Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Could not open Task Manager, Regedit, cmd (admin). Need help with PC cleanup.


  • This topic is locked This topic is locked
6 replies to this topic

#1 JustGeorge

JustGeorge

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 05 September 2014 - 10:00 AM

    First I'd like to thank you for your support and the great work you are doing helping people in such stressful moments. The issue I would like your support with is a little confusing to me, but I will try to explain it as best as I can. I am running Windows 8.1 on this machine and I cannot run the DDS program.

   The problem started when I couldn't open Task Manager by any means, having tried multiple methods: the right click taskbar (further down the line I have noticed that every time I would move the mouse pointer on the taskbar, the pointer would change to loading), ctrl+alt+del, double click the .exe in Windows folder (many times this would result in that specific window hanging and not responding to any commands), Run, and through cmd without any effect (this also hangs). The mouse pointer would change to indicate that something was loading but nothing would happen afterwards.

   Scouring the internet for a solution I have tried to see if I had Task Manager disabled through the registry even though didn't had any errors to suggest that, but I found that I could not open regedit.exe much like the issue with task manager. I have noticed that many other programs which required admin permission would not open and hang. Ran multiple scans of AVG and Malwarebytes Anti-Malware with no threats encountered.

  I decided to run the scans in Safe Mode and AVG found 140 infections with none being cleaned, to my knowledge (I will post the log below). A lot of files and folders were not tested but what caught my attention and thought that i have a virus or malware, was the first entries in the log (bootkit). After restarting I found that the problems I had were being solved, all until the next restart, when all the aforementioned would come back (reproduced this three times and was the only way to gain access to task manager).

  Having lost my confidence in AVG I tried the ESET Online Scanner (unchecked the box to remove threats, as I have seen advised on other threads) which found 5 possible threats and again as far as I know none had been dealt with (deleted or quarantined). After a restart i found that all the issues were solved and would not come back even after multiple restarts, shutdowns. This confused me a great deal as I'm quite sure the threats have not been removed.

 

   Here is the first AVG log:

 

AVG 2014 AntiVirus command line scanner
Copyright © 1992 - 2013 AVG Technologies
Program version 2014.0.4765, engine 2014.0.4015
Virus Database: Version 4015/8148 2014-09-03
@Scan_BootSectorName|%name%=C:\| Found Bootkit.61030040.9A6479C5 is OK.
@Scan_BootSectorName|%name%=F:\| Found Bootkit.61030040.F987090C is OK.
@Scan_BootSectorName|%name%=G:\| Found Bootkit.61030040.F987090C is OK.
C:\Documents and Settings\ Locked file. Not scanned. is OK.
C:\hiberfil.sys Locked file. Not scanned. is OK.
C:\pagefile.sys Locked file. Not scanned. is OK.
C:\ProgramData\Desktop\ Locked file. Not scanned. is OK.
C:\ProgramData\Documents\ Locked file. Not scanned. is OK.
C:\ProgramData\Microsoft\Windows\LocationProvider\ Locked file. Not scanned. is OK.
C:\ProgramData\Microsoft\Windows\SystemData\ Locked file. Not scanned. is OK.
C:\ProgramData\Microsoft\Windows Defender\Scans\History\CacheManager\MpScanCache-1.bin Locked file. Not scanned. is OK.
C:\swapfile.sys Locked file. Not scanned. is OK.
C:\System Volume Information\ Locked file. Not scanned. is OK.
C:\Users\Default\AppData\Local\History\ Locked file. Not scanned. is OK.
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\ Locked file. Not scanned. is OK.
C:\Users\Default\AppData\Local\Temporary Internet Files\ Locked file. Not scanned. is OK.
C:\Users\Default\Cookies\ Locked file. Not scanned. is OK.
C:\Users\Default\Documents\My Music\ Locked file. Not scanned. is OK.
C:\Users\Default\Documents\My Pictures\ Locked file. Not scanned. is OK.
C:\Users\Default\Documents\My Videos\ Locked file. Not scanned. is OK.
C:\Users\Default\NetHood\ Locked file. Not scanned. is OK.
C:\Users\Default\PrintHood\ Locked file. Not scanned. is OK.
C:\Users\Default\Recent\ Locked file. Not scanned. is OK.
C:\Users\Default\Templates\ Locked file. Not scanned. is OK.
C:\Users\George\AppData\Local\Avg2014\temp\avg-0b28a36e-575b-4225-b2ee-9d4e845e8a6d.tmp Locked file. Not scanned. is OK.
C:\Users\George\AppData\Local\Avg2014\temp\avg-157ffe73-973e-4445-ada8-936b0986e037.tmp Locked file. Not scanned. is OK.
C:\Users\George\AppData\Local\History\ Locked file. Not scanned. is OK.
C:\Users\George\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\ Locked file. Not scanned. is OK.
C:\Users\George\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5\ Locked file. Not scanned. is OK.
C:\Users\George\AppData\Local\Microsoft\Windows\Notifications\WPNPRMRY.tmp Locked file. Not scanned. is OK.
C:\Users\George\AppData\Local\Microsoft\Windows\UsrClass.dat Locked file. Not scanned. is OK.
C:\Users\George\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Locked file. Not scanned. is OK.
C:\Users\George\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Locked file. Not scanned. is OK.
C:\Users\George\AppData\Local\Microsoft\Windows\WebCache\V01.log Locked file. Not scanned. is OK.
C:\Users\George\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat Locked file. Not scanned. is OK.
C:\Users\George\AppData\Local\Microsoft\Windows\WebCacheLock.dat Locked file. Not scanned. is OK.
20:25:03 Error 0xe001003e:
    C:\Users\George\AppData\Roamingftblauncher\
C:\Users\George\Documents\My Music\ Locked file. Not scanned. is OK.
C:\Users\George\Documents\My Pictures\ Locked file. Not scanned. is OK.
C:\Users\George\Documents\My Videos\ Locked file. Not scanned. is OK.
C:\Users\George\NetHood\ Locked file. Not scanned. is OK.
C:\Users\George\ntuser.dat Locked file. Not scanned. is OK.
C:\Users\George\ntuser.dat.LOG1 Locked file. Not scanned. is OK.
C:\Users\George\ntuser.dat.LOG2 Locked file. Not scanned. is OK.
C:\Users\George\PrintHood\ Locked file. Not scanned. is OK.
C:\Users\George\Templates\ Locked file. Not scanned. is OK.
C:\Users\Public\Documents\My Music\ Locked file. Not scanned. is OK.
C:\Users\Public\Documents\My Pictures\ Locked file. Not scanned. is OK.
C:\Users\Public\Documents\My Videos\ Locked file. Not scanned. is OK.
C:\Windows\CSC\ Locked file. Not scanned. is OK.
C:\Windows\Resources\Themes\aero\VSCache\Aero.msstyles_1033_96.mss Locked file. Not scanned. is OK.
C:\Windows\ServiceProfiles\LocalService\ntuser.dat Locked file. Not scanned. is OK.
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1 Locked file. Not scanned. is OK.
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2 Locked file. Not scanned. is OK.
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat Locked file. Not scanned. is OK.
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1 Locked file. Not scanned. is OK.
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2 Locked file. Not scanned. is OK.
C:\Windows\System32\catroot2\edb.log Locked file. Not scanned. is OK.
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Locked file. Not scanned. is OK.
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Locked file. Not scanned. is OK.
C:\Windows\System32\config\BBI Locked file. Not scanned. is OK.
C:\Windows\System32\config\BBI.LOG1 Locked file. Not scanned. is OK.
C:\Windows\System32\config\BBI.LOG2 Locked file. Not scanned. is OK.
C:\Windows\System32\config\default Locked file. Not scanned. is OK.
C:\Windows\System32\config\DEFAULT.LOG1 Locked file. Not scanned. is OK.
C:\Windows\System32\config\DEFAULT.LOG2 Locked file. Not scanned. is OK.
C:\Windows\System32\config\RegBack\DEFAULT Locked file. Not scanned. is OK.
C:\Windows\System32\config\RegBack\SAM Locked file. Not scanned. is OK.
C:\Windows\System32\config\RegBack\SECURITY Locked file. Not scanned. is OK.
C:\Windows\System32\config\RegBack\SOFTWARE Locked file. Not scanned. is OK.
C:\Windows\System32\config\RegBack\SYSTEM Locked file. Not scanned. is OK.
C:\Windows\System32\config\sam Locked file. Not scanned. is OK.
C:\Windows\System32\config\SAM.LOG1 Locked file. Not scanned. is OK.
C:\Windows\System32\config\SAM.LOG2 Locked file. Not scanned. is OK.
C:\Windows\System32\config\security Locked file. Not scanned. is OK.
C:\Windows\System32\config\SECURITY.LOG1 Locked file. Not scanned. is OK.
C:\Windows\System32\config\SECURITY.LOG2 Locked file. Not scanned. is OK.
C:\Windows\System32\config\software Locked file. Not scanned. is OK.
C:\Windows\System32\config\SOFTWARE.LOG1 Locked file. Not scanned. is OK.
C:\Windows\System32\config\SOFTWARE.LOG2 Locked file. Not scanned. is OK.
C:\Windows\System32\config\system Locked file. Not scanned. is OK.
C:\Windows\System32\config\SYSTEM.LOG1 Locked file. Not scanned. is OK.
C:\Windows\System32\config\SYSTEM.LOG2 Locked file. Not scanned. is OK.
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\ Locked file. Not scanned. is OK.
C:\Windows\System32\LogFiles\WMI\RtBackup\ Locked file. Not scanned. is OK.
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat Locked file. Not scanned. is OK.
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG1 Locked file. Not scanned. is OK.
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat.LOG2 Locked file. Not scanned. is OK.
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{319bdb04-d747-11e3-825c-e03f498472aa}.TM.blf Locked file. Not scanned. is OK.
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{319bdb04-d747-11e3-825c-e03f498472aa}.TMContainer00000000000000000001.regtrans-ms Locked file. Not scanned. is OK.
C:\Windows\System32\Microsoft\Protect\Recovery\Recovery.dat{319bdb04-d747-11e3-825c-e03f498472aa}.TMContainer00000000000000000002.regtrans-ms Locked file. Not scanned. is OK.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5\ Locked file. Not scanned. is OK.
C:\Windows\Temp\~DF342E41E9611542E7.TMP Locked file. Not scanned. is OK.
C:\Windows\Temp\~DF50C7F69E24653EBB.TMP Locked file. Not scanned. is OK.
F:\hiberfil.sys Locked file. Not scanned. is OK.
F:\ProgramData\Favorites\ Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\07c1a115ff283236ef53eb33c44f515e_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\096543783cd724a0ed7f2296816c2c9c_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\0aa773cbc7b1f3c3b93916a9d4d50e28_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\12e75d67901a6fa0ddbd055db525d627_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\260828fe6035e9df28ec300217187b4c_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\27fc01528be414bbbdc879d5d198c0ed_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\29fc8cbf2c05bfd2db7dfda1febb9dfb_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\381a906b718394118d61b7d24e3f3144_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4223168388f740e820a67aa4c8d66be1_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\4c988143f4b09b1d75bb495ac2df07d3_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\55cf0c166cd2f27ce1ab768c26546e49_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5c8db2d3fb6fe906cde9b0214ee8f34e_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\5ea7428143753de2eae2106fbc682a36_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\635944a58c1e43acda6b668d9bfb06f5_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\65820158b015cf9fbc854a7deb075639_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\6ccf6cba1c4f0b713271b090966fe40e_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\92ee46ce42001d177092c1376daae098_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\b938b10ba79098c0ca1635561beb9d19_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\bc8df712b04ffc91afe38f182626b689_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c28e589d46a374276bb5e6a3b4d4f174_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\c38f022c9644a7ee300ac688ac7538de_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d2f84f8300edb9fd6c9f779357200b15_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e339f4feb4bee0b8b5b18c6ed1041b62_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e6edccc7068f14506703f11a95b9f0c7_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\e82b0fae35e0cdbfa0151e1814efec6e_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ecd70b33a98f385e6b9b7406b6663437_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ee460a0ff8097f5a2ac1a5f6310acb59_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f114dbcd73b80319bc264242eb676dc2_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f9da92d558a6c7423e923a5eda3f11be_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\fe352e4a0af571a9086739089d065544_4714894c-73c7-4dd4-91d4-d1d50093880d Locked file. Not scanned. is OK.
F:\System Volume Information\ Locked file. Not scanned. is OK.
F:\Users\Default\AppData\Local\History\ Locked file. Not scanned. is OK.
F:\Users\Default\AppData\Local\Temporary Internet Files\ Locked file. Not scanned. is OK.
F:\Users\Default\Cookies\ Locked file. Not scanned. is OK.
F:\Users\Default\Documents\My Music\ Locked file. Not scanned. is OK.
F:\Users\Default\Documents\My Pictures\ Locked file. Not scanned. is OK.
F:\Users\Default\Documents\My Videos\ Locked file. Not scanned. is OK.
F:\Users\Default\NetHood\ Locked file. Not scanned. is OK.
F:\Users\Default\PrintHood\ Locked file. Not scanned. is OK.
F:\Users\Default\Recent\ Locked file. Not scanned. is OK.
F:\Users\Default\Templates\ Locked file. Not scanned. is OK.
F:\Users\George\Cookies\ Locked file. Not scanned. is OK.
F:\Users\George\NetHood\ Locked file. Not scanned. is OK.
F:\Users\George\PrintHood\ Locked file. Not scanned. is OK.
F:\Users\George\Templates\ Locked file. Not scanned. is OK.
F:\Windows\CSC\v2.0.6\ Locked file. Not scanned. is OK.
F:\Windows\System32\LogFiles\WMI\RtBackup\ Locked file. Not scanned. is OK.
G:\System Volume Information\ Locked file. Not scanned. is OK.

------------------------------------------------------------
Test started: 3.9.2014 22:23:09
Duration of test: 30 minute(s) 36 second(s)
------------------------------------------------------------
Objects scanned     : 463286
Found infections    :  140
Found high severity :    0
Found med severity  :    0
Found info severity :  143
Fixed high severity :    0
Fixed med severity  :    0
Fixed info severity :    0
------------------------------------------------------------
 

 

   And the ESET Online Scanner log:

 

C:\Program Files\KMSpico\AutoPico.exe    MSIL/HackTool.IdleKMS.C potentially unsafe application
C:\Program Files\KMSpico\KMSELDI.exe    a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application
C:\Program Files\KMSpico\Service_KMS.exe    a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application
C:\Users\George\Downloads\ccsetup417.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
F:\Users\George\AppData\Roaming\OpenCandy\2CAE79790C1F4EA691EA79C487D761E7\winzip180mul-64.msi    probably a variant of Win32/Systweak potentially unwanted application
F:\Windows\Installer\269c84.msi    probably a variant of Win32/Systweak potentially unwanted application

 

 

   I would please require your assistance in dealing with the found threats and finding if the issues (task manager, regedit) were related to them. Thank you for your help.



BC AdBot (Login to Remove)

 


#2 JustGeorge

JustGeorge
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 05 September 2014 - 10:11 PM

The problem is back, still can't open Task Manager, Regedit, cmd(admin).



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:27 PM

Posted 10 September 2014 - 08:29 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#4 JustGeorge

JustGeorge
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:27 PM

Posted 14 September 2014 - 06:21 PM

   Hi nasdaq, and thank you for your help. Sorry for the late reply, I'm in between formatting the damn thing or just going through with the clean.

    Of the programs you had me run, only with Rogue Killer I managed to go through all the steps. When trying to open AdwCleaner and Farbar, the mouse pointer changes to indicate something is loading, nothing opens and the computer won't respond to any mouse commands. I assume it's the user control thing asking for permission to open the file (even though it doesn't open it), because when I click anywhere on desktop I get that click sound error, like something is on top of what you're trying to click on. Right-click -> Open as administrator doesn't work in either case.

   I managed to run Adwcleaner and Farbar in Safe-mode but I don't how relevant those scans are. I'll post the logs anyway.

 

 

    RogueKiller log:

 

 

RogueKiller V9.2.10.0 (x64) [Jul 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : George [Admin rights]
Mode : Remove -- Date : 09/14/2014  23:56:50

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 12 ¤¤¤
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-76425741-2027458733-3528831131-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] (X64) HKEY_USERS\S-1-5-21-76425741-2027458733-3528831131-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-76425741-2027458733-3528831131-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> NOT SELECTED
[PUM.Policies] (X86) HKEY_USERS\S-1-5-21-76425741-2027458733-3528831131-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_F_614A\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_F_614A\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_F_614A\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_F_614A\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> NOT SELECTED
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> NOT SELECTED

¤¤¤ Scheduled tasks : 1 ¤¤¤
[Suspicious.Path] \\0814avUpdateInfo -- C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe (/SETINFO /CMPID=0814av /INFORETRY=3) -> DELETED

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: LOADED) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Samsung SSD 840 EVO 250GB +++++
--- User ---
[MBR] 6791cdfdada69d2ced837e19ff4b0aee
[BSP] d6d054390322f579d7511666e850cba8 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: SAMSUNG HD320KJ +++++
--- User ---
[MBR] da724f97fc2c37a43a7ce25a0aea207a
[BSP] 57ce88c4f3fd098d0746e27279c51fcb : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 105244 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 215541760 | Size: 199999 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_09142014_235615.log

 

 

 

 

     AdwCleaner (ran in safe mode)  log:

 

 

# AdwCleaner v3.310 - Report created 15/09/2014 at 00:05:18
# Updated 12/09/2014 by Xplode
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : George - MAXIMUSHERO
# Running from : C:\Users\George\Desktop\adwcleaner_3.310.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\AVG Secure Search

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v32.0 (x86 en-US)

[ File : C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tly1p3qv.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [710 octets] - [15/09/2014 00:05:18]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [769 octets] ##########

 

 

 

     And the Farbar log (safe mode):

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by George (administrator) on MAXIMUSHERO on 15-09-2014 00:12:37
Running from C:\Users\George\Desktop\farbar
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (minimal)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-76425741-2027458733-3528831131-1001\...\Run: [Spotify Web Helper] => C:\Users\George\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-29] (Spotify Ltd)
HKU\S-1-5-21-76425741-2027458733-3528831131-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-76425741-2027458733-3528831131-1001\...\Run: [CCleaner] => C:\Program Files\CCleaner\CCleaner64.exe [6462744 2014-08-21] (Piriform Ltd)
HKU\S-1-5-21-76425741-2027458733-3528831131-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S0].txt [910 2014-09-15] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.es.msn.com/?rd=1&ucc=ES&dcc=ES&opt=0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCE05F1F872BBCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US,en;q=0.8,ro-RO;q=0.7,ro;q=0.5,es-ES;q=0.3,es;q=0.2
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tly1p3qv.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: WOT - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tly1p3qv.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-05-08]
FF Extension: DownloadHelper - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tly1p3qv.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Does Amazon Ship to ...? - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tly1p3qv.default\Extensions\DoesAmazonShipTo@usefulhelper.com.xpi [2014-05-29]
FF Extension: BetterTTV - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tly1p3qv.default\Extensions\jid0-OeCFXKAPh2tC0bN3Li9ajRAZx6c@jetpack.xpi [2014-06-13]
FF Extension: YouTube High Definition - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tly1p3qv.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-07-10]
FF Extension: Themes Menu - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tly1p3qv.default\Extensions\{84625510-7e5d-11e0-a411-0800200c9a66}.xpi [2014-05-08]
FF Extension: Adblock Plus - C:\Users\George\AppData\Roaming\Mozilla\Firefox\Profiles\tly1p3qv.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-05-08]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2014-05-08] ()
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2014-05-08] (ASUSTeK Computer Inc.)
S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe [1656464 2014-05-08] (ASUSTeK Computer Inc.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
S2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-12] () [File not signed]
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [833728 2014-08-28] (Valve Corporation) [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 XTU3SERVICE; C:\Program Files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [18384 2014-03-13] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2013-01-08] ()
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
S2 AsRamDisk; C:\Windows\system32\DRIVERS\asramdisk.sys [105784 2013-10-09] (Asus)
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-05-08] ()
S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2014-05-08] (MCCI Corporation)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [312480 2014-08-25] ()
R0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.)
S3 AWEAlloc; C:\Windows\system32\DRIVERS\awealloc.sys [21304 2013-10-05] (Olof Lagerkvist)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-08-19] (Disc Soft Ltd)
S2 iocbios2; C:\Program Files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [28912 2014-02-18] (Intel Corporation)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2014-08-25] ()
S3 MbswMailbox; C:\Program Files (x86)\ASUS\AI Suite III\690b33e1-0462-4e84-9bea-c7552b45432a.sys [17208 2014-09-04] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [36456 2014-09-14] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Program Files (x86)\RealTemp\WinRing0x64.sys [14544 2014-06-08] (OpenLibSys.org)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S4 nvlddmkm; \SystemRoot\system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 00:12 - 2014-09-15 00:12 - 00000000 ____D () C:\FRST
2014-09-15 00:09 - 2014-09-15 00:12 - 00000000 ____D () C:\Users\George\Desktop\farbar
2014-09-15 00:06 - 2014-09-15 00:06 - 00000848 _____ () C:\Users\George\Desktop\AdwCleaner[R0].txt
2014-09-15 00:05 - 2014-09-15 00:06 - 00000000 ____D () C:\AdwCleaner
2014-09-14 23:57 - 2014-09-14 23:57 - 00003873 _____ () C:\Users\George\Desktop\RKreport_DEL_09142014_235650.log
2014-09-14 23:39 - 2014-09-15 00:10 - 00000000 ____D () C:\Users\George\AppData\Local\CrashDumps
2014-09-14 23:36 - 2014-09-14 23:42 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-14 23:36 - 2014-09-14 23:36 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-14 23:35 - 2014-09-14 23:35 - 01373475 _____ () C:\Users\George\Desktop\adwcleaner_3.310.exe
2014-09-14 23:35 - 2014-09-14 23:35 - 00000000 _____ () C:\Users\George\Downloads\adwcleaner_3.310.exe
2014-09-14 23:34 - 2014-09-14 23:34 - 05429848 _____ () C:\Users\George\Desktop\RogueKillerX64.exe
2014-09-08 15:00 - 2014-09-08 15:00 - 00000000 ____D () C:\Windows\ERUNT
2014-09-08 13:42 - 2014-09-08 13:43 - 77159736 _____ (AVG) C:\Users\George\Downloads\avg_tuh_stf_all_2014_519_24c28.exe
2014-09-08 13:40 - 2014-09-08 13:40 - 00000000 ____D () C:\Users\George\AppData\Roaming\TuneUp Software
2014-09-08 13:02 - 2014-09-08 13:02 - 08638464 _____ () C:\Users\George\Downloads\Dawngate_en_us.msi
2014-09-08 01:49 - 2014-09-08 01:49 - 00000860 _____ () C:\Users\George\Desktop\µTorrent.lnk
2014-09-08 01:43 - 2014-09-08 14:54 - 00000000 ____D () C:\Users\George\AppData\Roaming\uTorrent
2014-09-08 01:43 - 2014-09-08 01:43 - 01942352 _____ (BitTorrent Inc.) C:\Users\George\Downloads\uTorrent.exe
2014-09-05 16:15 - 2014-09-05 16:15 - 00688992 _____ (Swearware) C:\Users\George\Desktop\dds.com
2014-09-05 15:31 - 2014-09-05 15:31 - 00000812 _____ () C:\Users\George\Desktop\ESET SCAN.txt
2014-09-05 14:26 - 2014-09-05 14:26 - 02347384 _____ (ESET) C:\Users\George\Desktop\esetsmartinstaller_enu.exe
2014-09-05 10:40 - 2014-09-05 10:40 - 00000000 _____ () C:\Recovery.txt
2014-09-05 02:14 - 2014-09-05 02:14 - 04901352 _____ (Piriform Ltd) C:\Users\George\Downloads\ccsetup417.exe
2014-09-05 02:14 - 2014-09-05 02:14 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-05 02:14 - 2014-09-05 02:14 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-05 02:14 - 2014-09-05 02:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-05 02:14 - 2014-09-05 02:14 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-04 22:32 - 2014-09-04 22:32 - 00000000 ____D () C:\Users\George\AppData\Local\Dataram_Corporation
2014-09-04 00:19 - 2014-09-04 00:19 - 00000000 __RHD () C:\Users\George\AppData\Roaming\SecuROM
2014-09-04 00:11 - 2014-09-04 00:11 - 00000000 ____D () C:\Users\George\Documents\Electronic Arts
2014-09-04 00:11 - 2014-09-04 00:11 - 00000000 ____D () C:\ProgramData\EA Core
2014-09-04 00:09 - 2014-09-04 00:09 - 00002344 _____ () C:\Users\Public\Desktop\The Sims™ 3 Late Night.lnk
2014-09-04 00:01 - 2014-09-04 00:01 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-09-04 00:01 - 2014-09-04 00:01 - 00002320 _____ () C:\Users\Public\Desktop\The Sims™ 3.lnk
2014-09-04 00:00 - 2014-09-04 00:00 - 00002272 _____ () C:\Users\Public\Desktop\The Sims™ 3 High-End Loft Stuff.lnk
2014-09-03 22:23 - 2014-09-03 22:53 - 00014241 _____ () C:\Users\George\Desktop\avgrep.txt
2014-09-03 21:21 - 2014-09-03 21:21 - 00000000 ____D () C:\Users\George\AppData\Local\Avg
2014-09-03 15:04 - 2014-09-04 00:01 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-03 12:53 - 2014-09-03 12:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-29 19:47 - 2014-08-29 19:47 - 00000000 ____D () C:\ProgramData\Avg_Update_0814av
2014-08-28 20:31 - 2014-08-23 02:42 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 20:31 - 2014-08-07 04:12 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 20:31 - 2014-08-02 05:56 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-25 06:59 - 2014-08-25 06:59 - 00312480 _____ () C:\Windows\system32\Drivers\atksgt.sys
2014-08-25 06:59 - 2014-08-25 06:59 - 00043168 _____ () C:\Windows\system32\Drivers\lirsgt.sys
2014-08-19 08:09 - 2014-08-19 08:09 - 00000782 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DISCIPLINE.LNK
2014-08-19 08:06 - 2014-09-03 21:35 - 00000000 ____D () C:\Users\George\AppData\Roaming\DAEMON Tools Lite
2014-08-19 08:06 - 2014-08-19 08:08 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-08-19 08:06 - 2014-08-19 08:06 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-08-19 08:06 - 2014-08-19 08:06 - 00001962 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-08-19 08:06 - 2014-08-19 08:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-08-19 08:06 - 2014-08-19 08:06 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-08-18 18:02 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-18 18:02 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-18 18:02 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 18:02 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 18:02 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 18:02 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 18:02 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-18 18:02 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 18:02 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 18:02 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-18 18:02 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-18 18:02 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-18 18:02 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 18:02 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 18:02 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-18 18:02 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-18 18:02 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 18:02 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-18 18:02 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-18 18:02 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-18 18:02 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 18:02 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 18:02 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-18 18:02 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-18 18:01 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 18:01 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 18:01 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-18 18:01 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-18 18:01 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 18:01 - 2014-07-25 13:43 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-18 18:01 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-18 18:01 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 18:01 - 2014-07-25 13:09 - 00291840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-18 18:01 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 18:01 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-18 18:01 - 2014-06-20 03:48 - 01273184 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-18 18:01 - 2014-06-20 01:52 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-18 18:01 - 2014-06-13 03:15 - 00517528 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-08-18 18:01 - 2014-06-13 03:14 - 01557848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-18 18:01 - 2014-06-13 02:10 - 00406400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-08-18 18:01 - 2014-06-06 13:34 - 02133504 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-08-18 18:00 - 2014-08-02 05:11 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-08-18 18:00 - 2014-07-15 20:16 - 03048880 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2014-08-18 18:00 - 2014-07-15 10:29 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-08-18 18:00 - 2014-07-15 10:22 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2014-08-18 18:00 - 2014-07-15 10:03 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-08-18 18:00 - 2014-07-12 06:17 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-08-18 18:00 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-18 18:00 - 2014-06-10 00:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-18 18:00 - 2014-06-04 11:27 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-18 18:00 - 2014-06-04 07:31 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-18 18:00 - 2014-06-04 07:22 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-18 18:00 - 2014-06-04 06:43 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-18 18:00 - 2014-06-04 06:38 - 03304448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-18 18:00 - 2014-06-04 04:15 - 02642944 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-18 18:00 - 2014-06-04 04:14 - 02318336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 00:12 - 2014-09-15 00:12 - 00000000 ____D () C:\FRST
2014-09-15 00:12 - 2014-09-15 00:09 - 00000000 ____D () C:\Users\George\Desktop\farbar
2014-09-15 00:11 - 2014-05-08 11:12 - 01048576 _____ () C:\Windows\PE_Rom.dll
2014-09-15 00:10 - 2014-09-14 23:39 - 00000000 ____D () C:\Users\George\AppData\Local\CrashDumps
2014-09-15 00:10 - 2014-05-09 18:27 - 00000000 __RDO () C:\Users\George\SkyDrive
2014-09-15 00:10 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 00:07 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-15 00:06 - 2014-09-15 00:06 - 00000848 _____ () C:\Users\George\Desktop\AdwCleaner[R0].txt
2014-09-15 00:06 - 2014-09-15 00:05 - 00000000 ____D () C:\AdwCleaner
2014-09-15 00:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-09-14 23:57 - 2014-09-14 23:57 - 00003873 _____ () C:\Users\George\Desktop\RKreport_DEL_09142014_235650.log
2014-09-14 23:46 - 2014-05-08 21:54 - 00799036 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-14 23:42 - 2014-09-14 23:36 - 00036456 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-14 23:39 - 2014-07-10 02:20 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-14 23:39 - 2014-05-12 07:00 - 00000000 ____D () C:\Windows\Minidump
2014-09-14 23:37 - 2014-05-08 12:28 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-14 23:37 - 2014-05-08 11:17 - 00000000 _____ () C:\Windows\Path.idx
2014-09-14 23:36 - 2014-09-14 23:36 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-14 23:36 - 2014-07-10 02:20 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-14 23:36 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-09-14 23:35 - 2014-09-14 23:35 - 01373475 _____ () C:\Users\George\Desktop\adwcleaner_3.310.exe
2014-09-14 23:35 - 2014-09-14 23:35 - 00000000 _____ () C:\Users\George\Downloads\adwcleaner_3.310.exe
2014-09-14 23:35 - 2014-05-08 22:11 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{5A206273-BE93-46A3-B630-CF4253ADCF66}
2014-09-14 23:35 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-09-14 23:34 - 2014-09-14 23:34 - 05429848 _____ () C:\Users\George\Desktop\RogueKillerX64.exe
2014-09-14 23:32 - 2014-05-08 15:53 - 00000000 ____D () C:\Users\George
2014-09-08 15:00 - 2014-09-08 15:00 - 00000000 ____D () C:\Windows\ERUNT
2014-09-08 14:58 - 2014-06-04 15:33 - 00000000 ____D () C:\Poze
2014-09-08 14:54 - 2014-09-08 01:43 - 00000000 ____D () C:\Users\George\AppData\Roaming\uTorrent
2014-09-08 14:54 - 2014-05-08 12:33 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-08 13:43 - 2014-09-08 13:42 - 77159736 _____ (AVG) C:\Users\George\Downloads\avg_tuh_stf_all_2014_519_24c28.exe
2014-09-08 13:43 - 2014-08-09 13:59 - 00000000 __SHD () C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-09-08 13:40 - 2014-09-08 13:40 - 00000000 ____D () C:\Users\George\AppData\Roaming\TuneUp Software
2014-09-08 13:25 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-08 13:02 - 2014-09-08 13:02 - 08638464 _____ () C:\Users\George\Downloads\Dawngate_en_us.msi
2014-09-08 05:58 - 2014-05-08 12:55 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-76425741-2027458733-3528831131-1001
2014-09-08 01:49 - 2014-09-08 01:49 - 00000860 _____ () C:\Users\George\Desktop\µTorrent.lnk
2014-09-08 01:49 - 2014-05-09 19:38 - 00000840 _____ () C:\Users\George\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-09-08 01:43 - 2014-09-08 01:43 - 01942352 _____ (BitTorrent Inc.) C:\Users\George\Downloads\uTorrent.exe
2014-09-05 16:15 - 2014-09-05 16:15 - 00688992 _____ (Swearware) C:\Users\George\Desktop\dds.com
2014-09-05 15:31 - 2014-09-05 15:31 - 00000812 _____ () C:\Users\George\Desktop\ESET SCAN.txt
2014-09-05 14:26 - 2014-09-05 14:26 - 02347384 _____ (ESET) C:\Users\George\Desktop\esetsmartinstaller_enu.exe
2014-09-05 10:40 - 2014-09-05 10:40 - 00000000 _____ () C:\Recovery.txt
2014-09-05 02:14 - 2014-09-05 02:14 - 04901352 _____ (Piriform Ltd) C:\Users\George\Downloads\ccsetup417.exe
2014-09-05 02:14 - 2014-09-05 02:14 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-09-05 02:14 - 2014-09-05 02:14 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-05 02:14 - 2014-09-05 02:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-05 02:14 - 2014-09-05 02:14 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-05 00:51 - 2014-06-08 19:21 - 00000000 ____D () C:\ProgramData\Intel Application Pairing
2014-09-04 23:04 - 2014-06-29 13:46 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-04 22:33 - 2014-05-09 19:55 - 00000000 ____D () C:\Games
2014-09-04 22:32 - 2014-09-04 22:32 - 00000000 ____D () C:\Users\George\AppData\Local\Dataram_Corporation
2014-09-04 22:27 - 2014-05-08 22:45 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-04 22:08 - 2014-05-12 20:21 - 00007597 _____ () C:\Users\George\AppData\Local\resmon.resmoncfg
2014-09-04 21:56 - 2014-06-29 16:07 - 00000000 ____D () C:\Users\George\AppData\Local\Downloaded Installations
2014-09-04 21:54 - 2014-06-19 01:51 - 00000000 ____D () C:\Users\George\AppData\Roaming\Spotify
2014-09-04 21:17 - 2014-06-29 13:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-04 15:08 - 2014-05-08 12:12 - 00000688 _____ () C:\Windows\MB.idx
2014-09-04 15:02 - 2014-05-08 12:53 - 00000000 ____D () C:\ProgramData\Origin
2014-09-04 00:19 - 2014-09-04 00:19 - 00000000 __RHD () C:\Users\George\AppData\Roaming\SecuROM
2014-09-04 00:11 - 2014-09-04 00:11 - 00000000 ____D () C:\Users\George\Documents\Electronic Arts
2014-09-04 00:11 - 2014-09-04 00:11 - 00000000 ____D () C:\ProgramData\EA Core
2014-09-04 00:09 - 2014-09-04 00:09 - 00002344 _____ () C:\Users\Public\Desktop\The Sims™ 3 Late Night.lnk
2014-09-04 00:01 - 2014-09-04 00:01 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-09-04 00:01 - 2014-09-04 00:01 - 00002320 _____ () C:\Users\Public\Desktop\The Sims™ 3.lnk
2014-09-04 00:01 - 2014-09-03 15:04 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-09-04 00:00 - 2014-09-04 00:00 - 00002272 _____ () C:\Users\Public\Desktop\The Sims™ 3 High-End Loft Stuff.lnk
2014-09-03 23:59 - 2014-05-08 12:53 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-09-03 22:53 - 2014-09-03 22:23 - 00014241 _____ () C:\Users\George\Desktop\avgrep.txt
2014-09-03 21:35 - 2014-08-19 08:06 - 00000000 ____D () C:\Users\George\AppData\Roaming\DAEMON Tools Lite
2014-09-03 21:21 - 2014-09-03 21:21 - 00000000 ____D () C:\Users\George\AppData\Local\Avg
2014-09-03 21:21 - 2014-05-08 12:30 - 00000981 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-03 21:19 - 2014-05-08 12:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-03 12:53 - 2014-09-03 12:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-03 01:44 - 2014-05-23 18:19 - 00000000 ____D () C:\Users\George\AppData\Roaming\vlc
2014-08-31 09:06 - 2013-08-22 16:44 - 00362544 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 19:47 - 2014-08-29 19:47 - 00000000 ____D () C:\ProgramData\Avg_Update_0814av
2014-08-27 15:59 - 2014-05-08 12:46 - 00000000 ____D () C:\Users\George\AppData\Local\Battle.net
2014-08-25 06:59 - 2014-08-25 06:59 - 00312480 _____ () C:\Windows\system32\Drivers\atksgt.sys
2014-08-25 06:59 - 2014-08-25 06:59 - 00043168 _____ () C:\Windows\system32\Drivers\lirsgt.sys
2014-08-23 02:42 - 2014-08-28 20:31 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 01:12 - 2014-05-08 12:46 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-21 05:52 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-08-20 12:49 - 2014-05-08 12:52 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-19 08:09 - 2014-08-19 08:09 - 00000782 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DISCIPLINE.LNK
2014-08-19 08:08 - 2014-08-19 08:06 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-08-19 08:06 - 2014-08-19 08:06 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-08-19 08:06 - 2014-08-19 08:06 - 00001962 _____ () C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2014-08-19 08:06 - 2014-08-19 08:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-08-19 08:06 - 2014-08-19 08:06 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-08-18 18:08 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-08-18 18:08 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-18 18:06 - 2014-05-09 01:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-18 18:05 - 2014-05-09 01:39 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-18 18:00 - 2014-05-10 15:48 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 18:00 - 2014-05-10 15:47 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-18 18:00 - 2014-05-09 01:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 18:00 - 2013-08-22 13:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 18:00 - 2013-08-22 13:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 18:00 - 2013-08-22 13:22 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 18:00 - 2013-08-22 13:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 18:00 - 2013-08-22 13:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 18:00 - 2013-08-22 13:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 18:00 - 2013-08-22 12:32 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 18:00 - 2013-08-22 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-18 18:00 - 2013-08-22 05:55 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-18 18:00 - 2013-08-22 05:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-18 18:00 - 2013-08-22 05:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-18 18:00 - 2013-08-22 05:40 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-18 18:00 - 2013-08-22 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

Some content of TEMP:
====================
C:\Users\George\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 21:02

==================== End Of Log ============================
 

 

 

   Thank you for your help. Waiting further instructions.

 

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:27 PM

Posted 15 September 2014 - 07:32 AM


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.

start
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-76425741-2027458733-3528831131-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S0].txt [910 2014-09-15] ()
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-12] () [File not signed]
S4 nvlddmkm; \SystemRoot\system32\DRIVERS\nvlddmkm.sys [X]
S4 nvvad_WaveExtensible; \SystemRoot\system32\drivers\nvvad64v.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/
===

Can your run the Farbar tool in normal mode and post a fresh FRST log?

===

How is the computer running now?

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:27 PM

Posted 20 September 2014 - 08:08 AM

Are you still with me?

#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:27 PM

Posted 26 September 2014 - 08:06 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users