Jump to content


Photo
- - - - -

mozilla not rspndg, mouse moving on own etc


  • This topic is locked This topic is locked
17 replies to this topic

#1 Chrs

Chrs

    New Member

  • Members
  • Pip
  • 9 posts

Posted 03 August 2013 - 09:55 AM

mouse keeps moving on its own. mozilla keeps not responding and keeps looking up, I have the paid for version of MBAM

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16496
Run by Chris at 15:53:18 on 2013-08-03
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3060.876 [GMT 1:00]
.
AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Bitdefender\Bitdefender 2013\seccenter.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = about:blank
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe"  -osboot
mRun: [Bdagent] "c:\program files\bitdefender\bitdefender 2013\bdagent.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.

TCP: NameServer = 192.168.0.1
TCP: Interfaces\{24808C3F-DF8E-4DBB-B40F-D7DB39A51B71} : DHCPNameServer = 192.168.0.203
TCP: Interfaces\{C010AF49-0C76-4353-BB35-19AE24C74C4F} : DHCPNameServer = 192.168.0.1
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.95\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\chris\appdata\roaming\mozilla\firefox\profiles\jypmw31t.default-1374600486856\
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1203133.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - ExtSQL: 2013-06-11 08:56; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; c:\programdata\realnetworks\realdownloader\browserplugins\firefox\Ext
FF - ExtSQL: 2013-07-31 22:30; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\chris\appdata\roaming\mozilla\firefox\profiles\jypmw31t.default-1374600486856\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-08-01 00:10; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\chris\appdata\roaming\mozilla\firefox\profiles\jypmw31t.default-1374600486856\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2013-6-16 640560]
R0 gzflt;gzflt;c:\windows\system32\drivers\gzflt.sys [2013-6-16 162976]
R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2013-6-16 78144]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-5 77824]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-3-23 418376]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2013-4-16 39056]
R2 UPDATESRV;Bitdefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2013\updatesrv.exe [2013-6-16 54960]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2013-4-8 242504]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2013-6-16 490144]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-3-23 22856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-8-3 40776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-3-23 701512]
S3 BDSandBox;BDSandBox;c:\windows\system32\drivers\bdsandbox.sys [2013-6-16 66832]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2013-2-6 83864]
S3 MOSUMAC;USB-Ethernet Driver;c:\windows\system32\drivers\MOSUMAC.SYS [2010-11-19 43520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-16 755880]
S4 BdDesktopParental;Bitdefender Desktop Parental Control;c:\program files\bitdefender\bitdefender 2013\bdparentalservice.exe [2013-6-16 62688]
.
=============== Created Last 30 ================
.
2013-08-03 14:52:37    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-02 12:39:05    7143960    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{6a10cc2e-bf04-4f45-9e90-1fa051a0b66b}\mpengine.dll
2013-07-22 17:09:17    --------    d-----w-    c:\programdata\Kaspersky Lab
2013-07-20 21:49:23    --------    d-----w-    c:\users\chris\appdata\local\Microsoft Games
2013-07-19 20:06:37    --------    d-----w-    c:\program files\ESET
2013-07-16 09:27:13    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-07-11 19:44:04    2049024    ----a-w-    c:\windows\system32\win32k.sys
2013-07-11 19:43:19    505344    ----a-w-    c:\windows\system32\qedit.dll
2013-07-11 10:23:27    103680    ----a-w-    C:\kfriapod.sys
2013-07-10 22:03:55    --------    d-----w-    c:\programdata\MGS
2013-07-10 22:03:55    --------    d-----w-    C:\Microgaming
.
==================== Find3M  ====================
.
2013-08-01 14:09:09    490144    ----a-w-    c:\windows\system32\drivers\avckf.sys
2013-08-01 14:09:05    640560    ----a-w-    c:\windows\system32\drivers\avc3.sys
2013-08-01 14:09:01    66832    ----a-w-    c:\windows\system32\drivers\bdsandbox.sys
2013-07-16 01:28:54    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-16 01:28:54    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-30 00:45:40    867240    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-06-30 00:45:40    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-06-16 10:34:02    72704    ----a-w-    c:\windows\system32\drivers\bdvedisk.sys
2013-06-11 07:54:20    499712    ----a-w-    c:\windows\system32\msvcp71.dll
2013-06-02 11:53:21    15616    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2013-05-29 01:50:14    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2013-05-29 01:41:52    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-05-29 01:41:08    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-05-29 01:37:15    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-05-29 01:36:09    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-05-29 01:33:22    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-05-28 11:11:21    355744    ----a-w-    c:\windows\system32\drivers\trufos.sys
2013-05-08 04:37:21    905576    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-05-08 04:04:52    1548288    ----a-w-    c:\windows\system32\WMVDECOD.DLL
.
============= FINISH: 15:54:11.86 ===============
 

NLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 04/02/2011 10:32:19
System Uptime: 03/08/2013 11:25:09 (4 hours ago)
.
Motherboard: Dell Inc. |  | 0K216C
Processor: Intel® Core™2 Duo CPU     E6750  @ 2.66GHz | Socket 775 | 1998/333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 288 GiB total, 165.553 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 3.888 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: GoTrusted TAP Adapter
Device ID: ROOT\NET\0000
Manufacturer: GoTrusted TAP Provider
Name: GoTrusted TAP Adapter
PNP Device ID: ROOT\NET\0000
Service: gttap1
.
==== System Restore Points ===================
.
RP722: 10/07/2013 13:57:29 - Scheduled Checkpoint
RP723: 11/07/2013 20:44:35 - Windows Update
RP724: 12/07/2013 11:33:32 - Scheduled Checkpoint
RP725: 13/07/2013 - Scheduled Checkpoint
RP726: 14/07/2013 13:12:46 - Scheduled Checkpoint
RP727: 15/07/2013 22:54:06 - Scheduled Checkpoint
RP728: 16/07/2013 11:13:44 - Scheduled Checkpoint
RP729: 16/07/2013 16:48:04 - Windows Update
RP730: 17/07/2013 22:07:24 - Scheduled Checkpoint
RP731: 19/07/2013 00:54:08 - Scheduled Checkpoint
RP732: 19/07/2013 20:46:44 - Windows Update
RP733: 20/07/2013 17:30:17 - Scheduled Checkpoint
RP734: 22/07/2013 00:31:53 - Scheduled Checkpoint
RP735: 22/07/2013 13:58:56 - Scheduled Checkpoint
RP736: 23/07/2013 09:05:51 - Scheduled Checkpoint
RP737: 24/07/2013 00:00:02 - Scheduled Checkpoint
RP738: 24/07/2013 00:39:38 - Windows Update
RP739: 25/07/2013 13:00:46 - Scheduled Checkpoint
RP740: 27/07/2013 00:00:02 - Scheduled Checkpoint
RP741: 28/07/2013 00:00:03 - Scheduled Checkpoint
RP742: 29/07/2013 00:11:59 - Scheduled Checkpoint
RP743: 31/07/2013 01:27:44 - Scheduled Checkpoint
RP744: 31/07/2013 03:52:08 - Windows Update
RP745: 31/07/2013 23:02:07 - Scheduled Checkpoint
RP746: 01/08/2013 13:45:57 - Scheduled Checkpoint
RP747: 02/08/2013 14:15:01 - Scheduled Checkpoint
RP748: 03/08/2013 12:06:05 - Scheduled Checkpoint
.
==== Installed Programs ======================
.
 Leawo Video Converter version  5.1.0.0
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.03)
Adobe Shockwave Player 12.0
Bitdefender Internet Security 2013
CCleaner
ConvertXtoDVD 4.0.9.322
EasyBCD 1.7
ESET Online Scanner v3
ffdshow [rev 2180] [2008-10-04]
FileHippo.com Update Checker
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Intel® Graphics Media Accelerator Driver
K-Lite Codec Pack 7.0.0 (Standard)
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office Excel Viewer 2003
Microsoft Office Word Viewer 2003
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 4.0 SP3 Parser (KB973685)
MyFreeCodec
Nero 7 Lite 7.10.1.2
neroxml
Opera 12.15
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Skitch
swMSM
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
VLC media player 2.0.7
Windows Media Player Firefox Plugin
WinRAR 4.20 (32-bit)
YouTube Downloader App 3.00
.
==== Event Viewer Messages From Past Week ========
.
31/07/2013 01:51:04, Error: EventLog [6008]  - The previous system shutdown at 01:49:11 on 31/07/2013 was unexpected.
27/07/2013 21:02:09, Error: Service Control Manager [7001]  - The Windows Image Acquisition (WIA) service depends on the Shell Hardware Detection service which failed to start because of the following error:  The operation completed successfully.
01/08/2013 19:51:57, Error: Service Control Manager [7034]  - The Bitdefender Virus Shield service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================
 

 



#2 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,272 posts
  • Gender:Male
  • Location:US

Posted 03 August 2013 - 05:43 PM

Hello and :welcome:

Please run the following steps and post back all the logs as ATTACHMENTS by clicking on the More Reply Options button.
Please don't put logs in code or quote tags or copy/paste them into your reply unless you're unable to attach them.
Please enable your system to show hidden files: How to see hidden files in Windows

P2P/Piracy Warning:

  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe

STEP 02
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit
  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.

STEP 03
Please download Malwarebytes Anti-Rootkit from here
  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

STEP 04
Please download Junkware Removal Tool to your desktop.
  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 05
Please download AdwCleaner by Xplode to your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • If prompted by the User Account Control click Yes to allow it to run.
  • Under Actions click on the Delete button.
  • Click OK on all prompts.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the entire contents of that logfile to your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt where the number in brackets indicates how often it was run.


STEP 06
button_eos.gif

Please go here to run the online antivirus scannner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 07
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

 


Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#3 Chrs

Chrs

    New Member

  • Members
  • Pip
  • 9 posts

Posted 03 August 2013 - 08:43 PM

I did erunt but when I rebooted got message denied

ran mbar and nothing found and extracted files but the 2 files you asked for werent there

eset no therats

 

RogueKiller V8.6.4 [Jul 29 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.co...es/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Chris [Admin rights]
Mode : Scan -- Date : 08/04/2013 00:12:16
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤
-> D:\windows\system32\config\SYSTEM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SOFTWARE | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SECURITY | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\SAM | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\windows\system32\config\DEFAULT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]
-> D:\Users\Default\NTUSER.DAT | DRVINFO [Drv - D:] | SYSTEMINFO [Sys - x:] [Sys32 - FOUND] | USERINFO [Startup - NOT_FOUND]

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320613AS ATA Device +++++
--- User ---
[MBR] 75cea1566f37ed5202eeca8f75d9ee40
[BSP] f9ca80c0c038cea0eeca3eb48d6e0ec9 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 295243 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 604659712 | Size: 10000 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_08042013_001216.txt >>




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.3.1 (08.02.2013:3)
OS: Windows Vista ™ Home Premium x86
Ran by Chris on 04/08/2013 at  0:28:12.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted [File] C:\Windows\system32\Tasks\CreateChoiceProcessTask



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Chris\AppData\Roaming\mozilla\firefox\profiles\jypmw31t.default-1374600486856\minidumps [6 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/08/2013 at  0:33:04.72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v2.306 - Logfile created 08/04/2013 at 00:47:00
# Updated 19/07/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Chris - DELL-530
# Boot Mode : Normal
# Running from : C:\Users\Chris\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (en-US)

File : C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\jypmw31t.default-1374600486856\prefs.js

[OK] File is clean.

-\\ Google Chrome v28.0.1500.95

File : C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.15.1748.0

File : C:\Users\Chris\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S2].txt - [951 octets] - [04/08/2013 00:47:00]

########## EOF - C:\AdwCleaner[S2].txt - [1010 octets] ##########

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-08-2013 01
Ran by Chris (administrator) on 04-08-2013 02:39:49
Running from C:\Users\Chris\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Andrea Electronics Corporation) C:\Windows\system32\AERTSrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4907008 2008-01-17] (Realtek Semiconductor)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-06-11] (RealNetworks, Inc.)
HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1615392 2013-08-01] (Bitdefender)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [FileHippo.com] - C:\Program Files\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2009-04-11] (Microsoft Corporation)
Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT\AUTOBACK.EXE ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.m...ash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\jypmw31t.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.2.32 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.2 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.2.32 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{FCE04E1F-9378-4f39-96F6-5689A9159E45}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
FF Extension: No Name - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (RealNetworks™ Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer™ HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (RealDownloader) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.2_0
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 AERTFilters; C:\Windows\system32\AERTSrv.exe [77824 2007-12-05] (Andrea Electronics Corporation)
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [62688 2013-02-26] (Bitdefender)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-04-16] ()
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [54960 2013-07-15] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1343472 2013-08-01] (Bitdefender)

==================== Drivers (Whitelisted) ====================

R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [640560 2013-08-01] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [490144 2013-08-01] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [78144 2013-02-22] (BitDefender LLC)
R1 bdftdif; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [130640 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2013-08-01] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys [134136 2012-10-02] (BitDefender LLC)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [162976 2012-10-04] (BitDefender LLC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MOSUMAC; C:\Windows\System32\DRIVERS\MOSUMAC.SYS [43520 2009-12-10] (--)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [355744 2013-05-28] (BitDefender S.R.L.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-04 02:39 - 2013-08-04 02:39 - 00000000 ____D C:\FRST
2013-08-04 01:35 - 2013-08-04 01:35 - 01222124 _____ (Farbar) C:\Users\Chris\Desktop\FRST.exe
2013-08-04 00:51 - 2013-08-04 00:51 - 02347384 _____ (ESET) C:\Users\Chris\Downloads\esetsmartinstaller_enu(4).exe
2013-08-04 00:47 - 2013-08-04 00:47 - 00001079 _____ C:\AdwCleaner[S2].txt
2013-08-04 00:33 - 2013-08-04 00:33 - 00666633 _____ C:\Users\Chris\Downloads\AdwCleaner.exe
2013-08-04 00:33 - 2013-08-04 00:33 - 00000860 _____ C:\Users\Chris\Desktop\JRT.txt
2013-08-04 00:27 - 2013-08-04 00:27 - 00560986 _____ (Oleg N. Scherbakov) C:\Users\Chris\Desktop\JRT.exe
2013-08-04 00:14 - 2013-08-04 00:45 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-04 00:12 - 2013-08-04 00:12 - 00002296 _____ C:\Users\Chris\Desktop\RKreport[0]_S_08042013_001216.txt
2013-08-04 00:10 - 2013-08-04 00:32 - 00000000 ____D C:\Users\Chris\Desktop\RK_Quarantine
2013-08-04 00:10 - 2013-08-04 00:10 - 00916992 _____ C:\Users\Chris\Desktop\RogueKiller.exe
2013-08-04 00:09 - 2013-08-04 00:09 - 00000733 _____ C:\Users\Chris\Desktop\NTREGOPT.lnk
2013-08-04 00:09 - 2013-08-04 00:09 - 00000714 _____ C:\Users\Chris\Desktop\ERUNT.lnk
2013-08-04 00:09 - 2013-08-04 00:09 - 00000000 ____D C:\Program Files\ERUNT
2013-08-04 00:08 - 2013-08-04 00:08 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Chris\Desktop\erunt-setup.exe
2013-08-03 15:54 - 2013-08-03 15:54 - 00011155 _____ C:\Users\Chris\Desktop\dds.txt
2013-08-03 15:54 - 2013-08-03 15:54 - 00006863 _____ C:\Users\Chris\Desktop\attach.txt
2013-08-03 15:52 - 2013-08-03 15:52 - 00688992 ____R (Swearware) C:\Users\Chris\Desktop\dds.scr
2013-08-01 12:58 - 2013-08-01 12:58 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\Chris\Downloads\tdsskiller.exe
2013-08-01 10:13 - 2013-08-01 10:16 - 179044024 _____ C:\Users\Chris\Downloads\setup_11.0.0.1245.x01_2013_08_01_11_29(1).exe
2013-07-23 22:29 - 2013-08-03 00:01 - 00000000 ____D C:\Users\Chris\AppData\Roaming\vlc
2013-07-23 22:28 - 2013-07-23 22:28 - 00000859 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-23 22:27 - 2013-07-23 22:28 - 22937227 _____ C:\Users\Chris\Downloads\vlc-2.0.7-win32.exe
2013-07-23 18:28 - 2013-07-23 18:28 - 00000000 ____D C:\Users\Chris\Desktop\Old Firefox Data-4
2013-07-22 18:09 - 2013-07-22 18:09 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-20 22:49 - 2013-07-20 22:49 - 00000000 ____D C:\Users\Chris\AppData\Local\Microsoft Games
2013-07-19 21:09 - 2013-07-19 21:09 - 00264757 _____ C:\Users\Chris\Downloads\FHSetup(1).exe
2013-07-19 21:08 - 2013-07-19 21:09 - 15730048 _____ (Adobe Systems Inc.) C:\Users\Chris\Downloads\Shockwave_Installer_Full.exe
2013-07-19 21:06 - 2013-07-19 21:06 - 00000000 ____D C:\Program Files\ESET
2013-07-19 19:52 - 2013-07-20 11:55 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-19 19:52 - 2013-07-19 19:53 - 00000000 ____D C:\Users\Chris\Documents\888poker
2013-07-11 20:57 - 2013-05-29 02:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 20:57 - 2013-05-29 02:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 20:57 - 2013-05-29 02:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 20:57 - 2013-05-29 02:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-11 20:57 - 2013-05-29 02:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 20:57 - 2013-05-29 02:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 20:57 - 2013-05-29 02:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-11 20:57 - 2013-05-29 02:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 20:57 - 2013-05-29 02:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-11 20:57 - 2013-05-29 02:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-11 20:57 - 2013-05-29 02:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 20:57 - 2013-05-29 02:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 20:57 - 2013-05-29 02:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 20:57 - 2013-05-29 02:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 20:57 - 2013-05-29 02:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-11 20:57 - 2013-05-29 02:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 20:44 - 2013-06-04 02:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 20:43 - 2013-06-01 05:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 20:42 - 2013-05-08 05:04 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 20:42 - 2013-04-17 12:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-11 20:42 - 2013-04-17 12:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-11 20:42 - 2013-04-17 12:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-11 20:42 - 2013-04-17 12:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-11 20:42 - 2013-04-17 11:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-11 20:42 - 2013-04-17 11:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-11 20:42 - 2013-04-17 11:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-11 20:42 - 2013-04-17 11:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 20:42 - 2013-04-17 11:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-07-11 11:23 - 2013-07-11 11:23 - 00103680 _____ (GMER) C:\kfriapod.sys
2013-07-10 23:03 - 2013-07-10 23:03 - 00794584 _____ C:\Users\Chris\Downloads\32Red.exe
2013-07-10 23:03 - 2013-07-10 23:03 - 00000000 ____D C:\ProgramData\MGS
2013-07-10 23:03 - 2013-07-10 23:03 - 00000000 ____D C:\Microgaming
2013-07-10 11:08 - 2013-08-04 00:49 - 00006184 _____ C:\Windows\system32\spsys.log
2013-07-06 14:25 - 2013-07-06 14:25 - 00000000 ____D C:\Users\Chris\Desktop\Old Firefox Data-3

==================== One Month Modified Files and Folders =======

2013-08-04 02:39 - 2013-08-04 02:39 - 00000000 ____D C:\FRST
2013-08-04 02:38 - 2013-04-16 13:17 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-04 02:19 - 2012-06-09 17:42 - 01578896 _____ C:\Windows\WindowsUpdate.log
2013-08-04 01:47 - 2012-12-13 20:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-04 01:35 - 2013-08-04 01:35 - 01222124 _____ (Farbar) C:\Users\Chris\Desktop\FRST.exe
2013-08-04 00:51 - 2013-08-04 00:51 - 02347384 _____ (ESET) C:\Users\Chris\Downloads\esetsmartinstaller_enu(4).exe
2013-08-04 00:50 - 2013-04-16 13:17 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-04 00:49 - 2013-07-10 11:08 - 00006184 _____ C:\Windows\system32\spsys.log
2013-08-04 00:49 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-04 00:49 - 2006-11-02 13:47 - 00005184 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-04 00:49 - 2006-11-02 13:47 - 00005184 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-04 00:48 - 2006-11-02 14:01 - 00032582 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-04 00:47 - 2013-08-04 00:47 - 00001079 _____ C:\AdwCleaner[S2].txt
2013-08-04 00:45 - 2013-08-04 00:14 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-04 00:33 - 2013-08-04 00:33 - 00666633 _____ C:\Users\Chris\Downloads\AdwCleaner.exe
2013-08-04 00:33 - 2013-08-04 00:33 - 00000860 _____ C:\Users\Chris\Desktop\JRT.txt
2013-08-04 00:32 - 2013-08-04 00:10 - 00000000 ____D C:\Users\Chris\Desktop\RK_Quarantine
2013-08-04 00:27 - 2013-08-04 00:27 - 00560986 _____ (Oleg N. Scherbakov) C:\Users\Chris\Desktop\JRT.exe
2013-08-04 00:27 - 2012-01-11 04:46 - 00000000 ____D C:\Windows\ERDNT
2013-08-04 00:12 - 2013-08-04 00:12 - 00002296 _____ C:\Users\Chris\Desktop\RKreport[0]_S_08042013_001216.txt
2013-08-04 00:10 - 2013-08-04 00:10 - 00916992 _____ C:\Users\Chris\Desktop\RogueKiller.exe
2013-08-04 00:09 - 2013-08-04 00:09 - 00000733 _____ C:\Users\Chris\Desktop\NTREGOPT.lnk
2013-08-04 00:09 - 2013-08-04 00:09 - 00000714 _____ C:\Users\Chris\Desktop\ERUNT.lnk
2013-08-04 00:09 - 2013-08-04 00:09 - 00000000 ____D C:\Program Files\ERUNT
2013-08-04 00:08 - 2013-08-04 00:08 - 00791393 _____ (Lars Hederer                                                ) C:\Users\Chris\Desktop\erunt-setup.exe
2013-08-03 15:54 - 2013-08-03 15:54 - 00011155 _____ C:\Users\Chris\Desktop\dds.txt
2013-08-03 15:54 - 2013-08-03 15:54 - 00006863 _____ C:\Users\Chris\Desktop\attach.txt
2013-08-03 15:53 - 2012-06-03 09:55 - 00042496 _____ C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-03 15:52 - 2013-08-03 15:52 - 00688992 ____R (Swearware) C:\Users\Chris\Desktop\dds.scr
2013-08-03 00:01 - 2013-07-23 22:29 - 00000000 ____D C:\Users\Chris\AppData\Roaming\vlc
2013-08-01 15:09 - 2013-06-16 11:02 - 00640560 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2013-08-01 15:09 - 2013-06-16 11:02 - 00490144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2013-08-01 15:09 - 2013-06-16 11:02 - 00066832 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2013-08-01 12:58 - 2013-08-01 12:58 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\Chris\Downloads\tdsskiller.exe
2013-08-01 10:16 - 2013-08-01 10:13 - 179044024 _____ C:\Users\Chris\Downloads\setup_11.0.0.1245.x01_2013_08_01_11_29(1).exe
2013-07-31 11:41 - 2013-04-16 13:17 - 00001971 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-27 03:37 - 2013-01-12 14:37 - 00000000 ____D C:\Users\Chris\AppData\Local\Skitch
2013-07-25 12:24 - 2011-12-31 14:09 - 00000000 ____D C:\Users\Chris\AppData\Local\CrashDumps
2013-07-23 22:28 - 2013-07-23 22:28 - 00000859 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-23 22:28 - 2013-07-23 22:27 - 22937227 _____ C:\Users\Chris\Downloads\vlc-2.0.7-win32.exe
2013-07-23 18:28 - 2013-07-23 18:28 - 00000000 ____D C:\Users\Chris\Desktop\Old Firefox Data-4
2013-07-22 18:09 - 2013-07-22 18:09 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-22 11:54 - 2013-05-06 14:42 - 00000069 _____ C:\Windows\NeroDigital.ini
2013-07-20 22:49 - 2013-07-20 22:49 - 00000000 ____D C:\Users\Chris\AppData\Local\Microsoft Games
2013-07-20 11:55 - 2013-07-19 19:52 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-19 21:09 - 2013-07-19 21:09 - 00264757 _____ C:\Users\Chris\Downloads\FHSetup(1).exe
2013-07-19 21:09 - 2013-07-19 21:08 - 15730048 _____ (Adobe Systems Inc.) C:\Users\Chris\Downloads\Shockwave_Installer_Full.exe
2013-07-19 21:09 - 2013-01-14 22:59 - 00001784 _____ C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
2013-07-19 21:09 - 2013-01-14 22:59 - 00001754 _____ C:\Users\Chris\Desktop\Update Checker.lnk
2013-07-19 21:08 - 2013-01-13 21:28 - 00056088 _____ C:\Users\Chris\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-19 21:06 - 2013-07-19 21:06 - 00000000 ____D C:\Program Files\ESET
2013-07-19 19:53 - 2013-07-19 19:52 - 00000000 ____D C:\Users\Chris\Documents\888poker
2013-07-16 02:37 - 2012-03-26 12:13 - 00000000 ____D C:\Windows\Minidump
2013-07-16 02:35 - 2013-01-13 18:03 - 03610720 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-16 02:28 - 2012-12-13 20:48 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-07-16 02:28 - 2012-12-13 20:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-07-16 02:28 - 2011-12-26 23:06 - 00000000 ____D C:\Users\Chris\AppData\Local\Adobe
2013-07-11 22:52 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-11 21:28 - 2013-05-08 16:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 21:22 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-07-11 21:08 - 2006-11-02 11:33 - 00709578 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-11 20:59 - 2006-11-02 11:24 - 75699896 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-07-11 20:45 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 11:23 - 2013-07-11 11:23 - 00103680 _____ (GMER) C:\kfriapod.sys
2013-07-10 23:03 - 2013-07-10 23:03 - 00794584 _____ C:\Users\Chris\Downloads\32Red.exe
2013-07-10 23:03 - 2013-07-10 23:03 - 00000000 ____D C:\ProgramData\MGS
2013-07-10 23:03 - 2013-07-10 23:03 - 00000000 ____D C:\Microgaming
2013-07-10 11:03 - 2006-11-02 11:23 - 00000215 _____ C:\Windows\system.ini
2013-07-06 14:25 - 2013-07-06 14:25 - 00000000 ____D C:\Users\Chris\Desktop\Old Firefox Data-3
2013-07-05 02:17 - 2013-05-26 08:36 - 71571170 _____ C:\Users\Chris\Desktop\20130328_151606.mp4
2013-07-05 02:17 - 2013-05-26 08:36 - 04542346 _____ C:\Users\Chris\Desktop\20130328_151644.mp4
2013-07-05 02:16 - 2013-05-26 08:35 - 70039279 _____ C:\Users\Chris\Desktop\20130328_151820.mp4

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-04 01:00

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 01-08-2013 01
Ran by Chris at 2013-08-04 02:40:53
Running from C:\Users\Chris\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 Leawo Video Converter version  5.1.0.0
Adobe AIR (Version: 3.7.0.1860)
Adobe Community Help (Version: 3.4.980)
Adobe Download Assistant (Version: 1.0.6)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.224)
Adobe Flash Player 11 Plugin (Version: 11.8.800.94)
Adobe Reader XI (11.0.03) (Version: 11.0.03)
Adobe Shockwave Player 12.0 (Version: 12.0.3.133)
Bitdefender Internet Security 2013 (Version: 16.30.0.1843)
CCleaner (Version: 4.03)
ConvertXtoDVD 4.0.9.322 (Version: 4.0.9.322)
EasyBCD 1.7 (Version: 1.7)
ERUNT 1.1j
ESET Online Scanner v3
ffdshow [rev 2180] [2008-10-04] (Version: 1.0)
FileHippo.com Update Checker
Google Chrome (Version: 28.0.1500.95)
Google Update Helper (Version: 1.3.21.153)
Intel® Graphics Media Accelerator Driver
K-Lite Codec Pack 7.0.0 (Standard) (Version: 7.0.0)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Office Excel Viewer 2003 (Version: 11.0.8173.0)
Microsoft Office Word Viewer 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MyFreeCodec
Nero 7 Lite 7.10.1.2 (Version: 7.10.1.2)
neroxml (Version: 1.0.0)
Opera 12.15 (Version: 12.15.1748)
QuickTime (Version: 7.73.80.64)
RealDownloader (Version: 1.3.2)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.2)
RealUpgrade 1.1 (Version: 1.1.0)
Skitch (Version: 2.2.0.4)
swMSM (Version: 12.0.0.1)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
VLC media player 2.0.7 (Version: 2.0.7)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR 4.20 (32-bit) (Version: 4.20.0)
YouTube Downloader App 3.00 (Version: 3.00)
 

==================== Restore Points  =========================

10-07-2013 12:57:29 Scheduled Checkpoint
11-07-2013 19:44:35 Windows Update
12-07-2013 10:33:32 Scheduled Checkpoint
12-07-2013 23:00:00 Scheduled Checkpoint
14-07-2013 12:12:46 Scheduled Checkpoint
15-07-2013 21:54:06 Scheduled Checkpoint
16-07-2013 10:13:44 Scheduled Checkpoint
16-07-2013 15:48:04 Windows Update
17-07-2013 21:07:24 Scheduled Checkpoint
18-07-2013 23:54:08 Scheduled Checkpoint
19-07-2013 19:46:44 Windows Update
20-07-2013 16:30:17 Scheduled Checkpoint
21-07-2013 23:31:53 Scheduled Checkpoint
22-07-2013 12:58:56 Scheduled Checkpoint
23-07-2013 08:05:51 Scheduled Checkpoint
23-07-2013 23:00:02 Scheduled Checkpoint
23-07-2013 23:39:38 Windows Update
25-07-2013 12:00:46 Scheduled Checkpoint
26-07-2013 23:00:02 Scheduled Checkpoint
27-07-2013 23:00:03 Scheduled Checkpoint
28-07-2013 23:11:59 Scheduled Checkpoint
31-07-2013 00:27:44 Scheduled Checkpoint
31-07-2013 02:52:08 Windows Update
31-07-2013 22:02:07 Scheduled Checkpoint
01-08-2013 12:45:57 Scheduled Checkpoint
02-08-2013 13:15:01 Scheduled Checkpoint
03-08-2013 11:06:05 Scheduled Checkpoint

==================== Hosts content: ==========================

2013-01-28 16:22 - 2013-07-10 11:03 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0945E1CB-16D0-411C-8521-E36129FC4CAD} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3299710142-3868310564-1978959094-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {0C8C107F-6F4F-486F-9E02-C08A5FE5A315} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-16] (Google Inc.)
Task: {0E85FA89-016D-4346-B9F7-05F4D0C132EE} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {55BCF811-A564-4112-86D0-CE9A15394CF0} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3299710142-3868310564-1978959094-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {60AB6ED2-5351-4312-8C56-7508ACA6E8FB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-16] (Google Inc.)
Task: {677CD573-8156-4B83-8781-B7646D6B0415} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-16] (Adobe Systems Incorporated)
Task: {6AB10674-89F8-4900-9832-2CF880C72577} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3299710142-3868310564-1978959094-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {6CF8EE34-6EE2-4E64-AA5A-E3899409B671} - System32\Tasks\User_Feed_Synchronization-{890E34AE-B7D2-4C9D-B64B-88DB364A18E6} => C:\Windows\system32\msfeedssync.exe [2011-12-26] (Microsoft Corporation)
Task: {709FD123-0434-4B25-9F09-F77D694C65B4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {71739981-C277-4982-8733-0F5E16065D1E} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.)
Task: {745733FA-3BB1-409F-9D9C-36EC6FD46BDF} - \CreateChoiceProcessTask No Task File
Task: {8214B684-CA5F-4C69-89AA-C1D18ACA5CB0} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3299710142-3868310564-1978959094-1001 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-04-16] (RealNetworks, Inc.)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {EF01A4DA-76E4-4FEE-ADFA-3C7B500BC8ED} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============

Name: GoTrusted TAP Adapter
Description: GoTrusted TAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: GoTrusted TAP Provider
Service: gttap1
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (08/04/2013 00:48:15 AM) (Source: Service Control Manager) (User: )
Description: 30000VSSERV

Error: (08/04/2013 00:48:05 AM) (Source: DCOM) (User: )
Description: {C2BFE331-6739-4270-86C9-493D9A04CD38}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-08-04 00:34:23.365
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-04 00:34:23.255
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-04 00:34:23.145
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-04 00:34:23.031
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-04 00:13:29.171
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-04 00:13:29.063
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-04 00:13:28.954
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-04 00:13:28.846
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-03 21:45:08.033
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-08-03 21:45:07.924
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 53%
Total physical RAM: 3060.45 MB
Available physical RAM: 1423.25 MB
Total Pagefile: 6349.91 MB
Available Pagefile: 4214.76 MB
Total Virtual: 2047.88 MB
Available Virtual: 1897.01 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:288.32 GB) (Free:165.25 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Recovery) (Fixed) (Total:9.77 GB) (Free:3.89 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: 5ED7C68A)
Partition 1: (Active) - (Size=288 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 



#4 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,272 posts
  • Gender:Male
  • Location:US

Posted 04 August 2013 - 12:32 AM

Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file.  Please be patient as it can take some time to load.
  • Please attach that log file to your next reply.
  • If needed the file can be located here:  C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

 

 


Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#5 Chrs

Chrs

    New Member

  • Members
  • Pip
  • 9 posts

Posted 04 August 2013 - 08:07 AM

ComboFix 13-08-04.01 - Chris 04/08/2013  13:36:06.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3060.1158 [GMT 1:00]
Running from: c:\users\Chris\Desktop\ComboFix.exe
AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}
FW: Bitdefender Firewall *Disabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\spsys.log
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-04 to 2013-08-04  )))))))))))))))))))))))))))))))
.
.
2013-08-04 13:03 . 2013-08-04 13:03    --------    d-----w-    c:\users\Public\AppData\Local\temp
2013-08-04 13:03 . 2013-08-04 13:03    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-08-04 12:32 . 2013-08-04 12:32    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-04 01:39 . 2013-08-04 01:39    --------    d-----w-    C:\FRST
2013-08-03 23:14 . 2013-08-03 23:45    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-03 23:09 . 2013-08-03 23:09    --------    d-----w-    c:\program files\ERUNT
2013-08-02 12:39 . 2013-07-02 06:54    7143960    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{6A10CC2E-BF04-4F45-9E90-1FA051A0B66B}\mpengine.dll
2013-07-23 21:29 . 2013-08-02 23:01    --------    d-----w-    c:\users\Chris\AppData\Roaming\vlc
2013-07-22 17:09 . 2013-07-22 17:09    --------    d-----w-    c:\programdata\Kaspersky Lab
2013-07-20 21:49 . 2013-07-20 21:49    --------    d-----w-    c:\users\Chris\AppData\Local\Microsoft Games
2013-07-19 20:06 . 2013-07-19 20:06    --------    d-----w-    c:\program files\ESET
2013-07-11 19:44 . 2013-06-04 01:50    2049024    ----a-w-    c:\windows\system32\win32k.sys
2013-07-11 19:43 . 2013-06-01 04:06    505344    ----a-w-    c:\windows\system32\qedit.dll
2013-07-11 10:23 . 2013-07-11 10:23    103680    ----a-w-    C:\kfriapod.sys
2013-07-10 22:03 . 2013-07-10 22:03    --------    d-----w-    c:\programdata\MGS
2013-07-10 22:03 . 2013-07-10 22:03    --------    d-----w-    C:\Microgaming
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-01 14:09 . 2013-06-16 10:02    490144    ----a-w-    c:\windows\system32\drivers\avckf.sys
2013-08-01 14:09 . 2013-06-16 10:02    640560    ----a-w-    c:\windows\system32\drivers\avc3.sys
2013-08-01 14:09 . 2013-06-16 10:02    66832    ----a-w-    c:\windows\system32\drivers\bdsandbox.sys
2013-07-16 01:28 . 2012-12-13 19:48    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-16 01:28 . 2012-12-13 19:48    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-30 00:45 . 2011-12-26 22:04    867240    ----a-w-    c:\windows\system32\npdeployJava1.dll
2013-06-30 00:45 . 2011-12-26 22:00    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-06-16 10:34 . 2013-06-16 10:34    72704    ----a-w-    c:\windows\system32\drivers\bdvedisk.sys
2013-06-11 07:54 . 2008-10-23 12:05    499712    ----a-w-    c:\windows\system32\msvcp71.dll
2013-06-02 11:53 . 2013-06-02 11:53    15616    ----a-w-    c:\windows\system32\drivers\TrueSight.sys
2013-05-28 11:11 . 2013-06-16 09:56    355744    ----a-w-    c:\windows\system32\drivers\trufos.sys
2013-05-08 04:37 . 2013-06-12 11:55    905576    ----a-w-    c:\windows\system32\drivers\tcpip.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2012-11-23 307712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-25 170520]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-06-11 295512]
"Bdagent"="c:\program files\Bitdefender\Bitdefender 2013\bdagent.exe" [2013-08-01 1615392]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE %SystemRoot%\ERDNT\AutoBackup\#Date# /noconfirmdelete /noprogresswindow [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-31 10:38    1173456    ----a-w-    c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-13 01:28]
.
2013-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-16 12:16]
.
2013-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-16 12:16]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\jypmw31t.default-1374600486856\
FF - ExtSQL: 2013-06-11 08:56; {FCE04E1F-9378-4f39-96F6-5689A9159E45}; c:\programdata\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF - ExtSQL: 2013-07-31 22:30; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\jypmw31t.default-1374600486856\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-08-01 00:10; {73a6fe31-595d-460b-a920-fcc0f8843232}; c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\jypmw31t.default-1374600486856\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-04 14:03
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Completion time: 2013-08-04  14:06:56
ComboFix-quarantined-files.txt  2013-08-04 13:06
.
Pre-Run: 177,482,379,264 bytes free
Post-Run: 177,576,697,856 bytes free
.
- - End Of File - - 971B837C1ECB1B1BC16BE57675592D2A
5C616939100B85E558DA92B899A0FC36
 



#6 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,272 posts
  • Gender:Male
  • Location:US

Posted 05 August 2013 - 12:55 AM

That looks good.  

 

Please Run TFC by OldTimer to clear temporary files:

  • Download TFC from here and save it to your desktop.
  • http://oldtimer.geekstogo.com/TFC.exe
  • Close any open programs and Internet browsers.
  • Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
  • Please be patient as clearing out temp files may take a while.
  • Once it completes you may be prompted to restart your computer, please do so.
  • Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

 

 

 

Next, download Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

 

 

Then reboot again and let me know how the computer is running now.


Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#7 Chrs

Chrs

    New Member

  • Members
  • Pip
  • 9 posts

Posted 05 August 2013 - 09:42 AM

I try to download security check and get the following message

 

Bitdefender blocked this page

This page is blocked by Bitdefender Cloud protection.



#8 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,272 posts
  • Gender:Male
  • Location:US

Posted 05 August 2013 - 07:52 PM

Please temporarily disable Bitdefender and try to download it again and run it.

 

Then re-enable Bitdefender when done


Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#9 Chrs

Chrs

    New Member

  • Members
  • Pip
  • 9 posts

Posted 05 August 2013 - 09:02 PM

 Results of screen317's Security Check version 0.99.71  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
Bitdefender Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Adobe Flash Player     11.8.800.94  
 Adobe Reader XI  
 Mozilla Firefox (22.0)
 Google Chrome 28.0.1500.72  
 Google Chrome 28.0.1500.95  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
 Bitdefender Bitdefender 2013 updatesrv.exe  
 Bitdefender Bitdefender 2013 bdagent.exe  
 Bitdefender Bitdefender 2013 seccenter.exe  
 Bitdefender Bitdefender 2013 vsserv.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````
 



#10 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,272 posts
  • Gender:Male
  • Location:US

Posted 05 August 2013 - 09:23 PM

Great, that looks good. 

 

So how is the computer running now? 


Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#11 Chrs

Chrs

    New Member

  • Members
  • Pip
  • 9 posts

Posted 07 August 2013 - 09:31 AM

seems good, do I uninstall everything?



#12 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,272 posts
  • Gender:Male
  • Location:US

Posted 07 August 2013 - 08:29 PM

Please click on START and type in COMBOFIX.EXE  /UNINSTALL

 

That will remove combofix and reset some default settings back to normal.

 

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

 

 

Then read the following when you have time.

 

Best Practices for Safe Computing - Prevention of Malware Infection

 

 

If you have any other questions please let me know.


Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#13 Chrs

Chrs

    New Member

  • Members
  • Pip
  • 9 posts

Posted 08 August 2013 - 02:11 AM

so deffo clean then mate?



#14 Chrs

Chrs

    New Member

  • Members
  • Pip
  • 9 posts

Posted 08 August 2013 - 02:21 AM

did you find anything?



#15 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,272 posts
  • Gender:Male
  • Location:US

Posted 08 August 2013 - 03:25 AM

Just minor stuff - I didn't see anything in the current scans and logs to indicate anything too nasty.

Are you still having an issue that you think is malware related?

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#16 Chrs

Chrs

    New Member

  • Members
  • Pip
  • 9 posts

Posted 08 August 2013 - 11:55 AM

no its all good, when you say minor stufff?



#17 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,272 posts
  • Gender:Male
  • Location:US

Posted 08 August 2013 - 06:08 PM

Almost all computers have "junk" entries from browsing.  The computer appears to be just fine.


Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook


#18 AdvancedSetup

AdvancedSetup

    Staff

  • Root Admin
  • PipPipPipPipPipPip
  • 41,272 posts
  • Gender:Male
  • Location:US

Posted 08 August 2013 - 06:08 PM

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Ron Lewis
Forum Community Manager

staff.png

Follow us: Twitter, Become a fan: Facebook





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users