Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Need help removeing maleware

  1. #1
    Junior Member
    Join Date
    Mar 2014
    Posts
    6

    Default Need help removeing maleware

    I just got a new Laptop off Ebay and its running really slow. IE and google Chrome are always locking up and I tried to install MBAM but it saying cant find user32.dll but I looked in the system 32 file and the file is there. So I was wondering if anyone could help me to determine if I am effected. I am kinda suspicious being I got the laptop online. Thank you

    Sorry I didn't see the read this before you post forum. So here is the logs you guys want. Sorry about that and thanks for the help.

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 11.0.9600.16521 BrowserJavaVersion: 10.51.2
    Run by Precision M6300 at 0:42:02 on 2014-03-15
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4094.2353 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
    .
    ============== Running Processes ===============



    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2014-03-15 00:44:08
    -----------------------------
    00:44:08.295 OS Version: Windows x64 6.1.7601 Service Pack 1
    00:44:08.295 Number of processors: 2 586 0xF0B
    00:44:08.295 ComputerName: PRECISIONM6300 UserName:
    00:44:09.855 Initialize success
    00:44:13.973 AVAST engine defs: 14031401
    00:44:30.883 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
    00:44:30.883 Disk 0 Vendor: ST9160823ASG 3.ADD Size: 152627MB BusType: 3
    00:44:31.008 Disk 0 MBR read successfully
    00:44:31.008 Disk 0 MBR scan
    00:44:31.008 Disk 0 Windows 7 default MBR code
    00:44:31.024 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    00:44:31.039 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
    00:44:31.164 Disk 0 scanning C:\Windows\system32\drivers
    00:44:38.949 Service scanning
    00:44:55.921 Modules scanning
    00:44:55.921 Disk 0 trace - called modules:
    00:44:55.968 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
    00:44:55.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80042d9060]
    00:44:56.499 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80040e9060]
    00:44:56.998 AVAST engine scan C:\Windows
    00:44:58.183 AVAST engine scan C:\Windows\system32
    00:47:51.291 AVAST engine scan C:\Windows\system32\drivers
    00:48:00.838 AVAST engine scan C:\Users\Precision M6300
    00:50:13.412 AVAST engine scan C:\ProgramData
    00:50:44.536 Scan finished successfully
    00:51:29.714 Disk 0 MBR has been saved successfully to "C:\Users\Precision M6300\Desktop\MBR.dat"
    00:51:29.745 The log file has been saved successfully to "C:\Users\Precision M6300\Desktop\aswMBR.txt"
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    C:\Windows\system32\taskhost.exe
    C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe
    C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.202\deploy\LoLLauncher.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\System32\MsSpellCheckingFacility.exe
    C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.dell.com
    uDefault_Page_URL = hxxp://www.dell.com
    mWinlogon: Userinit = userinit.exe
    BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    StartupFolder: C:\Users\PRECIS~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ERUNTA~1.LNK - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    .
    INFO: HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{68BB8804-2288-49BF-93D1-4652893DB5D7} : DHCPNameServer = 192.168.1.254
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.149\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    .
    INFO: x64-HKLM has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    x64-SSODL: WebCheck - <orphaned>
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-3-13 65776]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-3-13 207904]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-8-24 55856]
    R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2014-3-13 28184]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-3-13 1038072]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2014-3-13 421704]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-3-13 78648]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-3-13 50344]
    R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 134944]
    R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
    R3 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-3-13 80184]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
    R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
    R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
    R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
    R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
    R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
    R3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    R3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S2 avast! Firewall;avast! Firewall;"C:\Program Files\AVAST Software\Avast\afwServ.exe" --> C:\Program Files\AVAST Software\Avast\afwServ.exe [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2014-3-14 1153368]
    S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
    S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-3-14 111616]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-2-15 80384]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-2-15 180736]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-8-31 19456]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-3-14 56832]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-8-31 30208]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-8-31 1255736]
    .
    =============== Created Last 30 ================
    .
    2014-03-14 13:49:15 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2014-03-14 13:49:15 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2014-03-14 13:14:57 10536864 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3F32A48A-A026-419A-989E-8DCFC4B8C164}\mpengine.dll
    2014-03-14 13:14:17 548864 ----a-w- C:\Windows\System32\vbscript.dll
    2014-03-14 13:14:17 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-03-14 13:09:29 6574592 ----a-w- C:\Windows\System32\mstscax.dll
    2014-03-14 13:09:29 5694464 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2014-03-14 12:30:27 1008128 ----a-w- C:\Windows\System32\USER32 (2).dll
    2014-03-14 12:28:26 -------- d-----w- C:\Windows\Migration
    2014-03-14 12:20:47 44544 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll
    2014-03-14 12:15:57 -------- d-----w- C:\Users\Precision M6300\AppData\Local\Google
    2014-03-14 12:15:19 -------- d-----w- C:\Users\Precision M6300\AppData\Local\Apps
    2014-03-14 12:15:18 -------- d-----w- C:\Users\Precision M6300\AppData\Local\Deployment
    2014-03-14 12:10:44 1008128 ----a-w- C:\Windows\system\USER32.dll
    2014-03-14 12:01:02 792576 ----a-w- C:\Windows\SysWow64\TSWorkspace.dll
    2014-03-14 12:01:02 1030144 ----a-w- C:\Windows\System32\TSWorkspace.dll
    2014-03-14 11:37:07 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-03-14 09:07:27 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BD793EB2-C0A1-4C92-B473-C0824A59F933}\gapaengine.dll
    2014-03-14 09:07:11 10536864 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2014-03-14 07:02:11 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
    2014-03-14 07:02:11 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
    2014-03-14 07:02:07 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
    2014-03-14 07:01:34 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
    2014-03-14 07:01:30 -------- d-----w- C:\Riot Games
    2014-03-14 06:57:33 -------- d-----w- C:\Users\Precision M6300\AppData\Local\PMB Files
    2014-03-14 06:57:30 -------- d-----w- C:\ProgramData\PMB Files
    2014-03-14 06:57:21 -------- d-----w- C:\Program Files (x86)\Pando Networks
    2014-03-14 06:52:54 -------- d-----w- C:\Users\Precision M6300\AppData\Roaming\Riot Games
    2014-03-14 06:50:22 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2014-03-13 21:54:42 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
    2014-03-13 21:54:42 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
    2014-03-13 21:54:42 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
    2014-03-13 21:54:41 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
    2014-03-13 21:54:41 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
    2014-03-13 21:54:41 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
    2014-03-13 21:54:41 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
    2014-03-13 13:50:23 -------- d-----w- C:\ProgramData\Oracle
    2014-03-13 13:45:20 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-03-13 13:36:48 -------- d-----w- C:\NVIDIA
    2014-03-13 08:54:06 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
    2014-03-13 08:54:06 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    2014-03-13 08:54:04 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2014-03-13 08:54:03 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2014-03-13 06:36:06 -------- d-----w- C:\Users\Precision M6300\AppData\Roaming\AVAST Software
    2014-03-13 06:35:19 440672 ----a-w- C:\Windows\System32\drivers\aswndisflt.sys
    2014-03-13 06:34:54 80184 ----a-w- C:\Windows\System32\drivers\aswStm.sys
    2014-03-13 06:34:54 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2014-03-13 06:34:53 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2014-03-13 06:34:52 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2014-03-13 06:34:50 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2014-03-13 06:34:50 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2014-03-13 06:34:49 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
    2014-03-13 06:34:43 43152 ----a-w- C:\Windows\avastSS.scr
    2014-03-13 06:15:20 -------- d-----w- C:\Program Files\AVAST Software
    2014-03-13 06:06:01 -------- d-----w- C:\ProgramData\AVAST Software
    2014-03-13 01:55:05 1031560 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2014-03-13 01:55:00 484864 ----a-w- C:\Windows\System32\wer.dll
    2014-03-13 01:55:00 228864 ----a-w- C:\Windows\System32\wwansvc.dll
    2014-03-13 01:53:59 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
    2014-03-13 01:52:31 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2014-03-13 01:49:55 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll
    2014-03-13 01:44:16 461312 ----a-w- C:\Windows\System32\scavengeui.dll
    2014-03-13 01:41:44 -------- d-----w- C:\Users\Precision M6300\AppData\Roaming\NVIDIA
    2014-03-13 01:39:59 25936 ----a-w- C:\Windows\System32\X3DAudio1_5.dll
    2014-03-13 01:16:44 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
    2014-03-13 01:12:45 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
    2014-03-13 01:12:42 -------- d-----w- C:\Program Files (x86)\Steam
    2014-03-10 14:37:57 -------- d-----w- C:\Users\Precision M6300\AppData\Local\Diagnostics
    .
    ==================== Find3M ====================
    .
    2014-03-13 01:23:37 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-03-13 01:23:37 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
    2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
    2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
    2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
    2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
    2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
    2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
    2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
    2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
    2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
    2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
    2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
    2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
    2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
    2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
    2014-01-24 06:27:12 6676768 ----a-w- C:\Windows\System32\nvcpl.dll
    2014-01-24 06:27:12 3496224 ----a-w- C:\Windows\System32\nvsvc64.dll
    2014-01-24 06:27:08 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
    2014-01-24 06:27:08 67072 ----a-w- C:\Windows\System32\nv3dappshextr.dll
    2014-01-24 06:27:08 63776 ----a-w- C:\Windows\System32\nvshext.dll
    2014-01-24 06:27:08 386336 ----a-w- C:\Windows\System32\nvmctray.dll
    2014-01-24 06:27:08 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
    2014-01-24 06:27:08 1070368 ----a-w- C:\Windows\System32\nv3dappshext.dll
    2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
    2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
    2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
    .
    ============= FINISH: 0:43:03.63 ===============


    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2014-03-15 00:44:08
    -----------------------------
    00:44:08.295 OS Version: Windows x64 6.1.7601 Service Pack 1
    00:44:08.295 Number of processors: 2 586 0xF0B
    00:44:08.295 ComputerName: PRECISIONM6300 UserName:
    00:44:09.855 Initialize success
    00:44:13.973 AVAST engine defs: 14031401
    00:44:30.883 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1
    00:44:30.883 Disk 0 Vendor: ST9160823ASG 3.ADD Size: 152627MB BusType: 3
    00:44:31.008 Disk 0 MBR read successfully
    00:44:31.008 Disk 0 MBR scan
    00:44:31.008 Disk 0 Windows 7 default MBR code
    00:44:31.024 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    00:44:31.039 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152525 MB offset 206848
    00:44:31.164 Disk 0 scanning C:\Windows\system32\drivers
    00:44:38.949 Service scanning
    00:44:55.921 Modules scanning
    00:44:55.921 Disk 0 trace - called modules:
    00:44:55.968 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
    00:44:55.968 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80042d9060]
    00:44:56.499 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa80040e9060]
    00:44:56.998 AVAST engine scan C:\Windows
    00:44:58.183 AVAST engine scan C:\Windows\system32
    00:47:51.291 AVAST engine scan C:\Windows\system32\drivers
    00:48:00.838 AVAST engine scan C:\Users\Precision M6300
    00:50:13.412 AVAST engine scan C:\ProgramData
    00:50:44.536 Scan finished successfully
    00:51:29.714 Disk 0 MBR has been saved successfully to "C:\Users\Precision M6300\Desktop\MBR.dat"
    00:51:29.745 The log file has been saved successfully to "C:\Users\Precision M6300\Desktop\aswMBR.txt"
    Attached Files Attached Files
    Last edited by tashi; 2014-03-15 at 20:53. Reason: Merged posts :-)

  2. #2
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

    If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.
    Hi and welcome to Safer Networking

    I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:

    • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
    • The fixes are specific to your problem and should only be used for this issue on this machine!
    • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
    • If you don't know, stop and ask! Don't keep going on.
    • Please reply to this thread. Do not start a new topic.
    • Refrain from running self fixes as this will hinder the malware removal process.
    • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
    • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

    Before we start:

    Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

    Because of this, I advise you to backup any personal files and folders before you start.

    Mutiple AntiVirus Advice:

    It appears both avast! Pro Antivirus and Microsoft Security Essentials are installed and active in the System Memory. This will certainly affect overall performance and actually be causing a system conflict and lesson overall online security etc.

    So please decide which one you wish to keep installed and uninstall one of the aforementioned only.

    Pando Media Booster Advice:

    I see you have Pando Media Booster installed, maybe intentionally and or came with one of your installed games for example(or already installed when purchased). Technically this type of software is based upon peer to peer technology and you can never really be sure what it is purportedly downloading is always safe. Plus it does not always make that much of a improvement with downloading.

    My friendly advice is if you do not really use it, merely uninstall. However this is choice to do so or not and end of the day I respect whomever I assist with what they wish to have installed on their respective machines.

    Temp' Disable TeaTimer:

    This is so it will not hinder the malware removal process, you may re-enable when I give the all clear.

    How to do so can be read here, scroll down to:-

    When causing-S&D version 1.6.2 is installed

    TeaTimer needs to be disabled so that its protection does not interfere with fixes.
    Scan with WVCheck:

    Please download WVCheck and save it to the desktop.

    • Right-click on WVCheck.exe and select Run as Administrator >> follow the prompts.
    • The scan may take some time depending on the Hard-Drive size.
    • Please post the contents of the notepad file WVCheck_nnnn_dd-mm-yyyy that can be located on the desktop.

    Next:

    Let myself know when completed the above. Post the requested WVCheck log and we will then go from there, thank you.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  3. #3
    Junior Member
    Join Date
    Mar 2014
    Posts
    6

    Default

    Pando is for a game I play without it I cant play the game (league of legands) so I will need to keep it installed for the time being.

    I removed windows security essentials.

    Sorry it took so long to reply I didn't relize someone combined my post and reposted so I ddint notice you came to help.

    Here is the log

    Windows Validation Check
    Version: 1.9.12.5
    Log Created On: 0050_17-03-2014
    -----------------------

    Windows Information
    -----------------------
    Windows Version: Windows 7 Service Pack 1
    Windows Mode: Normal
    Systemroot Path: C:\Windows

    WVCheck's Auto Update Check
    -----------------------
    Auto-Update Option: Download updates and install them automatically.
    -----------------------
    Last Success Time for Update Detection: 2014-03-17 02:02:21
    Last Success Time for Update Download: 2014-03-16 06:33:29
    Last Success Time for Update Installation: 2014-03-16 06:33:37


    WVCheck's Registry Check Check
    -----------------------
    Antiwpa: Not Found
    -----------------------
    Chew7Hale: Not Found
    -----------------------


    WVCheck's File Dump
    -----------------------
    C:\Windows\System32\slwga.dll
    Size: 14336 bytes
    Creation; 20/11/2010 21:23:48
    Modification; 20/11/2010 21:23:48
    MD5; 19f75d71e4256f5113d64ce2bb66b838
    Matched: slwga.dll
    -----------------------
    C:\Windows\SysWOW64\slwga.dll
    Size: 14336 bytes
    Creation; 20/11/2010 21:23:48
    Modification; 20/11/2010 21:23:48
    MD5; 19f75d71e4256f5113d64ce2bb66b838
    Matched: slwga.dll
    -----------------------
    C:\Windows\winsxs\amd64_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_5d778f71b9f4fd55\slwga.dll
    Size: 15360 bytes
    Creation; 20/11/2010 21:24:21
    Modification; 20/11/2010 21:24:21
    MD5; b6d6886149573278cba6abd44c4317f5
    Matched: slwga.dll
    -----------------------
    C:\Windows\winsxs\x86_microsoft-windows-security-spp-wga_31bf3856ad364e35_6.1.7601.17514_none_0158f3ee01978c1f\slwga.dll
    Size: 14336 bytes
    Creation; 20/11/2010 21:23:48
    Modification; 20/11/2010 21:23:48
    MD5; 19f75d71e4256f5113d64ce2bb66b838
    Matched: slwga.dll
    -----------------------


    WVCheck's Dir Dump
    -----------------------
    WVCheck found no known bad directories.


    WVCheck's Missing File Check
    -----------------------
    WVCheck found no missing Windows files.


    WVCheck's HOSTS File Check
    -----------------------
    WVCheck found no bad lines in the hosts file.


    WVCheck's MD5 Check
    EXPERIMENTAL!!
    -----------------------
    user32.dll - 5e0db2d8b2750543cd2ebb9ea8e6cdd3


    -------- End of File, program close at 0053_17-03-2014 --------

  4. #4
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Hi.

    Pando is for a game I play without it I cant play the game (league of legands) so I will need to keep it installed for the time being.
    Fair play.

    I removed windows security essentials.
    OK.

    Sorry it took so long to reply I didn't relize someone combined my post and reposted so I ddint notice you came to help.
    Not a problem.

    Now we have the preliminary steps out of the way; lets proceed as follows to see if I can ascertain what the exact problems are as follows...

    Download/run Rkill:

    Please download Rkill from one of the following links and save to your desktop:

    One, Two,Three, Four or Five

    • Double click on Rkill.
    • A command window will open then disappear upon completion, this is normal.
    • Post the log created, found on the desktop rkill.txt. in your next reply.

    Note: If one fails to work delete it and download/try another version.

    Scan with MBAM-Check:

    Please download MBAM-Check from here and save to your desktop.

    • Right-click on mbam-check-2.0.0.1000.exe and select Run as Administrator to launch the application
    • It will now begin to scan...and upon completion open a notepad file.
    • Please attach the CheckResults.txt file which should now be located on your desktop to your next reply.

    Scan with Farbar Recovery Scan Tool:

    Please download and save Farbar Recovery Scan Tool 64-Bit to your Desktop.

    • Right-click on FRST.exe and select Run as Administrator to start FRST >> follow the prompt/click on Yes
    • Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
    • Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
    • At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
    • There will now be two logs on your desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.

    Next:

    When completed the above, please post back the following in the order asked for:

    • How is your computer performing now, any further symptoms and or problems encountered ?
    • Rkill Log.
    • MBAM-Check Log(attach this one).
    • Both FRST logs. <-- Post them individually please, IE: one Log per post/reply.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  5. #5
    Junior Member
    Join Date
    Mar 2014
    Posts
    6

    Default

    Here are the logs you wanted

    My computer was never running terribly ie was kinda slow and would lock up but since I got rid of security essentials its seems to be better


    Rkill 2.6.5 by Lawrence Abrams (Grinler)
    http://www.bleepingcomputer.com/
    Copyright 2008-2014 BleepingComputer.com
    More Information about Rkill can be found at this link:
    http://www.bleepingcomputer.com/forums/topic308364.html

    Program started at: 03/17/2014 05:34:52 AM in x64 mode.
    Windows Version: Windows 7 Professional Service Pack 1

    Checking for Windows services to stop:

    * No malware services found to stop.

    Checking for processes to terminate:

    * No malware processes found to kill.

    Checking Registry for malware related settings:

    * No issues found in the Registry.

    Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

    Performing miscellaneous checks:

    * No issues found.

    Checking Windows Service Integrity:

    * No issues found.

    Searching for Missing Digital Signatures:

    * No issues found.

    Checking HOSTS File:

    * Cannot edit the HOSTS file.
    * Permissions Fixed. Administrators can now edit the HOSTS file.

    * HOSTS file entries found:

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com

    20 out of 15492 HOSTS entries shown.
    Please review HOSTS file for further entries.

    Program finished at: 03/17/2014 05:35:20 AM
    Execution time: 0 hours(s), 0 minute(s), and 27 seconds(s)


    mbam-check result log version: 2.0.0.1000

    Malwarebytes Version: REG_SZ 1.75.0.1300

    Date Log Created: 03/17/14
    Time Log Created: 05:36:44

    User Account type: Administrator

    64 bit Operating System

    Product Name: REG_SZ Windows 7 Professional

    Current Build Number: 7601

    Current Version Number: 6.1

    Current CSDVersion: Service Pack 1

    Proxy Status: No proxy is Set

    LAN Settings:
    =============

    only 'Automatically detect settings' is selected

    SystemPartition:
    ================

    HKEY_LOCAL_MACHINE\SYSTEM\Setup\
    SystemPartition REG_SZ \Device\HarddiskVolume1

    Balloon Tips Status:
    ====================

    Enabled

    Time Format Settings:
    =====================

    Should be:
    h:mm:ss tt
    AM
    PM
    :

    Currently:
    REG_SZ h:mm:ss tt
    REG_SZ AM
    REG_SZ PM
    REG_SZ :

    Language and Regional Settings:
    ===============================

    ACP: Language is English (United States)
    MACCP: Language is English (United States)
    OEMCP: Language is English (United States)

    Startup Folders for Error_Expanding_Variables Check:
    ====================================================

    All Users Startup Folder Exists.
    Current User's Startup Folder Exists.


    Terminal Services Status for (null) entries in PM logs and GetUserToken errors:
    ===============================================================================

    TERMService:
    ==============
    Type : 32
    State : 1 (The service is not running.) (State is stopped)
    WIN32_EXIT_CODE : 1077
    SERVICE_EXIT_CODE : 0
    CHECKPOINT : 0
    WAIT_HINT : 0


    TermService Start is set to: 3 (Manual Startup)

    Compatibility Flag Settings (Any MBAM file listings should be removed):
    =======================================================================


    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
    SIGN.MEDIA=2D222 PortableApps\UnWrapperGOTDPortable\UnWrapper_GOTD_v1.exeREG_SZ ELEVATECREATEPROCESS
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers
    C:\Program Files (x86)\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exeREG_SZ ELEVATECREATEPROCESS


    Malwarebytes Anti-Malware Shell Extension Block Check:
    ======================================================



    MBAM Startup Entries:
    =====================
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

    Service and Driver Status:
    ==========================

    <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMProtector


    <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMService


    <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMScheduler


    <--CAN NOT OPEN SC_HANDLE, SERVICE IS NOT RUNNING FOR: MBAMChameleon


    MBAMProtector Registry Values:
    ==============================


    MBAMService Registry Values:
    ============================


    MBAMScheduler Registry Values:
    ==============================



    MBAM DLL's and Runtime Files:
    =============================





























    MBAM Registry Settings and License Info:
    ========================================


    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Malwarebytes' Anti-Malware
    advancedheuristics REG_DWORD 1
    downloadprogram REG_DWORD 1
    hidereg REG_DWORD 0
    detectp2p REG_DWORD 0
    detectpum REG_DWORD 1
    detectpup REG_DWORD 2
    updatewarn REG_DWORD 1
    updatewarndays REG_DWORD 7
    useproxy REG_DWORD 0
    useauthentication REG_DWORD 0
    contextmenu REG_DWORD 1
    reportthreats REG_DWORD 1
    startwithwindows REG_DWORD 1
    startfsdisabled REG_DWORD 0
    startipdisabled REG_DWORD 0
    silentipmode REG_DWORD 0
    autoquarantine REG_DWORD 1
    notifyinstallprogram REG_DWORD 1
    trialpromptshown REG_DWORD 0
    autoquarantinenotify REG_DWORD 1
    alwaysscanarchives REG_DWORD 1
    InstallPath REG_SZ C:\Program Files (x86)\Malwarebytes' Anti-Malware
    dbdate REG_SZ Thu, 04 Apr 2013 18:41:20 GMT
    dbversion REG_SZ v2013.04.04.07
    programversion REG_SZ 1.75.0.1300
    programbuild REG_SZ consumer


    HKEY_CURRENT_USER\SOFTWARE\Malwarebytes' Anti-Malware
    alwaysscanfiles REG_DWORD 1
    alwaysscanheuristics REG_DWORD 1
    alwaysscanmemory REG_DWORD 1
    alwaysscanregistry REG_DWORD 1
    alwaysscanstartups REG_DWORD 1
    autosavelog REG_DWORD 1
    openlog REG_DWORD 1
    defaultscan REG_DWORD 0
    terminateie REG_DWORD 0
    Language REG_SZ English.lng




    Pending File Rename Operations:
    ================================
    If any Malwarebytes Anti-Malware items are listed below, the user must reboot to complete a Malwarebytes Anti-Malware upgrade installation.

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\
    PendingFileRenameOperations REG_MULTI_SZ \??\C:\Windows\system32\SET7BB1.tmp



    Scheduler Queue:
    ================



    Context Menu Entries:
    =====================





    HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt
    (Default): REG_SZ MBAMShlExt Class
    HKEY_CLASSES_ROOT\MBAMExt.MBAMShlExt.1
    (Default): REG_SZ MBAMShlExt Class









    MBAM Drivers:
    =============



    Required Dependencies:
    ======================

    BFE:
    ==============
    Type : 32
    State : 4 (The service is running.)
    WIN32_EXIT_CODE : 0
    SERVICE_EXIT_CODE : 0
    CHECKPOINT : 0
    WAIT_HINT : 0


    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE
    DisplayName REG_SZ @%SystemRoot%\system32\bfe.dll,-1001
    Group REG_SZ NetworkProvider
    ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
    Description REG_SZ @%SystemRoot%\system32\bfe.dll,-1002
    ObjectName REG_SZ NT AUTHORITY\LocalService
    ErrorControl REG_DWORD 1
    Start REG_DWORD 2
    Type REG_DWORD 32
    DependOnService REG_MULTI_SZ RpcSs

    ServiceSidType REG_DWORD 3
    RequiredPrivileges REG_MULTI_SZ SeAuditPrivilege

    FailureActions REG_BINARY Binary Data

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters
    ServiceDll REG_EXPAND_SZ %SystemRoot%\System32\bfe.dll
    ServiceDllUnloadOnStop REG_DWORD 1
    ServiceMain REG_SZ BfeServiceMain
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\BootTime\Filter
    {dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data

    {2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data

    {2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data

    {c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data

    {0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data

    {12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data

    {c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data

    {0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data

    {074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data

    {c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data

    {a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data

    {0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data

    {935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data

    {941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Callout
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Filter
    {dc95b53e-01cf-4058-821d-350b3d0d4676}REG_BINARY Binary Data

    {f444c576-6e60-4ea2-9faa-80d57ed12cd2}REG_BINARY Binary Data

    {0c41d586-9c19-4e01-9d66-b5b98a97576e}REG_BINARY Binary Data

    {12c38916-82ac-4737-8f38-b6957ffebad6}REG_BINARY Binary Data

    {c970a45d-57f9-4e32-a5bd-886a9662641e}REG_BINARY Binary Data

    {0c3be01b-fe70-4cc4-89dc-c07996b67e6d}REG_BINARY Binary Data

    {4d9581d2-aef8-4993-84cd-b986ced80d42}REG_BINARY Binary Data

    {be7cbdf4-b192-4aa5-94f8-1fb5c5ee07bc}REG_BINARY Binary Data

    {716b48eb-0a35-4a76-92ab-1d987230d288}REG_BINARY Binary Data

    {1165065e-4996-4338-abaf-4b8556b4d431}REG_BINARY Binary Data

    {07a24961-a760-4e80-b263-6d275e1b09cb}REG_BINARY Binary Data

    {5b0cb2e2-ab87-4974-9f1c-2f22a654eeb9}REG_BINARY Binary Data

    {b6b2ca61-fb98-4422-adc2-e7cf56b3680c}REG_BINARY Binary Data

    {0aa7fff8-919f-453c-928c-28a12122ba38}REG_BINARY Binary Data

    {074f7f68-ee10-428a-89d1-ba78f6c327ca}REG_BINARY Binary Data

    {c016105c-eb34-4519-a5fd-5f4e4ad4d18e}REG_BINARY Binary Data

    {a47525e2-725b-4888-8af1-ba5a60c04f4d}REG_BINARY Binary Data

    {0ccc96a3-8c5c-45e2-b80e-7e37b16cc1ad}REG_BINARY Binary Data

    {91ffecf0-0a9e-4572-95f1-a7111af86967}REG_BINARY Binary Data

    {64e55933-15a5-495d-a928-ccca43d44875}REG_BINARY Binary Data

    {13bfd422-6f75-4408-8924-9400ec0cb19c}REG_BINARY Binary Data

    {cbfb56db-3c85-4543-9bc2-76ea28cdd74e}REG_BINARY Binary Data

    {2dd96961-5757-434f-b617-34e732517c0e}REG_BINARY Binary Data

    {375fb39b-08c6-40f2-bdf2-08fa63f970a2}REG_BINARY Binary Data

    {2db25e6c-f07a-44f4-b6c8-50a330d2790b}REG_BINARY Binary Data

    {c42f1cd6-3a95-4ae2-a513-793c3ae610c7}REG_BINARY Binary Data

    {b6fdab6b-dcc6-43e3-99ce-7aeca65063a4}REG_BINARY Binary Data

    {3697a558-3ed3-49be-a4c1-c1a4448653b4}REG_BINARY Binary Data

    {935b7f48-0ede-44dd-9bc2-e00bb635cda3}REG_BINARY Binary Data

    {941dad9d-7b1a-4354-997b-00cf1aa9b35c}REG_BINARY Binary Data

    {b02a4013-b6b5-4859-9168-1e3299e43b24}REG_BINARY Binary Data

    {d870c96c-75ee-46a6-8a02-8e4401a73423}REG_BINARY Binary Data

    {8b50e2ec-7cf0-4b71-b42e-5b0536f6cab8}REG_BINARY Binary Data

    {4137b143-2770-43d4-91a2-55bb0a069830}REG_BINARY Binary Data

    {3180114b-8338-4740-9a16-444134ad62f4}REG_BINARY Binary Data

    {17043d46-fac2-4561-bca1-0c7a05e95f5f}REG_BINARY Binary Data

    {567d3836-3f5b-4067-b9c4-952f677010a2}REG_BINARY Binary Data

    {4e718c57-c397-4221-9fbb-14fd51701d6a}REG_BINARY Binary Data

    {3a90a266-1519-4d23-911b-e84cd0f02ab8}REG_BINARY Binary Data

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\Provider
    {decc16ca-3f33-4346-be1e-8fb4ae0f3d62}REG_BINARY Binary Data

    {4b153735-1049-4480-aab4-d1b9bdc03710}REG_BINARY Binary Data

    {1bebc969-61a5-4732-a177-847a0817862a}REG_BINARY Binary Data

    {aa6a7d87-7f8f-4d2a-be53-fda555cd5fe3}REG_BINARY Binary Data

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy\Persistent\SubLayer
    {b3cdd441-af90-41ba-a745-7c6008ff2300}REG_BINARY Binary Data

    {b3cdd441-af90-41ba-a745-7c6008ff2301}REG_BINARY Binary Data

    {b3cdd441-af90-41ba-a745-7c6008ff2302}REG_BINARY Binary Data

    {9ba30013-c84e-47e5-ac6e-1e1aed72fa69}REG_BINARY Binary Data

    fltmgr:
    ==============
    Type : 2
    State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
    WIN32_EXIT_CODE : 0
    SERVICE_EXIT_CODE : 0
    CHECKPOINT : 0
    WAIT_HINT : 0


    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr
    AttachWhenLoaded REG_DWORD 1
    DisplayName REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
    Group REG_SZ FSFilter Infrastructure
    ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys
    Description REG_SZ @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
    ErrorControl REG_DWORD 3
    Start REG_DWORD 0
    Tag REG_DWORD 1
    Type REG_DWORD 2
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum
    0 REG_SZ Root\LEGACY_FLTMGR\0000
    Count REG_DWORD 1
    NextInstance REG_DWORD 1
    C:\Windows\system32\drivers\fltmgr.sys File Size: 289664 BYTES FileVersion: 6.1.7601.17514
    C:\Windows\SysWOW64\comctl32.ocx File Size: 608448 BYTES FileVersion: 6.0.81.5
    C:\Windows\SysWOW64\mscomctl.ocx File Size: 1066176 BYTES FileVersion: 6.0.88.62
    C:\Windows\SysWOW64\olepro32.dll File Size: 90112 BYTES FileVersion: 6.1.7601.17514


    List of MBAM Related Directories:
    =================================

    C:\Program Files (x86)\Malwarebytes' Anti-Malware

    C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware

    C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Configuration
    local.conf File Size: 321 BYTES

    ===============================================================
    END OF FILE

  6. #6
    Junior Member
    Join Date
    Mar 2014
    Posts
    6

    Default

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
    Ran by Precision M6300 at 2014-03-17 05:39:17
    Running from C:\Users\Precision M6300\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLG1LL94
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Internet Security (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

    ==================== Installed Programs ======================

    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
    avast! Pro Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2013 - Avast Software)
    CCleaner (HKLM\...\CCleaner) (Version: 4.04 - Piriform)
    CyberLink PowerDVD 9.5 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.5.1.4822 - CyberLink Corp.)
    CyberLink PowerDVD 9.5 (x32 Version: 9.5.1.4822 - CyberLink Corp.) Hidden
    DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
    Empire: Total War (HKLM-x32\...\Steam App 10500) (Version: - The Creative Assembly)
    ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
    Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
    Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
    Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
    League of Legends (HKLM-x32\...\League of Legends 3.0.0) (Version: 3.0.0 - Riot Games)
    League of Legends (x32 Version: 3.0.0 - Riot Games) Hidden
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
    Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
    Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5130.5001 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
    MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
    MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
    NVIDIA 3D Vision Driver 332.76 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.76 - NVIDIA Corporation)
    NVIDIA Control Panel 332.76 (Version: 332.76 - NVIDIA Corporation) Hidden
    NVIDIA Graphics Driver 332.76 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.76 - NVIDIA Corporation)
    NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
    NVIDIA nView 141.00 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.00 - NVIDIA Corporation)
    NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3276 - NVIDIA Corporation) Hidden
    NVIDIA WMI 2.16.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.16.0 - NVIDIA Corporation)
    Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.)
    PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
    RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
    Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
    Roxio BackOnTrack (x32 Version: 1.3.3 - Roxio) Hidden
    Roxio Burn (x32 Version: 1.8 - Roxio) Hidden
    Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
    Roxio Creator Starter (x32 Version: 1.0.439 - Roxio) Hidden
    Roxio Creator Starter (x32 Version: 5.0.0 - Roxio) Hidden
    Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
    Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
    Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
    Spiral Knights (HKLM-x32\...\Steam App 99900) (Version: - Three Rings)
    Star Trek Online (HKLM-x32\...\Steam App 9900) (Version: - Cryptic Studios)
    Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    System Requirements Lab Detection (HKLM-x32\...\{A407FC22-36BF-4C82-A516-59D94BC505A9}) (Version: 1.0.5.0 - Husdawg, LLC)
    The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version: - Ubisoft Montreal)

    ==================== Restore Points =========================

    14-03-2014 13:11:33 Windows Update
    17-03-2014 02:41:14 Installed DirectX
    17-03-2014 02:42:55 Installed Microsoft Visual C++ 2005 Redistributable
    17-03-2014 08:39:00 Installed DirectX

    ==================== Hosts content: ==========================

    2009-07-13 21:34 - 2014-03-14 09:14 - 00450712 ___RA C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com

    There are 1000 more lines.


    ==================== Scheduled Tasks (whitelisted) =============

    Task: {104D1D47-DA4F-497D-A51A-8D1C7F4B20CE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-14] (Google Inc.)
    Task: {30603121-35E4-46E1-B6C9-083575D54262} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-14] (Google Inc.)
    Task: {6CE2919B-E325-4D31-97B1-413259F42E60} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-03-13] (AVAST Software)
    Task: {8D4555A5-4C15-46E6-B9D1-441023258507} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-07-22] (Piriform Ltd)
    Task: {A0E344A8-6EFF-4B73-BB40-4953725D5336} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2010-01-04 00:21 - 2014-03-04 13:35 - 00711456 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
    2010-11-17 10:35 - 2010-11-17 10:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    2013-08-31 12:52 - 2014-03-04 12:10 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2010-01-04 00:22 - 2014-03-04 13:35 - 02513752 _____ () C:\Windows\system32\nvwmi64.exe
    2014-03-15 17:02 - 2014-03-15 14:17 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031501\algo.dll
    2014-03-17 04:53 - 2014-03-17 04:20 - 02186752 _____ () C:\Program Files\AVAST Software\Avast\defs\14031700\algo.dll
    2010-11-24 22:44 - 2010-11-24 22:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
    2014-03-13 01:34 - 2014-03-13 01:34 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-03-12 20:15 - 2013-12-12 17:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
    2014-03-12 20:15 - 2013-11-04 20:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
    2014-03-12 20:16 - 2014-02-10 21:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll
    2014-03-12 20:15 - 2014-02-25 16:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
    2014-03-12 20:15 - 2014-01-10 18:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
    2014-03-12 20:15 - 2013-06-14 18:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
    2014-03-12 20:15 - 2013-06-14 18:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
    2014-03-12 20:15 - 2013-06-14 18:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
    2014-03-12 20:15 - 2014-02-25 16:57 - 00119488 _____ () C:\Program Files (x86)\Steam\bin\audio.dll
    2014-03-12 20:15 - 2013-06-14 18:49 - 00071680 _____ () C:\Program Files (x86)\Steam\bin\mssmp3.asi
    2014-03-12 20:15 - 2013-06-14 18:49 - 00153088 _____ () C:\Program Files (x86)\Steam\bin\mssvoice.asi

    ==================== Alternate Data Streams (whitelisted) =========


    ==================== Safe Mode (whitelisted) ===================


    ==================== Disabled items from MSCONFIG ==============


    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (01/04/2010 00:23:10 AM) (Source: Steam Client Service) (User: )
    Description: Error: Failed to poke open firewall

    Error: (01/04/2010 00:06:41 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/04/2010 00:01:01 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/15/2014 02:51:43 PM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

    Error: (03/15/2014 02:25:05 AM) (Source: Steam Client Service) (User: )
    Description: Error: Failed to poke open firewall

    Error: (03/15/2014 00:57:52 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/14/2014 06:55:53 PM) (Source: Steam Client Service) (User: )
    Description: Error: Failed to poke open firewall

    Error: (03/14/2014 09:45:38 AM) (Source: SideBySide) (User: )
    Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
    The value "*" of attribute "language" in element "assemblyIdentity" is invalid.

    Error: (03/14/2014 08:24:26 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/14/2014 07:40:22 AM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============
    Error: (01/04/2010 00:06:11 AM) (Source: Service Control Manager) (User: )
    Description: The avast! Firewall service failed to start due to the following error:
    %%2

    Error: (01/04/2010 00:00:44 AM) (Source: Service Control Manager) (User: )
    Description: The avast! Firewall service failed to start due to the following error:
    %%2

    Error: (03/15/2014 00:57:26 AM) (Source: Service Control Manager) (User: )
    Description: The avast! Firewall service failed to start due to the following error:
    %%2

    Error: (03/15/2014 00:57:20 AM) (Source: EventLog) (User: )
    Description: The previous system shutdown at 12:56:17 AM on ‎3/‎15/‎2014 was unexpected.

    Error: (03/15/2014 00:00:03 AM) (Source: Service Control Manager) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

    Error: (03/14/2014 08:22:59 AM) (Source: Service Control Manager) (User: )
    Description: The avast! Firewall service failed to start due to the following error:
    %%2

    Error: (03/14/2014 07:38:57 AM) (Source: Service Control Manager) (User: )
    Description: The avast! Firewall service failed to start due to the following error:
    %%2

    Error: (03/14/2014 07:38:53 AM) (Source: EventLog) (User: )
    Description: The previous system shutdown at 7:37:52 AM on ‎3/‎14/‎2014 was unexpected.

    Error: (03/14/2014 06:46:18 AM) (Source: Service Control Manager) (User: )
    Description: The avast! Firewall service failed to start due to the following error:
    %%2

    Error: (03/14/2014 06:44:33 AM) (Source: Service Control Manager) (User: )
    Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
    %%1068


    Microsoft Office Sessions:
    =========================
    Error: (01/04/2010 00:23:10 AM) (Source: Steam Client Service)(User: )
    Description: Failed to poke open firewall

    Error: (01/04/2010 00:06:41 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (01/04/2010 00:01:01 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/15/2014 02:51:43 PM) (Source: SideBySide)(User: )
    Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

    Error: (03/15/2014 02:25:05 AM) (Source: Steam Client Service)(User: )
    Description: Failed to poke open firewall

    Error: (03/15/2014 00:57:52 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/14/2014 06:55:53 PM) (Source: Steam Client Service)(User: )
    Description: Failed to poke open firewall

    Error: (03/14/2014 09:45:38 AM) (Source: SideBySide)(User: )
    Description: assemblyIdentitylanguage*c:\program files (x86)\spybot - search & destroy\DelZip179.dllc:\program files (x86)\spybot - search & destroy\DelZip179.dll8

    Error: (03/14/2014 08:24:26 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/14/2014 07:40:22 AM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    ==================== Memory info ===========================

    Percentage of memory in use: 39%
    Total physical RAM: 4094.13 MB
    Available physical RAM: 2474.9 MB
    Total Pagefile: 8186.44 MB
    Available Pagefile: 6461.13 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.82 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:148.95 GB) (Free:79.81 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: 97BE5B6A)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=149 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================

  7. #7
    Junior Member
    Join Date
    Mar 2014
    Posts
    6

    Default

    the FRST file was to long and I can post it

  8. #8
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Quote Originally Posted by Nick443 View Post
    the FRST file was to long and I can post it
    Just send it to a zip file please and then attach that in your next reply.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  9. #9
    Junior Member
    Join Date
    Mar 2014
    Posts
    6

    Default

    here you go
    Attached Files Attached Files

  10. #10
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Hi.

    My computer was never running terribly ie was kinda slow and would lock up but since I got rid of security essentials its seems to be better
    Acknowledged.

    Disable Windows Defender:

    Apart from hindering the malware removal process it will be in conflict with the presently installed avast! Pro Antivirus.

    How to disable it can be read here.

    Download/Run MBAM Clean:

    Please download this tool to your desktop.

    Right-click on mbam-clean-1.60.2.0003.exe and select Run as Administrator >> follow the prompts.

    Custom FRST Script:

    Both FRST and the fixlist need to be on your desktop for the below to be processed successfully.

    It appears you ran the actual FRST scan from this location:

    Running from C:\Users\Precision M6300\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZLG1LL94
    Please download the attached fixlist.txt(see below) and save to the desktop.

    • Now right-click on FRST.exe and select Run as Administrator to start FRST.
    • Then click on the Fix button/radio tab >> at the Fix completed prompt click on OK
    • A log will now open named Fixlog and it will also be on the desktop >> close FRST.
    • Reboot your machine(ensure you do this) and post the contents of the aforementioned Fixlog in your next reply.

    Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •