PDA

View Full Version : Need help removeing maleware



Nick443
2014-03-15, 07:21
I just got a new Laptop off Ebay and its running really slow. IE and google Chrome are always locking up and I tried to install MBAM but it saying cant find user32.dll but I looked in the system 32 file and the file is there. So I was wondering if anyone could help me to determine if I am effected. I am kinda suspicious being I got the laptop online. Thank you

Sorry I didn't see the read this before you post forum. So here is the logs you guys want. Sorry about that and thanks for the help.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2
Run by Precision M6300 at 0:42:02 on 2014-03-15
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2353 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============



aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-15 00:44:08
-----------------------------
00:44:08.295 OS Version: Windows x64 6.1.7601 Service Pack 1
00:44:08.295 Number of processors: 2 586 0xF0B
00:44:08.295 ComputerName: PRECISIONM6300 UserName:
00:44:09.855 Initialize success
00:44:13.973 AVAST engine defs: 14031401
00:44:30.883 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
00:44:30.883 Disk 0 Vendor: ST9160823ASG 3.ADD Size: 152627MB BusType: 3
00:44:31.008 Disk 0 MBR read successfully
00:44:31.008 Disk 0 MBR scan
00:44:31.008 Disk 0 Windows 7 default MBR code
00:44:31.024 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:44:31.039 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
00:44:31.164 Disk 0 scanning C:\Windows\system32\drivers
00:44:38.949 Service scanning
00:44:55.921 Modules scanning
00:44:55.921 Disk 0 trace - called modules:
00:44:55.968 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
00:44:55.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80042d9060]
00:44:56.499 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80040e9060]
00:44:56.998 AVAST engine scan C:\Windows
00:44:58.183 AVAST engine scan C:\Windows\system32
00:47:51.291 AVAST engine scan C:\Windows\system32\drivers
00:48:00.838 AVAST engine scan C:\Users\Precision M6300
00:50:13.412 AVAST engine scan C:\ProgramData
00:50:44.536 Scan finished successfully
00:51:29.714 Disk 0 MBR has been saved successfully to "C:\Users\Precision M6300\Desktop\MBR.dat"
00:51:29.745 The log file has been saved successfully to "C:\Users\Precision M6300\Desktop\aswMBR.txt"
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\taskhost.exe
C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.202\deploy\LoLLauncher.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.dell.com
uDefault_Page_URL = hxxp://www.dell.com
mWinlogon: Userinit = userinit.exe
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\Users\PRECIS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{68BB8804-2288-49BF-93D1-4652893DB5D7} : DHCPNameServer = 192.168.1.254
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.149\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-3-13 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-3-13 207904]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-8-24 55856]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2014-3-13 28184]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-3-13 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-3-13 421704]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-3-13 78648]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-3-13 50344]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 134944]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-3-13 80184]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S2 avast! Firewall;avast! Firewall;"C:\Program Files\AVAST Software\Avast\afwServ.exe" --> C:\Program Files\AVAST Software\Avast\afwServ.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2014-3-14 1153368]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-14 111616]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-31 19456]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-14 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-8-31 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-31 1255736]
.
=============== Created Last 30 ================
.
2014-03-14 13:49:15 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-03-14 13:49:15 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2014-03-14 13:14:57 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F32A48A-A026-419A-989E-8DCFC4B8C164}\mpengine.dll
2014-03-14 13:14:17 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-14 13:14:17 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-14 13:09:29 6574592 ----a-w- C:\Windows\System32\mstscax.dll
2014-03-14 13:09:29 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-03-14 12:30:27 1008128 ----a-w- C:\Windows\System32\USER32 (2).dll
2014-03-14 12:28:26 -------- d-----w- C:\Windows\Migration
2014-03-14 12:20:47 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
2014-03-14 12:15:57 -------- d-----w- C:\Users\Precision M6300\AppData\Local\Google
2014-03-14 12:15:19 -------- d-----w- C:\Users\Precision M6300\AppData\Local\Apps
2014-03-14 12:15:18 -------- d-----w- C:\Users\Precision M6300\AppData\Local\Deployment
2014-03-14 12:10:44 1008128 ----a-w- C:\Windows\system\USER32.dll
2014-03-14 12:01:02 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
2014-03-14 12:01:02 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
2014-03-14 11:37:07 -------- d-----w- C:\ProgramData\Malwarebytes
2014-03-14 09:07:27 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD793EB2-C0A1-4C92-B473-C0824A59F933}\gapaengine.dll
2014-03-14 09:07:11 10536864 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-03-14 07:02:11 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2014-03-14 07:02:11 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2014-03-14 07:02:07 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2014-03-14 07:01:34 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2014-03-14 07:01:30 -------- d-----w- C:\Riot Games
2014-03-14 06:57:33 -------- d-----w- C:\Users\Precision M6300\AppData\Local\PMB Files
2014-03-14 06:57:30 -------- d-----w- C:\ProgramData\PMB Files
2014-03-14 06:57:21 -------- d-----w- C:\Program Files (x86)\Pando Networks
2014-03-14 06:52:54 -------- d-----w- C:\Users\Precision M6300\AppData\Roaming\Riot Games
2014-03-14 06:50:22 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2014-03-13 21:54:42 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-03-13 21:54:42 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-03-13 21:54:42 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-03-13 21:54:41 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-03-13 21:54:41 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-03-13 21:54:41 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-03-13 21:54:41 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-03-13 13:50:23 -------- d-----w- C:\ProgramData\Oracle
2014-03-13 13:45:20 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-03-13 13:36:48 -------- d-----w- C:\NVIDIA
2014-03-13 08:54:06 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-03-13 08:54:06 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-03-13 08:54:04 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-03-13 08:54:03 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-03-13 06:36:06 -------- d-----w- C:\Users\Precision M6300\AppData\Roaming\AVAST Software
2014-03-13 06:35:19 440672 ----a-w- C:\Windows\System32\drivers\aswndisflt.sys
2014-03-13 06:34:54 80184 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-03-13 06:34:54 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-03-13 06:34:53 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-03-13 06:34:52 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-03-13 06:34:50 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-03-13 06:34:50 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-03-13 06:34:49 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2014-03-13 06:34:43 43152 ----a-w- C:\Windows\avastSS.scr
2014-03-13 06:15:20 -------- d-----w- C:\Program Files\AVAST Software
2014-03-13 06:06:01 -------- d-----w- C:\ProgramData\AVAST Software
2014-03-13 01:55:05 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2014-03-13 01:55:00 484864 ----a-w- C:\Windows\System32\wer.dll
2014-03-13 01:55:00 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-03-13 01:53:59 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-03-13 01:52:31 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2014-03-13 01:49:55 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll
2014-03-13 01:44:16 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2014-03-13 01:41:44 -------- d-----w- C:\Users\Precision M6300\AppData\Roaming\NVIDIA
2014-03-13 01:39:59 25936 ----a-w- C:\Windows\System32\X3DAudio1_5.dll
2014-03-13 01:16:44 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2014-03-13 01:12:45 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2014-03-13 01:12:42 -------- d-----w- C:\Program Files (x86)\Steam
2014-03-10 14:37:57 -------- d-----w- C:\Users\Precision M6300\AppData\Local\Diagnostics
.
==================== Find3M ====================
.
2014-03-13 01:23:37 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-13 01:23:37 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-24 06:27:12 6676768 ----a-w- C:\Windows\System32\nvcpl.dll
2014-01-24 06:27:12 3496224 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-01-24 06:27:08 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-01-24 06:27:08 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll
2014-01-24 06:27:08 63776 ----a-w- C:\Windows\System32\nvshext.dll
2014-01-24 06:27:08 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-01-24 06:27:08 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-01-24 06:27:08 1070368 ----a-w- C:\Windows\System32\nv3dappshext.dll
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
.
============= FINISH: 0:43:03.63 ===============


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-03-15 00:44:08
-----------------------------
00:44:08.295 OS Version: Windows x64 6.1.7601 Service Pack 1
00:44:08.295 Number of processors: 2 586 0xF0B
00:44:08.295 ComputerName: PRECISIONM6300 UserName:
00:44:09.855 Initialize success
00:44:13.973 AVAST engine defs: 14031401
00:44:30.883 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
00:44:30.883 Disk 0 Vendor: ST9160823ASG 3.ADD Size: 152627MB BusType: 3
00:44:31.008 Disk 0 MBR read successfully
00:44:31.008 Disk 0 MBR scan
00:44:31.008 Disk 0 Windows 7 default MBR code
00:44:31.024 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
00:44:31.039 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
00:44:31.164 Disk 0 scanning C:\Windows\system32\drivers
00:44:38.949 Service scanning
00:44:55.921 Modules scanning
00:44:55.921 Disk 0 trace - called modules:
00:44:55.968 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
00:44:55.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80042d9060]
00:44:56.499 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80040e9060]
00:44:56.998 AVAST engine scan C:\Windows
00:44:58.183 AVAST engine scan C:\Windows\system32
00:47:51.291 AVAST engine scan C:\Windows\system32\drivers
00:48:00.838 AVAST engine scan C:\Users\Precision M6300
00:50:13.412 AVAST engine scan C:\ProgramData
00:50:44.536 Scan finished successfully
00:51:29.714 Disk 0 MBR has been saved successfully to "C:\Users\Precision M6300\Desktop\MBR.dat"
00:51:29.745 The log file has been saved successfully to "C:\Users\Precision M6300\Desktop\aswMBR.txt"

Dakeyras
2014-03-15, 22:03
Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.
Hi and welcome to Safer Networking :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:


I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for this issue on this machine!
The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
If you don't know, stop and ask! Don't keep going on.
Please reply to this thread. Do not start a new topic.
Refrain from running self fixes as this will hinder the malware removal process.
It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Mutiple AntiVirus Advice:

It appears both avast! Pro Antivirus and Microsoft Security Essentials are installed and active in the System Memory. This will certainly affect overall performance and actually be causing a system conflict and lesson overall online security etc.

So please decide which one you wish to keep installed and uninstall one of the aforementioned only.

Pando Media Booster Advice:

I see you have Pando Media Booster installed, maybe intentionally and or came with one of your installed games for example(or already installed when purchased). Technically this type of software is based upon peer to peer technology and you can never really be sure what it is purportedly downloading is always safe. Plus it does not always make that much of a improvement with downloading.

My friendly advice is if you do not really use it, merely uninstall. However this is choice to do so or not and end of the day I respect whomever I assist with what they wish to have installed on their respective machines.

Temp' Disable TeaTimer:

This is so it will not hinder the malware removal process, you may re-enable when I give the all clear.

How to do so can be read here (http://forums.spybot.info/showpost.php?p=1150&postcount=2), scroll down to:-


When causing-S&D version 1.6.2 is installed

TeaTimer needs to be disabled so that its protection does not interfere with fixes.

Scan with WVCheck:

Please download WVCheck (http://artellos.com/ccount/click.php?id=7) and save it to the desktop.


Right-click on WVCheck.exe and select Run as Administrator >> follow the prompts.
The scan may take some time depending on the Hard-Drive size.
Please post the contents of the notepad file WVCheck_nnnn_dd-mm-yyyy that can be located on the desktop.

Next:

Let myself know when completed the above. Post the requested WVCheck log and we will then go from there, thank you.

Nick443
2014-03-17, 07:56
Pando is for a game I play without it I cant play the game (league of legands) so I will need to keep it installed for the time being.

I removed windows security essentials.

Sorry it took so long to reply I didn't relize someone combined my post and reposted so I ddint notice you came to help.

Here is the log

Windows Validation Check
Version: 1.9.12.5
Log Created On: 0050_17-03-2014
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates and install them automatically.
-----------------------
Last Success Time for Update Detection: 2014-03-17 02:02:21
Last Success Time for Update Download: 2014-03-16 06:33:29
Last Success Time for Update Installation: 2014-03-16 06:33:37


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
C:\Windows\System32\slwga.dll
Size: 14336 bytes
Creation; 20/11/2010 21:23:48
Modification; 20/11/2010 21:23:48
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\SysWOW64\slwga.dll
Size: 14336 bytes
Creation; 20/11/2010 21:23:48
Modification; 20/11/2010 21:23:48
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55\slwga.dll
Size: 15360 bytes
Creation; 20/11/2010 21:24:21
Modification; 20/11/2010 21:24:21
MD5; b6d6886149573278cba6abd44c4317f5
Matched: slwga.dll
-----------------------
C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
Size: 14336 bytes
Creation; 20/11/2010 21:23:48
Modification; 20/11/2010 21:23:48
MD5; 19f75d71e4256f5113d64ce2bb66b838
Matched: slwga.dll
-----------------------


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's HOSTS File Check
-----------------------
WVCheck found no bad lines in the hosts file.


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 5e0db2d8b2750543cd2ebb9ea8e6cdd3


-------- End of File, program close at 0053_17-03-2014 --------

Dakeyras
2014-03-17, 11:49
Hi. :)


Pando is for a game I play without it I cant play the game (league of legands) so I will need to keep it installed for the time being.
Fair play.


I removed windows security essentials.
OK.


Sorry it took so long to reply I didn't relize someone combined my post and reposted so I ddint notice you came to help.
Not a problem.

Now we have the preliminary steps out of the way; lets proceed as follows to see if I can ascertain what the exact problems are as follows...

Download/run Rkill:

Please download Rkill from one of the following links and save to your desktop:

One (http://download.bleepingcomputer.com/grinler/rkill.exe), Two (http://download.bleepingcomputer.com/grinler/rkill.com),Three (http://download.bleepingcomputer.com/grinler/rkill.scr), Four (http://download.bleepingcomputer.com/grinler/iExplore.exe) or Five (http://download.bleepingcomputer.com/grinler/eXplorer.exe)


Double click on Rkill.
A command window will open then disappear upon completion, this is normal.
Post the log created, found on the desktop rkill.txt. in your next reply.

Note: If one fails to work delete it and download/try another version.

Scan with MBAM-Check:

Please download MBAM-Check from here (http://downloads.malwarebytes.org/file/mbam_check) and save to your desktop.


Right-click on mbam-check-2.0.0.1000.exe and select Run as Administrator to launch the application
It will now begin to scan...and upon completion open a notepad file.
Please attach the CheckResults.txt file which should now be located on your desktop to your next reply.

Scan with Farbar Recovery Scan Tool:

Please download and save Farbar Recovery Scan Tool 64-Bit (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) to your Desktop.


Right-click on FRST.exe and select Run as Administrator to start FRST >> follow the prompt/click on Yes
Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
There will now be two logs on your desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.

Next:

When completed the above, please post back the following in the order asked for:


How is your computer performing now, any further symptoms and or problems encountered ?
Rkill Log.
MBAM-Check Log(attach this one).
Both FRST logs. <-- Post them individually please, IE: one Log per post/reply.

Nick443
2014-03-17, 12:45
Here are the logs you wanted

My computer was never running terribly ie was kinda slow and would lock up but since I got rid of security essentials its seems to be better


Rkill 2.6.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/17/2014 05:34:52 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* Cannot edit the HOSTS file.
* Permissions Fixed. Administrators can now edit the HOSTS file.

* HOSTS file entries found:

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com

20 out of 15492 HOSTS entries shown.
Please review HOSTS file for further entries.

Program finished at: 03/17/2014 05:35:20 AM
Execution time: 0 hours(s), 0 minute(s), and 27 seconds(s)


mbam-check result log version: 2.0.0.1000

Malwarebytes Version: REG_SZ 1.75.0.1300

Date Log Created: 03/17/14
Time Log Created: 05:36:44

User Account type: Administrator

64 bit Operating System

Product Name: REG_SZ Windows 7 Professional

Current Build Number: 7601

Current Version Number: 6.1

Current CSDVersion: Service Pack 1

Proxy Status: No proxy is Set

LAN Settings:
=============

only 'Automatically detect settings' is selected

SystemPartition:
================

HKEY_LOCAL_MACHINE\SYSTEM\Setup\
SystemPartition REG_SZ \Device\HarddiskVolume1

Balloon Tips Status:
====================

Enabled

Time Format Settings:
=====================

Should be:
h:mm:ss tt
AM
PM
:

Currently:
REG_SZ h:mm:ss tt
REG_SZ AM
REG_SZ PM
REG_SZ :

Language and Regional Settings:
===============================

ACP: Language is English (United States)
MACCP: Language is English (United States)
OEMCP: Language is English (United States)

Startup Folders for Error_Expanding_Variables Check:
====================================================

All Users Startup Folder Exists.
Current User's Startup Folder Exists.


Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
===============================================================================

TERMService:
==============
Type : 32
State : 1 (The service is not running.) (State is stopped)
WIN32_EXIT_CODE : 1077
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0


TermService Start is set to: 3 (Manual Startup)

Compatibility Flag Settings (Any MBAM file listings should be removed):
=======================================================================


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
SIGN.MEDIA=2D222 PortableApps\UnWrapperGOTDPortable\UnWrapper_GOTD_v1.exeREG_SZ ELEVATECREATEPROCESS
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
C:\Program Files (x86)\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exeREG_SZ ELEVATECREATEPROCESS


Malwarebytes Anti-Malware Shell Extension Block Check:
======================================================



MBAM Startup Entries:
=====================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Service and Driver Status:
==========================

<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector


<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService


<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler


<--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon


MBAMProtector Registry Values:
==============================


MBAMService Registry Values:
============================


MBAMScheduler Registry Values:
==============================



MBAM DLL's and Runtime Files:
=============================





























MBAM Registry Settings and License Info:
========================================


HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware
advancedheuristics REG_DWORD 1
downloadprogram REG_DWORD 1
hidereg REG_DWORD 0
detectp2p REG_DWORD 0
detectpum REG_DWORD 1
detectpup REG_DWORD 2
updatewarn REG_DWORD 1
updatewarndays REG_DWORD 7
useproxy REG_DWORD 0
useauthentication REG_DWORD 0
contextmenu REG_DWORD 1
reportthreats REG_DWORD 1
startwithwindows REG_DWORD 1
startfsdisabled REG_DWORD 0
startipdisabled REG_DWORD 0
silentipmode REG_DWORD 0
autoquarantine REG_DWORD 1
notifyinstallprogram REG_DWORD 1
trialpromptshown REG_DWORD 0
autoquarantinenotify REG_DWORD 1
alwaysscanarchives REG_DWORD 1
InstallPath REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
dbdate REG_SZ Thu, 04 Apr 2013 18:41:20 GMT
dbversion REG_SZ v2013.04.04.07
programversion REG_SZ 1.75.0.1300
programbuild REG_SZ consumer


HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware
alwaysscanfiles REG_DWORD 1
alwaysscanheuristics REG_DWORD 1
alwaysscanmemory REG_DWORD 1
alwaysscanregistry REG_DWORD 1
alwaysscanstartups REG_DWORD 1
autosavelog REG_DWORD 1
openlog REG_DWORD 1
defaultscan REG_DWORD 0
terminateie REG_DWORD 0
Language REG_SZ English.lng




Pending File Rename Operations:
================================
If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
PendingFileRenameOperations REG_MULTI_SZ \??\C:\Windows\system32\SET7BB1.tmp



Scheduler Queue:
================



Context Menu Entries:
=====================





HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt
(Default): REG_SZ MBAMShlExt Class
HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1
(Default): REG_SZ MBAMShlExt Class









MBAM Drivers:
=============



Required Dependencies:
======================

BFE:
==============
Type : 32
State : 4 (The service is running.)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
DisplayName REG_SZ @%SystemRoot%\system32\bfe.dll,-1001
Group REG_SZ NetworkProvider
ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Description REG_SZ @%SystemRoot%\system32\bfe.dll,-1002
ObjectName REG_SZ NT AUTHORITY\LocalService
ErrorControl REG_DWORD 1
Start REG_DWORD 2
Type REG_DWORD 32
DependOnService REG_MULTI_SZ RpcSs

ServiceSidType REG_DWORD 3
RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege

FailureActions REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll
ServiceDllUnloadOnStop REG_DWORD 1
ServiceMain REG_SZ BfeServiceMain
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
{dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data

{2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data

{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data

{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data

{0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data

{12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data

{c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data

{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data

{074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data

{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data

{a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data

{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data

{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data

{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
{dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data

{f444c576-6e60-4ea2-9faa-80d57ed12cd2}REG_BINARY Binary Data

{0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data

{12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data

{c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data

{0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data

{4d9581d2-aef8-4993-84cd-b986ced80d42}REG_BINARY Binary Data

{be7cbdf4-b192-4aa5-94f8-1fb5c5ee07bc}REG_BINARY Binary Data

{716b48eb-0a35-4a76-92ab-1d987230d288}REG_BINARY Binary Data

{1165065e-4996-4338-abaf-4b8556b4d431}REG_BINARY Binary Data

{07a24961-a760-4e80-b263-6d275e1b09cb}REG_BINARY Binary Data

{5b0cb2e2-ab87-4974-9f1c-2f22a654eeb9}REG_BINARY Binary Data

{b6b2ca61-fb98-4422-adc2-e7cf56b3680c}REG_BINARY Binary Data

{0aa7fff8-919f-453c-928c-28a12122ba38}REG_BINARY Binary Data

{074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data

{c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data

{a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data

{0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data

{91ffecf0-0a9e-4572-95f1-a7111af86967}REG_BINARY Binary Data

{64e55933-15a5-495d-a928-ccca43d44875}REG_BINARY Binary Data

{13bfd422-6f75-4408-8924-9400ec0cb19c}REG_BINARY Binary Data

{cbfb56db-3c85-4543-9bc2-76ea28cdd74e}REG_BINARY Binary Data

{2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data

{375fb39b-08c6-40f2-bdf2-08fa63f970a2}REG_BINARY Binary Data

{2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data

{c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data

{b6fdab6b-dcc6-43e3-99ce-7aeca65063a4}REG_BINARY Binary Data

{3697a558-3ed3-49be-a4c1-c1a4448653b4}REG_BINARY Binary Data

{935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data

{941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data

{b02a4013-b6b5-4859-9168-1e3299e43b24}REG_BINARY Binary Data

{d870c96c-75ee-46a6-8a02-8e4401a73423}REG_BINARY Binary Data

{8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8}REG_BINARY Binary Data

{4137b143-2770-43d4-91a2-55bb0a069830}REG_BINARY Binary Data

{3180114b-8338-4740-9a16-444134ad62f4}REG_BINARY Binary Data

{17043d46-fac2-4561-bca1-0c7a05e95f5f}REG_BINARY Binary Data

{567d3836-3f5b-4067-b9c4-952f677010a2}REG_BINARY Binary Data

{4e718c57-c397-4221-9fbb-14fd51701d6a}REG_BINARY Binary Data

{3a90a266-1519-4d23-911b-e84cd0f02ab8}REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
{decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data

{4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data

{1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data

{aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary Data

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
{b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data

{b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data

{b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data

{9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data

fltmgr:
==============
Type : 2
State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0
SERVICE_EXIT_CODE : 0
CHECKPOINT : 0
WAIT_HINT : 0


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
AttachWhenLoaded REG_DWORD 1
DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
Group REG_SZ FSFilter Infrastructure
ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys
Description REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
ErrorControl REG_DWORD 3
Start REG_DWORD 0
Tag REG_DWORD 1
Type REG_DWORD 2
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
0 REG_SZ Root\LEGACY_FLTMGR\0000
Count REG_DWORD 1
NextInstance REG_DWORD 1
C:\Windows\system32\drivers\fltmgr.sys File Size: 289664 BYTES FileVersion: 6.1.7601.17514
C:\Windows\SysWOW64\comctl32.ocx File Size: 608448 BYTES FileVersion: 6.0.81.5
C:\Windows\SysWOW64\mscomctl.ocx File Size: 1066176 BYTES FileVersion: 6.0.88.62
C:\Windows\SysWOW64\olepro32.dll File Size: 90112 BYTES FileVersion: 6.1.7601.17514


List of MBAM Related Directories:
=================================

C:\Program Files (x86)\Malwarebytes' Anti-Malware

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware

C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration
local.conf File Size: 321 BYTES

===============================================================
END OF FILE

Nick443
2014-03-17, 12:47
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Precision M6300 at 2014-03-17 05:39:17
Running from C:\Users\Precision M6300\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLG1LL94
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
avast! Pro Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2013 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.4822 - CyberLink Corp.)
CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.4822 - CyberLink Corp.) Hidden
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version: - The Creative Assembly)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5130.5001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 332.76 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.76 - NVIDIA Corporation)
NVIDIA Control Panel 332.76 (Version: 332.76 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 332.76 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.76 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA nView 141.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.00 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3276 - NVIDIA Corporation) Hidden
NVIDIA WMI 2.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.16.0 - NVIDIA Corporation)
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Spiral Knights (HKLM-x32\...\Steam App 99900) (Version: - Three Rings)
Star Trek Online (HKLM-x32\...\Steam App 9900) (Version: - Cryptic Studios)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version: - Ubisoft Montreal)

==================== Restore Points =========================

14-03-2014 13:11:33 Windows Update
17-03-2014 02:41:14 Installed DirectX
17-03-2014 02:42:55 Installed Microsoft Visual C++ 2005 Redistributable
17-03-2014 08:39:00 Installed DirectX

==================== Hosts content: ==========================

2009-07-13 21:34 - 2014-03-14 09:14 - 00450712 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {104D1D47-DA4F-497D-A51A-8D1C7F4B20CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-14] (Google Inc.)
Task: {30603121-35E4-46E1-B6C9-083575D54262} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-14] (Google Inc.)
Task: {6CE2919B-E325-4D31-97B1-413259F42E60} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-13] (AVAST Software)
Task: {8D4555A5-4C15-46E6-B9D1-441023258507} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
Task: {A0E344A8-6EFF-4B73-BB40-4953725D5336} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-01-04 00:21 - 2014-03-04 13:35 - 00711456 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2010-11-17 10:35 - 2010-11-17 10:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2013-08-31 12:52 - 2014-03-04 12:10 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-01-04 00:22 - 2014-03-04 13:35 - 02513752 _____ () C:\Windows\system32\nvwmi64.exe
2014-03-15 17:02 - 2014-03-15 14:17 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031501\algo.dll
2014-03-17 04:53 - 2014-03-17 04:20 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031700\algo.dll
2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2014-03-13 01:34 - 2014-03-13 01:34 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-03-12 20:15 - 2013-12-12 17:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-03-12 20:15 - 2013-11-04 20:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2014-03-12 20:16 - 2014-02-10 21:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2014-03-12 20:15 - 2014-02-25 16:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2014-03-12 20:15 - 2014-01-10 18:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2014-03-12 20:15 - 2013-06-14 18:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2014-03-12 20:15 - 2013-06-14 18:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2014-03-12 20:15 - 2013-06-14 18:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-03-12 20:15 - 2014-02-25 16:57 - 00119488 _____ () C:\Program Files (x86)\Steam\bin\audio.dll
2014-03-12 20:15 - 2013-06-14 18:49 - 00071680 _____ () C:\Program Files (x86)\Steam\bin\mssmp3.asi
2014-03-12 20:15 - 2013-06-14 18:49 - 00153088 _____ () C:\Program Files (x86)\Steam\bin\mssvoice.asi

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/04/2010 00:23:10 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (01/04/2010 00:06:41 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2010 00:01:01 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/15/2014 02:51:43 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (03/15/2014 02:25:05 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/15/2014 00:57:52 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/14/2014 06:55:53 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/14/2014 09:45:38 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

Error: (03/14/2014 08:24:26 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/14/2014 07:40:22 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (01/04/2010 00:06:11 AM) (Source: Service Control Manager) (User: )
Description: The avast! Firewall service failed to start due to the following error:
%%2

Error: (01/04/2010 00:00:44 AM) (Source: Service Control Manager) (User: )
Description: The avast! Firewall service failed to start due to the following error:
%%2

Error: (03/15/2014 00:57:26 AM) (Source: Service Control Manager) (User: )
Description: The avast! Firewall service failed to start due to the following error:
%%2

Error: (03/15/2014 00:57:20 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:56:17 AM on ‎3/‎15/‎2014 was unexpected.

Error: (03/15/2014 00:00:03 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (03/14/2014 08:22:59 AM) (Source: Service Control Manager) (User: )
Description: The avast! Firewall service failed to start due to the following error:
%%2

Error: (03/14/2014 07:38:57 AM) (Source: Service Control Manager) (User: )
Description: The avast! Firewall service failed to start due to the following error:
%%2

Error: (03/14/2014 07:38:53 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:37:52 AM on ‎3/‎14/‎2014 was unexpected.

Error: (03/14/2014 06:46:18 AM) (Source: Service Control Manager) (User: )
Description: The avast! Firewall service failed to start due to the following error:
%%2

Error: (03/14/2014 06:44:33 AM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (01/04/2010 00:23:10 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (01/04/2010 00:06:41 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2010 00:01:01 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/15/2014 02:51:43 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (03/15/2014 02:25:05 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/15/2014 00:57:52 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/14/2014 06:55:53 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/14/2014 09:45:38 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

Error: (03/14/2014 08:24:26 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/14/2014 07:40:22 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info ===========================

Percentage of memory in use: 39%
Total physical RAM: 4094.13 MB
Available physical RAM: 2474.9 MB
Total Pagefile: 8186.44 MB
Available Pagefile: 6461.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:148.95 GB) (Free:79.81 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 97BE5B6A)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Nick443
2014-03-17, 12:48
the FRST file was to long and I can post it

Dakeyras
2014-03-17, 12:57
the FRST file was to long and I can post it
Just send it to a zip file please and then attach that in your next reply. :)

Nick443
2014-03-17, 13:07
here you go

Dakeyras
2014-03-17, 14:32
Hi. :)


My computer was never running terribly ie was kinda slow and would lock up but since I got rid of security essentials its seems to be better
Acknowledged.

Disable Windows Defender:

Apart from hindering the malware removal process it will be in conflict with the presently installed avast! Pro Antivirus.

How to disable it can be read here (http://www.sevenforums.com/tutorials/6397-windows-defender-turn-off.html).

Download/Run MBAM Clean:

Please download this tool (http://www.malwarebytes.org/mbam-clean.exe) to your desktop.

Right-click on mbam-clean-1.60.2.0003.exe and select Run as Administrator >> follow the prompts.

Custom FRST Script:

Both FRST and the fixlist need to be on your desktop for the below to be processed successfully.

It appears you ran the actual FRST scan from this location:


Running from C:\Users\Precision M6300\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLG1LL94

Please download the attached fixlist.txt(see below) and save to the desktop.


Now right-click on FRST.exe and select Run as Administrator to start FRST.
Then click on the Fix button/radio tab >> at the Fix completed prompt click on OK
A log will now open named Fixlog and it will also be on the desktop >> close FRST.
Reboot your machine(ensure you do this) and post the contents of the aforementioned Fixlog in your next reply.

Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.

Dakeyras
2014-03-20, 14:41
Due to the lack of feedback this Topic is closed.

If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of DDS logs and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.