2013-11-13 08:54 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2013-11-13 08:54 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2013-11-10 22:18 - 2013-11-10 22:19 - 00000000 ____D C:\Users\Justin\.idlerc

2013-11-09 07:30 - 2013-11-09 07:30 - 00000000 ____D C:\found.001

2013-11-05 17:36 - 2013-11-10 15:14 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Wing 101 4

2013-11-05 17:36 - 2013-11-10 15:14 - 00000000 ____D C:\Users\Justin\AppData\Local\Wing 101 4

2013-11-05 17:36 - 2013-11-05 17:36 - 00000000 ____D C:\Program Files (x86)\Wing IDE 101 4.1

2013-11-05 17:35 - 2013-11-05 17:35 - 25698993 _____ (                                                            ) C:\Users\Justin\Downloads\wingide-101-4.1.14-1.exe

2013-11-05 17:34 - 2013-11-05 17:34 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.2

2013-11-05 17:34 - 2013-11-05 17:34 - 00000000 ____D C:\Python32

2013-11-05 17:31 - 2013-11-05 17:32 - 18329600 _____ C:\Users\Justin\Downloads\python-3.2.5.msi

2013-11-04 20:44 - 2013-11-04 22:50 - 00000000 ____D C:\Users\Justin\Documents\Grade 7 Work-Trevor

2013-10-30 20:07 - 2013-10-30 20:24 - 00000000 ____D C:\Users\Justin\Documents\MARCUS

2013-10-25 19:23 - 2013-10-25 19:23 - 00263186 _____ C:\Users\Justin\Downloads\Minecraft (6).exe

2013-10-25 19:21 - 2013-10-25 19:21 - 00263186 _____ C:\Users\Justin\Downloads\Minecraft (5).exe

2013-10-25 18:31 - 2013-10-25 18:31 - 00675988 _____ C:\Users\Justin\Downloads\Minecraft (4).exe

2013-10-25 18:30 - 2013-10-25 18:30 - 00675988 _____ C:\Users\Justin\Downloads\Minecraft (3).exe

2013-10-19 14:58 - 2013-10-19 14:58 - 00000000 ____D C:\found.000

 

==================== One Month Modified Files and Folders =======

 

2013-11-18 20:51 - 2013-11-18 20:50 - 00014232 _____ C:\Users\Justin\Downloads\FRST.txt

2013-11-18 20:50 - 2013-11-18 20:50 - 00000000 ____D C:\FRST

2013-11-18 20:49 - 2013-11-18 20:49 - 01957964 _____ (Farbar) C:\Users\Justin\Downloads\FRST64.exe

2013-11-18 20:49 - 2012-09-19 06:29 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Skype

2013-11-18 20:48 - 2012-11-24 08:17 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-11-18 20:47 - 2013-11-18 20:47 - 00000517 _____ C:\Users\Justin\Documents\ESET.txt

2013-11-18 20:23 - 2009-07-14 00:13 - 00779724 _____ C:\Windows\system32\PerfStringBackup.INI

2013-11-18 20:20 - 2012-07-05 20:03 - 01971451 _____ C:\Windows\WindowsUpdate.log

2013-11-18 19:55 - 2012-07-05 20:06 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater

2013-11-18 19:55 - 2012-07-05 20:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-11-18 19:49 - 2013-04-14 12:46 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{A0912F67-3A64-4CAD-9B55-2C128C4A4342}

2013-11-18 19:47 - 2012-07-24 07:33 - 00000000 ____D C:\Users\Justin\AppData\Roaming\.minecraft

2013-11-18 19:36 - 2013-11-18 19:36 - 02347384 _____ (ESET) C:\Users\Justin\Downloads\esetsmartinstaller_enu.exe

2013-11-18 19:36 - 2013-11-18 19:36 - 00000000 ____D C:\Program Files (x86)\ESET

2013-11-18 19:22 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-11-18 19:22 - 2009-07-13 23:45 - 00021296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-11-18 19:16 - 2013-11-18 19:16 - 00000000 ___RD C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices

2013-11-18 19:16 - 2013-04-27 14:33 - 00000000 ____D C:\Users\Justin\AppData\Local\LogMeIn Hamachi

2013-11-18 19:16 - 2012-11-24 08:17 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-11-18 19:16 - 2012-09-26 06:08 - 00000000 ____D C:\Program Files (x86)\Steam

2013-11-18 19:16 - 2012-07-05 20:23 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup

2013-11-18 19:15 - 2012-07-05 20:26 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks

2013-11-18 19:15 - 2012-07-05 20:26 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks

2013-11-18 19:15 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2013-11-18 19:15 - 2009-07-13 23:51 - 00118031 _____ C:\Windows\setupact.log

2013-11-18 19:14 - 2013-11-18 19:09 - 00000000 ____D C:\AdwCleaner

2013-11-18 19:09 - 2013-11-18 19:09 - 01085542 _____ C:\Users\Justin\Downloads\AdwCleaner.exe

2013-11-18 19:08 - 2013-11-18 19:08 - 00004178 _____ C:\Users\Justin\Desktop\JRT.txt

2013-11-18 19:05 - 2013-11-18 19:05 - 00000000 ____D C:\Windows\ERUNT

2013-11-18 19:04 - 2013-11-18 19:04 - 01034531 _____ (Thisisu) C:\Users\Justin\Downloads\JRT.exe

2013-11-18 16:49 - 2012-11-24 08:17 - 00000000 ____D C:\Users\Justin\AppData\Local\Apps\2.0

2013-11-18 15:43 - 2010-11-20 22:47 - 00041320 _____ C:\Windows\PFRO.log

2013-11-17 22:13 - 2013-11-17 22:13 - 00024226 _____ C:\ComboFix.txt

2013-11-17 22:13 - 2013-11-17 22:04 - 00000000 ____D C:\Qoobox

2013-11-17 22:13 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default

2013-11-17 22:12 - 2013-11-14 21:33 - 00000000 ____D C:\Windows\ERDNT

2013-11-17 22:12 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini

2013-11-17 22:03 - 2013-11-17 22:05 - 05146587 ____R (Swearware) C:\Users\Justin\Desktop\ComboFix.exe

2013-11-17 20:47 - 2012-08-10 21:35 - 00000000 ____D C:\Users\Justin\AppData\Roaming\SoftGrid Client

2013-11-17 19:20 - 2013-11-14 21:44 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2013-11-17 19:20 - 2013-11-14 21:43 - 00000000 ____D C:\Users\Justin\Desktop\mbar

2013-11-17 19:10 - 2013-11-14 21:43 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2013-11-16 12:07 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache

2013-11-16 10:25 - 2013-02-15 13:02 - 00283032 _____ C:\Windows\SysWOW64\PnkBstrB.xtr

2013-11-16 10:25 - 2013-02-15 12:38 - 00283032 _____ C:\Windows\SysWOW64\PnkBstrB.exe

2013-11-16 09:26 - 2013-02-16 08:03 - 00007597 _____ C:\Users\Justin\AppData\Local\Resmon.ResmonCfg

2013-11-16 09:26 - 2013-02-15 12:38 - 00283032 _____ C:\Windows\SysWOW64\PnkBstrB.ex0

2013-11-16 08:05 - 2013-11-16 08:05 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery

2013-11-15 23:39 - 2013-06-12 20:20 - 00001945 _____ C:\Windows\epplauncher.mif

2013-11-15 23:38 - 2013-06-12 20:19 - 00000000 ____D C:\Program Files\Microsoft Security Client

2013-11-15 23:38 - 2013-06-12 20:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client

2013-11-15 12:33 - 2013-10-17 16:20 - 00000125 _____ C:\Users\Justin\Desktop\MC CORDS MUT.txt

2013-11-14 21:45 - 2013-11-14 21:45 - 00000000 ____D C:\Users\Justin\Desktop\Anti malwarebytes folder in general

2013-11-14 21:43 - 2013-11-14 21:43 - 12576792 _____ (Malwarebytes Corp.) C:\Users\Justin\Downloads\mbar-1.07.0.1007.exe

2013-11-14 21:41 - 2013-11-14 21:37 - 00000000 ____D C:\Users\Justin\Desktop\RK_Quarantine

2013-11-14 21:37 - 2013-11-14 21:37 - 04161024 _____ C:\Users\Justin\Downloads\RogueKillerX64.exe

2013-11-14 21:32 - 2013-11-14 21:31 - 00000000 ____D C:\Program Files (x86)\ERUNT

2013-11-14 21:31 - 2013-11-14 21:31 - 00000926 _____ C:\Users\Marcus\Desktop\NTREGOPT.lnk

2013-11-14 21:31 - 2013-11-14 21:31 - 00000926 _____ C:\Users\Justin\Desktop\NTREGOPT.lnk

2013-11-14 21:31 - 2013-11-14 21:31 - 00000907 _____ C:\Users\Marcus\Desktop\ERUNT.lnk

2013-11-14 21:31 - 2013-11-14 21:31 - 00000907 _____ C:\Users\Justin\Desktop\ERUNT.lnk

2013-11-14 21:30 - 2013-11-14 21:30 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Justin\Downloads\erunt-setup.exe

2013-11-14 21:27 - 2013-11-14 21:27 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Justin\Downloads\rkill.exe

2013-11-14 21:27 - 2013-11-14 21:27 - 00000000 ____D C:\Users\Justin\Desktop\rkill

2013-11-14 18:43 - 2012-12-10 20:41 - 00000000 ____D C:\Users\Justin\AppData\Roaming\.techniclauncher

2013-11-14 07:57 - 2013-11-14 07:57 - 00024673 _____ C:\Users\Justin\Documents\DDS 1.txt

2013-11-14 07:57 - 2013-11-14 07:57 - 00013997 _____ C:\Users\Justin\Documents\DDS Attached 1.txt

2013-11-14 07:54 - 2013-11-14 07:54 - 00688992 ____R (Swearware) C:\Users\Justin\Downloads\dds.scr

2013-11-13 16:26 - 2013-11-13 16:26 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi

2013-11-13 09:34 - 2013-07-19 22:15 - 00000000 ____D C:\Windows\system32\MRT

2013-11-13 09:33 - 2012-11-29 08:11 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2013-11-11 08:32 - 2013-09-13 21:26 - 00000000 ____D C:\Users\Justin\Documents\grade 10 work

2013-11-10 22:19 - 2013-11-10 22:18 - 00000000 ____D C:\Users\Justin\.idlerc

2013-11-10 22:18 - 2012-07-23 20:47 - 00000000 ____D C:\Users\Justin

2013-11-10 15:14 - 2013-11-05 17:36 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Wing 101 4

2013-11-10 15:14 - 2013-11-05 17:36 - 00000000 ____D C:\Users\Justin\AppData\Local\Wing 101 4

2013-11-09 07:30 - 2013-11-09 07:30 - 00000000 ____D C:\found.001

2013-11-05 20:04 - 2012-07-05 20:25 - 00000000 ____D C:\ProgramData\Skype

2013-11-05 17:36 - 2013-11-05 17:36 - 00000000 ____D C:\Program Files (x86)\Wing IDE 101 4.1

2013-11-05 17:35 - 2013-11-05 17:35 - 25698993 _____ (                                                            ) C:\Users\Justin\Downloads\wingide-101-4.1.14-1.exe

2013-11-05 17:34 - 2013-11-05 17:34 - 00000000 ____D C:\Users\Justin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.2

2013-11-05 17:34 - 2013-11-05 17:34 - 00000000 ____D C:\Python32

2013-11-05 17:32 - 2013-11-05 17:31 - 18329600 _____ C:\Users\Justin\Downloads\python-3.2.5.msi

2013-11-04 22:50 - 2013-11-04 20:44 - 00000000 ____D C:\Users\Justin\Documents\Grade 7 Work-Trevor

2013-10-31 13:10 - 2013-10-09 19:55 - 00014911 ____H C:\Users\Justin\Documents\~WRL0004.tmp

2013-10-30 20:24 - 2013-10-30 20:07 - 00000000 ____D C:\Users\Justin\Documents\MARCUS

2013-10-25 19:23 - 2013-10-25 19:23 - 00263186 _____ C:\Users\Justin\Downloads\Minecraft (6).exe

2013-10-25 19:21 - 2013-10-25 19:21 - 00263186 _____ C:\Users\Justin\Downloads\Minecraft (5).exe

2013-10-25 18:31 - 2013-10-25 18:31 - 00675988 _____ C:\Users\Justin\Downloads\Minecraft (4).exe

2013-10-25 18:30 - 2013-10-25 18:30 - 00675988 _____ C:\Users\Justin\Downloads\Minecraft (3).exe

2013-10-25 07:09 - 2009-07-14 00:08 - 00032538 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2013-10-24 19:17 - 2012-07-05 20:34 - 00000000 ____D C:\ProgramData\McAfee

2013-10-19 19:35 - 2012-11-11 08:19 - 00000000 ____D C:\Users\Justin\AppData\Local\CrashDumps

2013-10-19 14:58 - 2013-10-19 14:58 - 00000000 ____D C:\found.000

 

Files to move or delete:

====================

C:\Users\Justin\jagex_cl_loginapplet_LIVE.dat

C:\Users\Justin\jagex_cl_oldschool_LIVE.dat

C:\Users\Justin\jagex_cl_runescape_LIVE.dat

C:\Users\Justin\jagex_cl_runescape_LIVE1.dat

C:\Users\Justin\jagex_cl_runescape_LIVE_BETA.dat

C:\Users\Justin\random.dat

C:\Users\Marcus\jagex_cl_runescape_LIVE.dat

C:\Users\Marcus\random.dat

 

 

Some content of TEMP:

====================

C:\Users\Justin\AppData\Local\Temp\Quarantine.exe

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

LastRegBack: 2013-11-10 19:37

 

==================== End Of Log ============================

 


Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-11-2013

Ran by Justin at 2013-11-18 20:51:12

Running from C:\Users\Justin\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

 

==================== Installed Programs ======================

 

Adobe Flash Player 11 ActiveX 64-bit (Version: 11.2.202.228)

Adobe Reader X MUI (x32 Version: 10.0.0)

Adobe Shockwave Player 12.0 (x32 Version: 12.0.0.112)

Akamai NetSession Interface (HKCU)

AMD APP SDK Runtime (Version: 2.5.793.1)

AMD AVIVO64 Codecs (Version: 11.7.0.11025)

AMD Catalyst Install Manager (Version: 3.0.851.0)

Apple Application Support (x32 Version: 2.3.3)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (x32 Version: 2.1.3.127)

Atheros Bluetooth Suite (64) (Version: 7.4.0.115)

Blacklight: Retribution (x32)

Bonjour (Version: 3.0.0.10)

Catalyst Control Center - Branding (x32 Version: 1.00.0000)

Catalyst Control Center (x32 Version: 2011.1025.2231.38573)

Catalyst Control Center InstallProxy (x32 Version: 2011.1025.2231.38573)

Catalyst Control Center Localization All (x32 Version: 2011.1025.2231.38573)

CCC Help Chinese Standard (x32 Version: 2011.1025.2230.38573)

CCC Help Chinese Traditional (x32 Version: 2011.1025.2230.38573)

CCC Help Czech (x32 Version: 2011.1025.2230.38573)

CCC Help Danish (x32 Version: 2011.1025.2230.38573)

CCC Help Dutch (x32 Version: 2011.1025.2230.38573)

CCC Help English (x32 Version: 2011.1025.2230.38573)

CCC Help Finnish (x32 Version: 2011.1025.2230.38573)

CCC Help French (x32 Version: 2011.1025.2230.38573)

CCC Help German (x32 Version: 2011.1025.2230.38573)

CCC Help Greek (x32 Version: 2011.1025.2230.38573)

CCC Help Hungarian (x32 Version: 2011.1025.2230.38573)

CCC Help Italian (x32 Version: 2011.1025.2230.38573)

CCC Help Japanese (x32 Version: 2011.1025.2230.38573)

CCC Help Korean (x32 Version: 2011.1025.2230.38573)

CCC Help Norwegian (x32 Version: 2011.1025.2230.38573)

CCC Help Polish (x32 Version: 2011.1025.2230.38573)

CCC Help Portuguese (x32 Version: 2011.1025.2230.38573)

CCC Help Russian (x32 Version: 2011.1025.2230.38573)

CCC Help Spanish (x32 Version: 2011.1025.2230.38573)

CCC Help Swedish (x32 Version: 2011.1025.2230.38573)

CCC Help Thai (x32 Version: 2011.1025.2230.38573)

CCC Help Turkish (x32 Version: 2011.1025.2230.38573)

ccc-utility64 (Version: 2011.1025.2231.38573)

Cisco EAP-FAST Module (x32 Version: 2.2.14)

Cisco LEAP Module (x32 Version: 1.0.19)

Cisco PEAP Module (x32 Version: 1.1.6)

CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.4822)

D3DX10 (x32 Version: 15.4.2368.0902)

Dell DataSafe Local Backup - Support Software (x32 Version: 9.4.67)

Dell DataSafe Local Backup (x32 Version: 9.4.67)

Dell Digital Delivery (x32 Version: 2.8.1000.0)

Dell Edoc Viewer (Version: 1.0.0)

Dell Support Center (Version: 3.1.5907.16)

Dell System Detect (HKCU Version: 4.0.5.6)

Dell WLAN and Bluetooth Client Installation (x32 Version: 9.0)

eBay (x32 Version: 1.4.0)

ERUNT 1.1j (x32)

Flyff (x32 Version: Flyff)

Google Chrome (x32 Version: 31.0.1650.57)

Google Update Helper (x32 Version: 1.3.21.165)

Intel® Control Center (x32 Version: 1.2.1.1007)

Intel® Management Engine Components (x32 Version: 8.0.1.1399)

Intel® Rapid Storage Technology (x32 Version: 11.1.0.1006)

Intel® USB 3.0 eXtensible Host Controller Driver (x32 Version: 1.0.3.214)

Intel® Trusted Connect Service Client (Version: 1.23.219.2)

Java 7 Update 25 (x32 Version: 7.0.250)

Java Auto Updater (x32 Version: 2.1.9.5)

JavaFX 2.1.1 (x32 Version: 2.1.1)

Junk Mail filter update (x32 Version: 15.4.3502.0922)

LogMeIn Hamachi (x32 Version: 2.2.0.105)

Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)

Mesh Runtime (x32 Version: 15.4.5722.2)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)

Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)

Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)

Microsoft Security Client (Version: 4.4.0304.0)

Microsoft Security Essentials (Version: 4.4.304.0)

Microsoft Silverlight (Version: 5.1.20913.0)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT_amd64 (x32 Version: 15.4.2862.0708)

Multimedia Card Reader (x32 Version: 1.7.915.93)

NVIDIA PhysX (x32 Version: 9.10.0513)

PunkBuster Services (x32 Version: 0.992)

Python 3.2.5 (x32 Version: 3.2.5150)

Realtek High Definition Audio Driver (x32 Version: 6.0.1.6537)

Shared C Run-time for x64 (Version: 10.0.0)

Skype™ 6.10 (x32 Version: 6.10.104)

Steam (x32 Version: 1.0.0.0)

swMSM (x32 Version: 12.0.0.1)

Team Fortress 2 (x32)

Unity Web Player (HKCU Version: )

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)

Windows Live Communications Platform (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3502.0922)

Windows Live Essentials (x32 Version: 15.4.3508.1109)

Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)

Windows Live Installer (x32 Version: 15.4.3502.0922)

Windows Live Language Selector (Version: 15.4.3508.1109)

Windows Live Mail (x32 Version: 15.4.3502.0922)

Windows Live Mesh (x32 Version: 15.4.3502.0922)

Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)

Windows Live Messenger (x32 Version: 15.4.3502.0922)

Windows Live MIME IFilter (Version: 15.4.3502.0922)

Windows Live Movie Maker (x32 Version: 15.4.3502.0922)

Windows Live Photo Common (x32 Version: 15.4.3502.0922)

Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)

Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)

Windows Live Remote Client (Version: 15.4.5722.2)

Windows Live Remote Client Resources (Version: 15.4.5722.2)

Windows Live Remote Service (Version: 15.4.5722.2)

Windows Live Remote Service Resources (Version: 15.4.5722.2)

Windows Live SOXE (x32 Version: 15.4.3502.0922)

Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)

Windows Live UX Platform (x32 Version: 15.4.3502.0922)

Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)

Windows Live Writer (x32 Version: 15.4.3502.0922)

Windows Live Writer Resources (x32 Version: 15.4.3502.0922)

Wing IDE 101 4.1.14-1 (x32)

 

==================== Restore Points  =========================

 

01-11-2013 19:45:01 Windows Update

05-11-2013 00:00:41 Windows Update

05-11-2013 22:33:52 Installed Python 3.2.5

08-11-2013 13:28:39 Windows Update

11-11-2013 21:34:20 Windows Update

13-11-2013 14:32:51 Windows Update

16-11-2013 04:38:33 Windows Update

 

==================== Hosts content: ==========================

 

2009-07-13 21:34 - 2013-11-17 22:12 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

 

==================== Scheduled Tasks (whitelisted) =============

 

Task: {0FE5F0C4-B4AE-48C1-9087-82738B8AB7C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24] (Google Inc.)

Task: {398DCA99-E6A0-4EAB-B7CC-E8B916924867} - System32\Tasks\{53F9F8B5-7084-44E1-A31A-DCFE3C23E75F} => Chrome.exe http://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsBing

Task: {7597B4C2-D4E1-46DD-83BE-3DEE99FCE02D} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc

Task: {B0544255-306A-470F-BEA0-5F8E2DC92A7C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-24] (Google Inc.)

Task: {CB044637-56B5-4957-B688-6F84F7804C66} - System32\Tasks\{77E3D194-2BE6-429E-BA61-AFFEB4D1D3AF} => Chrome.exe http://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsPlugin

Task: {DD8314FE-96FA-4EF2-9460-E59D827E35B9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {EF767369-4FF8-4D67-904D-B02740E544A3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-05] (Adobe Systems Incorporated)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2011-10-25 21:29 - 2011-10-25 21:29 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll

2011-11-09 09:55 - 2011-11-09 09:55 - 00016384 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll

2013-01-28 12:08 - 2013-01-28 12:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2013-01-28 12:08 - 2013-01-28 12:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-03-12 16:10 - 2013-10-24 12:45 - 00691200 _____ () C:\Program Files (x86)\Steam\SDL2.dll

2012-09-26 06:09 - 2013-10-30 14:25 - 01123240 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL

2012-09-26 06:09 - 2013-10-23 15:07 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

2012-09-26 06:09 - 2013-06-14 18:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll

2012-09-26 06:09 - 2013-06-14 18:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll

2012-09-26 06:09 - 2013-06-14 18:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll

2013-11-15 18:51 - 2013-11-14 06:28 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll

2013-11-15 18:51 - 2013-11-14 06:28 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll

2013-11-15 18:51 - 2013-11-14 06:29 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll

2013-11-15 18:51 - 2013-11-14 06:29 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll

2013-11-15 18:51 - 2013-11-14 06:28 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll

2013-11-12 10:04 - 2013-11-12 10:04 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll

2013-08-15 12:40 - 2013-08-15 12:40 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\67f2d87ba056e1075fce76a8c50bb57e\IsdiInterop.ni.dll

2012-07-05 20:15 - 2012-02-01 16:25 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2012-07-05 20:17 - 2012-01-21 02:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2013-11-15 18:51 - 2013-11-14 06:29 - 13582800 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

 

==================== Safe Mode (whitelisted) ===================

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (11/18/2013 07:41:05 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (11/18/2013 07:41:00 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (11/18/2013 07:41:00 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (11/18/2013 07:40:54 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (11/18/2013 07:36:17 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (11/18/2013 07:36:13 PM) (Source: SideBySide) (User: )

Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

A component version required by the application conflicts with another component version already active.

Conflicting components are:.

Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

 

Error: (11/18/2013 07:16:49 PM) (Source: WinMgmt) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

System errors:

=============

 

Microsoft Office Sessions:

=========================

Error: (11/18/2013 07:41:05 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe

 

Error: (11/18/2013 07:41:00 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe

 

Error: (11/18/2013 07:41:00 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe

 

Error: (11/18/2013 07:40:54 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe

 

Error: (11/18/2013 07:36:17 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe

 

Error: (11/18/2013 07:36:13 PM) (Source: SideBySide)(User: )

Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Justin\Downloads\esetsmartinstaller_enu.exe

 

Error: (11/18/2013 07:16:49 PM) (Source: WinMgmt)(User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

 

 

CodeIntegrity Errors:

===================================

  Date: 2013-11-17 22:11:41.837

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-11-17 22:11:41.793

  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

 

  Date: 2013-09-24 16:48:56.058

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-24 16:48:56.056

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-24 16:48:56.055

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-04 12:52:11.844

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-04 12:52:11.817

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-09-04 12:52:11.814

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-30 06:50:25.707

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

  Date: 2013-08-30 06:50:25.706

  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Common Files\mcafee\VSCore\mfeelamk.sys because the set of per-page image hashes could not be found on the system.

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 23%

Total physical RAM: 16347.27 MB

Available physical RAM: 12493.2 MB

Total Pagefile: 32692.72 MB

Available Pagefile: 28184.96 MB

Total Virtual: 8192 MB

Available Virtual: 8191.79 MB

 

==================== Drives ================================

 

Drive c: (OS) (Fixed) (Total:1850.73 GB) (Free:1574.19 GB) NTFS

Drive d: (JasonMraz) (CDROM) (Total:0.46 GB) (Free:0 GB) CDFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 1863 GB) (Disk ID: 52097581)

Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)

Partition 2: (Active) - (Size=12 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=-211820740608) - (Type=07 NTFS)

 

==================== End Of Log ============================

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.