Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Mouse gone wild [Solved]

Started by HolyCowZ , Mar 31 2014 09:41 AM

  • This topic is locked This topic is locked

#1
HolyCowZ
Posted 31 March 2014 - 09:41 AM

HolyCowZ

    Member

  • Member
  • PipPipPip
  • 232 posts
Hi I was told to post here from windows 7 and vista page.
Here is my original problem in this link.
The problem is random and does not happen all the time. 
 
I have done OTL log as requested in the how to clean malware guide for you to look at.
Many thanks Paul
 
OTL Log:
-------------
-------------

OTL logfile created on: 31/03/2014 16:27:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\nuthatch\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.50 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 66.13% Memory free
7.20 Gb Paging File | 5.76 Gb Available in Paging File | 79.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 745.13 Gb Free Space | 79.99% Space Free | Partition Type: NTFS
 
Computer Name: NUTHATCH-PC | User Name: nuthatch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/03/31 16:26:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nuthatch\Desktop\OTL.exe
PRC - [2014/03/22 22:58:09 | 000,527,936 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2014/03/15 01:50:42 | 000,859,976 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2014/02/21 16:59:18 | 001,294,136 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
PRC - [2014/02/21 16:59:18 | 000,319,288 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
PRC - [2014/01/23 22:24:16 | 003,767,096 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/01/23 22:24:16 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/01/14 20:32:02 | 002,124,360 | ---- | M] (PeerBlock, LLC) -- C:\Program Files\PeerBlock\peerblock.exe
PRC - [2013/11/20 13:24:06 | 007,022,808 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cis.exe
PRC - [2013/11/14 19:16:14 | 000,508,144 | ---- | M] (QFX Software Corporation) -- C:\Program Files\KeyScrambler\KeyScrambler.exe
PRC - [2013/11/14 12:56:09 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/11/14 12:56:01 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/11/11 15:58:48 | 001,576,152 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
PRC - [2013/11/11 15:26:53 | 000,932,640 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013/11/11 15:26:52 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013/10/20 02:23:22 | 004,832,192 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2013/09/24 11:53:26 | 001,857,752 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
PRC - [2013/07/31 21:30:36 | 002,296,600 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2013/06/13 20:31:38 | 000,148,248 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2013/04/04 15:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 15:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 15:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2009/04/11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/03/15 01:50:40 | 000,394,568 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppgooglenaclpluginchrome.dll
MOD - [2014/03/15 01:50:38 | 004,061,000 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
MOD - [2014/03/15 01:50:32 | 001,647,432 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
MOD - [2014/03/15 01:50:30 | 000,051,016 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
MOD - [2014/02/18 04:46:30 | 000,643,948 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2012/06/18 16:24:30 | 000,260,096 | ---- | M] () -- C:\Program Files\Notepad++\NppShell_05.dll
MOD - [2009/02/18 22:32:15 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2014/02/21 16:59:18 | 000,319,288 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe -- (MbaeSvc)
SRV - [2014/01/23 22:24:16 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2014/01/21 17:05:54 | 000,088,400 | ---- | M] (Perfect World Entertainment Inc) [On_Demand | Stopped] -- C:\Program Files\Perfect World Entertainment\Arc\ArcService.exe -- (ArcService)
SRV - [2013/11/14 12:56:01 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/10/20 02:23:22 | 004,832,192 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2013/09/24 11:53:28 | 000,131,288 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV - [2013/06/13 20:31:00 | 000,293,144 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2013/04/04 15:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 15:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2008/01/19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2014/02/21 16:59:18 | 000,044,632 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys -- (ESProtectionDriver)
DRV - [2014/01/23 22:24:19 | 000,775,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2014/01/23 22:24:19 | 000,410,784 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2014/01/23 22:24:19 | 000,067,824 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2014/01/23 22:24:19 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2014/01/23 22:24:18 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2014/01/14 20:32:00 | 000,020,040 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV - [2013/12/18 22:50:41 | 000,180,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/11/14 12:55:57 | 010,446,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2013/11/14 12:38:10 | 000,584,496 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2013/09/24 11:54:04 | 000,085,464 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2013/09/24 11:54:04 | 000,043,728 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2013/09/24 11:54:02 | 000,020,072 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmderd.sys -- (cmderd)
DRV - [2013/05/31 15:53:18 | 000,209,016 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2013/05/23 07:12:36 | 000,079,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2013/05/23 07:12:24 | 000,063,000 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2013/05/23 07:12:24 | 000,019,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2013/04/04 15:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/02/18 22:32:16 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2008/08/01 20:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/08/09 19:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/07/13 09:18:20 | 000,050,688 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2004/08/13 10:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3977535122-739135346-868588242-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
IE - HKU\S-1-5-21-3977535122-739135346-868588242-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3977535122-739135346-868588242-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3977535122-739135346-868588242-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3977535122-739135346-868588242-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@perfectworld.com/npArcPlayNowPlugin: C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.co.uk/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll
CHR - plugin: ArcPlugin (Enabled) = C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Adblock Plus = C:\Users\nuthatch\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: avast! Online Security = C:\Users\nuthatch\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2016.82_0\
CHR - Extension: Google Wallet = C:\Users\nuthatch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
 
O1 HOSTS File: ([2014/03/18 08:23:45 | 000,517,864 | ---- | M]) - C:\Windows\System32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost #[IPv6]
O1 - Hosts: 0.0.0.0 fr.a2dfp.net
O1 - Hosts: 0.0.0.0 m.fr.a2dfp.net
O1 - Hosts: 0.0.0.0 mfr.a2dfp.net
O1 - Hosts: 0.0.0.0 ad.a8.net
O1 - Hosts: 0.0.0.0 asy.a8ww.net
O1 - Hosts: 0.0.0.0 static.a-ads.com
O1 - Hosts: 0.0.0.0 abcstats.com
O1 - Hosts: 0.0.0.0 ad4.abradio.cz
O1 - Hosts: 0.0.0.0 a.abv.bg
O1 - Hosts: 0.0.0.0 adserver.abv.bg
O1 - Hosts: 0.0.0.0 adv.abv.bg
O1 - Hosts: 0.0.0.0 bimg.abv.bg
O1 - Hosts: 0.0.0.0 ca.abv.bg
O1 - Hosts: 0.0.0.0 www2.a-counter.kiev.ua
O1 - Hosts: 0.0.0.0 track.acclaimnetwork.com
O1 - Hosts: 0.0.0.0 accuserveadsystem.com
O1 - Hosts: 0.0.0.0 www.accuserveadsystem.com
O1 - Hosts: 0.0.0.0 achmedia.com
O1 - Hosts: 0.0.0.0 csh.actiondesk.com
O1 - Hosts: 0.0.0.0 ads.activepower.net
O1 - Hosts: 0.0.0.0 app.activetrail.com
O1 - Hosts: 0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 0.0.0.0 traffic.acwebconnecting.com
O1 - Hosts: 15464 more lines...
O2 - BHO: (ArcPluginIEBHO Class) - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files\Perfect World Entertainment\Arc\plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (COMODO)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [KeyScrambler] C:\Program Files\KeyScrambler\keyscrambler.exe (QFX Software Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Exploit] C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKU\S-1-5-21-3977535122-739135346-868588242-1000..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKU\S-1-5-21-3977535122-739135346-868588242-1000..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKU\S-1-5-21-3977535122-739135346-868588242-1002..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3977535122-739135346-868588242-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3977535122-739135346-868588242-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3977535122-739135346-868588242-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE55948C-9D52-4856-9C84-61B6848AD8BB}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/03/31 16:26:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\nuthatch\Desktop\OTL.exe
[2014/03/26 20:37:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2014/03/26 20:37:07 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2014/03/26 20:27:56 | 000,000,000 | ---D | C] -- C:\Users\nuthatch\Desktop\CRYENGINE_Build_PC_v3_5_8_2310_freesdk
[2014/03/26 09:33:54 | 000,000,000 | ---D | C] -- C:\Users\nuthatch\Desktop\music
[2014/03/26 08:09:24 | 000,000,000 | ---D | C] -- C:\ProgramData\YTD Video Downloader
[2014/03/26 08:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
[2014/03/26 08:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\GreenTree Applications
[2014/03/25 13:20:58 | 000,000,000 | ---D | C] -- C:\Users\nuthatch\Desktop\ja ja
[2014/03/25 13:17:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Logishrd
[2014/03/25 13:16:52 | 000,000,000 | ---D | C] -- C:\Users\nuthatch\AppData\Roaming\Leadertech
[2014/03/25 13:16:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2014/03/25 13:16:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2014/03/25 13:16:00 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2014/03/25 13:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2014/03/25 13:14:20 | 000,000,000 | ---D | C] -- C:\Users\nuthatch\AppData\Roaming\Logitech
[2014/03/25 13:14:20 | 000,000,000 | ---D | C] -- C:\Users\nuthatch\AppData\Roaming\Logishrd
[2014/03/25 12:48:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014/03/25 12:47:42 | 000,000,000 | --SD | C] -- C:\ComboFix
[2014/03/21 23:44:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2014/03/21 23:43:16 | 000,075,480 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/03/21 22:58:33 | 000,000,000 | ---D | C] -- C:\Users\nuthatch\AppData\Roaming\Mozilla
[2014/03/19 01:44:26 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2014/03/18 20:55:51 | 000,000,000 | ---D | C] -- C:\Users\nuthatch\AppData\Local\PunkBuster
[2014/03/18 20:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache
[2014/03/18 20:35:17 | 000,000,000 | ---D | C] -- C:\Users\nuthatch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
[2014/03/18 20:35:14 | 000,000,000 | ---D | C] -- C:\Users\nuthatch\AppData\Local\GamersFirst
[2014/03/18 20:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\GamersFirst
[2014/03/18 08:25:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
[2014/03/17 14:39:15 | 000,000,000 | ---D | C] -- C:\Users\nuthatch\AppData\Roaming\TERA
[2014/03/17 14:39:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA
[2014/03/17 14:39:04 | 000,000,000 | ---D | C] -- C:\Program Files\TERA
[2014/03/12 15:50:31 | 000,000,000 | ---D | C] -- C:\Windows\jumpshot.com
[2014/03/12 09:52:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeerBlock
[2014/03/08 22:55:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014/03/08 22:55:16 | 000,000,000 | ---D | C] -- C:\Users\nuthatch\AppData\Local\temp
[2014/03/05 20:55:44 | 000,000,000 | ---D | C] -- C:\Users\nuthatch\Desktop\PvP neverwinter
[2014/03/05 20:55:30 | 000,000,000 | ---D | C] -- C:\Users\nuthatch\Desktop\syst
[2014/03/04 17:56:36 | 000,000,000 | ---D | C] -- C:\Users\nuthatch\AppData\Local\CrashDumps
 
========== Files - Modified Within 30 Days ==========
 
[2014/03/31 16:26:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nuthatch\Desktop\OTL.exe
[2014/03/31 16:11:29 | 000,005,120 | ---- | M] () -- C:\Users\nuthatch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/03/31 15:51:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/03/31 15:33:07 | 000,004,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2014/03/31 15:33:07 | 000,004,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2014/03/31 07:39:22 | 000,644,842 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/03/31 07:39:22 | 000,122,902 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/03/31 07:33:31 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/03/31 07:33:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/03/26 20:02:44 | 000,139,656 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2014/03/26 20:02:34 | 000,290,776 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2014/03/26 20:00:12 | 000,281,288 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2014/03/26 08:09:18 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2014/03/25 18:35:08 | 046,907,559 | ---- | M] () -- C:\Users\nuthatch\Desktop\theunexplained-149.mp3
[2014/03/25 12:52:27 | 000,001,356 | ---- | M] () -- C:\Users\nuthatch\AppData\Local\d3d9caps.dat
[2014/03/21 23:43:16 | 000,075,480 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/03/18 20:52:43 | 000,138,904 | ---- | M] () -- C:\Users\nuthatch\AppData\Roaming\PnkBstrK.sys
[2014/03/18 20:47:25 | 000,001,202 | ---- | M] () -- C:\Users\nuthatch\Desktop\APB Reloaded.lnk
[2014/03/18 08:25:06 | 000,000,899 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
[2014/03/18 08:23:45 | 000,517,864 | ---- | M] () -- C:\Windows\System32\drivers\etc\HOSTS
[2014/03/17 14:39:04 | 000,001,635 | ---- | M] () -- C:\Users\nuthatch\Desktop\TERA.lnk
[2014/03/16 09:00:37 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/03/13 00:08:29 | 000,000,051 | ---- | M] () -- C:\Users\nuthatch\AppData\Roaming\mbam.context.scan
[2014/03/12 09:52:54 | 000,001,728 | ---- | M] () -- C:\Users\nuthatch\Desktop\PeerBlock.lnk
[2014/03/09 20:26:46 | 000,004,107 | -HS- | M] () -- C:\Users\nuthatch\Desktop\Folder.jpg
[2014/03/09 20:26:46 | 000,001,467 | -HS- | M] () -- C:\Users\nuthatch\Desktop\AlbumArtSmall.jpg
[2014/03/09 00:15:23 | 065,477,486 | ---- | M] () -- C:\Users\nuthatch\Desktop\theunexplained-147.mp3
[2014/03/03 23:17:25 | 098,565,172 | ---- | M] () -- C:\Users\nuthatch\Desktop\MU11.08.mp3
 
========== Files Created - No Company Name ==========
 
[2014/03/27 07:46:23 | 000,005,120 | ---- | C] () -- C:\Users\nuthatch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014/03/26 08:09:18 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\YTD Video Downloader.lnk
[2014/03/25 18:34:30 | 046,907,559 | ---- | C] () -- C:\Users\nuthatch\Desktop\theunexplained-149.mp3
[2014/03/18 20:55:55 | 000,290,776 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2014/03/18 20:54:29 | 000,001,202 | ---- | C] () -- C:\Users\nuthatch\Desktop\APB Reloaded.lnk
[2014/03/18 20:52:44 | 000,139,656 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2014/03/18 20:52:43 | 000,138,904 | ---- | C] () -- C:\Users\nuthatch\AppData\Roaming\PnkBstrK.sys
[2014/03/18 20:52:29 | 000,290,776 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2014/03/18 20:52:29 | 000,281,288 | ---- | C] () -- C:\Windows\System32\PnkBstrB.ex0
[2014/03/18 20:52:28 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2014/03/18 08:25:06 | 000,000,899 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
[2014/03/17 14:39:08 | 000,001,635 | ---- | C] () -- C:\Users\nuthatch\Desktop\TERA.lnk
[2014/03/13 00:08:27 | 000,000,051 | ---- | C] () -- C:\Users\nuthatch\AppData\Roaming\mbam.context.scan
[2014/03/12 09:52:54 | 000,001,728 | ---- | C] () -- C:\Users\nuthatch\Desktop\PeerBlock.lnk
[2014/03/10 21:03:14 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2014/03/09 00:14:26 | 065,477,486 | ---- | C] () -- C:\Users\nuthatch\Desktop\theunexplained-147.mp3
[2014/03/03 23:17:25 | 000,004,107 | -HS- | C] () -- C:\Users\nuthatch\Desktop\Folder.jpg
[2014/03/03 23:17:25 | 000,001,467 | -HS- | C] () -- C:\Users\nuthatch\Desktop\AlbumArtSmall.jpg
[2014/03/03 23:16:12 | 098,565,172 | ---- | C] () -- C:\Users\nuthatch\Desktop\MU11.08.mp3
[2009/02/18 21:45:42 | 000,001,356 | ---- | C] () -- C:\Users\nuthatch\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 00:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 00:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/12/13 21:12:47 | 000,000,000 | ---D | M] -- C:\Users\nuthatch\AppData\Roaming\Arc
[2009/02/18 22:32:38 | 000,000,000 | ---D | M] -- C:\Users\nuthatch\AppData\Roaming\AVAST Software
[2014/03/25 13:16:52 | 000,000,000 | ---D | M] -- C:\Users\nuthatch\AppData\Roaming\Leadertech
[2013/12/13 21:38:55 | 000,000,000 | ---D | M] -- C:\Users\nuthatch\AppData\Roaming\Notepad++
[2013/12/14 18:26:11 | 000,000,000 | ---D | M] -- C:\Users\nuthatch\AppData\Roaming\QFX Software
[2014/03/17 14:39:15 | 000,000,000 | ---D | M] -- C:\Users\nuthatch\AppData\Roaming\TERA
[2009/02/18 22:31:07 | 000,000,000 | ---D | M] -- C:\Users\nuthatch\AppData\Roaming\WinPatrol
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
 
< End of report >
 

 


  • 0

Advertisements

#2
Biscuithd
Posted 02 April 2014 - 08:48 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Howdy there HolyCowz, wavey.gif.pagespeed.ce.4AQn4GwL8t.gif Welcome to the forums!
welcome.gif.pagespeed.ce.jM2aDq5TfO.gif. My name is Biscuithd and I will be assisting you with your Computer issues.

I know how upsetting it can be when one's computer is experiencing problems. I will try to help get things squared away. For a start please make sure that you...
 

  • Carefully read every post completely before doing anything.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • Do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.

Since you've already posted an OTL log, hang on while I have a look. :)


  • 0

#3
Biscuithd
Posted 02 April 2014 - 09:24 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hi,

 

There should be another log called Extras.txt that was produced from your initial run of OTL. It will be located in the same place as where you ran OTL from, in this case on your Desktop. Please post that log. smile.gif


  • 0

#4
HolyCowZ
Posted 02 April 2014 - 10:24 AM

HolyCowZ

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 232 posts

Thanks for your help here is the extras.txt

Paul

 

OTL Extras logfile created on: 31/03/2014 16:27:29 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\nuthatch\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
3.50 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 66.13% Memory free
7.20 Gb Paging File | 5.76 Gb Available in Paging File | 79.99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 931.51 Gb Total Space | 745.13 Gb Free Space | 79.99% Space Free | Partition Type: NTFS
 
Computer Name: NUTHATCH-PC | User Name: nuthatch | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-3977535122-739135346-868588242-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{107B811E-B553-4FCA-9536-B478010CDCA7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1DCB3DC0-1B00-4291-A690-4C3A2CA3997A}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{2A111800-0A03-4184-8870-5E18C501CCDE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3733C92E-EC05-4014-B40F-9E9C9CEC76FE}" = lport=48113 | protocol=6 | dir=in | name=maconfig_tcp | 
"{3AEC513F-B412-40F0-B657-FC725167FBD4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{45E40DFE-8F8F-4DAD-8C05-5E609E15992A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4BA8D8FE-6809-4D27-AC0B-1BC5E50FCB2D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{51F66EA3-9EE3-4325-BA7E-82C8FE757DFA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{740197B5-9B91-43DC-9448-5F2FAA99E4ED}" = lport=48113 | protocol=17 | dir=in | name=maconfig_udp | 
"{749E4E68-5A9D-4310-B9DB-2C57114EA704}" = rport=139 | protocol=6 | dir=out | app=system | 
"{7AB8A74F-8F07-419F-ACFC-4498ED2E68B8}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8193A909-AA2C-4855-AB2B-590095767258}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8C1C3703-E06E-47A6-9E46-5E64680CA835}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8C4C9F01-E6ED-4EE4-A861-ED9D6069E637}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{8C6DD438-7D20-471A-B7F7-F772EBC1BF19}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8D495CD9-8999-47E1-9FD4-E3827DC44934}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8EE53228-67B7-4914-B14B-3A8E2EDDE914}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{91B46EBF-2E80-47F7-8B62-70DE1D608599}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{99982C45-23E8-4D48-B59B-65083A051144}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A85C8925-6F5D-4A82-9422-45EF52EC4172}" = rport=445 | protocol=6 | dir=out | app=system | 
"{B8A744A2-B4A6-46E1-84DE-5301D35FFB30}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C331311B-2823-45E6-8185-B230BF69F466}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{C8A59E0E-8E2D-40C3-9065-A5B852D51944}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 | 
"{DC5FA52D-2EA4-4A63-8CD3-CE3CF4B3D717}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{E1D85F95-A94D-4241-9D4E-529F491D7599}" = lport=137 | protocol=17 | dir=in | app=system | 
"{E7D9CD4E-5B6C-4799-BAA5-19D8824CA721}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F999BC84-123D-41E5-9EAF-2B8213411581}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01047448-8810-48AB-A53C-03E207A9562C}" = protocol=6 | dir=in | app=c:\program files\gamersfirst\apb reloaded\binaries\apb.exe | 
"{04DFAA50-A937-4F39-B9BE-FD70300107EB}" = protocol=17 | dir=in | app=c:\program files\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{1FE4F0B2-9E64-4BA3-A00A-10BCD09CE3B5}" = protocol=6 | dir=in | app=c:\program files\gamersfirst\apb reloaded\binaries\vivoxvoiceservice.exe | 
"{24310495-F783-411F-A084-73198978FBE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{279099E3-6295-4DA4-ACF4-F5A6EEE339B8}" = protocol=1 | dir=in | [email protected],-28543 | 
"{3B70221B-683A-4B5E-9BE9-5E4C962A540F}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{49AD4FE5-E495-4266-B3EF-40FFB6736291}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{504F4A6F-8606-420D-97A4-993F0BE36D10}" = protocol=1 | dir=out | [email protected],-28544 | 
"{5260BFDC-33FF-4DD1-A3CA-6DD1226708CD}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6139F920-28CF-42C2-88F3-A92660C1E375}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{63722777-5A39-4A7A-9DC0-700C7D803868}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6F821CF0-4EBA-4963-AB68-FB636BABCD9B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{801DBE9D-8D98-4844-B72B-3BDA734AF2DC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{867F4559-0F94-4C5F-805D-18B5C77CD238}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{89EAB2DD-ABB2-46C7-BCEC-67FF20149FE1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A6182527-F698-46A5-881D-84AD4D7C2B21}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{ABF01636-2F0B-4E94-A56E-7BA576A8633C}" = protocol=6 | dir=out | app=system | 
"{B27FF543-EAF1-45B6-8986-A51A18550C6C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B898C53B-71DE-4492-A9BD-BC2CE15796A0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CA4FBA7B-F959-46B2-ACC2-2C6D06146C56}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D606BCF0-90F3-4E56-8869-4C6C0687392D}" = protocol=58 | dir=in | [email protected],-28545 | 
"{E67B9B3A-944A-43DD-A776-648C8AFF2956}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{EEA677F1-C048-45A7-BEA7-FEA8AC885BCC}" = protocol=58 | dir=out | [email protected],-28546 | 
"{F10F74AA-0DF1-4194-B732-0B7ACB5FB7F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F294A2DA-5F00-40DD-86FF-CE94D624D350}" = protocol=17 | dir=in | app=c:\program files\gamersfirst\apb reloaded\binaries\apb.exe | 
"{F870DF9B-DED2-4B7F-8AD8-5AEF481C2510}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F936AA1A-019D-4E9D-B31F-4BB48EE6C739}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{2E0A0704-A70C-45ED-89EB-C182CD9EFEA4}C:\program files\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files\tera\tera-launcher.exe | 
"TCP Query User{2FE720D5-A38F-4E9F-95B0-8D826D9A9674}C:\program files\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\program files\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe | 
"TCP Query User{E37493F8-C5FE-44CF-BE19-A6D716132D7A}E:\programmation\qtchat\release\qtchat.exe" = protocol=6 | dir=in | app=e:\programmation\qtchat\release\qtchat.exe | 
"TCP Query User{F73EF045-EA33-488C-957D-582571167141}C:\users\nuthatch\desktop\cryengine_build_pc_v3_5_8_2310_freesdk\bin32\editor.exe" = protocol=6 | dir=in | app=c:\users\nuthatch\desktop\cryengine_build_pc_v3_5_8_2310_freesdk\bin32\editor.exe | 
"UDP Query User{08A503A4-1C47-4502-B4DF-3589B899D5B9}C:\users\nuthatch\desktop\cryengine_build_pc_v3_5_8_2310_freesdk\bin32\editor.exe" = protocol=17 | dir=in | app=c:\users\nuthatch\desktop\cryengine_build_pc_v3_5_8_2310_freesdk\bin32\editor.exe | 
"UDP Query User{29D99A36-FD51-48C4-B67F-0F3661AD0A1F}C:\program files\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\program files\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe | 
"UDP Query User{44823339-CF28-4006-8630-458A16074A94}E:\programmation\qtchat\release\qtchat.exe" = protocol=17 | dir=in | app=e:\programmation\qtchat\release\qtchat.exe | 
"UDP Query User{FA20B290-F77C-449E-9952-627B118B2AB4}C:\program files\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files\tera\tera-launcher.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.2 (r693)
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 4.7.4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84481A87-2316-4923-8FAB-3BA8CA29323D}" = WinPatrol
"{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
"{901D1D88-408D-48E5-80DD-CC3145BD8456}" = COMODO Firewall
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.7.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 9.3.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CED8E25B-122A-4E80-B612-7F99B93284B3}" = Arc
"{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"7-Zip" = 7-Zip 9.20
"APB Reloaded" = APB Reloaded
"Avast" = avast! Free Antivirus
"CCleaner" = CCleaner
"Google Chrome" = Google Chrome
"KeyScrambler" = KeyScrambler
"Malwarebytes Anti-Exploit_is1" = Malwarebytes Anti-Exploit version 0.10.0.1000
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"PunkBusterSvc" = PunkBuster Services
"sp6" = Logitech SetPoint 6.61
"SpywareBlaster_is1" = SpywareBlaster 5.0
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25/03/2014 07:59:15 | Computer Name = nuthatch-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 25/03/2014 07:59:16 | Computer Name = nuthatch-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 25/03/2014 07:59:16 | Computer Name = nuthatch-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 25/03/2014 07:59:16 | Computer Name = nuthatch-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 26/03/2014 13:21:02 | Computer Name = nuthatch-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 27/03/2014 17:00:31 | Computer Name = nuthatch-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 30/03/2014 11:59:56 | Computer Name = nuthatch-PC | Source = Application Error | ID = 1000
Description = Faulting application wmplayer.exe, version 11.0.6002.18311, time stamp
 0x4c8e2d72, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
 code 0xc0000005, fault offset 0x00000178,  process id 0x1568, application start time
 0x01cf4be006d34cd2.
 
Error - 30/03/2014 12:08:09 | Computer Name = nuthatch-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 30/03/2014 17:06:29 | Computer Name = nuthatch-PC | Source = Application Error | ID = 1000
Description = Faulting application KeyScrambler.exe, version 3.3.0.0, time stamp
 0x52851364, faulting module KeyScrambler.exe, version 3.3.0.0, time stamp 0x52851364,
 exception code 0x40000015, fault offset 0x000155bc,  process id 0xedc, application
 start time 0x01cf4c5be863b12a.
 
Error - 30/03/2014 17:06:34 | Computer Name = nuthatch-PC | Source = Application Error | ID = 1000
Description = Faulting application eReg.exe, version 1.38.0.0, time stamp 0x490f6f0f,
 faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code
 0xc0000005, fault offset 0x00000001,  process id 0x32c, application start time 0x01cf4c5bec01a80a.
 
[ System Events ]
Error - 25/03/2014 07:48:04 | Computer Name = nuthatch-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 25/03/2014 07:48:04 | Computer Name = nuthatch-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25/03/2014 07:48:04 | Computer Name = nuthatch-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25/03/2014 07:48:04 | Computer Name = nuthatch-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25/03/2014 07:48:04 | Computer Name = nuthatch-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 25/03/2014 07:48:30 | Computer Name = nuthatch-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 25/03/2014 07:48:49 | Computer Name = nuthatch-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 25/03/2014 08:00:30 | Computer Name = nuthatch-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 25/03/2014 08:00:30 | Computer Name = nuthatch-PC | Source = Service Control Manager | ID = 7031
Description = 
 
Error - 27/03/2014 18:57:16 | Computer Name = nuthatch-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

  • 0

#5
Biscuithd
Posted 02 April 2014 - 07:01 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Hi HolyCowz,
 
PunkBuster Advice:

There are some issues with infections in relation to PunkBuster...

Your computer has installed gaming tools. Some of these, like Punkbuster, use spyware techniques to engage in the anti-piracy battle.
In the process, they take control of much of your PC, and they actually meet the definition of spyware/malware.
They are sometimes designed to prevent orderly removal or modification, and they have only limited respect for retaining the overall security and integrity of your machine.

My advice would be to download the removal tool from here. Use this to uninstall PunkBuster Services. Then when I give the all clear use it again to reinstall PunkBuster Services if you so wish

 

Step One

  • Run OTL as you did before.
  • Copy the text in the quote box below (do not copy the word "quote") and paste in the in the box marked Custom Scans/Fixes as shown in the graphic below.

xotlrunfix.jpg.pagespeed.ic.wT-vY4tHzw.j

 

 

 

:Commands
[createrestorepoint]

:OTL
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKU\S-1-5-21-3977535122-739135346-868588242-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3977535122-739135346-868588242-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
[2014/03/31 16:11:29 | 000,005,120 | ---- | M] () -- C:\Users\nuthatch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34

:Commands
[emptytemp]

 

 

Copy and Paste the Fix Log into your next reply.

 

Step Two

 

Run Windows Repair (All In One) from here.

Please download the tool to your desktop.

It comes as a Zip file and you will need to right click on the Zip file and click Extract. The contents will then be extracted to a separate folder.

Double click the folder (Tweaking dot.com - Windows Repair) then from the list that shows double click the file (about the 5th one down the list) Repair_Windows.exe to run the program.

When the program opens click on the tab Start Repairs and the button Start

At the list that presents put a check (tick) in the following:

• Reset Registry Permissions
• Reset File Permissions
• Register System Files
• Repair WMI
• Repair Internet Explorer
• Repair MDAC & MS Jet
• Remove Policies Set By Infections
• Repair Icons
• Unhide Non System Files
• Repair Windows Updates

Also put a check in the Restart/Shutdown System When Finished (lower right) box.

and in Restart System

Then click on the Start button if it doesn't do it automatically

If it asks you to back up your system click No and continue

 

Step Three  

 

Next, download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Logs to Post to Me

 

When you are finished, please post back logs from FRST and OTL Fix.

 

Also, it looks like you ran Combofix in the last week or two, would you see if the log is still availalbe and post that as well.

 

Also, please note:

WARNING: ComboFix Warning
ComboFix is a special, highly powerful removal tool in which you should avoid using without proper guidance from an expert. ComboFix will sometimes leave a machine in a non working state, in which makes attempting repairs very difficult. From this point forward, we ask that you let us advise you on what to do to remedy this issue and to not run any tools we do not state. This will help us remain in control while diagnosing and then repairing this issue.

 

Last, let me know how the computer is working.


  • 0

#6
HolyCowZ
Posted 03 April 2014 - 05:54 AM

HolyCowZ

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 232 posts

I will do them in separate posts to make it easy for you to differentiate between logs 1st Combofix

 

 ComboFix 14-03-04.03 - nuthatch 08/03/2014  21:31:17.6.4 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.44.1033.18.3582.2706 [GMT 0:00]
Running from: c:\users\nuthatch\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: COMODO Firewall *Disabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: COMODO Antivirus *Disabled/Outdated* {0C2D2636-923D-EE52-2A83-E643204A8275}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\system32\samsrv.dll was found and disinfected 
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6002.18005_none_b3d9d2699e1659b0\samsrv.dll 
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-08 to 2014-03-08  )))))))))))))))))))))))))))))))
.
.
2014-03-08 21:36 . 2014-03-08 21:53 -------- d-----w- c:\users\nuthatch\AppData\Local\temp
2014-03-08 21:36 . 2014-03-08 21:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-03-08 21:36 . 2014-03-08 21:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-03-07 17:56 . 2014-03-07 18:24 -------- d-----w- c:\programdata\Oracle
2014-03-07 11:51 . 2014-02-06 07:08 7947048 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A67768C1-C297-456C-B5F2-D61DB11C1832}\mpengine.dll
2014-03-04 16:56 . 2014-03-07 18:00 -------- d-----w- c:\users\nuthatch\AppData\Local\CrashDumps
2014-02-20 17:41 . 2014-02-20 17:41 -------- d-----w- c:\users\nuthatch\AppData\Local\SWTOR
2014-02-20 16:51 . 2014-02-20 17:41 -------- d-----w- c:\programdata\BitRaider
2014-02-20 16:48 . 2014-02-20 16:48 -------- d-----w- c:\program files\Common Files\BioWare
2014-02-20 16:48 . 2014-02-20 16:48 -------- d-----w- c:\program files\Electronic Arts
2014-02-12 22:55 . 2013-12-05 02:12 1248768 ----a-w- c:\windows\system32\msxml3.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-23 21:24 . 2009-02-18 21:32 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-01-23 21:24 . 2009-02-18 21:32 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-01-23 21:24 . 2009-02-18 21:32 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-01-23 21:24 . 2009-02-18 21:32 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-01-23 21:24 . 2009-02-18 21:32 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-01-23 21:24 . 2009-02-18 21:32 43152 ----a-w- c:\windows\avastSS.scr
2014-01-23 21:24 . 2009-02-18 21:32 270240 ----a-w- c:\windows\system32\aswBoot.exe
2013-12-18 21:50 . 2009-02-18 21:32 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-18 06:13 . 2013-12-13 18:50 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-13 19:04 . 2013-12-13 19:04 86528 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-13 19:04 . 2013-12-13 19:04 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-13 19:04 . 2013-12-13 19:04 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-13 19:04 . 2013-12-13 19:04 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-13 19:04 . 2013-12-13 19:04 161792 ----a-w- c:\windows\system32\msls31.dll
2013-12-13 19:04 . 2013-12-13 19:04 74752 ----a-w- c:\windows\system32\iesetup.dll
2013-12-13 19:04 . 2013-12-13 19:04 63488 ----a-w- c:\windows\system32\tdc.ocx
2013-12-13 19:04 . 2013-12-13 19:04 367104 ----a-w- c:\windows\system32\html.iec
2013-12-13 19:04 . 2013-12-13 19:04 23552 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-13 19:04 . 2013-12-13 19:04 152064 ----a-w- c:\windows\system32\wextract.exe
2013-12-13 19:04 . 2013-12-13 19:04 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-12-13 19:04 . 2013-12-13 19:04 35840 ----a-w- c:\windows\system32\imgutil.dll
2013-12-13 19:04 . 2013-12-13 19:04 11776 ----a-w- c:\windows\system32\mshta.exe
2013-12-13 19:04 . 2013-12-13 19:04 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-13 19:04 . 2013-12-13 19:04 101888 ----a-w- c:\windows\system32\admparse.dll
2013-12-13 19:03 . 2013-12-13 19:03 98816 ----a-w- c:\windows\system32\mfps.dll
2013-12-13 19:03 . 2013-12-13 19:03 979456 ----a-w- c:\windows\system32\MFH264Dec.dll
2013-12-13 19:03 . 2013-12-13 19:03 586240 ----a-w- c:\windows\system32\stobject.dll
2013-12-13 19:03 . 2013-12-13 19:03 357376 ----a-w- c:\windows\system32\MFHEAACdec.dll
2013-12-13 19:03 . 2013-12-13 19:03 302592 ----a-w- c:\windows\system32\mfmp4src.dll
2013-12-13 19:03 . 2013-12-13 19:03 2873344 ----a-w- c:\windows\system32\mf.dll
2013-12-13 19:03 . 2013-12-13 19:03 261632 ----a-w- c:\windows\system32\mfreadwrite.dll
2013-12-13 19:03 . 2013-12-13 19:03 209920 ----a-w- c:\windows\system32\mfplat.dll
2013-12-13 19:03 . 2013-12-13 19:03 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-12-13 19:03 . 2013-12-13 19:03 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2013-12-13 19:03 . 2013-12-13 19:03 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2013-12-13 19:03 . 2013-12-13 19:03 847360 ----a-w- c:\windows\system32\OpcServices.dll
2013-12-13 19:03 . 2013-12-13 19:03 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2013-12-13 19:03 . 2013-12-13 19:03 478720 ----a-w- c:\windows\system32\dxgi.dll
2013-12-13 19:03 . 2013-12-13 19:03 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2013-12-13 19:03 . 2013-12-13 19:03 258048 ----a-w- c:\windows\system32\winspool.drv
2013-12-13 19:03 . 2013-12-13 19:03 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2013-12-13 19:02 . 2013-12-13 19:02 4096 ----a-w- c:\windows\system32\drivers\en-US\dxgkrnl.sys.mui
2013-12-13 19:02 . 2013-12-13 19:02 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-12-13 19:02 . 2013-12-13 19:02 519680 ----a-w- c:\windows\system32\d3d11.dll
2013-12-13 19:02 . 2013-12-13 19:02 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2013-12-13 19:02 . 2013-12-13 19:02 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2013-12-13 19:02 . 2013-12-13 19:02 252928 ----a-w- c:\windows\system32\dxdiag.exe
2013-12-13 19:02 . 2013-12-13 19:02 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2013-12-13 19:02 . 2013-12-13 19:02 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-01-23 21:24 259464 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-06 1866864]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2014-02-25 496192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-23 3767096]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cistray.exe" [2013-11-11 1576152]
"KeyScrambler"="c:\program files\KeyScrambler\keyscrambler.exe" [2013-11-14 508144]
"Arc"="c:\program files\Perfect World Entertainment\Arc\ArcLauncher.exe" [2014-01-21 129360]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-11-14 1028384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-18 23:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ   FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-03-04 08:52 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.146\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-23 21:32]
.
2014-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-01-23 21:32]
.
2014-03-08 c:\windows\Tasks\Malwarebytes Anti-Exploit.job
- c:\program files\Malwarebytes Anti-Exploit\mbae-loader.exe [2014-01-23 13:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-08 21:53
Windows 6.0.6002 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(660)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'Explorer.exe'(2868)
c:\windows\system32\guard32.dll
c:\windows\system32\WSCAPI.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\COMODO\COMODO Internet Security\cavwp.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Malwarebytes Anti-Exploit\mbae.exe
c:\program files\AVAST Software\Avast\AvastEmUpdate.exe
.
**************************************************************************
.
Completion time: 2014-03-08  21:55:12 - machine was rebooted
ComboFix-quarantined-files.txt  2014-03-08 21:55
ComboFix2.txt  2014-03-08 21:29
ComboFix3.txt  2014-03-05 19:54
ComboFix4.txt  2014-03-05 19:41
.
Pre-Run: 800,776,949,760 bytes free
Post-Run: 800,535,855,104 bytes free
.
- - End Of File - - E096843EBD7B1C8CEE53FDCB554EFE16
5C616939100B85E558DA92B899A0FC36

  • 0

#7
HolyCowZ
Posted 03 April 2014 - 05:55 AM

HolyCowZ

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 232 posts

This is the OTL Log

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKEY_USERS\S-1-5-21-3977535122-739135346-868588242-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3977535122-739135346-868588242-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
C:\Users\nuthatch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: nuthatch
->Temp folder emptied: 26427556 bytes
->Temporary Internet Files folder emptied: 49286 bytes
->Java cache emptied: 114078 bytes
->Google Chrome cache emptied: 11965065 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1906 bytes
RecycleBin emptied: 840264 bytes
 
Total Files Cleaned = 38.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04032014_120104
 
Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
 
PendingFileRenameOperations files...
 
Registry entries deleted on Reboot...

  • 0

#8
HolyCowZ
Posted 03 April 2014 - 06:01 AM

HolyCowZ

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 232 posts

All so just to clarify things there is no real infection on here would i be right in that assumption?

I did look for some kind of malware useing cmd and netstat -asn to list running and checked the pids against those listed in task manager I found nothing.

Oh and to find what system you are using press windows key +R and type control /namemicrosoft.system and it will be listed what bit type you are 32 or 64 saves downloading both :P

And I may have to run the tweak tool again as it started and I didn't realize that I was meant to turn off the AV doop I'm not good with computers.

Thanks mate


  • 0

#9
Biscuithd
Posted 03 April 2014 - 07:08 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

If you've compelted the Farbar scan, could you post that log too please :)


  • 0

#10
HolyCowZ
Posted 03 April 2014 - 07:13 AM

HolyCowZ

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 232 posts

Here are both farbar scans

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by nuthatch (administrator) on NUTHATCH-PC on 03-04-2014 14:10:10
Running from C:\Users\nuthatch\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(QFX Software Corporation) C:\Program Files\KeyScrambler\KeyScrambler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(PeerBlock, LLC) C:\Program Files\PeerBlock\peerblock.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3774312 2014-04-02] (AVAST Software)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1225944 2014-03-25] (COMODO)
HKLM\...\Run: [KeyScrambler] - C:\Program Files\KeyScrambler\keyscrambler.exe [508144 2013-11-14] (QFX Software Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [Malwarebytes Anti-Exploit] - C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [1294136 2014-02-21] (Malwarebytes Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [2296600 2013-07-31] (Logitech, Inc.)
HKU\S-1-5-21-3977535122-739135346-868588242-1000\...\Run: [PeerBlock] - C:\Program Files\PeerBlock\peerblock.exe [2124360 2014-01-14] (PeerBlock, LLC)
HKU\S-1-5-21-3977535122-739135346-868588242-1000\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [527936 2014-03-22] (BillP Studios)
HKU\S-1-5-21-3977535122-739135346-868588242-1002\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk
SearchScopes: HKLM - DefaultScope value is missing.
BHO: ArcPluginIEBHO Class - {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - C:\Program Files\Perfect World Entertainment\Arc\Plugins\ArcPluginIE.dll (Perfect World Entertainment Inc)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.co.uk/
CHR DefaultSearchKeyword: google.co.uk
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (ArcPlugin) - C:\Program Files\Perfect World Entertainment\Arc\Plugins\npArcPluginFF.dll (Perfect World Entertainment Inc)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Adblock Plus) - C:\Users\nuthatch\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-23]
CHR Extension: (avast! Online Security) - C:\Users\nuthatch\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-01-23]
CHR Extension: (Google Wallet) - C:\Users\nuthatch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-31]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2009-02-18]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
S3 ArcService; C:\Program Files\Perfect World Entertainment\Arc\ArcService.exe [88400 2014-01-21] (Perfect World Entertainment Inc)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-23] (AVAST Software)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5302384 2014-03-25] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [1663192 2014-03-25] (COMODO)
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [319288 2014-02-21] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-01-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [54832 2014-01-23] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2009-02-18] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-01-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-01-23] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2014-01-23] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2013-12-18] ()
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20072 2014-03-25] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [607680 2014-03-25] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [43216 2014-03-25] (COMODO)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [44632 2014-02-21] ()
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [92656 2014-03-25] (COMODO)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [209016 2013-05-31] (QFX Software Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
R3 pbfilter; C:\Program Files\PeerBlock\pbfilter.sys [20040 2014-01-14] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-03 14:10 - 2014-04-03 14:10 - 00009556 _____ () C:\Users\nuthatch\Desktop\FRST.txt
2014-04-03 13:54 - 2014-04-03 14:10 - 00000000 ____D () C:\FRST
2014-04-03 13:29 - 2014-04-03 13:50 - 00000780 _____ () C:\Windows\PFRO.log
2014-04-03 12:39 - 2014-04-03 12:39 - 00048600 _____ () C:\Users\nuthatch\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-03 12:39 - 2014-04-03 12:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-03 12:39 - 2014-04-03 12:39 - 00000000 _____ () C:\Windows\setupact.log
2014-04-03 12:27 - 2014-04-03 12:27 - 01145856 _____ (Farbar) C:\Users\nuthatch\Desktop\FRST.exe
2014-04-03 12:26 - 2014-04-03 13:49 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-04-03 12:22 - 2014-04-03 12:22 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-NUTHATCH-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2014-04-03 12:21 - 2014-04-03 12:21 - 00000000 ____D () C:\RegBackup
2014-04-03 12:18 - 2014-04-03 12:18 - 03098210 _____ () C:\Users\nuthatch\Desktop\tweaking.com_windows_repair_aio.zip
2014-04-03 12:18 - 2014-04-03 12:18 - 00000000 ____D () C:\Users\nuthatch\Desktop\tweaking.com_windows_repair_aio
2014-04-03 12:05 - 2014-04-03 12:05 - 00004586 _____ () C:\Users\nuthatch\Desktop\04032014_120104.log
2014-04-03 12:04 - 2014-04-03 13:50 - 00228720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-03 12:01 - 2014-04-03 12:01 - 00000000 ____D () C:\_OTL
2014-04-03 00:25 - 2014-04-03 00:25 - 00000054 _____ () C:\Users\nuthatch\Desktop\rep.txt
2014-04-02 18:32 - 2014-04-03 00:05 - 00003796 _____ () C:\Windows\system32\Drivers\fvstore.dat
2014-04-02 18:32 - 2014-04-02 18:32 - 00000000 ____D () C:\VTRoot
2014-03-31 20:23 - 2014-04-03 14:06 - 00129931 _____ () C:\Windows\WindowsUpdate.log
2014-03-31 16:46 - 2014-03-31 16:46 - 00000000 ____D () C:\Users\nuthatch\Desktop\New Folder
2014-03-31 16:26 - 2014-03-31 16:26 - 00602112 _____ (OldTimer Tools) C:\Users\nuthatch\Desktop\OTL.exe
2014-03-26 20:37 - 2014-03-26 20:37 - 00000000 ____D () C:\Program Files\7-Zip
2014-03-26 20:27 - 2014-03-27 15:55 - 00000000 ____D () C:\Users\nuthatch\Desktop\CRYENGINE_Build_PC_v3_5_8_2310_freesdk
2014-03-26 08:09 - 2014-03-26 08:09 - 00001082 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2014-03-26 08:09 - 2014-03-26 08:09 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2014-03-26 08:09 - 2014-03-26 08:09 - 00000000 ____D () C:\Program Files\GreenTree Applications
2014-03-25 13:20 - 2014-03-27 15:36 - 00000000 ____D () C:\Users\nuthatch\Desktop\ja ja
2014-03-25 13:17 - 2014-03-25 13:17 - 00000000 ____D () C:\Users\Public\Documents\Logishrd
2014-03-25 13:16 - 2014-03-25 13:17 - 00000000 ____D () C:\ProgramData\Logishrd
2014-03-25 13:16 - 2014-03-25 13:16 - 00000000 ____D () C:\Users\nuthatch\AppData\Roaming\Leadertech
2014-03-25 13:16 - 2014-03-25 13:16 - 00000000 ____D () C:\Program Files\Logitech
2014-03-25 13:15 - 2014-03-25 13:16 - 00000000 ____D () C:\Program Files\Common Files\Logishrd
2014-03-25 13:14 - 2014-03-25 13:17 - 00000000 ____D () C:\Users\nuthatch\AppData\Roaming\Logitech
2014-03-25 13:14 - 2014-03-25 13:14 - 00000000 ____D () C:\Users\nuthatch\AppData\Roaming\Logishrd
2014-03-25 12:47 - 2014-03-25 12:47 - 00000000 ___SD () C:\ComboFix
2014-03-21 23:44 - 2014-03-21 23:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-21 23:43 - 2014-03-21 23:43 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-21 22:58 - 2014-03-21 22:58 - 00000000 ____D () C:\Users\nuthatch\AppData\Roaming\Mozilla
2014-03-19 01:44 - 2014-03-31 18:45 - 00000000 ____D () C:\Windows\pss
2014-03-18 20:55 - 2014-03-26 20:02 - 00290776 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-03-18 20:55 - 2014-03-18 20:55 - 00000000 ____D () C:\Users\nuthatch\AppData\Local\PunkBuster
2014-03-18 20:54 - 2014-03-18 20:47 - 00001202 _____ () C:\Users\nuthatch\Desktop\APB Reloaded.lnk
2014-03-18 20:53 - 2014-03-18 20:53 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-18 20:52 - 2014-03-26 20:00 - 00281288 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-03-18 20:52 - 2014-03-18 20:52 - 00138904 _____ () C:\Users\nuthatch\AppData\Roaming\PnkBstrK.sys
2014-03-18 20:52 - 2010-06-02 05:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-03-18 20:52 - 2010-06-02 05:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-03-18 20:52 - 2010-06-02 05:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-03-18 20:52 - 2010-05-26 12:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-03-18 20:52 - 2010-05-26 12:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-03-18 20:52 - 2010-05-26 12:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-03-18 20:52 - 2010-05-26 12:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-03-18 20:52 - 2010-05-26 12:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-03-18 20:52 - 2010-02-04 11:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-03-18 20:52 - 2010-02-04 11:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-03-18 20:52 - 2010-02-04 11:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-03-18 20:52 - 2010-02-04 11:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-03-18 20:35 - 2014-03-25 12:51 - 00000000 ____D () C:\Users\nuthatch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
2014-03-18 20:35 - 2014-03-18 20:35 - 00000000 ____D () C:\Users\nuthatch\AppData\Local\GamersFirst
2014-03-18 20:35 - 2014-03-18 20:35 - 00000000 ____D () C:\Program Files\GamersFirst
2014-03-18 08:25 - 2014-03-18 08:25 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2014-03-18 08:25 - 2011-06-11 01:58 - 00773968 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2014-03-18 08:25 - 2011-06-11 01:58 - 00421200 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2014-03-17 15:17 - 2014-03-18 20:34 - 00000724 _____ () C:\console.log
2014-03-17 14:39 - 2014-03-17 14:39 - 00001635 _____ () C:\Users\nuthatch\Desktop\TERA.lnk
2014-03-17 14:39 - 2014-03-17 14:39 - 00000000 ____D () C:\Users\nuthatch\AppData\Roaming\TERA
2014-03-17 14:39 - 2014-03-17 14:39 - 00000000 ____D () C:\Program Files\TERA
2014-03-14 09:08 - 2014-02-23 06:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-14 09:08 - 2014-02-23 06:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-14 09:08 - 2014-02-23 06:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-14 09:08 - 2014-02-23 06:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-14 09:08 - 2014-02-23 06:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-14 09:08 - 2014-02-23 06:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-14 09:08 - 2014-02-23 06:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-14 09:08 - 2014-02-23 06:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-14 09:08 - 2014-02-23 06:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-14 09:08 - 2014-02-23 06:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-14 09:08 - 2014-02-23 06:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-14 09:08 - 2014-02-23 06:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-14 09:08 - 2014-02-23 06:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-14 09:08 - 2014-02-23 06:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-14 09:08 - 2014-02-23 06:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-14 09:08 - 2014-02-23 06:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-14 08:57 - 2014-02-07 11:38 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-14 08:57 - 2014-02-03 11:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-14 08:57 - 2014-01-30 08:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-14 08:57 - 2013-11-13 01:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-13 00:08 - 2014-03-13 00:08 - 00000051 _____ () C:\Users\nuthatch\AppData\Roaming\mbam.context.scan
2014-03-12 15:50 - 2014-03-12 15:50 - 00000000 ____D () C:\Windows\jumpshot.com
2014-03-12 09:52 - 2014-03-12 09:52 - 00001728 _____ () C:\Users\nuthatch\Desktop\PeerBlock.lnk
2014-03-10 21:03 - 2008-09-02 16:03 - 00453152 _____ (NVIDIA Corporation) C:\Windows\system32\nvuninst.exe
2014-03-10 21:03 - 2008-07-08 09:45 - 00004984 _____ () C:\Windows\system32\Drivers\nvphy.bin
2014-03-08 22:55 - 2014-03-08 22:55 - 00011075 _____ () C:\Users\nuthatch\Desktop\ComboFix.txt
2014-03-05 20:55 - 2014-04-03 12:05 - 00000000 ____D () C:\Users\nuthatch\Desktop\syst
2014-03-05 20:55 - 2014-03-05 20:55 - 00000000 ____D () C:\Users\nuthatch\Desktop\PvP neverwinter
2014-03-04 17:56 - 2014-04-02 14:56 - 00000000 ____D () C:\Users\nuthatch\AppData\Local\CrashDumps
2014-03-04 11:16 - 2014-03-24 20:51 - 00001121 _____ () C:\Users\nuthatch\Desktop\go.txt
 
==================== One Month Modified Files and Folders =======
 
2014-04-03 14:10 - 2014-04-03 14:10 - 00009556 _____ () C:\Users\nuthatch\Desktop\FRST.txt
2014-04-03 14:10 - 2014-04-03 13:54 - 00000000 ____D () C:\FRST
2014-04-03 14:08 - 2009-02-18 22:33 - 00000000 ____D () C:\Program Files\PeerBlock
2014-04-03 14:06 - 2014-03-31 20:23 - 00129931 _____ () C:\Windows\WindowsUpdate.log
2014-04-03 14:00 - 2006-11-02 11:33 - 00755394 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-03 13:57 - 2014-01-23 22:32 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-03 13:56 - 2014-01-23 22:32 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-03 13:56 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-03 13:56 - 2006-11-02 13:47 - 00004928 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-03 13:56 - 2006-11-02 13:47 - 00004928 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-03 13:55 - 2006-11-02 14:01 - 00032646 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-03 13:50 - 2014-04-03 13:29 - 00000780 _____ () C:\Windows\PFRO.log
2014-04-03 13:50 - 2014-04-03 12:04 - 00228720 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-03 13:49 - 2014-04-03 12:26 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-04-03 12:39 - 2014-04-03 12:39 - 00048600 _____ () C:\Users\nuthatch\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-03 12:39 - 2014-04-03 12:39 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-03 12:39 - 2014-04-03 12:39 - 00000000 _____ () C:\Windows\setupact.log
2014-04-03 12:27 - 2014-04-03 12:27 - 01145856 _____ (Farbar) C:\Users\nuthatch\Desktop\FRST.exe
2014-04-03 12:22 - 2014-04-03 12:22 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-NUTHATCH-PC-Microsoft®-Windows-Vista™-Home-Premium-(32-bit).dat
2014-04-03 12:21 - 2014-04-03 12:21 - 00000000 ____D () C:\RegBackup
2014-04-03 12:18 - 2014-04-03 12:18 - 03098210 _____ () C:\Users\nuthatch\Desktop\tweaking.com_windows_repair_aio.zip
2014-04-03 12:18 - 2014-04-03 12:18 - 00000000 ____D () C:\Users\nuthatch\Desktop\tweaking.com_windows_repair_aio
2014-04-03 12:05 - 2014-04-03 12:05 - 00004586 _____ () C:\Users\nuthatch\Desktop\04032014_120104.log
2014-04-03 12:05 - 2014-03-05 20:55 - 00000000 ____D () C:\Users\nuthatch\Desktop\syst
2014-04-03 12:01 - 2014-04-03 12:01 - 00000000 ____D () C:\_OTL
2014-04-03 00:25 - 2014-04-03 00:25 - 00000054 _____ () C:\Users\nuthatch\Desktop\rep.txt
2014-04-03 00:05 - 2014-04-02 18:32 - 00003796 _____ () C:\Windows\system32\Drivers\fvstore.dat
2014-04-02 18:32 - 2014-04-02 18:32 - 00000000 ____D () C:\VTRoot
2014-04-02 18:32 - 2009-02-18 22:38 - 00001777 _____ () C:\Users\Public\Desktop\COMODO Firewall.lnk
2014-04-02 14:56 - 2014-03-04 17:56 - 00000000 ____D () C:\Users\nuthatch\AppData\Local\CrashDumps
2014-03-31 18:45 - 2014-03-19 01:44 - 00000000 ____D () C:\Windows\pss
2014-03-31 16:46 - 2014-03-31 16:46 - 00000000 ____D () C:\Users\nuthatch\Desktop\New Folder
2014-03-31 16:26 - 2014-03-31 16:26 - 00602112 _____ (OldTimer Tools) C:\Users\nuthatch\Desktop\OTL.exe
2014-03-30 07:16 - 2013-12-13 19:37 - 00000000 ____D () C:\Program Files\SpywareBlaster
2014-03-27 15:55 - 2014-03-26 20:27 - 00000000 ____D () C:\Users\nuthatch\Desktop\CRYENGINE_Build_PC_v3_5_8_2310_freesdk
2014-03-27 15:37 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Web
2014-03-27 15:36 - 2014-03-25 13:20 - 00000000 ____D () C:\Users\nuthatch\Desktop\ja ja
2014-03-26 20:37 - 2014-03-26 20:37 - 00000000 ____D () C:\Program Files\7-Zip
2014-03-26 20:02 - 2014-03-18 20:55 - 00290776 _____ () C:\Windows\system32\PnkBstrB.xtr
2014-03-26 20:00 - 2014-03-18 20:52 - 00281288 _____ () C:\Windows\system32\PnkBstrB.ex0
2014-03-26 08:09 - 2014-03-26 08:09 - 00001082 _____ () C:\Users\Public\Desktop\YTD Video Downloader.lnk
2014-03-26 08:09 - 2014-03-26 08:09 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2014-03-26 08:09 - 2014-03-26 08:09 - 00000000 ____D () C:\Program Files\GreenTree Applications
2014-03-25 20:22 - 2013-11-14 12:38 - 00607680 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2014-03-25 20:22 - 2013-11-14 12:38 - 00036000 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2014-03-25 20:22 - 2013-09-24 11:54 - 00092656 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2014-03-25 20:22 - 2013-09-24 11:54 - 00043216 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2014-03-25 20:22 - 2013-09-24 11:54 - 00020072 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2014-03-25 20:22 - 2013-09-24 11:53 - 00363504 _____ (COMODO) C:\Windows\system32\guard32.dll
2014-03-25 20:22 - 2013-09-24 11:53 - 00284888 _____ (COMODO) C:\Windows\system32\cmdvrt32.dll
2014-03-25 20:22 - 2013-09-24 11:53 - 00040664 _____ (COMODO) C:\Windows\system32\cmdkbd32.dll
2014-03-25 13:18 - 2009-02-18 21:45 - 00000000 ____D () C:\Users\nuthatch
2014-03-25 13:17 - 2014-03-25 13:17 - 00000000 ____D () C:\Users\Public\Documents\Logishrd
2014-03-25 13:17 - 2014-03-25 13:16 - 00000000 ____D () C:\ProgramData\Logishrd
2014-03-25 13:17 - 2014-03-25 13:14 - 00000000 ____D () C:\Users\nuthatch\AppData\Roaming\Logitech
2014-03-25 13:16 - 2014-03-25 13:16 - 00000000 ____D () C:\Users\nuthatch\AppData\Roaming\Leadertech
2014-03-25 13:16 - 2014-03-25 13:16 - 00000000 ____D () C:\Program Files\Logitech
2014-03-25 13:16 - 2014-03-25 13:15 - 00000000 ____D () C:\Program Files\Common Files\Logishrd
2014-03-25 13:14 - 2014-03-25 13:14 - 00000000 ____D () C:\Users\nuthatch\AppData\Roaming\Logishrd
2014-03-25 12:52 - 2009-02-18 21:45 - 00001356 _____ () C:\Users\nuthatch\AppData\Local\d3d9caps.dat
2014-03-25 12:51 - 2014-03-18 20:35 - 00000000 ____D () C:\Users\nuthatch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GamersFirst
2014-03-25 12:51 - 2014-02-20 17:48 - 00000000 ____D () C:\Program Files\Common Files\BioWare
2014-03-25 12:47 - 2014-03-25 12:47 - 00000000 ___SD () C:\ComboFix
2014-03-25 12:47 - 2014-02-27 15:04 - 00000000 ____D () C:\Qoobox
2014-03-25 08:36 - 2009-02-18 22:31 - 00000000 ____D () C:\ProgramData\InstallMate
2014-03-24 20:51 - 2014-03-04 11:16 - 00001121 _____ () C:\Users\nuthatch\Desktop\go.txt
2014-03-21 23:50 - 2014-03-21 23:44 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-21 23:43 - 2014-03-21 23:43 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-21 22:58 - 2014-03-21 22:58 - 00000000 ____D () C:\Users\nuthatch\AppData\Roaming\Mozilla
2014-03-18 20:55 - 2014-03-18 20:55 - 00000000 ____D () C:\Users\nuthatch\AppData\Local\PunkBuster
2014-03-18 20:53 - 2014-03-18 20:53 - 00000000 ____D () C:\ProgramData\Package Cache
2014-03-18 20:52 - 2014-03-18 20:52 - 00138904 _____ () C:\Users\nuthatch\AppData\Roaming\PnkBstrK.sys
2014-03-18 20:52 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-03-18 20:47 - 2014-03-18 20:54 - 00001202 _____ () C:\Users\nuthatch\Desktop\APB Reloaded.lnk
2014-03-18 20:35 - 2014-03-18 20:35 - 00000000 ____D () C:\Users\nuthatch\AppData\Local\GamersFirst
2014-03-18 20:35 - 2014-03-18 20:35 - 00000000 ____D () C:\Program Files\GamersFirst
2014-03-18 20:34 - 2014-03-17 15:17 - 00000724 _____ () C:\console.log
2014-03-18 16:13 - 2013-12-13 19:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 16:12 - 2006-11-02 11:24 - 87350280 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-03-18 08:25 - 2014-03-18 08:25 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Exploit.lnk
2014-03-18 08:25 - 2013-12-13 19:19 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Exploit
2014-03-18 08:25 - 2009-02-18 22:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-17 14:39 - 2014-03-17 14:39 - 00001635 _____ () C:\Users\nuthatch\Desktop\TERA.lnk
2014-03-17 14:39 - 2014-03-17 14:39 - 00000000 ____D () C:\Users\nuthatch\AppData\Roaming\TERA
2014-03-17 14:39 - 2014-03-17 14:39 - 00000000 ____D () C:\Program Files\TERA
2014-03-16 09:00 - 2014-01-23 22:33 - 00001971 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-14 09:34 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\rescache
2014-03-13 00:08 - 2014-03-13 00:08 - 00000051 _____ () C:\Users\nuthatch\AppData\Roaming\mbam.context.scan
2014-03-12 19:11 - 2014-01-25 11:23 - 00000000 ____D () C:\Users\nuthatch\Desktop\dreadzone
2014-03-12 15:50 - 2014-03-12 15:50 - 00000000 ____D () C:\Windows\jumpshot.com
2014-03-12 09:52 - 2014-03-12 09:52 - 00001728 _____ () C:\Users\nuthatch\Desktop\PeerBlock.lnk
2014-03-10 21:29 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-10 21:22 - 2013-12-13 19:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-08 22:55 - 2014-03-08 22:55 - 00011075 _____ () C:\Users\nuthatch\Desktop\ComboFix.txt
2014-03-08 22:53 - 2014-02-27 15:04 - 00000000 ____D () C:\Windows\erdnt
2014-03-08 22:53 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-03-05 20:55 - 2014-03-05 20:55 - 00000000 ____D () C:\Users\nuthatch\Desktop\PvP neverwinter
2014-03-05 15:59 - 2014-01-25 11:22 - 00000000 ____D () C:\Users\nuthatch\Desktop\Alice
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-03 14:03
 
==================== End Of Log ============================
 
 
 
 
here is the 2nd
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by nuthatch at 2014-04-03 14:10:30
Running from C:\Users\nuthatch\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Disabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: avast! Antivirus (Disabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: COMODO Antivirus (Disabled - Out of date) {0C2D2636-923D-EE52-2A83-E643204A8275}
FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3}
 
==================== Installed Programs ======================
 
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
APB Reloaded (HKLM\...\APB Reloaded) (Version: 1.6.4.649692 - )
Arc (HKLM\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.5510 - Perfect World Entertainment)
avast! Free Antivirus (HKLM\...\Avast) (Version: 9.0.2013 - Avast Software)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
COMODO Firewall (HKLM\...\{901D1D88-408D-48E5-80DD-CC3145BD8456}) (Version: 6.3.39949.2976 - COMODO Security Solutions Inc.)
eReg (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
KeyScrambler (HKLM\...\KeyScrambler) (Version: 3.3.0.0 - QFX Software Corporation)
Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Exploit version 0.10.0.1000 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 0.10.0.1000 - Malwarebytes)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106 - Microsoft Corporation) Hidden
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
NVIDIA 3D Vision Controller Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Control Panel 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA GeForce Experience 1.7.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.7.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA Update 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) Hidden
PeerBlock 1.2 (r693) (HKLM\...\{015C5B35-B678-451C-9AEE-821E8D69621C}_is1) (Version: 1.2.0.693 - PeerBlock, LLC)
SpywareBlaster 5.0 (HKLM\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
TERA (HKLM\...\{A2F166A0-F031-4E27-A057-C69733219434}_is1) (Version: 7 - Gameforge Productions GmbH)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
WinPatrol (HKLM\...\{84481A87-2316-4923-8FAB-3BA8CA29323D}) (Version: 30.5.2014.1 - BillP Studios)
YTD Video Downloader 4.7.4 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.7.4 - GreenTree Applications SRL)
 
==================== Restore Points  =========================
 
10-02-2014 14:52:34 Scheduled Checkpoint
11-02-2014 08:37:02 Windows Update
12-02-2014 22:56:13 Windows Update
17-02-2014 13:11:00 Scheduled Checkpoint
18-02-2014 17:09:18 Windows Update
20-02-2014 16:48:31 Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
22-02-2014 09:11:14 Windows Update
25-02-2014 16:24:42 Windows Update
27-02-2014 15:55:39 Scheduled Checkpoint
28-02-2014 18:36:02 Windows Update
04-03-2014 16:38:35 Windows Update
07-03-2014 17:54:41 Installed Java 7 Update 51
07-03-2014 18:08:05 Removed Java 7 Update 51
07-03-2014 18:23:32 Installed Java 7 Update 51
07-03-2014 18:37:10 Removed Java 7 Update 51
10-03-2014 20:01:21 Windows Update
14-03-2014 08:07:09 Windows Update
18-03-2014 15:11:11 Windows Update
18-03-2014 19:51:28 Installed DirectX
18-03-2014 19:53:20 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
19-03-2014 21:48:23 Scheduled Checkpoint
21-03-2014 20:08:50 Windows Update
25-03-2014 12:17:41 Device Driver Package Install: Logitech Keyboards
25-03-2014 12:18:10 Device Driver Package Install: Logitech Mice and other pointing devices
25-03-2014 12:46:10 Windows Update
27-03-2014 20:34:00 Scheduled Checkpoint
28-03-2014 18:13:33 Windows Update
31-03-2014 18:15:13 Scheduled Checkpoint
01-04-2014 06:16:53 Windows Update
03-04-2014 11:01:17 OTL Restore Point - 03/04/2014 12:01:16
03-04-2014 11:20:35 Tweaking.com - Windows Repair
 
==================== Hosts content: ==========================
 
2014-03-17 11:22 - 2014-03-18 08:23 - 00517864 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
0.0.0.0 fr.a2dfp.net
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 abcstats.com
0.0.0.0 ad4.abradio.cz
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 www2.a-counter.kiev.ua
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 ads.ad2games.com
0.0.0.0 content.ad20.net
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {036C84A6-5530-4948-AF4B-086AC02038B9} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-23] (AVAST Software)
Task: {12CC8796-DACA-4702-B98D-D3876307FD94} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {201B2D9E-AA35-4468-BE31-CD4A240556D7} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-03-31] (COMODO)
Task: {39FCD413-EAD8-4F76-9C58-0A984AF0BA82} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-03-31] (COMODO)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {6436AB12-ECE6-4CAD-A439-0F202724236B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-23] (Google Inc.)
Task: {8AC8152A-F689-47F5-BF73-1CDEAD5F494C} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {A728AE6B-5AB8-4223-AD3E-E6341441A01C} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => Rundll32.exe %windir%\system32\pla.dll,PlaConvertLogEntries
Task: {AA8F349D-9687-4A52-A13E-2E926282C5B7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {C5B771B7-707B-42F8-A7C5-7D64D2A1A9EB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-01-23] (Google Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-03 12:17 - 2014-04-03 08:47 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14040300\algo.dll
2012-06-18 16:24 - 2012-06-18 16:24 - 00260096 _____ () C:\Program Files\Notepad++\NppShell_05.dll
2009-02-18 22:32 - 2009-02-18 22:32 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2009-02-18 22:31 - 2014-02-18 04:46 - 00643948 _____ () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
2014-03-16 09:00 - 2014-03-15 01:50 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-16 09:00 - 2014-03-15 01:50 - 04061000 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-16 09:00 - 2014-03-15 01:50 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-16 09:00 - 2014-03-15 01:50 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/03/2014 11:55:24 AM) (Source: Application Hang) (User: )
Description: The program chrome.exe version 33.0.1750.154 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1664
Start Time: 01cf4f2b133c3983
Termination Time: 3
 
Error: (04/02/2014 05:05:50 PM) (Source: Windows Search Service) (User: )
Description: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.
 
Context:  Application, SystemIndex Catalog
 
Error: (04/02/2014 02:55:53 PM) (Source: Application Error) (User: )
Description: Faulting application wmplayer.exe, version 11.0.6002.18311, time stamp 0x4c8e2d72, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x8000010c,
process id 0x101c, application start time 0xwmplayer.exe0.
 
Error: (03/30/2014 10:06:34 PM) (Source: Application Error) (User: )
Description: Faulting application eReg.exe, version 1.38.0.0, time stamp 0x490f6f0f, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000001,
process id 0x32c, application start time 0xeReg.exe0.
 
Error: (03/30/2014 10:06:29 PM) (Source: Application Error) (User: )
Description: Faulting application KeyScrambler.exe, version 3.3.0.0, time stamp 0x52851364, faulting module KeyScrambler.exe, version 3.3.0.0, time stamp 0x52851364, exception code 0x40000015, fault offset 0x000155bc,
process id 0xedc, application start time 0xKeyScrambler.exe0.
 
Error: (03/30/2014 05:08:09 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (03/30/2014 04:59:56 PM) (Source: Application Error) (User: )
Description: Faulting application wmplayer.exe, version 11.0.6002.18311, time stamp 0x4c8e2d72, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x00000178,
process id 0x1568, application start time 0xwmplayer.exe0.
 
Error: (03/27/2014 10:00:31 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (03/26/2014 06:21:02 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (03/25/2014 00:59:16 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
The content index metadata cannot be read.   (0xc0041801)
 
 
System errors:
=============
Error: (04/03/2014 01:29:22 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 13:28:02 on 03/04/2014 was unexpected.
 
Error: (04/03/2014 00:01:05 PM) (Source: Service Control Manager) (User: )
Description: NVIDIA Display Driver Service1
 
Error: (04/03/2014 08:27:19 AM) (Source: i8042prt) (User: )
Description: Could not set the mouse sample rate.
 
Error: (04/02/2014 00:34:23 PM) (Source: i8042prt) (User: )
Description: An error occurred while trying to determine the number of mouse buttons.
 
Error: (04/01/2014 10:49:55 PM) (Source: i8042prt) (User: )
Description: An error occurred while enabling the mouse to transmit information.  The device has been reset in an attempt to make the device functional.
 
Error: (03/27/2014 11:57:16 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (03/25/2014 01:00:30 PM) (Source: Service Control Manager) (User: )
Description: Windows Search1300001Restart the service
 
Error: (03/25/2014 01:00:30 PM) (Source: Service Control Manager) (User: )
Description: Windows Search2147749155 (0x80040D23)
 
Error: (03/25/2014 00:48:49 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (03/25/2014 00:48:30 PM) (Source: DCOM) (User: )
Description: 1084NVSvc{DCAB0989-1301-4319-BE5F-ADE89F88581C}
 
 
Microsoft Office Sessions:
=========================
Error: (04/03/2014 11:55:24 AM) (Source: Application Hang)(User: )
Description: chrome.exe33.0.1750.154166401cf4f2b133c39833
 
Error: (04/02/2014 05:05:50 PM) (Source: Windows Search Service)(User: )
Description: Context:  Application, SystemIndex Catalog
 
Error: (04/02/2014 02:55:53 PM) (Source: Application Error)(User: )
Description: wmplayer.exe11.0.6002.183114c8e2d72unknown0.0.0.000000000c00000058000010c101c01cf4e63112c7229
 
Error: (03/30/2014 10:06:34 PM) (Source: Application Error)(User: )
Description: eReg.exe1.38.0.0490f6f0funknown0.0.0.000000000c00000050000000132c01cf4c5bec01a80a
 
Error: (03/30/2014 10:06:29 PM) (Source: Application Error)(User: )
Description: KeyScrambler.exe3.3.0.052851364KeyScrambler.exe3.3.0.05285136440000015000155bcedc01cf4c5be863b12a
 
Error: (03/30/2014 05:08:09 PM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (03/30/2014 04:59:56 PM) (Source: Application Error)(User: )
Description: wmplayer.exe11.0.6002.183114c8e2d72unknown0.0.0.000000000c000000500000178156801cf4be006d34cd2
 
Error: (03/27/2014 10:00:31 PM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (03/26/2014 06:21:02 PM) (Source: Perflib)(User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
 
Error: (03/25/2014 00:59:16 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application
 
 
Details:
The content index metadata cannot be read.   (0xc0041801)
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-04-03 14:10:27.304
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-03 14:10:27.234
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-03 14:10:27.163
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-03 14:10:27.092
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-03 14:10:27.019
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-03 14:10:26.948
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-03 14:10:26.878
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-04-03 14:10:26.807
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-31 16:29:59.285
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
  Date: 2014-03-31 16:29:59.214
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 41%
Total physical RAM: 3581.63 MB
Available physical RAM: 2100.08 MB
Total Pagefile: 7374.16 MB
Available Pagefile: 5779.37 MB
Total Virtual: 3071.88 MB
Available Virtual: 2945.75 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:931.51 GB) (Free:746.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 93D0ECF1)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================

  • 0

Advertisements

#11
HolyCowZ
Posted 03 April 2014 - 07:18 AM

HolyCowZ

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 232 posts

It says that Avast is disabled but farber is wrong after running the fixit tool windows reports avast as not on but it's on and it reports no anti malware too but full version of mbam is on and running.

The mouse cursor is sticking more often now its got much worse.


  • 0

#12
Biscuithd
Posted 05 April 2014 - 08:59 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Hello HolyCowZ,

 

You have more than one antivirus program on your machine; Avast and Comodo. That's a case of more is not better. Multiple anti-virus programs use up system resources, and can give false positives.
 

I would recommend that you keep Avast and uninstall Comodo, however the choice which to uninstall is yours alone as long as one of the aforementioned is uninstalled

Here are instructions for Uninstalling a program

1.) Open Programs and Features by clicking the Start button, clicking Control Panel, clicking Programs, and then clicking Programs and Features.

2.) Select a program, and then click Uninstall. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

Next

 

Let's now see how things look are the uninstall, so please rerun FRST and then post the scan results.



 


  • 0

#13
HolyCowZ
Posted 05 April 2014 - 10:44 AM

HolyCowZ

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 232 posts

Hello

I only have 1 antivirus on the machine Avast. Comodo is just my firewall and H.I.Ps as I know that 2 AV's would conflict and may cause FP's or other issues.

Thanks for the reply :)


  • 0

#14
Biscuithd
Posted 07 April 2014 - 11:23 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I do understand, that you understand about the multiple a/v's. Sorry if was condescending. It's difficult to know the sophication of the user early on in the relationship here.

 

That said, we need to rule some things in and others out if we're going to get to the bottom of your machines difficulty. Hence, it would be helpful to me if Comodo were not on the system while I puzzle through the logs.

 

So, would you pleae uninstal Comodo and then re-scan with FRST and post the results. Thanks! :thumbsup:


  • 0

#15
HolyCowZ
Posted 08 April 2014 - 11:53 PM

HolyCowZ

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 232 posts

Hi you didn't sound condescending at all so no need to say sorry. I thought you'd given up on me lol so I had a friend who is over from Japan look at my machine, he works for a well know av company and he found a piece of malware that seems to have escaped all attempts at being found by mbam, otl, combofix, tdss killer, avast. Since he has removed it the machine is working fine. 

Thank you for your help and time and am sorry if I have wasted it and apologize I didn't realize my old friend would be in England and able to help me so again I do apologize for any time wasted.

Paul


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP