Jump to content

Comp very very slow


Recommended Posts

i have malwarebytes pro,. dont know if that matters?

 

computer has been running really slow for about a week. internet connection is down too a lot of the time

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16533
Run by Chris at 23:19:06 on 2014-03-15
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3060.1489 [GMT 0:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
SP: Bitdefender Antispyware *Enabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall *Enabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Bitdefender\Bitdefender\seccenter.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: Bitdefender Wallet: {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - c:\program files\bitdefender\bitdefender\pmbxie.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
uRun: [GoTrusted] c:\program files\gotrusted.com\gotrusted secure tunnel v2.3.5.9\GoTrusted Secure Tunnel.exe
uRun: [bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender\pmbxag.exe"
uRun: [bitdefender Wallet Application Agent] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [bdagent] "c:\program files\bitdefender\bitdefender\bdagent.exe"
dRun: [bitdefender Wallet Agent] "c:\program files\bitdefender\bitdefender\pmbxag.exe"
dRun: [bitdefender Wallet] "c:\program files\bitdefender\bitdefender\pwdmanui.exe" --hidden --nowizard
dRun: [bitdefender Wallet Application Agent] "c:\program files\bitdefender\bitdefender\bdapppassmgr.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.

TCP: NameServer = 192.168.0.1
TCP: Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71} : DHCPNameServer = 192.168.0.203
TCP: Interfaces\{793ED1CD-EDC2-40C6-9B31-3A7C67AA8F66} : DHCPNameServer = 10.197.100.1 10.197.100.2 10.197.100.3
TCP: Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F} : DHCPNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\7lzzykuh.default-1388230871395\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_70.dll
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2013-10-30 778032]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2013-10-30 165744]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2013-10-30 78144]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-8-23 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-8-23 701512]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender\updatesrv.exe [2013-10-30 54424]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2013-4-8 242504]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2014-1-27 516936]
R3 gttap1;GoTrusted Adapter;c:\windows\system32\drivers\gttap1.sys [2013-9-12 32552]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-8-23 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2014-3-15 40776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-10-30 66832]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-9-7 84248]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2013-10-21 75992]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [2010-11-19 43520]
S3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [2014-3-15 47632]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2013-9-7 181912]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-9-11 770168]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender\bdparentalservice.exe [2013-10-30 69880]
.
=============== Created Last 30 ================
.
2014-03-15 22:33:36    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2014-03-15 03:49:23    47632    ----a-w-    c:\windows\system32\drivers\PSKMAD.sys
2014-03-15 03:48:39    31848    ----a-w-    c:\windows\system32\drivers\DasPtct.SYS
2014-03-14 03:39:20    505344    ----a-w-    c:\windows\system32\qedit.dll
2014-03-14 02:12:18    2050560    ----a-w-    c:\windows\system32\win32k.sys
2014-03-13 02:07:23    62576    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{23bf7d2f-4a0c-4698-a3b1-e3aaa19dcc27}\offreg.dll
2014-03-12 02:04:08    7947048    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{23bf7d2f-4a0c-4698-a3b1-e3aaa19dcc27}\mpengine.dll
2014-02-28 15:36:54    --------    d-----w-    c:\windows\Migration
.
==================== Find3M  ====================
.
2014-03-15 22:47:46    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-15 22:47:46    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-02-05 08:56:17    1806848    ----a-w-    c:\windows\system32\jscript9.dll
2014-02-05 08:50:39    1129472    ----a-w-    c:\windows\system32\wininet.dll
2014-02-05 08:49:56    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2014-02-05 08:48:40    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2014-02-05 08:48:27    421376    ----a-w-    c:\windows\system32\vbscript.dll
2014-02-05 08:47:16    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2014-01-27 13:52:10    516936    ----a-w-    c:\windows\system32\drivers\avckf.sys
2014-01-27 13:52:02    778032    ----a-w-    c:\windows\system32\drivers\avc3.sys
2013-12-18 06:13:56    231584    ------w-    c:\windows\system32\MpSigStub.exe
.
============= FINISH: 23:19:54.51 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 04/02/2011 10:32:19
System Uptime: 15/03/2014 22:26:16 (1 hours ago)
.
Motherboard: Dell Inc. |  | 0K216C
Processor: Intel® Core2 Duo CPU     E6750  @ 2.66GHz | Socket 775 | 1998/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 162.961 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.888 GiB free.
E: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
 Leawo Video Converter version  5.1.0.0
32Red Casino
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
Apple Application Support
Apple Software Update
Bitdefender Internet Security
CCleaner
ConvertXtoDVD 4.0.9.322
EasyBCD 1.7
ESET Online Scanner v3
ffdshow [rev 2180] [2008-10-04]
GoTrusted Secure Tunnel v2.3.5.9
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Graphics Media Accelerator Driver
K-Lite Codec Pack 7.0.0 (Standard)
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Office Excel Viewer 2003
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
MyFreeCodec
Nero 7 Lite 7.10.1.2
neroxml
Panda Cloud Cleaner
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Samsung Story Album Viewer
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Skitch
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VLC media player 2.0.8
Windows Media Player Firefox Plugin
WinRAR 4.20 (32-bit)
YouTube Downloader App 3.00
.
==== End Of File ===========================
 

 

 

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

 

Sorry for the delay as it looks like your topic was overlooked.

If you still need help please read the following information below and post back the requested logs when ready.

General P2P/Piracy Warning:
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.




Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

 
STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


 
 
STEP 02
Please run a Quick Scan with Malwarebytes
Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post back the report.
Make sure that everything is checked, and click Remove Selected if anything is found.
 
 
STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


 
Thanks
 

Link to post
Share on other sites

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.15.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Chris :: DELL-530 [administrator]

Protection: Disabled

22/03/2014 04:13:54
mbam-log-2014-03-22 (04-13-54).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211224
Time elapsed: 7 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

RogueKiller V8.8.12 [Mar 20 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Chris [Admin rights]
Mode : Scan -- Date : 03/22/2014 04:27:42
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [sys - x:] [sys32 - FOUND] | USERINFO [startup - NOT_FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) ST3320613AS ATA Device +++++
--- User ---
[MBR] 75cea1566f37ed5202eeca8f75d9ee40
[bSP] f9ca80c0c038cea0eeca3eb48d6e0ec9 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 295243 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 604659712 | Size: 10000 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_03222014_042742.txt >>



 

Link to post
Share on other sites

  • Root Admin

Please go ahead and run through the following steps and post back the logs when ready.

STEP 03
Please download Malwarebytes Anti-Rootkit from here

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus



STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.



STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.


 

Link to post
Share on other sites

Got everything to work..eset clean and so was MBAM

 

junk said it found a bad sector and had to rebbot?

 

mbar said nothing found but no logs in the file??

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows Vista Home Premium x86
Ran by Chris on 22/03/2014 at 12:18:17.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Myfree Codec
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Myfree Codec



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files\myfree codec"



~~~ FireFox

Emptied folder: C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\7lzzykuh.default-1388230871395\minidumps [14 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22/03/2014 at 12:24:29.19
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v3.022 - Report created 22/03/2014 at 12:48:22
# Updated 13/03/2014 by Xplode
# Operating System : Windows Vista Home Premium Service Pack 2 (32 bits)
# Username : Chris - DELL-530
# Running from : C:\Users\Chris\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyFreeCodec

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16540


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\7lzzykuh.default-1388230871395\prefs.js ]


[ File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\x8umgerv.default-1363220125525\prefs.js ]


*************************

AdwCleaner[R0].txt - [1487 octets] - [22/03/2014 12:47:18]
AdwCleaner[s0].txt - [1424 octets] - [22/03/2014 12:48:22]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1484 octets] ##########

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Chris (administrator) on DELL-530 on 22-03-2014 15:51:34
Running from C:\Users\Chris\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\vsserv.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Andrea Electronics Corporation) C:\Windows\system32\AERTSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
(ESET) C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
() C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [bdagent] - C:\Program Files\Bitdefender\Bitdefender\bdagent.exe [1843016 2014-02-25] (Bitdefender)
HKU\.DEFAULT\...\Run: [bitdefender Wallet Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [481880 2014-02-06] (Bitdefender)
HKU\.DEFAULT\...\Run: [bitdefender Wallet] - C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe [901096 2014-02-06] (Bitdefender)
HKU\.DEFAULT\...\Run: [bitdefender Wallet Application Agent] - C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [614232 2014-02-06] (Bitdefender)
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\Run: [GoTrusted] - C:\Program Files\GoTrusted.com\GoTrusted Secure Tunnel v2.3.5.9\GoTrusted Secure Tunnel.exe [214208 2013-10-16] (GoTrusted.com)
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\Run: [bitdefender Wallet Agent] - C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe [481880 2014-02-06] (Bitdefender)
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\Run: [bitdefender Wallet Application Agent] - C:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe [614232 2014-02-06] (Bitdefender)
HKU\S-1-5-21-3299710142-3868310564-1978959094-1001\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD7F4512E494ECE01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender\pmbxie.dll (Bitdefender)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\7lzzykuh.default-1388230871395
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF Extension: NoScript - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\7lzzykuh.default-1388230871395\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-03-16]
FF Extension: Adblock Plus - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\7lzzykuh.default-1388230871395\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-16]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-08-16]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-08]
FF HKLM\...\Firefox\Extensions: [ffpwdman@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\ffpwdman\
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender\ffpwdman\ []
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender\bdtbext [2013-10-30]

========================== Services (Whitelisted) =================

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [69880 2013-12-01] (Bitdefender)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [54424 2013-10-07] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender\vsserv.exe [1235304 2014-02-25] (Bitdefender)

==================== Drivers (Whitelisted) ====================

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [778032 2014-01-27] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [516936 2014-01-27] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [78144 2013-02-22] (BitDefender LLC)
R1 bdftdif; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [130640 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2013-11-13] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys [135600 2013-07-26] (BitDefender LLC)
R3 gttap1; C:\Windows\System32\DRIVERS\gttap1.sys [32552 2013-09-12] (The OpenVPN Project)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [165744 2013-08-23] (BitDefender LLC)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75992 2013-10-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2014-03-22] (Malwarebytes Corporation)
S3 MOSUMAC; C:\Windows\System32\DRIVERS\MOSUMAC.SYS [43520 2009-12-10] (--)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [360376 2013-08-07] (BitDefender S.R.L.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-22 15:51 - 2014-03-22 15:51 - 00013176 _____ () C:\Users\Chris\Desktop\FRST.txt
2014-03-22 14:54 - 2014-03-22 14:54 - 01145856 _____ (Farbar) C:\Users\Chris\Desktop\FRST.exe
2014-03-22 12:52 - 2014-03-22 12:52 - 02347384 _____ (ESET) C:\Users\Chris\Downloads\esetsmartinstaller_enu(3).exe
2014-03-22 12:47 - 2014-03-22 12:48 - 00000000 ____D () C:\AdwCleaner
2014-03-22 12:45 - 2014-03-22 12:45 - 01950720 _____ () C:\Users\Chris\Desktop\AdwCleaner.exe
2014-03-22 12:24 - 2014-03-22 12:39 - 00001412 _____ () C:\Users\Chris\Desktop\JRT.txt
2014-03-22 12:08 - 2014-03-22 12:09 - 01037734 _____ (Thisisu) C:\Users\Chris\Desktop\JRT.exe
2014-03-22 10:33 - 2014-03-22 12:51 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-22 10:29 - 2014-03-22 12:11 - 00000000 ____D () C:\Users\Chris\Desktop\mbar
2014-03-22 10:29 - 2014-03-22 10:29 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Chris\Desktop\mbar-1.07.0.1009.exe
2014-03-22 04:27 - 2014-03-22 04:27 - 00001916 _____ () C:\Users\Chris\Desktop\RKreport[0]_S_03222014_042742.txt
2014-03-22 04:24 - 2014-03-22 05:21 - 00000000 ____D () C:\Users\Chris\Desktop\RK_Quarantine
2014-03-22 04:24 - 2014-03-22 04:24 - 03943424 _____ () C:\Users\Chris\Downloads\RogueKiller.exe
2014-03-22 04:08 - 2014-03-22 04:09 - 00002438 _____ () C:\Users\Chris\Desktop\Rkill.txt
2014-03-22 04:04 - 2014-03-22 04:04 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Chris\Desktop\rkill.exe
2014-03-16 03:07 - 2014-02-23 05:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-16 03:07 - 2014-02-23 05:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-16 03:07 - 2014-02-23 05:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-16 03:07 - 2014-02-23 05:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-16 03:07 - 2014-02-23 05:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-16 03:07 - 2014-02-23 05:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-16 03:07 - 2014-02-23 05:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-16 03:07 - 2014-02-23 05:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-16 03:07 - 2014-02-23 05:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-16 03:07 - 2014-02-23 05:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-16 03:07 - 2014-02-23 05:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-16 03:07 - 2014-02-23 05:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-16 03:07 - 2014-02-23 05:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-16 03:07 - 2014-02-23 05:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-16 03:07 - 2014-02-23 05:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-16 03:07 - 2014-02-23 05:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-16 02:43 - 2014-03-16 02:43 - 02347384 _____ (ESET) C:\Users\Chris\Downloads\esetsmartinstaller_enu(5).exe
2014-03-15 23:21 - 2014-03-15 23:21 - 00003145 _____ () C:\Users\Chris\Desktop\attach.txt
2014-03-15 23:21 - 2014-03-15 23:19 - 00010505 _____ () C:\Users\Chris\Desktop\dds.txt
2014-03-15 22:54 - 2014-01-30 07:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-15 22:54 - 2013-11-13 00:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-15 22:41 - 2014-03-15 23:18 - 00688992 ____R (Swearware) C:\Users\Chris\Downloads\dds(2).scr
2014-03-15 03:49 - 2013-04-29 08:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2014-03-15 03:48 - 2013-06-12 13:10 - 00031848 _____ () C:\Windows\system32\Drivers\DasPtct.SYS
2014-03-14 03:39 - 2014-02-03 10:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 02:12 - 2014-02-07 10:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-02-27 13:08 - 2014-02-27 13:08 - 02347384 _____ (ESET) C:\Users\Chris\Downloads\esetsmartinstaller_enu(2).exe
2014-02-20 03:34 - 2014-02-20 03:34 - 02347384 _____ (ESET) C:\Users\Chris\Downloads\esetsmartinstaller_enu(1).exe

==================== One Month Modified Files and Folders =======

2014-03-22 15:51 - 2014-03-22 15:51 - 00013176 _____ () C:\Users\Chris\Desktop\FRST.txt
2014-03-22 15:51 - 2014-01-08 15:21 - 00000000 ____D () C:\FRST
2014-03-22 15:47 - 2012-12-13 19:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-22 14:56 - 2012-06-09 16:42 - 01271632 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 14:54 - 2014-03-22 14:54 - 01145856 _____ (Farbar) C:\Users\Chris\Desktop\FRST.exe
2014-03-22 14:49 - 2006-11-02 12:47 - 00005184 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-22 14:49 - 2006-11-02 12:47 - 00005184 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-22 12:52 - 2014-03-22 12:52 - 02347384 _____ (ESET) C:\Users\Chris\Downloads\esetsmartinstaller_enu(3).exe
2014-03-22 12:51 - 2014-03-22 10:33 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-22 12:49 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-22 12:48 - 2014-03-22 12:47 - 00000000 ____D () C:\AdwCleaner
2014-03-22 12:48 - 2006-11-02 13:01 - 00032654 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-22 12:45 - 2014-03-22 12:45 - 01950720 _____ () C:\Users\Chris\Desktop\AdwCleaner.exe
2014-03-22 12:39 - 2014-03-22 12:24 - 00001412 _____ () C:\Users\Chris\Desktop\JRT.txt
2014-03-22 12:19 - 2013-05-06 13:42 - 00000069 _____ () C:\Windows\NeroDigital.ini
2014-03-22 12:16 - 2014-02-05 07:41 - 00002600 _____ () C:\Windows\system32\spsys.log
2014-03-22 12:11 - 2014-03-22 10:29 - 00000000 ____D () C:\Users\Chris\Desktop\mbar
2014-03-22 12:11 - 2013-08-03 23:14 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-22 12:09 - 2014-03-22 12:08 - 01037734 _____ (Thisisu) C:\Users\Chris\Desktop\JRT.exe
2014-03-22 10:29 - 2014-03-22 10:29 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Chris\Desktop\mbar-1.07.0.1009.exe
2014-03-22 05:21 - 2014-03-22 04:24 - 00000000 ____D () C:\Users\Chris\Desktop\RK_Quarantine
2014-03-22 04:27 - 2014-03-22 04:27 - 00001916 _____ () C:\Users\Chris\Desktop\RKreport[0]_S_03222014_042742.txt
2014-03-22 04:24 - 2014-03-22 04:24 - 03943424 _____ () C:\Users\Chris\Downloads\RogueKiller.exe
2014-03-22 04:09 - 2014-03-22 04:08 - 00002438 _____ () C:\Users\Chris\Desktop\Rkill.txt
2014-03-22 04:04 - 2014-03-22 04:04 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Chris\Desktop\rkill.exe
2014-03-19 22:55 - 2008-10-23 12:37 - 00000000 ____D () C:\Windows\system32\Adobe
2014-03-19 03:02 - 2013-08-14 02:08 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 03:00 - 2006-11-02 10:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-18 10:57 - 2013-09-16 13:18 - 00000433 _____ () C:\Windows\system32\checkdnsid.xml
2014-03-16 03:42 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\rescache
2014-03-16 03:25 - 2013-05-08 15:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-16 02:43 - 2014-03-16 02:43 - 02347384 _____ (ESET) C:\Users\Chris\Downloads\esetsmartinstaller_enu(5).exe
2014-03-15 23:47 - 2012-12-13 19:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-03-15 23:47 - 2012-12-13 19:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-03-15 23:21 - 2014-03-15 23:21 - 00003145 _____ () C:\Users\Chris\Desktop\attach.txt
2014-03-15 23:19 - 2014-03-15 23:21 - 00010505 _____ () C:\Users\Chris\Desktop\dds.txt
2014-03-15 23:18 - 2014-03-15 22:41 - 00688992 ____R (Swearware) C:\Users\Chris\Downloads\dds(2).scr
2014-03-14 03:20 - 2013-01-13 17:03 - 03610720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-01 14:13 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-01 14:02 - 2006-11-02 10:33 - 00743972 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-27 13:08 - 2014-02-27 13:08 - 02347384 _____ (ESET) C:\Users\Chris\Downloads\esetsmartinstaller_enu(2).exe
2014-02-23 05:50 - 2014-03-16 03:07 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 05:47 - 2014-03-16 03:07 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 05:43 - 2014-03-16 03:07 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 05:41 - 2014-03-16 03:07 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 05:40 - 2014-03-16 03:07 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 05:39 - 2014-03-16 03:07 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-23 05:38 - 2014-03-16 03:07 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-23 05:38 - 2014-03-16 03:07 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-23 05:38 - 2014-03-16 03:07 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 05:37 - 2014-03-16 03:07 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 05:37 - 2014-03-16 03:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 05:37 - 2014-03-16 03:07 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 05:37 - 2014-03-16 03:07 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-23 05:36 - 2014-03-16 03:07 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 05:36 - 2014-03-16 03:07 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-23 05:35 - 2014-03-16 03:07 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-20 03:34 - 2014-02-20 03:34 - 02347384 _____ (ESET) C:\Users\Chris\Downloads\esetsmartinstaller_enu(1).exe

Some content of TEMP:
====================
C:\Users\Chris\AppData\Local\temp\ntdll_dump.dll
C:\Users\Chris\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-22 13:02

==================== End Of Log ============

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-06-2013
Ran by Chris at 2013-06-19 19:57:40 Run:
Running from C:\Users\Chris\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Leawo Video Converter version  5.1.0.0
Adobe AIR (Version: 3.7.0.1860)
Adobe Community Help (Version: 3.4.980)
Adobe Download Assistant (Version: 1.0.6)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 12.0 (Version: 12.0.2.122)
Bitdefender Internet Security 2013 (Version: 16.30.0.1843)
CCleaner (Version: 4.02)
ConvertXtoDVD 4.0.9.322 (Version: 4.0.9.322)
EasyBCD 1.7 (Version: 1.7)
ESET Online Scanner v3
ffdshow [rev 2180] [2008-10-04] (Version: 1.0)
FileHippo.com Update Checker
Google Chrome (Version: 27.0.1453.110)
Google Update Helper (Version: 1.3.21.145)
Intel® Graphics Media Accelerator Driver
K-Lite Codec Pack 7.0.0 (Standard) (Version: 7.0.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Office Excel Viewer 2003 (Version: 11.0.8173.0)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Mozilla Firefox 21.0 (x86 en-US) (Version: 21.0)
Mozilla Maintenance Service (Version: 21.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MyFreeCodec
Nero 7 Lite 7.10.1.2 (Version: 7.10.1.2)
neroxml (Version: 1.0.0)
Opera 12.15 (Version: 12.15.1748)
QuickTime (Version: 7.73.80.64)
RealDownloader (Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.2)
RealUpgrade 1.1 (Version: 1.1.0)
Skitch (Version: 1.0.2.0)
swMSM (Version: 12.0.0.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
VLC media player 2.0.6 (Version: 2.0.6)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
YouTube Downloader App 3.00 (Version: 3.00)

==================== Restore Points  =========================

28-05-2013 18:00:06 Scheduled Checkpoint
28-05-2013 21:13:31 Device Driver Package Install: BitDefender LLC Network Service
30-05-2013 05:15:23 Scheduled Checkpoint
30-05-2013 19:27:23 Scheduled Checkpoint
31-05-2013 01:19:28 Removed Apple Application Support
31-05-2013 01:21:05 Removed Apple Mobile Device Support
31-05-2013 01:22:10 Windows Live Essentials
31-05-2013 22:58:17 Windows Update
02-06-2013 12:22:58 Device Driver Package Install: BitDefender LLC Network Service
03-06-2013 16:24:25 Scheduled Checkpoint
04-06-2013 15:56:55 Windows Update
05-06-2013 23:35:14 Scheduled Checkpoint
07-06-2013 03:29:56 Scheduled Checkpoint
08-06-2013 04:02:34 Scheduled Checkpoint
08-06-2013 11:30:43 Installed Kaspersky Security Scan.
09-06-2013 21:28:51 First Restore Point
10-06-2013 18:40:09 Removed Apple Software Update
12-06-2013 00:44:06 Scheduled Checkpoint
12-06-2013 11:56:02 Windows Update
13-06-2013 16:42:54 Scheduled Checkpoint
14-06-2013 15:27:49 Scheduled Checkpoint
15-06-2013 21:06:33 Windows Update
16-06-2013 10:03:34 Device Driver Package Install: BitDefender LLC Network Service
16-06-2013 23:02:17 Scheduled Checkpoint
17-06-2013 23:00:06 Scheduled Checkpoint
19-06-2013 01:14:37 Scheduled Checkpoint
19-06-2013 17:44:54 Windows Update

==================== Scheduled Tasks (whitelisted) =============

Task: {0945E1CB-16D0-411C-8521-E36129FC4CAD} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3299710142-3868310564-1978959094-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {0C8C107F-6F4F-486F-9E02-C08A5FE5A315} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-16] (Google Inc.)
Task: {0E85FA89-016D-4346-B9F7-05F4D0C132EE} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2FDBDC47-7148-49DB-9D32-32E6A003C996} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict2 => C:\Windows\System32\rundll32 No File
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {55BCF811-A564-4112-86D0-CE9A15394CF0} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3299710142-3868310564-1978959094-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWiredInfo => C:\Windows\system32\gatherWiredInfo.vbs [2008-01-21] ()
Task: {60AB6ED2-5351-4312-8C56-7508ACA6E8FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-16] (Google Inc.)
Task: {65085157-1668-426A-B6F0-F1E76EE83AB2} - System32\Tasks\WPD\SqmUpload_S-1-5-21-3299710142-3868310564-1978959094-1001 => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {677CD573-8156-4B83-8781-B7646D6B0415} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {6AB10674-89F8-4900-9832-2CF880C72577} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3299710142-3868310564-1978959094-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {6C5C9EEA-EC42-4744-A580-5F1AAA0C40B7} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {6CF8EE34-6EE2-4E64-AA5A-E3899409B671} - System32\Tasks\User_Feed_Synchronization-{890E34AE-B7D2-4C9D-B64B-88DB364A18E6} => C:\Windows\system32\msfeedssync.exe [2011-12-26] (Microsoft Corporation)
Task: {709FD123-0434-4B25-9F09-F77D694C65B4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {71739981-C277-4982-8733-0F5E16065D1E} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.)
Task: {745733FA-3BB1-409F-9D9C-36EC6FD46BDF} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation)
Task: {8214B684-CA5F-4C69-89AA-C1D18ACA5CB0} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3299710142-3868310564-1978959094-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {F8D6E476-24FE-4649-A4D7-985706B29128} - System32\Tasks\Microsoft\Windows\Tcpip\IpAddressConflict1 => C:\Windows\System32\rundll32 No File

==================== Faulty Device Manager Devices =============

Name: GoTrusted TAP Adapter
Description: GoTrusted TAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: GoTrusted TAP Provider
Service: gttap1
Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)
Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.
Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/19/2013 07:56:01 PM) (Source: Application Hang) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 15fc
Start Time: 01ce6d1e5eb4d40f
Termination Time: 3

Error: (06/19/2013 03:06:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/19/2013 03:06:51 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/19/2013 03:04:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/19/2013 03:04:00 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/19/2013 03:03:31 PM) (Source: EventSystem) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/19/2013 03:01:23 PM) (Source: Application Hang) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 17e8
Start Time: 01ce6cf522f973da
Termination Time: 0

Error: (06/19/2013 02:47:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/19/2013 02:47:13 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (06/16/2013 04:24:00 PM) (Source: Application Hang) (User: )
Description: The program OTL.exe version 3.2.69.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 19ec
Start Time: 01ce6aa4f6c0b537
Termination Time: 11


System errors:
=============
Error: (06/19/2013 03:04:17 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (06/19/2013 03:04:14 PM) (Source: DCOM) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (06/19/2013 03:04:14 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (06/19/2013 03:04:14 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (06/19/2013 03:04:14 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (06/19/2013 03:04:14 PM) (Source: Service Control Manager) (User: )
Description: AFD
avc3
BdfNdisf
bdftdif
bdselfpr
DfsC
gzflt
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
Smb
spldr
tdx
trufos
Wanarpv6
ws2ifsl

Error: (06/19/2013 03:04:14 PM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (06/19/2013 03:04:14 PM) (Source: Service Control Manager) (User: )
Description: Network Location AwarenessNetwork Store Interface Service%%1068

Error: (06/19/2013 03:04:14 PM) (Source: Service Control Manager) (User: )
Description: Network ConnectionsNetwork Store Interface Service%%1068

Error: (06/19/2013 03:04:14 PM) (Source: Service Control Manager) (User: )
Description: IP HelperNetwork Store Interface Service%%1068


Microsoft Office Sessions:
=========================
Error: (06/19/2013 07:56:01 PM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.015fc01ce6d1e5eb4d40f3

Error: (06/19/2013 03:06:51 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (06/19/2013 03:06:51 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (06/19/2013 03:04:00 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (06/19/2013 03:04:00 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (06/19/2013 03:03:31 PM) (Source: EventSystem)(User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c

Error: (06/19/2013 03:01:23 PM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.017e801ce6cf522f973da0

Error: (06/19/2013 02:47:13 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (06/19/2013 02:47:13 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{3DC873BB-FFE3-46BF-9701-26B9AE371F9F}\recordingmanager.exe

Error: (06/16/2013 04:24:00 PM) (Source: Application Hang)(User: )
Description: OTL.exe3.2.69.019ec01ce6aa4f6c0b53711


CodeIntegrity Errors:
===================================
  Date: 2013-06-16 12:53:38.818
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-16 12:53:38.706
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-16 12:53:38.597
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-16 12:53:38.491
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-16 12:53:38.386
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-16 12:53:38.282
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-16 12:53:37.321
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-16 12:53:37.186
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-16 12:53:37.080
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-06-16 12:53:36.973
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 60%
Total physical RAM: 3060.45 MB
Available physical RAM: 1193.68 MB
Total Pagefile: 6355.91 MB
Available Pagefile: 3488.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:288.32 GB) (Free:165.84 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:9.77 GB) (Free:3.89 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 5ED7C68A)
Partition 1: (Active) - (Size=288 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 

Link to post
Share on other sites

  • Root Admin

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.


 

Link to post
Share on other sites

ComboFix 14-03-19.01 - Chris 22/03/2014  20:59:54.12.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3060.1420 [GMT 0:00]
Running from: c:\users\Chris\Downloads\ComboFix.exe
AV: Bitdefender Antivirus *Enabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
FW: Bitdefender Firewall *Enabled* {A23392FD-84B9-F933-2C71-81E751F6EF46}
SP: Bitdefender Antispyware *Enabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Chris\AppData\Local\temp\ppcrlui_5992_2
c:\windows\system32\spsys.log
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-22 to 2014-03-22  )))))))))))))))))))))))))))))))
.
.
2014-03-22 21:07 . 2014-03-22 21:07    --------    d-----w-    c:\users\Public\AppData\Local\temp
2014-03-22 21:07 . 2014-03-22 21:07    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-03-22 12:47 . 2014-03-22 12:48    --------    d-----w-    C:\AdwCleaner
2014-03-22 10:33 . 2014-03-22 12:51    40776    ----a-w-    c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-03-21 22:00 . 2014-03-07 04:35    7969936    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{0181E722-C4B6-4476-971B-E8CBF667D892}\mpengine.dll
2014-03-15 22:54 . 2013-11-13 00:30    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-03-15 22:54 . 2014-01-30 07:46    876032    ----a-w-    c:\windows\system32\wer.dll
2014-03-15 03:49 . 2013-04-29 08:17    47632    ----a-w-    c:\windows\system32\drivers\PSKMAD.sys
2014-03-15 03:48 . 2013-06-12 13:10    31848    ----a-w-    c:\windows\system32\drivers\DasPtct.SYS
2014-03-14 03:39 . 2014-02-03 10:37    505344    ----a-w-    c:\windows\system32\qedit.dll
2014-03-14 02:12 . 2014-02-07 10:38    2050560    ----a-w-    c:\windows\system32\win32k.sys
2014-02-28 15:36 . 2014-02-28 15:36    --------    d-----w-    c:\windows\Migration
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-15 23:47 . 2012-12-13 19:48    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-15 23:47 . 2012-12-13 19:48    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-01-27 13:52 . 2014-01-27 13:52    516936    ----a-w-    c:\windows\system32\drivers\avckf.sys
2014-01-27 13:52 . 2013-10-30 22:34    778032    ----a-w-    c:\windows\system32\drivers\avc3.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoTrusted"="c:\program files\GoTrusted.com\GoTrusted Secure Tunnel v2.3.5.9\GoTrusted Secure Tunnel.exe" [2013-10-16 214208]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2014-02-06 481880]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2014-02-06 614232]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"Bdagent"="c:\program files\Bitdefender\Bitdefender\bdagent.exe" [2014-02-25 1843016]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Bitdefender Wallet Agent"="c:\program files\Bitdefender\Bitdefender\pmbxag.exe" [2014-02-06 481880]
"Bitdefender Wallet"="c:\program files\Bitdefender\Bitdefender\pwdmanui.exe" [2014-02-06 901096]
"Bitdefender Wallet Application Agent"="c:\program files\Bitdefender\Bitdefender\bdapppassmgr.exe" [2014-02-06 614232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-13 23:47]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\7lzzykuh.default-1388230871395\
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-32red - c:\microgaming\Casino\32red\install.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-22 21:08
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2014-03-22  21:11:17
ComboFix-quarantined-files.txt  2014-03-22 21:11
ComboFix2.txt  2014-01-10 14:23
.
Pre-Run: 172,735,397,888 bytes free
Post-Run: 172,699,230,208 bytes free
.
- - End Of File - - 74938C08BCA33480E9BECE8408711E69
5C616939100B85E558DA92B899A0FC36
 

Link to post
Share on other sites

  • Root Admin

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

Then restart the computer and let me know how things are running now.

Link to post
Share on other sites

  • Root Admin

Nothing that would seem to be causing these issues for you.

 

You might want to test your hard drive to ensure it's not possibly starting to fail.  You might have a hardware diagnostic in your BIOS if not go to the MFG website and see if they have a drive diagnostic tool, or go to the hard drive MFG site such as Seagate and get their tool and test your hard drive.

 

If you uninstall BitDefender do you still have this slow issue?

Link to post
Share on other sites

  • Root Admin

Not that would account for such slow behavior.  I would highly recommend that you use the Seagate software and if needed work with Seagate support to properly test your hard drive.  I'm not saying it is bad or failing but if it is you could wake up one day out of the blue and find the computer won't start and that you've lost all your data.  Hopefully you are backing up your data on a regular basis.

 

There are some very good free versions of Backup Software if needed.

Link to post
Share on other sites

  • Root Admin

As I said previously nothing drastic.  Some basic PUP stuff mainly that is often used for redirecting your searches.  Until you can get a clean bill of health from a real disk drive diagnostic tool then any other work is a futile waste of time as a bad drive would mean you need to replace it and reinstall Windows and your applications.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.