TechSpot

Random ads playing through speakers. Driving me nuts

By vonnie360
Sep 21, 2014
  1. Hi,
    I've never posted to a forum before, ever, so please bear with me. My Gateway laptop running Windows 8 has been making random noises through the speakers, at first it just sounded like bursts of static but yesterday I was able to make out a Verizon ad. Yipee. If I open my sound mixer It appears as if chrome is playing the sound but it has made the sound when I haven't had chrome open. If I open my task manager it shows chrome processes running when I am again not using chrome. I've followed the malware preliminary procedures as listed in the forum and have the logs from MBAM and DDS and also have installed Avast. I'm asking for help from a higher tech power. Thank you in advance!
     
  2. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]


    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.


    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. vonnie360

    vonnie360 TS Rookie Topic Starter Posts: 22

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 9/21/2014
    Scan Time: 9:11:28 AM
    Logfile: malbytes scan 1.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.09.21.06
    Rootkit Database: v2014.09.19.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 8
    CPU: x64
    File System: NTFS
    User: Computer1

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 313127
    Time Elapsed: 20 min, 6 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 1
    PUP.Optional.SearchProtection.A, C:\Users\Computer1\AppData\Roaming\Search Protection\SearchProtection.exe, 3524, Delete-on-Reboot, [78d23cb4cab10c2a622a95a5cf3416ea]

    Modules: 0
    (No malicious items detected)

    Registry Keys: 3
    PUP.Optional.Spigot, HKU\S-1-5-21-2298785408-665061886-3143229245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Search Protection, Quarantined, [ff4bdf11e497b680d922aa103cc5ed13],
    PUP.Optional.MyEmoticons.A, HKU\S-1-5-21-2298785408-665061886-3143229245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Protection, Quarantined, [f951a24eaecdf3433ac5e0559b68639d],
    PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2298785408-665061886-3143229245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT, Quarantined, [e46650a082f9201679ec5fda2cd78779],

    Registry Values: 2
    PUP.Optional.SearchProtection.A, HKU\S-1-5-21-2298785408-665061886-3143229245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SearchProtection, "C:\Users\Computer1\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart, Quarantined, [78d23cb4cab10c2a622a95a5cf3416ea]
    PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2298785408-665061886-3143229245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCHPROTECTINT|Install, 1, Quarantined, [e46650a082f9201679ec5fda2cd78779]

    Registry Data: 1
    PUP.Optional.Spigot.A, HKU\S-1-5-21-2298785408-665061886-3143229245-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://search.yahoo.com/?type=293224&fr=spigot-yhp-ie, Good: (www.google.com), Bad: (http://search.yahoo.com/?type=293224&fr=spigot-yhp-ie),Replaced,[183201ef4c2f1026617a55a747bd26da]

    Folders: 2
    PUP.Optional.Extutil.A, C:\Users\Computer1\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B, Quarantined, [084260907efdfa3cec454ca352b0ea16],
    PUP.Optional.Managera.A, C:\Users\Computer1\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42, Quarantined, [5dedc52b5a21191d6bc7717e92709967],

    Files: 20
    PUP.Optional.Spigot, C:\Users\Computer1\AppData\Roaming\Search Protection\Uninstall.exe, Quarantined, [ff4bdf11e497b680d922aa103cc5ed13],
    PUP.Optional.SearchProtection.A, C:\Users\Computer1\AppData\Local\Temp\utt950B.tmp.exe, Quarantined, [5cee717f80fbd26485b28c38a064b44c],
    PUP.Optional.Spigot, C:\Users\Computer1\AppData\Local\Temp\~spAFD5.tmp, Quarantined, [34166888106b1e188b0f0f9c5ea3a957],
    PUP.Optional.SearchProtect.A, C:\Users\Computer1\AppData\Local\Temp\nsq4B66.exe, Quarantined, [62e87878c6b592a46bc793a714ed758b],
    PUP.Optional.SearchProtect.A, C:\Users\Computer1\AppData\Local\Temp\nsr818F.exe, Quarantined, [97b3856b136854e274bef743639edb25],
    PUP.Optional.SearchProtect.A, C:\Users\Computer1\AppData\Local\Temp\nsx4B57.exe, Quarantined, [53f76987403b5bdbaf83b1893ac7ef11],
    PUP.Optional.Conduit.A, C:\Users\Computer1\AppData\Local\Temp\SearchProtectINT.exe, Quarantined, [cd7dfff194e7f541451b0b225fa22fd1],
    PUP.Optional.Spigot, C:\Users\Computer1\AppData\Local\Temp\SearchProtectionSetup.exe, Quarantined, [a2a85e92b7c451e5bc3faf0b0cf5b24e],
    PUP.Optional.SearchProtect.A, C:\Users\Computer1\AppData\Local\Temp\nsb4EB2.exe, Quarantined, [a8a2ba362358191d51e184b67f8250b0],
    PUP.Optional.SearchProtect.A, C:\Users\Computer1\AppData\Local\Temp\nsi84AD.exe, Quarantined, [d872f1fffc7f67cf3cf683b722df03fd],
    PUP.Optional.SearchProtect.A, C:\Users\Computer1\AppData\Local\Temp\nsj87BB.exe, Quarantined, [ae9c628ed8a358decc66c2780bf6ff01],
    PUP.Optional.SearchProtect.A, C:\Users\Computer1\AppData\Local\Temp\nsn51FF.exe, Quarantined, [2228ed031e5d82b469c96eccbd449f61],
    PUP.Optional.Conduit.A, C:\Users\Computer1\AppData\Local\Temp\nsaC29\SpSetup.exe, Quarantined, [3f0b9c544536e84e39eb86a98f725da3],
    PUP.Optional.Conduit.A, C:\Users\Computer1\AppData\Roaming\Mozilla\Firefox\Profiles\oj7r4wyn.default\searchplugins\conduit-search.xml, Quarantined, [a6a4648ca5d6ae8874370401986b20e0],
    PUP.Optional.SearchProtection.A, C:\Users\Computer1\AppData\Roaming\Search Protection\SearchProtection.exe, Delete-on-Reboot, [78d23cb4cab10c2a622a95a5cf3416ea],
    PUP.Optional.Extutil.A, C:\Users\Computer1\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\bk.js, Quarantined, [084260907efdfa3cec454ca352b0ea16],
    PUP.Optional.Extutil.A, C:\Users\Computer1\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\cs.js, Quarantined, [084260907efdfa3cec454ca352b0ea16],
    PUP.Optional.Extutil.A, C:\Users\Computer1\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B\manifest.json, Quarantined, [084260907efdfa3cec454ca352b0ea16],
    PUP.Optional.Managera.A, C:\Users\Computer1\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\cs.js, Quarantined, [5dedc52b5a21191d6bc7717e92709967],
    PUP.Optional.Managera.A, C:\Users\Computer1\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42\manifest.json, Quarantined, [5dedc52b5a21191d6bc7717e92709967],

    Physical Sectors: 0
    (No malicious items detected)
     
  4. vonnie360

    vonnie360 TS Rookie Topic Starter Posts: 22

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.17054 BrowserJavaVersion: 10.67.2
    Run by Computer1 at 11:10:31 on 2014-09-21
    Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3909.1489 [GMT -7:00]
    .
    AV: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\dwm.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhostex.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    C:\Program Files\Intel\iCLS Client\HeciServer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
    C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
    C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Windows\RfBtnSvc64.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\Program Files\Smart Menu\WinStartMenuLauncher.exe
    C:\Program Files\Smart Menu\Smart Menu.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\RadioController\RfBtnHelper.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\igfxext.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
    C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SndVol.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = www.google.com
    uDefault_Page_URL = hxxp://acer13.msn.com
    mWinlogon: Userinit = userinit.exe,
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
    uRun: [GoogleChromeAutoLaunch_26538DF6A5985C170EA879964D872BF7] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    mRun: [LManager] <no file>
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\GATEWA~1.LNK - C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{C2B57095-4EF7-4AAB-B10E-090A6BAB1643} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{F724A8A9-C598-44DE-9F97-C3527FEA922B} : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{F724A8A9-C598-44DE-9F97-C3527FEA922B}\14141494D4 : DHCPNameServer = 192.168.1.5
    TCP: Interfaces\{F724A8A9-C598-44DE-9F97-C3527FEA922B}\1496D65656A5 : DHCPNameServer = 192.168.1.1
    TCP: Interfaces\{F724A8A9-C598-44DE-9F97-C3527FEA922B}\2656C6B696E6E2132323 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{F724A8A9-C598-44DE-9F97-C3527FEA922B}\F4074796D65737F5052796D656 : DHCPNameServer = 192.168.0.1 205.171.2.25
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Computer1\AppData\Roaming\Mozilla\Firefox\Profiles\oj7r4wyn.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
    FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dll
    FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dll
    FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2013-3-19 645952]
    R2 BrcmCardReader;Broadcom Card Reader Service;C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [2012-8-20 176640]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2012-12-27 350544]
    R2 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-12-16 227904]
    R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
    R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-3-19 165760]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
    R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2013-7-26 230416]
    R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2012-11-2 259136]
    R2 RfButtonDriverService;Dritek RF Button Command Service;C:\Windows\RfBtnSvc64.exe [2013-3-19 96880]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-3-19 364416]
    R2 WinStartMenuLauncher;Windows Start Menu Service;C:\Program Files\Smart Menu\WinStartMenuLauncher.exe [2014-3-13 249472]
    R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\Drivers\b57xdbd.sys [2012-8-13 72280]
    R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\Drivers\b57xdmp.sys [2012-8-13 21080]
    R3 bScsiMSa;bScsiMSa;C:\Windows\System32\Drivers\bScsiMSa.sys [2012-6-18 55384]
    R3 bScsiSDa;bScsiSDa;C:\Windows\System32\Drivers\bScsiSDa.sys [2012-8-14 70744]
    R3 ePowerSvc;ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2012-12-13 664288]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\Drivers\IntcDAud.sys [2012-12-27 342528]
    R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\Drivers\k57nd60a.sys [2012-6-2 425472]
    R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\Drivers\MBAMSwissArmy.sys [2014-9-21 122584]
    R3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;C:\Windows\System32\Drivers\aPs2Kb2Hid.sys [2013-3-19 26736]
    R3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-12-27 31032]
    S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\BitRaider\BRSptSvc.exe [2014-4-5 477960]
    S3 DeviceFastLaneService;Device Fast-lane Service;C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [2012-11-16 469648]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\Drivers\lvrs64.sys [2012-10-26 351520]
    S3 NMgamingmsFltr;USB Optical Mouse;C:\Windows\System32\Drivers\NMgamingms.sys [2013-12-9 13312]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\System32\Drivers\ssadbus.sys [2011-5-13 157672]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\Drivers\wdcsam64.sys [2008-5-6 14464]
    S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656]
    .
    =============== Created Last 30 ================
    .
    2014-09-21 16:38:29 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
    2014-09-21 16:37:14 -------- d-----w- C:\AdwCleaner
    2014-09-21 16:10:04 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
    2014-09-21 16:09:24 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
    2014-09-21 16:09:24 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
    2014-09-21 16:09:24 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2014-09-21 16:09:23 -------- d-----w- C:\ProgramData\Malwarebytes
    2014-09-21 16:09:23 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
    .
    ==================== Find3M ====================
    .
    2014-08-17 19:12:39 35328 ----a-w- C:\Windows\SysWow64\wuapp.exe
    2014-08-17 19:12:39 128000 ----a-w- C:\Windows\SysWow64\wuwebv.dll
    2014-08-17 19:12:38 40448 ----a-w- C:\Windows\System32\wuapp.exe
    2014-08-17 19:12:38 144384 ----a-w- C:\Windows\System32\wuwebv.dll
    2014-08-17 19:12:06 100352 ----a-w- C:\Windows\System32\wudriver.dll
    2014-08-17 19:12:05 253440 ----a-w- C:\Windows\System32\WUSettingsProvider.dll
    2014-08-17 19:12:05 1623040 ----a-w- C:\Windows\System32\wucltux.dll
    2014-08-17 19:12:00 86528 ----a-w- C:\Windows\SysWow64\wudriver.dll
    2014-08-17 19:11:59 176640 ----a-w- C:\Windows\System32\storewuauth.dll
    2014-08-02 00:15:04 704480 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-08-02 00:15:04 105440 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-07-25 19:55:09 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2014-07-24 12:10:54 2240000 ----a-w- C:\Windows\System32\wininet.dll
    2014-07-24 12:10:46 915968 ----a-w- C:\Windows\System32\uxtheme.dll
    2014-07-24 12:10:46 53760 ----a-w- C:\Windows\System32\UXInit.dll
    2014-07-24 12:09:37 3959296 ----a-w- C:\Windows\System32\jscript9.dll
    2014-07-24 12:09:33 67072 ----a-w- C:\Windows\System32\iesetup.dll
    2014-07-24 12:09:33 136704 ----a-w- C:\Windows\System32\iesysprep.dll
    2014-07-24 12:09:00 1508864 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-07-24 10:52:27 1766400 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-07-24 10:52:20 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll
    2014-07-24 10:51:27 2861568 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-07-24 10:51:22 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
    2014-07-24 10:51:22 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
    2014-07-24 10:51:02 1440768 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-07-24 10:33:52 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-07-24 10:29:20 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-07-24 08:03:01 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll
    2014-07-15 23:03:48 1300992 ----a-w- C:\Windows\System32\gdi32.dll
    2014-07-15 22:55:08 4035072 ----a-w- C:\Windows\System32\win32k.sys
    2014-07-15 22:51:05 71168 ----a-w- C:\Windows\System32\drivers\hdaudbus.sys
    2014-07-12 02:36:04 1023488 ----a-w- C:\Windows\SysWow64\gdi32.dll
    .
    ============= FINISH: 11:11:58.05 ===============
     
  5. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    I still need Attach.txt log from DDS.
     
  6. vonnie360

    vonnie360 TS Rookie Topic Starter Posts: 22

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 8
    Boot Device: \Device\HarddiskVolume2
    Install Date: 12/26/2013 5:41:01 PM
    System Uptime: 9/21/2014 9:51:09 AM (2 hours ago)
    .
    Motherboard: Gateway | | EG50_HC_HR
    Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz | U3E1 | 1100/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 449 GiB total, 280.955 GiB free.
    D: is CDROM (UDF)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP42: 8/27/2014 9:24:52 PM - Scheduled Checkpoint
    RP43: 9/4/2014 5:39:56 PM - Scheduled Checkpoint
    RP44: 9/12/2014 3:06:48 AM - Scheduled Checkpoint
    RP45: 9/17/2014 9:39:24 PM - Installed The Sims 3
    .
    ==== Installed Programs ======================
    .
    µTorrent
    Adobe Digital Editions 3.0
    Adobe Flash Player 11 Plugin
    Adobe Photoshop Lightroom 5.2 64-bit
    Adobe Shockwave Player 12.1
    Agatha Christie - Death on the Nile
    Aloha TriPeaks
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Backup Manager v4
    Bejeweled 3
    BitRaider Web Client
    Bonjour
    Broadcom 802.11 Network Adapter
    Broadcom Card Reader Driver Installer
    Canon PRO-100 series Printer Driver
    Cradle Of Egypt Collector's Edition
    CyberLink MediaEspresso 6.5
    CyberLink PowerDVD 10
    Delicious: Emily's True Love Premium Edition
    DiskAid 6.5.6.0
    Dora's World Adventure
    Dritek Radio Controller
    eBay Worldwide
    FlacSquisher 1.2.1
    Game Channels
    Gateway Device Fast-lane
    Gateway MyBackup
    Gateway Power Management
    Gateway Recovery Management
    Google Chrome
    Google Drive
    Google Update Helper
    Identity Card
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Intel(R) SDK for OpenCL - CPU Only Runtime Package
    Intel® Trusted Connect Service Client
    iTunes
    Java 7 Update 67
    Java Auto Updater
    Java(TM) 6 Update 22
    Jewel Match 3
    Kepler 7.0
    Launch Manager
    Live Updater
    Malwarebytes Anti-Malware version 2.0.2.1012
    Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64)
    Microsoft Office
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox 30.0 (x86 en-US)
    Mozilla Maintenance Service
    Mystery P.I. - Curious Case of Counterfeit Cove
    Nero 12 Essentials OEM.a01
    Nero ControlCenter
    Nero ControlCenter Help (CHM)
    Nero Core Components
    Nero Express
    Nero Express Help (CHM)
    Nero Launcher
    Nero Update
    Nitro Reader 3
    Origin
    Peggle Nights
    Penguins!
    Plants vs. Zombies - Game of the Year
    Polar Bowler
    Polar Golfer
    Prerequisite installer
    Realtek High Definition Audio Driver
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition
    Smart Menu
    Spotify
    Star Wars The Old Republic
    Star Wars: The Old Republic
    swMSM
    Synaptics Pointing Device Driver
    Tales of Lagoona
    The Sims™ 3
    The Sims™ 3 Ambitions
    The Sims™ 3 High-End Loft Stuff
    The Sims™ 3 Late Night
    The Sims™ 3 Pets
    The Sims™ 3 Supernatural
    The Sims™ 3 World Adventures
    Torchlight 2
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update Installer for WildTangent Games App
    VLC media player
    WildTangent Games
    WildTangent Games App
    Zoom Player (remove only)
    Zuma's Revenge
    .
    ==== End Of File ===========================
     
  7. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [img=[url]http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png][/url]Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
     
  8. vonnie360

    vonnie360 TS Rookie Topic Starter Posts: 22

    RogueKiller V9.2.12.0 [Sep 23 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8 (6.2.9200 ) 64 bits version
    Started in : Normal mode
    User : Computer1 [Admin rights]
    Mode : Remove -- Date : 09/23/2014 21:10:12

    ¤¤¤ Bad processes : 0 ¤¤¤

    ¤¤¤ Registry Entries : 8 ¤¤¤
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BRDriver64 (\??\C:\ProgramData\BitRaider\BRDriver64.sys) -> NOT SELECTED
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BRSptSvc ("C:\ProgramData\BitRaider\BRSptSvc.exe") -> NOT SELECTED
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BRDriver64 (\??\C:\ProgramData\BitRaider\BRDriver64.sys) -> NOT SELECTED
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BRSptSvc ("C:\ProgramData\BitRaider\BRSptSvc.exe") -> NOT SELECTED
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> NOT SELECTED
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> NOT SELECTED

    ¤¤¤ Scheduled tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ HOSTS File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: NOT LOADED [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] 3b5322887629984780eebee1638e614e
    [BSP] 5e9cc9b0158fe583c49310996a3aba32 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_09232014_210913.log
     
  9. vonnie360

    vonnie360 TS Rookie Topic Starter Posts: 22

    Malwarebytes Anti-Rootkit BETA 1.07.0.1012
    www.malwarebytes.org

    Database version: v2014.09.24.04

    Windows 8 x64 NTFS
    Internet Explorer 10.0.9200.17054
    Computer1 :: COMPUTER [administrator]

    9/23/2014 9:21:39 PM
    mbar-log-2014-09-23 (21-21-39).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 314512
    Time elapsed: 23 minute(s), 16 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
  10. vonnie360

    vonnie360 TS Rookie Topic Starter Posts: 22

    ---------------------------------------
    Malwarebytes Anti-Rootkit BETA 1.07.0.1012

    (c) Malwarebytes Corporation 2011-2012

    OS version: 6.2.9200 Windows 8 x64

    Account is Administrative

    Internet Explorer version: 10.0.9200.17054

    Java version: 1.6.0_22

    File system is: NTFS
    Disk drives: C:\ DRIVE_FIXED
    CPU speed: 2.195000 GHz
    Memory total: 4099170304, free: 2140123136

    Downloaded database version: v2014.09.24.04
    Downloaded database version: v2014.09.19.01
    =======================================
    Initializing...
    ------------ Kernel report ------------
    09/23/2014 21:21:23
    ------------ Loaded modules -----------
    \SystemRoot\system32\ntoskrnl.exe
    \SystemRoot\system32\hal.dll
    \SystemRoot\system32\kd.dll
    \SystemRoot\system32\mcupdate_GenuineIntel.dll
    \SystemRoot\System32\drivers\CLFS.SYS
    \SystemRoot\System32\drivers\tm.sys
    \SystemRoot\system32\PSHED.dll
    \SystemRoot\system32\BOOTVID.dll
    \SystemRoot\system32\CI.dll
    \SystemRoot\System32\drivers\msrpc.sys
    \SystemRoot\system32\drivers\Wdf01000.sys
    \SystemRoot\system32\drivers\WDFLDR.SYS
    \SystemRoot\System32\Drivers\acpiex.sys
    \SystemRoot\System32\Drivers\WppRecorder.sys
    \SystemRoot\System32\drivers\ACPI.sys
    \SystemRoot\System32\drivers\WMILIB.SYS
    \SystemRoot\System32\drivers\msisadrv.sys
    \SystemRoot\System32\drivers\pci.sys
    \SystemRoot\System32\Drivers\cng.sys
    \SystemRoot\system32\drivers\tpm.sys
    \SystemRoot\System32\drivers\vdrvroot.sys
    \SystemRoot\system32\drivers\pdc.sys
    \SystemRoot\System32\drivers\partmgr.sys
    \SystemRoot\System32\drivers\spaceport.sys
    \SystemRoot\System32\drivers\volmgr.sys
    \SystemRoot\System32\drivers\volmgrx.sys
    \SystemRoot\System32\drivers\mountmgr.sys
    \SystemRoot\System32\drivers\iaStorA.sys
    \SystemRoot\System32\drivers\storport.sys
    \SystemRoot\System32\drivers\EhStorClass.sys
    \SystemRoot\system32\drivers\fltmgr.sys
    \SystemRoot\System32\drivers\fileinfo.sys
    \SystemRoot\System32\Drivers\Ntfs.sys
    \SystemRoot\System32\Drivers\ksecdd.sys
    \SystemRoot\System32\drivers\pcw.sys
    \SystemRoot\System32\Drivers\Fs_Rec.sys
    \SystemRoot\system32\drivers\ndis.sys
    \SystemRoot\system32\drivers\NETIO.SYS
    \SystemRoot\System32\Drivers\ksecpkg.sys
    \SystemRoot\System32\drivers\tcpip.sys
    \SystemRoot\System32\drivers\fwpkclnt.sys
    \SystemRoot\system32\DRIVERS\wfplwfs.sys
    \SystemRoot\System32\DRIVERS\fvevol.sys
    \SystemRoot\System32\drivers\volsnap.sys
    \SystemRoot\System32\drivers\rdyboost.sys
    \SystemRoot\System32\Drivers\mup.sys
    \SystemRoot\System32\drivers\disk.sys
    \SystemRoot\System32\drivers\CLASSPNP.SYS
    \SystemRoot\System32\Drivers\crashdmp.sys
    \SystemRoot\System32\drivers\cdrom.sys
    \SystemRoot\System32\Drivers\Null.SYS
    \SystemRoot\System32\Drivers\Beep.SYS
    \SystemRoot\System32\drivers\BasicRender.sys
    \SystemRoot\System32\drivers\dxgkrnl.sys
    \SystemRoot\System32\drivers\watchdog.sys
    \SystemRoot\System32\drivers\dxgmms1.sys
    \SystemRoot\System32\drivers\BasicDisplay.sys
    \SystemRoot\System32\Drivers\Npfs.SYS
    \SystemRoot\System32\Drivers\Msfs.SYS
    \SystemRoot\system32\DRIVERS\tdx.sys
    \SystemRoot\system32\DRIVERS\TDI.SYS
    \SystemRoot\System32\DRIVERS\netbt.sys
    \SystemRoot\system32\drivers\afd.sys
    \SystemRoot\system32\DRIVERS\pacer.sys
    \SystemRoot\system32\DRIVERS\vwififlt.sys
    \SystemRoot\system32\DRIVERS\netbios.sys
    \SystemRoot\system32\DRIVERS\rdbss.sys
    \SystemRoot\system32\DRIVERS\wanarp.sys
    \SystemRoot\system32\drivers\nsiproxy.sys
    \SystemRoot\System32\drivers\npsvctrig.sys
    \SystemRoot\System32\drivers\mssmbios.sys
    \SystemRoot\System32\drivers\discache.sys
    \SystemRoot\System32\Drivers\dfsc.sys
    \SystemRoot\system32\DRIVERS\ndistapi.sys
    \SystemRoot\system32\DRIVERS\ndiswan.sys
    \SystemRoot\system32\DRIVERS\rassstp.sys
    \SystemRoot\system32\DRIVERS\AgileVpn.sys
    \SystemRoot\system32\DRIVERS\tunnel.sys
    \SystemRoot\System32\drivers\CompositeBus.sys
    \SystemRoot\system32\DRIVERS\kdnic.sys
    \SystemRoot\System32\drivers\umbus.sys
    \SystemRoot\system32\DRIVERS\igdkmd64.sys
    \SystemRoot\System32\drivers\HECIx64.sys
    \SystemRoot\System32\Drivers\fastfat.SYS
    \SystemRoot\System32\drivers\usbehci.sys
    \SystemRoot\System32\drivers\USBPORT.SYS
    \SystemRoot\System32\drivers\HDAudBus.sys
    \SystemRoot\system32\DRIVERS\k57nd60a.sys
    \SystemRoot\System32\drivers\bScsiSDa.sys
    \SystemRoot\System32\drivers\SCSIPORT.SYS
    \SystemRoot\System32\drivers\bScsiMSa.sys
    \SystemRoot\System32\drivers\b57xdbd.sys
    \SystemRoot\system32\DRIVERS\bcmwl63a.sys
    \SystemRoot\System32\drivers\vwifibus.sys
    \SystemRoot\System32\drivers\i8042prt.sys
    \SystemRoot\System32\drivers\aPs2Kb2Hid.sys
    \SystemRoot\System32\drivers\HIDCLASS.SYS
    \SystemRoot\System32\drivers\HIDPARSE.SYS
    \SystemRoot\system32\DRIVERS\SynTP.sys
    \SystemRoot\system32\DRIVERS\USBD.SYS
    \SystemRoot\System32\drivers\mouclass.sys
    \SystemRoot\System32\drivers\CmBatt.sys
    \SystemRoot\System32\drivers\BATTC.SYS
    \??\C:\windows\system32\drivers\UBHelper.sys
    \??\C:\windows\system32\drivers\NTIDrvr.sys
    \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
    \SystemRoot\System32\drivers\wmiacpi.sys
    \SystemRoot\System32\drivers\intelppm.sys
    \SystemRoot\system32\DRIVERS\raspptp.sys
    \SystemRoot\system32\DRIVERS\rasl2tp.sys
    \SystemRoot\system32\DRIVERS\raspppoe.sys
    \SystemRoot\System32\drivers\swenum.sys
    \SystemRoot\System32\drivers\ks.sys
    \SystemRoot\System32\drivers\rdpbus.sys
    \SystemRoot\System32\Drivers\NDProxy.SYS
    \SystemRoot\System32\drivers\usbhub.sys
    \SystemRoot\System32\drivers\kbdhid.sys
    \SystemRoot\System32\drivers\kbdclass.sys
    \SystemRoot\system32\drivers\RTKVHD64.sys
    \SystemRoot\system32\drivers\portcls.sys
    \SystemRoot\system32\drivers\drmk.sys
    \SystemRoot\system32\drivers\ksthunk.sys
    \SystemRoot\system32\DRIVERS\IntcDAud.sys
    \SystemRoot\System32\drivers\b57xdmp.sys
    \SystemRoot\system32\DRIVERS\udfs.sys
    \SystemRoot\System32\Drivers\dump_diskdump.sys
    \SystemRoot\System32\Drivers\dump_iaStorA.sys
    \SystemRoot\System32\Drivers\dump_dumpfve.sys
    \SystemRoot\System32\win32k.sys
    \SystemRoot\System32\drivers\usbccgp.sys
    \SystemRoot\System32\Drivers\usbvideo.sys
    \SystemRoot\System32\TSDDD.dll
    \SystemRoot\System32\cdd.dll
    \SystemRoot\system32\drivers\luafv.sys
    \SystemRoot\system32\DRIVERS\lltdio.sys
    \SystemRoot\system32\DRIVERS\nwifi.sys
    \SystemRoot\system32\DRIVERS\ndisuio.sys
    \SystemRoot\system32\DRIVERS\rspndr.sys
    \SystemRoot\System32\drivers\condrv.sys
    \SystemRoot\system32\drivers\HTTP.sys
    \SystemRoot\system32\DRIVERS\vwifimp.sys
    \SystemRoot\system32\DRIVERS\bowser.sys
    \SystemRoot\System32\drivers\mpsdrv.sys
    \SystemRoot\system32\DRIVERS\mrxsmb.sys
    \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    \SystemRoot\system32\drivers\Ndu.sys
    \SystemRoot\system32\drivers\peauth.sys
    \SystemRoot\System32\Drivers\secdrv.SYS
    \SystemRoot\System32\DRIVERS\srvnet.sys
    \SystemRoot\System32\drivers\tcpipreg.sys
    \SystemRoot\System32\DRIVERS\srv2.sys
    \SystemRoot\System32\DRIVERS\srv.sys
    \SystemRoot\System32\Drivers\qltmaweh.SYS
    \SystemRoot\System32\Drivers\aswVmm.SYS
    \SystemRoot\system32\drivers\aswRdr2.sys
    \SystemRoot\system32\drivers\aswHwid.sys
    \SystemRoot\system32\drivers\aswMonFlt.sys
    \SystemRoot\system32\drivers\aswSnx.sys
    \SystemRoot\system32\drivers\aswStm.sys
    \SystemRoot\system32\DRIVERS\asyncmac.sys
    \SystemRoot\System32\drivers\monitor.sys
    \??\C:\Windows\system32\drivers\mbamchameleon.sys
    \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
    ----------- End -----------
    Done!
    <<<1>>>
    Upper Device Name: \Device\Harddisk0\DR0
    Upper Device Object: 0xfffffa8006061060
    Upper Device Driver Name: \Driver\disk\
    Lower Device Name: \Device\00000039\
    Lower Device Object: 0xfffffa8004da62b0
    Lower Device Driver Name: \Driver\iaStorA\
    <<<2>>>
    Physical Sector Size: 512
    Drive: 0, DevicePointer: 0xfffffa8006061060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    --------- Disk Stack ------
    DevicePointer: 0xfffffa8006061b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
    DevicePointer: 0xfffffa8006061060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    DevicePointer: 0xfffffa8004da62b0, DeviceName: \Device\00000039\, DriverName: \Driver\iaStorA\
    ------------ End ----------
    Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
    Upper DeviceData: 0x0, 0x0, 0x0
    Lower DeviceData: 0x0, 0x0, 0x0
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    <<<2>>>
    <<<3>>>
    Volume: C:
    File system type: NTFS
    SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
    Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
    File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
    File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
    Done!
    Drive 0
    This is a System drive
    Scanning MBR on drive 0...
    Inspecting partition table:
    This drive is a GPT Drive.
    MBR Signature: 55AA
    Disk Signature: 6FC645BA

    GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1 Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0 Numsec = 0

    GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 4152834313
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34 LastUsableLba 976773134
    GPT Header Guid 9a67891f-fe9-4bce-a352-e0c8b534c29a
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 4152834313
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34 LastUsableLba 976773134
    Backup GPT header Guid 9a67891f-fe9-4bce-a352-e0c8b534c29a
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID e8a1851a-eaf2-4ede-b523-69526a8b775f
    FirstLBA 2048 Last LBA 821247
    Attributes 1
    Partition Name Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID eb9b86ac-b906-4a7c-8e4a-e14485316181
    FirstLBA 821248 Last LBA 1435647
    Attributes 0
    Partition Name EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 2bea7187-f51f-40fc-a84c-e976ae3bc059
    FirstLBA 1435648 Last LBA 1697791
    Attributes 0
    Partition Name Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID d698bb9d-978e-46e1-8ed1-d4cf30ae911
    FirstLBA 1697792 Last LBA 943720447
    Attributes 0
    Partition Name Basic data partition

    Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 74d555cb-2827-45bc-84a1-b7aebd407a5c
    FirstLBA 943720448 Last LBA 976773119
    Attributes 1
    Partition Name Basic data partition

    Disk Size: 500107862016 bytes
    Sector size: 512 bytes

    Done!
    Scan finished
    =======================================


    Removal queue found; removal started
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
    Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
    Removal finished
     
  11. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  12. vonnie360

    vonnie360 TS Rookie Topic Starter Posts: 22

    ComboFix 14-09-24.01 - Computer1 09/27/2014 18:09:02.1.2 - x64
    Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3909.2518 [GMT -7:00]
    Running from: c:\users\Computer1\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AV: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-08-28 to 2014-09-28 )))))))))))))))))))))))))))))))
    .
    .
    2014-09-28 01:24 . 2014-09-28 01:24 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-09-24 13:49 . 2014-09-24 13:49 -------- d-----w- c:\program files (x86)\Windows Phone
    2014-09-24 13:49 . 2014-09-24 13:49 -------- d-----w- c:\programdata\Applications
    2014-09-24 04:21 . 2014-09-24 04:45 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2014-09-24 04:00 . 2014-09-24 04:00 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
    2014-09-24 04:00 . 2014-09-24 04:00 -------- d-----w- c:\programdata\RogueKiller
    2014-09-22 00:54 . 2014-09-22 00:54 -------- d-----w- c:\users\Computer1\AppData\Roaming\AVAST Software
    2014-09-22 00:53 . 2014-09-22 00:53 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
    2014-09-22 00:53 . 2014-09-22 00:52 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
    2014-09-22 00:53 . 2014-09-22 00:52 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2014-09-22 00:53 . 2014-09-22 00:52 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2014-09-22 00:53 . 2014-09-22 00:52 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-09-22 00:53 . 2014-09-22 00:52 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2014-09-22 00:53 . 2014-09-22 00:52 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2014-09-22 00:53 . 2014-09-22 00:52 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2014-09-22 00:52 . 2014-09-22 00:52 307344 ----a-w- c:\windows\system32\aswBoot.exe
    2014-09-22 00:52 . 2014-09-22 00:52 43152 ----a-w- c:\windows\avastSS.scr
    2014-09-22 00:51 . 2014-09-22 00:51 -------- d-----w- c:\program files\AVAST Software
    2014-09-22 00:49 . 2014-09-22 00:51 -------- d-----w- c:\programdata\AVAST Software
    2014-09-21 16:38 . 2010-08-30 15:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
    2014-09-21 16:37 . 2014-09-21 16:50 -------- d-----w- C:\AdwCleaner
    2014-09-21 16:10 . 2014-09-24 04:21 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-09-21 16:09 . 2014-09-24 04:20 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-09-21 16:09 . 2014-05-12 15:05 64216 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-09-21 16:09 . 2014-05-12 15:05 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-09-21 16:09 . 2014-09-21 16:09 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-09-21 16:09 . 2014-09-21 16:09 -------- d-----w- c:\programdata\Malwarebytes
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-08-30 04:15 . 2012-07-26 08:13 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2014-08-17 19:12 . 2014-08-03 07:58 35328 ----a-w- c:\windows\SysWow64\wuapp.exe
    2014-08-17 19:12 . 2014-08-03 07:58 128000 ----a-w- c:\windows\SysWow64\wuwebv.dll
    2014-08-17 19:12 . 2014-08-03 07:58 40448 ----a-w- c:\windows\system32\wuapp.exe
    2014-08-17 19:12 . 2014-08-03 07:58 144384 ----a-w- c:\windows\system32\wuwebv.dll
    2014-08-17 19:12 . 2014-08-03 07:59 100352 ----a-w- c:\windows\system32\wudriver.dll
    2014-08-17 19:12 . 2014-08-03 07:59 773632 ----a-w- c:\windows\system32\wuapi.dll
    2014-08-17 19:12 . 2014-08-03 07:59 253440 ----a-w- c:\windows\system32\WUSettingsProvider.dll
    2014-08-17 19:12 . 2014-08-03 07:59 1623040 ----a-w- c:\windows\system32\wucltux.dll
    2014-08-17 19:12 . 2014-08-03 07:59 59416 ----a-w- c:\windows\system32\wuauclt.exe
    2014-08-17 19:12 . 2014-08-03 07:59 3286528 ----a-w- c:\windows\system32\wuaueng.dll
    2014-08-17 19:12 . 2014-08-03 07:59 86528 ----a-w- c:\windows\SysWow64\wudriver.dll
    2014-08-17 19:12 . 2014-08-03 07:59 629248 ----a-w- c:\windows\SysWow64\wuapi.dll
    2014-08-17 19:11 . 2014-08-03 07:59 176640 ----a-w- c:\windows\system32\storewuauth.dll
    2014-08-14 06:42 . 2014-01-01 19:06 99218768 ----a-w- c:\windows\system32\MRT.exe
    2014-08-11 17:23 . 2013-12-27 15:55 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
    2014-08-02 00:15 . 2014-08-17 19:18 704480 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-08-02 00:15 . 2014-08-17 19:18 105440 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-07-25 19:55 . 2014-08-17 19:27 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2014-07-24 12:11 . 2014-08-14 05:06 51712 ----a-w- c:\windows\system32\ie4uinit.exe
    2014-07-24 12:10 . 2014-08-14 05:06 2240000 ----a-w- c:\windows\system32\wininet.dll
    2014-07-24 12:10 . 2014-08-14 05:06 915968 ----a-w- c:\windows\system32\uxtheme.dll
    2014-07-24 12:10 . 2014-08-14 05:06 53760 ----a-w- c:\windows\system32\UXInit.dll
    2014-07-24 12:10 . 2014-08-14 05:06 1407488 ----a-w- c:\windows\system32\urlmon.dll
    2014-07-24 12:09 . 2014-08-14 05:06 197120 ----a-w- c:\windows\system32\msrating.dll
    2014-07-24 12:09 . 2014-08-14 05:07 19279872 ----a-w- c:\windows\system32\mshtml.dll
    2014-07-24 12:09 . 2014-08-14 05:06 603136 ----a-w- c:\windows\system32\msfeeds.dll
    2014-07-24 12:09 . 2014-08-14 05:06 97280 ----a-w- c:\windows\system32\mshtmled.dll
    2014-07-24 12:09 . 2014-08-14 05:06 3959296 ----a-w- c:\windows\system32\jscript9.dll
    2014-07-24 12:09 . 2014-08-14 05:06 855552 ----a-w- c:\windows\system32\jscript.dll
    2014-07-24 12:09 . 2014-08-14 05:06 53760 ----a-w- c:\windows\system32\jsproxy.dll
    2014-07-24 12:09 . 2014-08-14 05:06 15399936 ----a-w- c:\windows\system32\ieframe.dll
    2014-07-24 12:09 . 2014-08-14 05:06 2655232 ----a-w- c:\windows\system32\iertutil.dll
    2014-07-24 12:09 . 2014-08-14 05:06 136704 ----a-w- c:\windows\system32\iesysprep.dll
    2014-07-24 12:09 . 2014-08-14 05:06 39936 ----a-w- c:\windows\system32\iernonce.dll
    2014-07-24 12:09 . 2014-08-14 05:06 67072 ----a-w- c:\windows\system32\iesetup.dll
    2014-07-24 12:09 . 2014-08-14 05:06 255488 ----a-w- c:\windows\system32\iedkcs32.dll
    2014-07-24 12:09 . 2014-08-14 05:06 451584 ----a-w- c:\windows\system32\dxtmsft.dll
    2014-07-24 12:09 . 2014-08-14 05:06 281600 ----a-w- c:\windows\system32\dxtrans.dll
    2014-07-24 12:09 . 2014-08-14 05:06 1508864 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-07-24 10:52 . 2014-08-14 05:06 1766400 ----a-w- c:\windows\SysWow64\wininet.dll
    2014-07-24 10:52 . 2014-08-14 05:06 44032 ----a-w- c:\windows\SysWow64\UXInit.dll
    2014-07-24 10:51 . 2014-08-14 05:06 2861568 ----a-w- c:\windows\SysWow64\jscript9.dll
    2014-07-24 10:51 . 2014-08-14 05:06 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2014-07-24 10:51 . 2014-08-14 05:06 61440 ----a-w- c:\windows\SysWow64\iesetup.dll
    2014-07-24 10:51 . 2014-08-14 05:06 1440768 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2014-07-24 10:33 . 2014-08-14 05:06 2706432 ----a-w- c:\windows\system32\mshtml.tlb
    2014-07-24 10:29 . 2014-08-14 05:06 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2014-07-24 08:03 . 2014-08-14 05:06 534528 ----a-w- c:\windows\SysWow64\uxtheme.dll
    2014-07-15 23:03 . 2014-08-14 05:06 1300992 ----a-w- c:\windows\system32\gdi32.dll
    2014-07-15 22:55 . 2014-08-14 05:06 4035072 ----a-w- c:\windows\system32\win32k.sys
    2014-07-15 22:51 . 2014-08-14 06:23 71168 ----a-w- c:\windows\system32\drivers\hdaudbus.sys
    2014-07-12 02:36 . 2014-08-14 05:06 1023488 ----a-w- c:\windows\SysWow64\gdi32.dll
    2014-07-02 03:09 . 2014-08-17 17:39 10924376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{468E9BDD-A462-4F7E-85CD-99A3A14AA30E}\mpengine.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "RadioController"="c:\program files (x86)\RadioController\RfBtnHelper.exe" [2013-03-19 111216]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-14 59720]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-11-02 152392]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-09-22 4085896]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
    Gateway MyBackup Tray.lnk - c:\program files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe -h -k [2012-11-2 624192]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "EnableUIADesktopToggle"= 0 (0x0)
    "EnableCursorSuppression"= 1 (0x1)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    R1 MpKsl2d43e123;MpKsl2d43e123;c:\programdata\Microsoft\Windows Defender\Definition Updates\{468E9BDD-A462-4F7E-85CD-99A3A14AA30E}\MpKsl2d43e123.sys;c:\programdata\Microsoft\Windows Defender\Definition Updates\{468E9BDD-A462-4F7E-85CD-99A3A14AA30E}\MpKsl2d43e123.sys [x]
    R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    R3 BRDriver64;BRDriver64;c:\programdata\BitRaider\BRDriver64.sys;c:\programdata\BitRaider\BRDriver64.sys [x]
    R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
    R3 DeviceFastLaneService;Device Fast-lane Service;c:\program files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe;c:\program files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [x]
    R3 EuMusDesignVirtualAudioCableWdm_lcs;@oem16.inf,%DeviceName% (WDM);Breakaway Pipeline (WDM);c:\windows\system32\DRIVERS\vaclcskd.sys;c:\windows\SYSNATIVE\DRIVERS\vaclcskd.sys [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
    R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
    R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys;c:\windows\SYSNATIVE\drivers\NMgamingms.sys [x]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\System32\drivers\ssadbus.sys;c:\windows\SYSNATIVE\drivers\ssadbus.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\System32\drivers\wdcsam64.sys;c:\windows\SYSNATIVE\drivers\wdcsam64.sys [x]
    R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 BrcmCardReader;Broadcom Card Reader Service;c:\program files\Broadcom\MemoryCard\BrcmCardReader.exe;c:\program files\Broadcom\MemoryCard\BrcmCardReader.exe [x]
    S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
    S2 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
    S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
    S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
    S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]
    S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe;c:\program files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [x]
    S2 RfButtonDriverService;Dritek RF Button Command Service;c:\windows\RfBtnSvc64.exe;c:\windows\RfBtnSvc64.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S2 WinStartMenuLauncher;Windows Start Menu Service;c:\program files\Smart Menu\WinStartMenuLauncher.exe;c:\program files\Smart Menu\WinStartMenuLauncher.exe [x]
    S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\System32\drivers\b57xdbd.sys;c:\windows\SYSNATIVE\drivers\b57xdbd.sys [x]
    S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\System32\drivers\b57xdmp.sys;c:\windows\SYSNATIVE\drivers\b57xdmp.sys [x]
    S3 bScsiMSa;bScsiMSa;c:\windows\System32\drivers\bScsiMSa.sys;c:\windows\SYSNATIVE\drivers\bScsiMSa.sys [x]
    S3 bScsiSDa;bScsiSDa;c:\windows\System32\drivers\bScsiSDa.sys;c:\windows\SYSNATIVE\drivers\bScsiSDa.sys [x]
    S3 ePowerSvc;ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
    S3 Ps2Kb2Hid;PS/2 Keyboard to HID Driver;c:\windows\System32\drivers\aPs2Kb2Hid.sys;c:\windows\SYSNATIVE\drivers\aPs2Kb2Hid.sys [x]
    S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-09-25 01:29 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-16 20:45]
    .
    2014-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-16 20:45]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-09-22 00:52 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2014-08-08 17:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2014-08-08 17:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2014-08-08 17:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2014-08-08 17:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2014-08-08 17:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-23 171040]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-23 399392]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-23 441888]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Computer1\AppData\Roaming\Mozilla\Firefox\Profiles\oj7r4wyn.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
    Wow6432Node-HKLM-Run-LManager - (no file)
    Toolbar-Locked - (no file)
    AddRemove-Smart Menu - c:\program files\Smart Menu\Uninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-2298785408-665061886-3143229245-1001CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\License information*]
    "datasecu"=hex:f8,84,39,7d,b7,d5,80,83,38,b8,c8,bb,ec,34,d4,03,58,08,f5,3a,f9,
    1b,c7,69,13,cb,83,0e,2e,53,83,a8,49,b8,1f,72,5b,87,32,a0,e2,5e,f2,cc,49,b6,\
    "rkeysecu"=hex:c7,fc,df,e1,45,8d,4a,85,f1,0b,91,b0,ae,59,58,8a
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    @SACL=(02 0000)
    .
    Completion time: 2014-09-27 18:31:30
    ComboFix-quarantined-files.txt 2014-09-28 01:31
    .
    Pre-Run: 298,600,902,656 bytes free
    Post-Run: 299,283,677,184 bytes free
    .
    - - End Of File - - 8BA07F4C34E6CAD0FAA9844608934E78
     
  13. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Looks good.

    Are those ads still there?



    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.



    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Still with me?
     
  15. vonnie360

    vonnie360 TS Rookie Topic Starter Posts: 22

    Yeah. I don't hear the ads anymore or haven't in several days. I have noticed my computer running a bit slower especially my internet browsers. So I will continue on and post the logs. I appreciate your help :)
     
  16. vonnie360

    vonnie360 TS Rookie Topic Starter Posts: 22

    # AdwCleaner v3.311 - Report created 04/10/2014 at 21:17:58
    # Updated 30/09/2014 by Xplode
    # Operating System : Windows 8 (64 bits)
    # Username : Computer1 - COMPUTER
    # Running from : C:\Users\Computer1\Desktop\adwcleaner_3.311.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled Tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****


    ***** [ Browsers ] *****

    -\\ Internet Explorer v10.0.9200.17054


    -\\ Mozilla Firefox v30.0 (en-US)

    [ File : C:\Users\Computer1\AppData\Roaming\Mozilla\Firefox\Profiles\oj7r4wyn.default\prefs.js ]


    -\\ Google Chrome v37.0.2062.124

    [ File : C:\Users\Computer1\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [1304 octets] - [21/09/2014 09:37:23]
    AdwCleaner[R1].txt - [1044 octets] - [21/09/2014 09:48:40]
    AdwCleaner[R2].txt - [1169 octets] - [04/10/2014 21:14:28]
    AdwCleaner[S0].txt - [1375 octets] - [21/09/2014 09:39:26]
    AdwCleaner[S1].txt - [1106 octets] - [21/09/2014 09:50:03]
    AdwCleaner[S2].txt - [1091 octets] - [04/10/2014 21:17:58]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1151 octets] ##########
     
  17. vonnie360

    vonnie360 TS Rookie Topic Starter Posts: 22

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.2.8 (10.04.2014:1)
    OS: Windows 8 x64
    Ran by Computer1 on Sat 10/04/2014 at 21:30:02.79
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PlurPush_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\PlurPush_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatePlurPush_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updatePlurPush_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PlurPush_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\PlurPush_RASMANCS
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatePlurPush_RASAPI32
    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updatePlurPush_RASMANCS



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] C:\ProgramData\Malwarebytes' Anti-Malware (portable)



    ~~~ FireFox

    Successfully deleted the following from C:\Users\Computer1\AppData\Roaming\mozilla\firefox\profiles\oj7r4wyn.default\prefs.js

    user_pref("extensions.ui.lastCategory", "addons://search/netflix%20random");
    Emptied folder: C:\Users\Computer1\AppData\Roaming\mozilla\firefox\profiles\oj7r4wyn.default\minidumps [5 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 10/04/2014 at 21:48:29.37
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  18. vonnie360

    vonnie360 TS Rookie Topic Starter Posts: 22

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-10-2014 01
    Ran by Computer1 (administrator) on COMPUTER on 04-10-2014 21:53:46
    Running from C:\Users\Computer1\Desktop
    Loaded Profile: Computer1 (Available profiles: Computer1)
    Platform: Windows 8 (X64) OS Language: English (United States)
    Internet Explorer Version 10
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Broadcom Corp.) C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
    (NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe
    (Dritek System INC.) C:\Windows\RfBtnSvc64.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
    () C:\Program Files\Smart Menu\WinStartMenuLauncher.exe
    () C:\Program Files\Smart Menu\Smart Menu.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (NTI Corporation) C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe
    (Dritek System Inc.) C:\Program Files (x86)\RadioController\RfBtnHelper.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Acer Incorporated) C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
    (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-10] (Realtek Semiconductor)
    HKLM-x32\...\Run: [RadioController] => C:\Program Files (x86)\RadioController\RfBtnHelper.exe [111216 2013-03-19] (Dritek System Inc.)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-21] (AVAST Software)
    Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gateway MyBackup Tray.lnk
    ShortcutTarget: Gateway MyBackup Tray.lnk -> C:\Program Files (x86)\NTI\Gateway MyBackup\BackupManagerTray.exe (NTI Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKLM - {6BFDD39D-3D2E-4D26-8929-46DB28E9294D} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
    SearchScopes: HKLM-x32 - {6BFDD39D-3D2E-4D26-8929-46DB28E9294D} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAGWJS
    SearchScopes: HKCU - {B6D332A8-163C-4EF6-ADA3-6E62A016C46A} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=293224&p={searchTerms}
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Computer1\AppData\Roaming\Mozilla\Firefox\Profiles\oj7r4wyn.default
    FF SelectedSearchEngine: Google
    FF Homepage: https://www.google.com/
    FF NetworkProxy: "type", 0
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
    FF Extension: NetVideoHunter - C:\Users\Computer1\AppData\Roaming\Mozilla\Firefox\Profiles\oj7r4wyn.default\Extensions\netvideohunter@netvideohunter.com [2014-01-10]
    FF Extension: Nimbus Screen Capture - editable screenshots. - C:\Users\Computer1\AppData\Roaming\Mozilla\Firefox\Profiles\oj7r4wyn.default\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2014-03-13]
    FF Extension: Pin It button - C:\Users\Computer1\AppData\Roaming\Mozilla\Firefox\Profiles\oj7r4wyn.default\Extensions\pinterest@robertnyman.com.xpi [2014-01-02]
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-21]

    Chrome:
    =======
    CHR Profile: C:\Users\Computer1\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Computer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-16]
    CHR Extension: (Google Drive) - C:\Users\Computer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-16]
    CHR Extension: (Transparent Grey ) - C:\Users\Computer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\becaimlgpcocbcmpceoonkmdmglhacnf [2014-04-04]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Computer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
    CHR Extension: (YouTube) - C:\Users\Computer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-16]
    CHR Extension: (Adblock Plus) - C:\Users\Computer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-08-24]
    CHR Extension: (Webpage Screenshot) - C:\Users\Computer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-04-04]
    CHR Extension: (ActiveGS) - C:\Users\Computer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coekimhghfcjmbnfonjeklhkmemegiba [2014-04-05]
    CHR Extension: (Google Search) - C:\Users\Computer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-16]
    CHR Extension: (Play Random Episode) - C:\Users\Computer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggclanokennhoaeldbffpmnfakhdbmmg [2014-09-17]
    CHR Extension: (avast! Online Security) - C:\Users\Computer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-09-23]
    CHR Extension: (Pin It Button) - C:\Users\Computer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2014-02-14]
    CHR Extension: (AppiFlix for Netflix) - C:\Users\Computer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcfphhfaajhmdpcekjbedemeehgbagbb [2014-09-17]
    CHR Extension: (Google Wallet) - C:\Users\Computer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-16]
    CHR Extension: (Gmail) - C:\Users\Computer1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-16]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-21]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-21] (AVAST Software)
    R2 BrcmCardReader; C:\Program Files\Broadcom\MemoryCard\BrcmCardReader.exe [176640 2012-08-20] (Broadcom Corp.) [File not signed]
    S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [477960 2014-04-05] (BitRaider, LLC)
    S3 DeviceFastLaneService; C:\Program Files\Gateway\Gateway Device Fast-lane\DeviceFastLaneSvc.exe [469648 2012-11-16] (Acer Incorporated)
    R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2013-12-16] (WildTangent)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
    S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
    S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
    R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
    R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [259136 2012-11-02] (NTI Corporation)
    R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [96880 2013-03-19] (Dritek System INC.)
    S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
    R2 WinStartMenuLauncher; C:\Program Files\Smart Menu\WinStartMenuLauncher.exe [249472 2014-03-13] ()

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-19] (Microsoft Corporation)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-21] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-21] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-21] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-21] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-21] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-21] (AVAST Software)
    S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-21] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-21] ()
    R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [6835784 2013-03-19] (Broadcom Corporation)
    S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
    S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
    S3 NMgamingmsFltr; C:\Windows\system32\drivers\NMgamingms.sys [13312 2013-12-09] (LXD Development, Inc.)
    R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2013-03-19] (Dritek System Inc.)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31032 2012-11-29] (Synaptics Incorporated)
    U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [34808 2014-09-23] ()
    S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
    S3 EuMusDesignVirtualAudioCableWdm_lcs; \SystemRoot\system32\DRIVERS\vaclcskd.sys [X]
    S1 MpKsl2d43e123; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{468E9BDD-A462-4F7E-85CD-99A3A14AA30E}\MpKsl2d43e123.sys [X]

    ========================== Drivers MD5 =======================

    C:\Windows\System32\drivers\1394ohci.sys E890C46E4754F0DF51BAFCC8D2E07498
    C:\Windows\System32\drivers\3ware.sys 4F18D4C7EA14F11A7211F60D553C03DB
    C:\Windows\System32\drivers\ACPI.sys 975AABEB243B800C23626D6B652C5A9C
    C:\Windows\System32\Drivers\acpiex.sys DC968C37822117E576B933F34A2D130C
    C:\Windows\System32\drivers\acpipagr.sys 0CA9F7C3A78227C21A0A7854E245CFB2
    C:\Windows\System32\drivers\acpipmi.sys 8EB8DA03B142D3DD1EB9ED8107A76C43
    C:\Windows\System32\drivers\acpitime.sys CBCE725C5D86ABA7D2604E22951AA9B8
    C:\Windows\System32\drivers\adp94xx.sys 93C6388592B99925C1D1576E465BC80F
    C:\Windows\System32\drivers\adpahci.sys D27763E0247292654E7F7D16444C7C72
    C:\Windows\System32\drivers\adpu320.sys 67B90070FF48F794AF19F9FCF0080D75
    C:\Windows\system32\drivers\afd.sys FE7FB9612D354EB41DF4F0FF5D6FB259
    C:\Windows\System32\drivers\agp440.sys 01590377A5AB19E792528C628A2A68F9
    C:\Windows\System32\drivers\amdk8.sys 5A81054B824004B1ECC04F0034A1CDF9
    C:\Windows\System32\drivers\amdppm.sys B849D453E644FAB9BC8EF6DC8CA9C4C6
    C:\Windows\System32\drivers\amdsata.sys 35A0EB5AECB0FA3C41A2FB514A562304
    C:\Windows\System32\drivers\amdsbs.sys 00452671904F5EE94B50BF0219C97164
    C:\Windows\System32\drivers\amdxata.sys EA3FFE53E92E59C87E3ECA9BEB20D9B7
    C:\Windows\system32\drivers\appid.sys 83B3682CE922FB0F415734B26D9D6233
    C:\Windows\System32\drivers\arc.sys E933401B392387F4BE34DE8BAF1722A7
    C:\Windows\System32\drivers\arcsas.sys 07CA323EF2E8247A568AB0F3662AD644
    C:\Windows\system32\drivers\aswHwid.sys D95E64416A4A3ED6986E0F474DA934BD
    C:\Windows\system32\drivers\aswMonFlt.sys FF1E537A3632CBB9A0BF72B9FD0878D5
    C:\Windows\system32\drivers\aswRdr2.sys A5757DE5F9C83AB40667A53D5126EA40
    C:\Windows\System32\Drivers\aswRvrt.sys 645D97385F3F284FB5604F9B970F4D24
    C:\Windows\system32\drivers\aswSnx.sys B8FDEDE963B82CFD23B3A53A3084666D
    C:\Windows\system32\drivers\aswSP.sys 0DEDC041DF594AEC2C3BD00417CFAF60
    C:\Windows\system32\drivers\aswStm.sys 48DED912CDE54FC0923B9858512366E1
    C:\Windows\System32\Drivers\aswVmm.sys 471A311745848B80339436688A8286E6
    C:\Windows\System32\DRIVERS\asyncmac.sys 74DBAEC35366C4EE7670428808715A6A
    C:\Windows\System32\drivers\atapi.sys A721FF570C2387E383BDDEA9632863C9
    C:\Windows\System32\drivers\bxvbda.sys 87AB5BB072A3F128541D5B815F82FFDD
    C:\Windows\System32\drivers\b57xdbd.sys 0630C8915B747E88E825CE7F73B66A5D
    C:\Windows\System32\drivers\b57xdmp.sys CA8457E528E13B38F8DC3B86B6BA4C6B
    C:\Windows\System32\drivers\BasicDisplay.sys 81703BC5D68DEDBB086C2368FBE7B334
    C:\Windows\System32\drivers\BasicRender.sys 5EC68164E14D25675C98BBB5F09E8606
    C:\Windows\system32\DRIVERS\bcmwl63a.sys 5F00A5B5563DF63C69471A7774A32222
    C:\Windows\System32\Drivers\Beep.sys 9E7AEA59776D904607985AFFE7E5E183
    C:\Windows\System32\DRIVERS\bowser.sys B17AC10B47C7FCB44D22A1F06415840E
    C:\Windows\System32\drivers\bScsiMSa.sys 0E9B28782D0E5DE7C25207432B791B33
    C:\Windows\System32\drivers\bScsiSDa.sys 8F62F985BDD2F333A3EE34D54894363D
    C:\Windows\System32\drivers\BthAvrcpTg.sys 6695200F455E251F0BCC9CE4D0978D59
    C:\Windows\System32\drivers\bthhfenum.sys 616EB8748C988AEE98D93DA141C3D3B4
    C:\Windows\System32\drivers\BthHFHid.sys DCB4EBD928A6FB368BE6CAE522412DE1
    C:\Windows\System32\drivers\bthmodem.sys 033916CE8784A848B9A3D686B7F66D97
    C:\Windows\System32\DRIVERS\cdfs.sys 990B1BABE6E81FB18E65A87EBEFB1772
    C:\Windows\System32\drivers\cdrom.sys 339BFF85D788268752DA8C9644B188EE
    C:\Windows\System32\drivers\circlass.sys F64B7D1A37CC1D5F421D5359EEC81E2E
    C:\Windows\System32\drivers\CLFS.sys 9905168708DB68849B879B5548F68AB3
    C:\Windows\System32\drivers\CmBatt.sys 2DC8538A2260647484A6C921CA837313
    C:\Windows\System32\Drivers\cng.sys DBF9E5346431557BF56F41E7F8EC0DC1
    C:\Windows\System32\drivers\CompositeBus.sys 0E5B1E9E7122EDAAF1F6CE047965CA92
    C:\Windows\System32\drivers\condrv.sys D9CB0782AF819548072AA45B70F8B22D
    C:\Windows\System32\drivers\dam.sys FAEF4C245BE832DB41B15DAAC336AFB7
    C:\Windows\System32\Drivers\dfsc.sys 431141C6859990824D17F71C30A78728
    C:\Windows\System32\drivers\discache.sys 3C736FAE17BA6F91BA37594AAB139CD0
    C:\Windows\System32\drivers\disk.sys AE3786294CC246A5403783E1B86A0168
    C:\Windows\System32\drivers\dmvsc.sys 82A7C72593793FE1EADA7A305BD1567A
    C:\Windows\system32\DRIVERS\Dot4.sys 27069CFFF29B7F04F4B1BB10154BE52B
    C:\Windows\System32\drivers\Dot4Prt.sys 0BD906A79F9CE3013F7D9D0AC45F9F9D
    C:\Windows\system32\DRIVERS\dot4usb.sys B7D595F2F464F7B628AD53F06547792C
    C:\Windows\system32\drivers\drmkaud.sys 9C7C183F937951AE17C5B8B3259CF3FF
    C:\Windows\System32\drivers\dxgkrnl.sys 2BB5627EB587FA995086C3D8C21B6D3F
    C:\Windows\System32\drivers\evbda.sys 5AB97B3282D7D6114949D1EB5C8598E4
    C:\Windows\System32\drivers\EhStorClass.sys 66D60BD9A4C05616ABECA2A901475098
    C:\Windows\System32\drivers\EhStorTcgDrv.sys A61D0F543024E458C0FE32352E1978E2
    C:\Windows\System32\drivers\errdev.sys D790D058D67582DB9C84C2D33695FE6B
    C:\Windows\System32\Drivers\exfat.sys 7A4D6FEB8C52B3FE855E4DCDF9107E03
    C:\Windows\System32\Drivers\fastfat.sys 60996602A7111FD2D086E803F33E4282
    C:\Windows\System32\drivers\fdc.sys 73B2D11DF0B6E03A0CB0323218ACB3E4
    C:\Windows\System32\drivers\fileinfo.sys 88A9EBACD1058ABB237A6B4E96E7F397
    C:\Windows\System32\drivers\filetrace.sys 9E4EE3A0B00FF7D5F42A4AF9744CBA02
    C:\Windows\System32\drivers\flpydisk.sys B1D4C168FF7B8579E3745888658FFB1D
    C:\Windows\System32\drivers\fltmgr.sys B33EC133AE4E6C1881D2302D93D2467D
    C:\Windows\System32\drivers\FsDepends.sys A5F7873A39E4E9FAAAE59B7E9E36B705
    C:\Windows\System32\Drivers\Fs_Rec.sys A6DD7D491F587F4BC13FB972977DC8E8
    C:\Windows\System32\DRIVERS\fvevol.sys C1646A95EAC515F60CDB2A7A8A013C1E
    C:\Windows\System32\drivers\fxppm.sys A969D92973DFA895E7776B4BFE36DBB2
    C:\Windows\System32\drivers\gagp30kx.sys 52BC441E07A827EBAB70CDC7EAEDB28D
    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
    C:\Windows\System32\drivers\vmgencounter.sys 721F8EEF5E9747F32670DEFF7FB92541
    C:\Windows\System32\Drivers\msgpioclx.sys FC2B8B06BDBD3B6457F5A3DA9AD2410E
    C:\Windows\system32\drivers\HdAudio.sys 630555943E5A3FE21010CE91EC7FC84F
    C:\Windows\System32\drivers\HDAudBus.sys 58CC013EFA9893057160EDA018D8ADCE
    C:\Windows\System32\drivers\HidBatt.sys 3F76BBA53D65E85A7F53E7A71082082C
    C:\Windows\System32\drivers\hidbth.sys 085F150D002B7F0153D3C06DDF33A143
    C:\Windows\System32\drivers\hidi2c.sys CC4A07E51D89575CAB6F4EB590D87CD4
    C:\Windows\System32\drivers\hidir.sys DC96F7DACB777CDEAEF9958A50BFDA06
    C:\Windows\System32\drivers\hidusb.sys 012C354B4AB48E9A7A657DF39E3A2073
    C:\Windows\System32\drivers\HpSAMD.sys 64DB7A8D97CA53DCCF93D0A1E08342CF
    C:\Windows\System32\drivers\HTTP.sys F4A91D985EB9D1D2717D538F3424603C
    C:\Windows\System32\drivers\hwpolicy.sys 2A98301068801700906C06649860FE94
    C:\Windows\System32\drivers\hyperkbd.sys DC76901D82097C9E297F20C287CB9A27
    C:\Windows\system32\DRIVERS\HyperVideo.sys 716413AB3CA12DE0A7222D28C1C9352C
    C:\Windows\System32\drivers\i8042prt.sys C9E9CBF73AFFBFE3E801EFB516787BA3
    C:\Windows\System32\drivers\iaStorA.sys 6C024B3AE192D72B216166802AF345DD
    C:\Windows\System32\drivers\iaStorV.sys 5E394EBD26FD68AA9300332C46BEDD62
    C:\Windows\system32\DRIVERS\igdkmd64.sys A1CF07D24EDCDC6870535471654D957C
    C:\Windows\System32\drivers\iirsp.sys 24847A06B84339FEEDE5CABF3D27D320
    C:\Windows\system32\drivers\RTKVHD64.sys 9CC645EB9697AA4F2D5A39835C80A0A2
    C:\Windows\system32\DRIVERS\IntcDAud.sys F5495B38BFB9149925F54F65AB40EFBF
    C:\Windows\System32\drivers\intelide.sys 4F37726CF764CA18A8A84F85EF3A7F24
    C:\Windows\System32\drivers\intelppm.sys E15CDF68DD73423F15D4AC404793AF0D
    C:\Windows\System32\DRIVERS\ipfltdrv.sys 8FCA66234A0933D796BB780B7953BAB9
    C:\Windows\System32\drivers\IPMIDrv.sys A4071DA3AE419F9694BFCB267C7DB8D7
    C:\Windows\System32\drivers\ipnat.sys 3969B9C218DD3FAA9F4ED2FFC3651C02
    C:\Windows\System32\drivers\irenum.sys 25CD7C4BB2863FFC2B0B311F0AEBF77C
    C:\Windows\System32\drivers\isapnp.sys D940C5BB9DC92E588533C19ABCC3D2C2
    C:\Windows\System32\drivers\msiscsi.sys E6530FD4F61B40F338BF4355A21B9A09
    C:\Windows\system32\DRIVERS\k57nd60a.sys CB30BC4ECF8B96BC090EC5DA09E9B17D
    C:\Windows\System32\drivers\kbdclass.sys 8FBD94B69D6423E20ABCD59D86368B21
    C:\Windows\System32\drivers\kbdhid.sys E88C932ABDF8185A62C8F2FC7B051FB6
    C:\Windows\system32\DRIVERS\kdnic.sys FB6C185092E18011EF49989425C2AA87
    C:\Windows\System32\Drivers\ksecdd.sys 8B3EB6372436195B8EA8AE09A184BCE2
    C:\Windows\System32\Drivers\ksecpkg.sys 3DD9C86EA88E8B5A51904AD87E1F2E78
    C:\Windows\system32\drivers\ksthunk.sys 81492FEEBF2F26455B00EE8DBAE8A1B0
    C:\Windows\system32\DRIVERS\lltdio.sys CEEFD29FC551F289810B0B9381B321DC
    C:\Windows\System32\drivers\lsi_sas.sys 022CDD12161B063D7852B1075BF3FFF2
    C:\Windows\System32\drivers\lsi_sas2.sys 07AD59D669B996F29F91817F0ECFA34F
    C:\Windows\System32\drivers\lsi_scsi.sys 216FB796AA4E252ACCE93B1BCB80B5EC
    C:\Windows\System32\drivers\lsi_sss.sys 5E80530AF37102488EE980B4A92AF99F
    C:\Windows\system32\drivers\luafv.sys 2BDC5D711FA61307CE6190D47C956368
    C:\Windows\system32\DRIVERS\lvrs64.sys A0A527569856B9814E8920F52EBB67F5
    C:\Windows\System32\drivers\megasas.sys 9B0D829C3BE4E7472DB9DD2B79908E3C
    C:\Windows\System32\drivers\MegaSR.sys ECC3F54C7AFC318271C4F0B4606D8DB0
    C:\Windows\System32\drivers\HECIx64.sys 772A1DEEDFDBC244183B5C805D1B7D85
    C:\Windows\System32\drivers\modem.sys 780098AD5DA8A4822E2563984C85EF7B
    C:\Windows\System32\drivers\monitor.sys EA8EAD3F5B762F889CC7F3966625B48B
    C:\Windows\System32\drivers\mouclass.sys 618446B98C79776654340CE27C73485E
    C:\Windows\System32\drivers\mouhid.sys C0ADEBED913295803B579ED288936CBB
    C:\Windows\System32\drivers\mountmgr.sys E7E9DBFDD3F25ED0C05B99AE9FA18BDE
    C:\Windows\System32\drivers\mpsdrv.sys 4CCBBD4944777CA100B9A6C2F149A46F
    C:\Windows\system32\drivers\mrxdav.sys 3D70147F55F1EC84EB9139ED7FFE48BC
    C:\Windows\System32\DRIVERS\mrxsmb.sys 7A761AEE58658378BBA45D360F874CB0
    C:\Windows\System32\DRIVERS\mrxsmb10.sys 06D5F2FA3C61E8EA91648EA8E9F99FD3
    C:\Windows\System32\DRIVERS\mrxsmb20.sys 697B78CE3925E4FBFC544232A5E9E2EB
    C:\Windows\system32\DRIVERS\bridge.sys 98487487D6B3797CA927E9D7B030AE13
    C:\Windows\System32\Drivers\Msfs.sys 3886F1F2A4D2900ABAA7E4486BEEE6A2
    C:\Windows\System32\drivers\msgpiowin32.sys C32A7A39B960A42BA9D4FBE47213CA03
    C:\Windows\System32\drivers\mshidkmdf.sys D3857A767B91A061B408CCAB02DA4F40
    C:\Windows\System32\drivers\mshidumdf.sys 839B48910FB1E887635C48F3EC11A05E
    C:\Windows\System32\drivers\msisadrv.sys 55C0DB741E3AB7463242B185B1C2997C
    C:\Windows\system32\drivers\MSKSSRV.sys 509809566E49F4411055864EA8D437CD
    C:\Windows\system32\DRIVERS\mslldp.sys 63145201D6458E4958E572E7D6FC2604
    C:\Windows\system32\drivers\MSPCLOCK.sys 99D526E803DB6D7FF290FD98B6204641
    C:\Windows\system32\drivers\MSPQM.sys 06FA77C3E2A491ADCD704C5E73006269
    C:\Windows\System32\Drivers\MsRPC.sys E134EC4DE11CF78CB01432D180710D84
    C:\Windows\System32\drivers\mssmbios.sys B5AECF12F09DEE97C9FCAA5BA016CE1E
    C:\Windows\system32\drivers\MSTEE.sys 72D66A05E0F99F2528F6C6204FD22AA1
    C:\Windows\System32\drivers\MTConfig.sys 8AAAE399FC255FA105D4158CBA289001
    C:\Windows\System32\Drivers\mup.sys 3BCB702F3E6CC622DCAFCAA45D7CDE0A
    C:\Windows\System32\drivers\mvumis.sys 3A1E095277BBD406CEA8EA6B76950664
    C:\Windows\system32\DRIVERS\nwifi.sys 43D7388A90A4C6EA346A4D6FF0377479
    C:\Windows\System32\drivers\ndis.sys A10E176F3B2BF83EDE7B5C4658C93B66
    C:\Windows\system32\DRIVERS\ndiscap.sys 39C8A1D9D46F5E83A016BCAB72455284
    C:\Windows\system32\DRIVERS\NdisImPlatform.sys 762941932B7E4C588E48A577BA9D6440
    C:\Windows\system32\DRIVERS\ndistapi.sys 7A6F8A6D0E01432EBA294EF29CDD0FA7
    C:\Windows\system32\DRIVERS\ndisuio.sys 79AB68BB3FFF974AD4F41FA559F4EC67
    C:\Windows\system32\DRIVERS\ndiswan.sys 62C7DBF4F9301F76CF87D4B9D8F57BF8
    C:\Windows\system32\DRIVERS\ndiswan.sys 62C7DBF4F9301F76CF87D4B9D8F57BF8
    C:\Windows\System32\Drivers\NDProxy.sys 3730942D7DB2F8BB5F84542B7FF6F650
    C:\Windows\System32\drivers\Ndu.sys D3F60A4345FCA9C1BE68AD7D0D6DE770
    C:\Windows\System32\DRIVERS\netbios.sys 7C203A76394F9AE68F69EEE5F9612C4A
    C:\Windows\System32\DRIVERS\netbt.sys 7CEC25C682D319D484630B3952C31A11
    C:\Windows\System32\drivers\nfrd960.sys 12DD2800E4EEA37DC9AE256AD62423B4
    C:\Windows\system32\drivers\NMgamingms.sys 6738685A183C2B1B06105B0CFE0297D0
    C:\Windows\System32\Drivers\Npfs.sys 17E19A742FB30C002F8B43575451DBE1
    C:\Windows\System32\drivers\npsvctrig.sys 8ED299C30792544264E558BEA79F0947
    C:\Windows\System32\drivers\nsiproxy.sys 689B3B1E95C70ABF7AFF29F9406EF1E0
    C:\Windows\System32\Drivers\Ntfs.sys 7BE3EDFFA3216F989A6BDCB14795DD08
    C:\windows\system32\drivers\NTIDrvr.sys 64DDD0DEE976302F4BD93E5EFCC2F013
    C:\Windows\System32\Drivers\Null.sys 4163ADE07DB51843AE31F65B94F5398D
    C:\Windows\System32\drivers\nvraid.sys D6D34118263412D3AAA8348A9572B7F2
    C:\Windows\System32\drivers\nvstor.sys 27AFC428D1D32ABD04A86763A4EDDEA9
    C:\Windows\System32\drivers\nv_agp.sys 051CFB5107BAAE510419BDC41F8C4036
    C:\Windows\System32\drivers\parport.sys 4563DAF8C6A740AD7F501E219BD10766
    C:\Windows\System32\drivers\partmgr.sys D6ACCF9F2EEEEA711C14EFD976E573F3
    C:\Windows\System32\drivers\pci.sys 4A003E8F718C1E6A2050CA98CD53E3E2
    C:\Windows\System32\drivers\pciide.sys F9908D274D458220F91E89B54D78D837
    C:\Windows\System32\drivers\pcmcia.sys 84D19CB6102627932DCB5DFDF89FE269
    C:\Windows\System32\drivers\pcw.sys CEBBAD5391C2644560C55628A40BFD27
    C:\Windows\System32\drivers\pdc.sys 0698DEDEAD6A00AD0D468C687D830FBF
    C:\Windows\System32\drivers\peauth.sys 61FE70659CD43E07F94DA4DC31DEC493
    C:\Windows\system32\DRIVERS\raspptp.sys 362D47E5B4D67270DE4B8606036F4ADD
    C:\Windows\System32\drivers\processr.sys DD979EB6A7212F60E4AFBE96EDC7AE6D
    C:\Windows\System32\drivers\aPs2Kb2Hid.sys 138DBAE80F390B22297ACD861BDA996E
    C:\Windows\system32\DRIVERS\pacer.sys EB8034147D4820CD31BFCB11A2A652DF
    C:\Windows\system32\drivers\qwavedrv.sys 13D47BB0CCA2FC51BD15F8E85C6A078E
    C:\Windows\System32\DRIVERS\rasacd.sys 873C60F8178100557740A832FCE10B5F
    C:\Windows\system32\DRIVERS\AgileVpn.sys 69B93F623B130976243ECA3D84CC99CA
    C:\Windows\system32\DRIVERS\rasl2tp.sys A14D625C5AEE5FFE0F47D1A1D419FAAE
    C:\Windows\system32\DRIVERS\raspppoe.sys 00695B9C2DB6111064499C529E90C042
    C:\Windows\system32\DRIVERS\rassstp.sys A7F24D8CD1956B0A1FDCB86CC5114DE4
    C:\Windows\System32\DRIVERS\rdbss.sys CA03D642ACE58E1BA54E4B383F91CD69
    C:\Windows\System32\drivers\rdpbus.sys CA7DF5EC95D8DE0DD24BE7FF97369F68
    C:\Windows\System32\drivers\rdpdr.sys B2A3AD74FF2E2FFA73AF2567108231B3
    C:\Windows\System32\drivers\rdpvideominiport.sys 57F4787E4602A3FCA719C0A33137C6DA
    C:\Windows\System32\Drivers\RDPWD.sys B3CB0721E81E30419CE7D837EF4EA151
    C:\Windows\System32\drivers\rdyboost.sys 62C1F8A0685FE07E998AA296C4F697C4
    C:\Windows\system32\DRIVERS\rspndr.sys E04E770DD198B9399640717145E79EBF
    C:\Windows\System32\drivers\vms3cap.sys 752EC7DCD2F96871A3857EEE6AFE965A
    C:\Windows\System32\drivers\sbp2port.sys 9C7B28CE0D136DB226E24DB3BC817F92
    C:\Windows\System32\DRIVERS\scfilter.sys 5D7733A12756B267FCA021672B26BC9E
    C:\Windows\System32\drivers\sdbus.sys F58B030A0664385C707B8C1C63682041
    C:\Windows\System32\drivers\sdstor.sys 6BF842A03DAA25CBBA9A585E25731E06
    C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\SerCx.sys 87C46B239A7EEF30FDFDD5E9BD46130C
    C:\Windows\System32\drivers\serenum.sys 7A1F9347C85FD55E39B8A76B3A25C5AD
    C:\Windows\System32\drivers\serial.sys F640A0A218BBF857F1D04A15D7D939F6
    C:\Windows\System32\drivers\sermouse.sys F1A5F56B2620B862CC28FF96A0A6DAAB
    C:\Windows\System32\drivers\sfloppy.sys 7EE65419B29302C795714FF8073969A1
    C:\Windows\System32\drivers\SiSRaid2.sys 2560721D6F16D5B611C36A3A9D28C1B2
    C:\Windows\System32\drivers\sisraid4.sys 3AA8FDE1DBF65BB8B88B053529554A0D
    C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys 5CDEF3A06AEA1B510F3F4B09340247D5
    C:\Windows\System32\drivers\spaceport.sys 9110193D93960E38B8692E4519C75D72
    C:\Windows\System32\drivers\SpbCx.sys 3D8679C8DF52EB26EB7583A4E0A29202
    C:\Windows\System32\DRIVERS\srv.sys 0F1FCD575A03ABDE13FCA9D0ADE4DDA6
    C:\Windows\System32\DRIVERS\srv2.sys 8504ADDE9C146C6295B16D13A0007560
    C:\Windows\System32\DRIVERS\srvnet.sys BB0F9E19C5CE4DC765B263E2A5561DE1
    C:\Windows\System32\drivers\ssadbus.sys 8F8324ED1DE63FFC7B1A02CD2D963C72
    C:\Windows\System32\drivers\stexstor.sys 4E85355B94CFCB67C135F6521A4895A7
    C:\Windows\System32\drivers\storahci.sys B240874B2CA0CD02E8CD11E140B14C57
    C:\Windows\System32\DRIVERS\vmstorfl.sys F74DBC95A57B1EE866D3732EB5F79BE2
    C:\Windows\System32\drivers\storvsc.sys 543CD3CC0E05B8D8815E0D4F040B6F59
    C:\Windows\System32\drivers\swenum.sys 4AFD66AAE74FFB5986BC240744DC5FC9
    C:\Windows\system32\DRIVERS\SynTP.sys 95FFE1C1C55B2E9CE45CCC7CFE25D2C3
    C:\Windows\System32\drivers\tcpip.sys 0E0C16EE82E2F4EBC2FBCA24C8F00D9E
    C:\Windows\system32\DRIVERS\tcpip.sys 0E0C16EE82E2F4EBC2FBCA24C8F00D9E
    C:\Windows\System32\drivers\tcpipreg.sys 8F2A13A5DF99D72FDDE87F502A66F989
    C:\Windows\System32\DRIVERS\tdx.sys 73DC722CE5DF26D7638CE2446F2655C7
    C:\Windows\System32\drivers\terminpt.sys F7C8AB5D8AFFAA318D6A21093D139BF4
    C:\Windows\system32\drivers\tpm.sys E94F7A7B48C7638D1F3F8089344C97B7
    C:\Windows\System32\Drivers\TrueSight.sys A1965DFC0CD91E7CFC42925F8F597274
    C:\Windows\System32\drivers\tsusbflt.sys 4E7C5FB10A50435523DE0CAA37DE2BD3
    C:\Windows\System32\drivers\TsUsbGD.sys 16D684A820872EE54F6370703AC0B513
    C:\Windows\system32\DRIVERS\tunnel.sys 78C9EE193AC2B4CBDBC48B620314D740
    C:\Windows\System32\drivers\uagp35.sys 6D4F67CA56ACA2085DFA2CD89EAFBC1A
    C:\Windows\System32\drivers\uaspstor.sys 6FD6D03B7752C78712E5CFF29A305026
    C:\windows\system32\drivers\UBHelper.sys 2E22C1FD397A5A9FFEF55E9D1FC96C00
    C:\Windows\System32\drivers\ucx01000.sys 061BA3EE0D2BE17944990544008CF190
    C:\Windows\System32\DRIVERS\udfs.sys 25C50F4EDF70D0A831E0566BD181CCF2
    C:\Windows\System32\drivers\uliagpkx.sys 07FEBCDF24FABA0D47B635D85A0FFB7A
    C:\Windows\System32\drivers\umbus.sys 02CEB3FE6152668A7BA420B93B664860
    C:\Windows\System32\drivers\umpass.sys 991EE6B5FC41EAEF99C8AF5B92F2CA09
    C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
    C:\Windows\system32\drivers\usbaudio.sys 9E9F21FF91D7ECC0BCCB94D3FE52A959
    C:\Windows\System32\drivers\usbccgp.sys C976C4306F9AE133D6BBD47FDFC3BF92
    C:\Windows\System32\drivers\usbcir.sys 427B6DB8C05A5A977E8C3525370A2595
    C:\Windows\System32\drivers\usbehci.sys B24FDEB1B18496F1B463782235AA3AF1
    C:\Windows\System32\drivers\usbhub.sys F8C2A832DF9403F5EA8080CBDBDA95FB
    C:\Windows\System32\drivers\UsbHub3.sys E5F7328B1D29BCE791862CD3C0DD382A
    C:\Windows\System32\drivers\usbohci.sys 325F6179009B5A7F6118951A5BA422AB
    C:\Windows\System32\drivers\usbprint.sys 9FDBA6982582A6F2354144980F641E7B
    C:\Windows\system32\DRIVERS\usbscan.sys AD91D1BBE5D3CF4501887DC1C09384FD
    C:\Windows\System32\drivers\USBSTOR.SYS BFC7FE4AAEB61317A921871B4085EF4B
    C:\Windows\System32\drivers\usbuhci.sys 1ABF657259DB57F7E5558E4DF1357C0C
    C:\Windows\System32\Drivers\usbvideo.sys 9EF7C01D3ACCBC243B5CB1A95865B2FF
    C:\Windows\System32\drivers\USBXHCI.SYS 8DC398D7B8E02C929A2096E74A170970
    C:\Windows\System32\drivers\vdrvroot.sys BACECBFF9C97F7627A60B0E0F1FE7EE8
    C:\Windows\System32\drivers\VerifierExt.sys 74FA2D4368DE6F6CE14393EDF1F342BE
    C:\Windows\System32\drivers\vhdmp.sys 500BE6B2E49883720D0AE8BB859ED7A3
    C:\Windows\System32\drivers\viaide.sys F5B4A14B00E89250C50982AC762DDD1D
    C:\Windows\System32\drivers\vmbus.sys 78DB50F7329F6D1311658DABFFFC8BE0
    C:\Windows\System32\drivers\VMBusHID.sys ECFEE2F2BA3932C7880D1A8F67D68F91
    C:\Windows\System32\drivers\volmgr.sys CB60FAAED8B49B812EBBF77EB87D9B18
    C:\Windows\System32\drivers\volmgrx.sys A74101DA9809251BCD0E5A26BAE0F824
    C:\Windows\System32\drivers\volsnap.sys 78A5BBA3819FFFC62FFEC3E2220D102D
    C:\Windows\System32\drivers\vpci.sys A8DA1C1B52ECEA3726DEBED4FF1B700D
    C:\Windows\System32\drivers\vsmraid.sys 38A60CD9C009C55C6D3B5586F8E6A353
    C:\Windows\System32\drivers\vstxraid.sys A0F6FE0FC2F647C22BBFD6BD4249DBCC
    C:\Windows\System32\drivers\vwifibus.sys 62460A45435A26A334907E3F2EA45611
    C:\Windows\system32\DRIVERS\vwififlt.sys 095E943D27025E4D588AF0A72CC2318F
    C:\Windows\system32\DRIVERS\vwifimp.sys 73FA1A41A97A5C34ADC03B3577FF1A86
    C:\Windows\System32\drivers\wacompen.sys 6B806E893714019969E2B50D7EF6A4D9
    C:\Windows\system32\DRIVERS\wanarp.sys 61F6972FF9AC9A8D0B4D62076DC30051
    C:\Windows\system32\DRIVERS\wanarp.sys 61F6972FF9AC9A8D0B4D62076DC30051
    C:\Windows\System32\drivers\wd.sys B3A4D918DAB90505B6BC7B70632913CB
    C:\Windows\system32\drivers\WdBoot.sys 3772FF85F0098686B0DCD77076AE0786
    C:\Windows\System32\drivers\wdcsam64.sys ==> MD5 is legit
    C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
    C:\Windows\system32\drivers\WdFilter.sys AB6F7DE8BFBF61A42F8764D9A621BD8B
    C:\Windows\System32\DRIVERS\wfplwfs.sys 44BB9C31E6242C4BD1CE7C2B440C2533
    C:\Windows\System32\drivers\wimmount.sys A3C7624A42A3447EF5EDD1ED37FE4E60
    C:\Windows\system32\DRIVERS\WinUsb.sys BB20956C424531003F7FA6CD36F11D5D
    C:\Windows\System32\drivers\wmiacpi.sys E2A596CACFC6504306CDB7B593B90084
    C:\Windows\System32\DRIVERS\wpcfltr.sys C6FF953D5D6F2EAE3B8883474D5076B3
    C:\Windows\System32\drivers\WpdUpFltr.sys 0346CAFC181C91C6E2330332EB332ED6
    C:\Windows\system32\drivers\ws2ifsl.sys BC8B5CB336E63BB25EAD1CE8EDD34B81
    C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
    C:\Windows\System32\drivers\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
    C:\Windows\system32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
    C:\Windows\system32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
  19. vonnie360

    vonnie360 TS Rookie Topic Starter Posts: 22

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-04 21:53 - 2014-10-04 21:54 - 00037438 _____ () C:\Users\Computer1\Desktop\FRST.txt
    2014-10-04 21:53 - 2014-10-04 21:53 - 00000000 ____D () C:\FRST
    2014-10-04 21:52 - 2014-10-04 21:52 - 02109440 _____ (Farbar) C:\Users\Computer1\Desktop\FRST64.exe
    2014-10-04 21:48 - 2014-10-04 21:48 - 00001943 _____ () C:\Users\Computer1\Desktop\JRT.txt
    2014-10-04 21:30 - 2014-10-04 21:30 - 00000000 ____D () C:\Windows\ERUNT
    2014-10-04 21:29 - 2014-10-04 21:29 - 01694116 _____ (Thisisu) C:\Users\Computer1\Downloads\JRT.exe
    2014-10-04 21:27 - 2014-10-04 08:46 - 01694116 _____ (Thisisu) C:\Users\Computer1\Desktop\JRT_NEW.exe
    2014-10-04 21:25 - 2014-10-04 21:25 - 01694116 _____ (Thisisu) C:\Users\Computer1\Desktop\JRT.exe
    2014-10-04 21:12 - 2014-10-04 21:12 - 01375089 _____ () C:\Users\Computer1\Desktop\adwcleaner_3.311.exe
    2014-09-29 22:26 - 2014-09-29 22:26 - 00000414 _____ () C:\Users\Computer1\Documents\can you.txt
    2014-09-29 21:29 - 2014-09-29 21:29 - 00000591 _____ () C:\Users\Computer1\Documents\pleadse.txt
    2014-09-29 14:55 - 2014-09-29 14:55 - 00016300 _____ () C:\Users\Computer1\Downloads\[kickass.to]the.mindy.project.s03e02.hdtv.x264.killers.ettv.torrent
    2014-09-29 14:54 - 2014-09-29 14:54 - 00013401 _____ () C:\Users\Computer1\Downloads\[kickass.to]the.mindy.project.s03e01.hdtv.x264.killers.rartv.torrent
    2014-09-29 09:53 - 2014-09-29 09:53 - 00000000 ____D () C:\Users\Computer1\Downloads\Collection Vol II H-N
    2014-09-27 21:20 - 2014-09-27 21:50 - 00000000 ____D () C:\Users\Computer1\Downloads\Only Lovers Left Alive (2013) [1080p]
    2014-09-27 18:31 - 2014-09-27 18:31 - 00019523 _____ () C:\ComboFix.txt
    2014-09-27 18:04 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
    2014-09-27 18:04 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
    2014-09-27 18:04 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2014-09-27 18:04 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2014-09-27 18:04 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2014-09-27 18:04 - 2000-08-30 17:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
    2014-09-27 18:04 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
    2014-09-27 18:04 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
    2014-09-27 18:04 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
    2014-09-27 18:03 - 2014-09-27 18:31 - 00000000 ____D () C:\Qoobox
    2014-09-27 18:02 - 2014-09-27 18:27 - 00000000 ____D () C:\Windows\erdnt
    2014-09-27 17:54 - 2014-09-27 17:55 - 05580995 ____R (Swearware) C:\Users\Computer1\Desktop\ComboFix.exe
    2014-09-26 13:36 - 2014-09-26 13:36 - 00001764 _____ () C:\Users\Computer1\Downloads\ValleyofAmazement9780062107336.acsm
    2014-09-24 06:49 - 2014-09-24 06:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone
    2014-09-24 06:49 - 2014-09-24 06:49 - 00000000 ____D () C:\ProgramData\Applications
    2014-09-24 06:49 - 2014-09-24 06:49 - 00000000 ____D () C:\Program Files (x86)\Windows Phone
    2014-09-24 06:48 - 2014-09-24 06:49 - 06745792 _____ (Microsoft Corporation) C:\Users\Computer1\Downloads\WindowsPhone.exe
    2014-09-23 23:08 - 2014-09-23 23:09 - 00000000 ____D () C:\Users\Computer1\Desktop\malware erradication
    2014-09-23 21:20 - 2014-09-23 21:45 - 00000000 ____D () C:\Users\Computer1\Desktop\mbar
    2014-09-23 21:00 - 2014-09-23 21:00 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2014-09-23 21:00 - 2014-09-23 21:00 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-09-21 17:54 - 2014-09-21 17:54 - 00001973 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    2014-09-21 17:54 - 2014-09-21 17:54 - 00000000 ____D () C:\Users\Computer1\AppData\Roaming\AVAST Software
    2014-09-21 17:54 - 2014-09-21 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
    2014-09-21 17:53 - 2014-10-04 21:21 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2014-09-21 17:53 - 2014-09-21 17:53 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
    2014-09-21 17:53 - 2014-09-21 17:52 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2014-09-21 17:53 - 2014-09-21 17:52 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2014-09-21 17:53 - 2014-09-21 17:52 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2014-09-21 17:53 - 2014-09-21 17:52 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
    2014-09-21 17:53 - 2014-09-21 17:52 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2014-09-21 17:53 - 2014-09-21 17:52 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2014-09-21 17:53 - 2014-09-21 17:52 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2014-09-21 17:52 - 2014-09-21 17:52 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2014-09-21 17:52 - 2014-09-21 17:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-09-21 17:51 - 2014-09-21 17:51 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-09-21 17:49 - 2014-09-21 17:51 - 00000000 ____D () C:\ProgramData\AVAST Software
    2014-09-21 17:48 - 2014-09-21 17:48 - 91906368 _____ (AVAST Software) C:\Users\Computer1\Downloads\avast_free_antivirus_setup.exe
    2014-09-21 09:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
    2014-09-21 09:37 - 2014-10-04 21:18 - 00000000 ____D () C:\AdwCleaner
    2014-09-21 09:10 - 2014-09-23 21:21 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-09-21 09:09 - 2014-09-23 21:20 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-09-21 09:09 - 2014-09-21 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-09-21 09:09 - 2014-09-21 09:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-09-21 09:09 - 2014-09-21 09:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-09-21 09:09 - 2014-05-12 08:05 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-09-21 09:09 - 2014-05-12 08:05 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-09-21 09:08 - 2014-09-21 09:08 - 01373475 _____ () C:\Users\Computer1\Downloads\AdwCleaner.exe
    2014-09-21 09:08 - 2014-09-21 09:08 - 00271872 _____ (Secure By Design Inc.) C:\Users\Computer1\Downloads\Ninite Malwarebytes Installer.exe
    2014-09-19 23:57 - 2014-09-19 23:57 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Computer1\Downloads\iexplore.exe
    2014-09-19 14:26 - 2014-09-23 22:13 - 00000000 ____D () C:\Users\Computer1\Desktop\Photo Class
    2014-09-17 20:32 - 2014-09-17 20:48 - 00000000 ____D () C:\Users\Computer1\Downloads\Anthony Bourdain No Reservations S01-03
    2014-09-17 20:31 - 2014-09-17 20:31 - 00138321 _____ () C:\Users\Computer1\Downloads\[kickass.to]anthony.bourdain.no.reservations.s01.03.torrent
    2014-09-15 19:22 - 2014-09-15 19:22 - 00001345 _____ () C:\Users\Computer1\Documents\to you ****head.txt

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-04 21:44 - 2013-12-26 18:47 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2298785408-665061886-3143229245-1001
    2014-10-04 21:35 - 2013-12-26 18:41 - 01229309 _____ () C:\Windows\WindowsUpdate.log
    2014-10-04 21:21 - 2014-01-16 13:46 - 00000922 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2014-10-04 21:20 - 2014-07-14 19:13 - 00312640 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-10-04 21:20 - 2014-01-16 13:46 - 00000918 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2014-10-04 21:20 - 2012-07-26 00:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-10-04 21:19 - 2012-12-27 01:25 - 00772854 _____ () C:\Windows\PFRO.log
    2014-10-04 21:19 - 2012-07-25 22:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
    2014-10-04 21:13 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\sru
    2014-10-03 23:39 - 2014-04-16 11:14 - 00000000 ____D () C:\ProgramData\Zoom Player
    2014-10-02 23:06 - 2014-08-11 22:13 - 00000000 ____D () C:\Users\Computer1\AppData\Roaming\vlc
    2014-10-02 00:37 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\AUInstallAgent
    2014-09-29 16:00 - 2014-06-05 09:52 - 00000170 _____ () C:\Users\Computer1\Desktop\home depot schedule .txt
    2014-09-29 15:55 - 2014-07-20 21:00 - 00000000 ____D () C:\Users\Computer1\AppData\Roaming\uTorrent
    2014-09-29 12:09 - 2012-07-26 01:12 - 00000000 ____D () C:\Windows\system32\NDF
    2014-09-27 18:31 - 2012-07-25 22:37 - 00000000 __RHD () C:\Users\Default
    2014-09-27 18:25 - 2012-07-25 22:26 - 00000215 _____ () C:\Windows\system.ini
    2014-09-26 13:37 - 2014-06-18 10:44 - 00000000 ____D () C:\Users\Computer1\Documents\My Digital Editions
    2014-09-26 13:37 - 2013-12-26 18:41 - 00000000 ____D () C:\Users\Computer1\AppData\Roaming\Adobe
    2014-09-25 09:10 - 2014-01-02 11:41 - 00000000 ____D () C:\Users\Computer1\AppData\Local\CrashDumps
    2014-09-24 06:46 - 2013-12-26 18:41 - 00000000 ____D () C:\Users\Computer1\AppData\Local\Packages
    2014-09-24 06:44 - 2012-07-26 00:21 - 00038772 _____ () C:\Windows\setupact.log
    2014-09-21 09:54 - 2014-06-18 10:14 - 00000000 ____D () C:\Users\Computer1\AppData\Roaming\Free Documents Opener
    2014-09-21 09:53 - 2014-04-22 19:32 - 00000000 ____D () C:\Program Files (x86)\Adobe
    2014-09-21 09:53 - 2014-01-01 14:11 - 00000000 ____D () C:\ProgramData\Adobe
    2014-09-17 20:51 - 2014-06-18 10:14 - 00000000 ____D () C:\Program Files\Smart Menu

    Some content of TEMP:
    ====================
    C:\Users\Computer1\AppData\Local\Temp\Quarantine.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    ==================== BCD ================================

    Firmware Boot Manager
    ---------------------
    identifier {fwbootmgr}
    displayorder {bootmgr}
    timeout 0

    Windows Boot Manager
    --------------------
    identifier {bootmgr}
    device partition=\Device\HarddiskVolume2
    path \EFI\Microsoft\Boot\bootmgfw.efi
    description Windows Boot Manager
    locale en-US
    inherit {globalsettings}
    integrityservices Enable
    default {current}
    resumeobject {6b122b79-c21c-11e2-be6f-f4b7e274ee4a}
    displayorder {current}
    toolsdisplayorder {memdiag}
    timeout 30

    Windows Boot Loader
    -------------------
    identifier {6b122b6f-c21c-11e2-be6f-f4b7e274ee4a}
    device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{6b122b70-c21c-11e2-be6f-f4b7e274ee4a}
    path \windows\system32\winload.efi
    description Windows Recovery Environment
    locale en-us
    inherit {bootloadersettings}
    displaymessage Recovery
    displaymessageoverride Recovery
    osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{6b122b70-c21c-11e2-be6f-f4b7e274ee4a}
    systemroot \windows
    nx OptIn
    bootmenupolicy Standard
    winpe Yes

    Windows Boot Loader
    -------------------
    identifier {current}
    device partition=C:
    path \Windows\system32\winload.efi
    description Windows 8
    locale en-US
    inherit {bootloadersettings}
    recoverysequence {6b122b6f-c21c-11e2-be6f-f4b7e274ee4a}
    integrityservices Enable
    recoveryenabled Yes
    isolatedcontext Yes
    allowedinmemorysettings 0x15000075
    osdevice partition=C:
    systemroot \Windows
    resumeobject {6b122b79-c21c-11e2-be6f-f4b7e274ee4a}
    nx OptIn
    bootmenupolicy Standard
    detecthal Yes

    Resume from Hibernate
    ---------------------
    identifier {6504cdf5-90f2-11e2-956f-feef99bf9931}
    device partition=C:
    path \Windows\system32\winresume.efi
    description Windows Resume Application
    locale en-US
    inherit {resumeloadersettings}
    recoverysequence {6b122b6f-c21c-11e2-be6f-f4b7e274ee4a}
    recoveryenabled Yes
    isolatedcontext Yes
    allowedinmemorysettings 0x15000075
    filedevice partition=C:
    filepath \hiberfil.sys
    bootmenupolicy Standard
    debugoptionenabled No

    Resume from Hibernate
    ---------------------
    identifier {6b122b71-c21c-11e2-be6f-f4b7e274ee4a}
    device partition=C:
    path \Windows\system32\winresume.efi
    description Windows Resume Application
    locale en-US
    inherit {resumeloadersettings}
    recoverysequence {6b122b6f-c21c-11e2-be6f-f4b7e274ee4a}
    recoveryenabled Yes
    isolatedcontext Yes
    allowedinmemorysettings 0x15000075
    filedevice partition=C:
    filepath \hiberfil.sys
    bootmenupolicy Standard
    debugoptionenabled No

    Resume from Hibernate
    ---------------------
    identifier {6b122b73-c21c-11e2-be6f-f4b7e274ee4a}
    device partition=C:
    path \Windows\system32\winresume.efi
    description Windows Resume Application
    locale en-US
    inherit {resumeloadersettings}
    recoverysequence {6b122b6f-c21c-11e2-be6f-f4b7e274ee4a}
    recoveryenabled Yes
    isolatedcontext Yes
    allowedinmemorysettings 0x15000075
    filedevice partition=C:
    filepath \hiberfil.sys
    bootmenupolicy Standard
    debugoptionenabled No

    Resume from Hibernate
    ---------------------
    identifier {6b122b79-c21c-11e2-be6f-f4b7e274ee4a}
    device partition=C:
    path \Windows\system32\winresume.efi
    description Windows Resume Application
    locale en-US
    inherit {resumeloadersettings}
    recoverysequence {6b122b6f-c21c-11e2-be6f-f4b7e274ee4a}
    recoveryenabled Yes
    isolatedcontext Yes
    allowedinmemorysettings 0x15000075
    filedevice partition=C:
    filepath \hiberfil.sys
    bootmenupolicy Standard
    debugoptionenabled No

    Windows Memory Tester
    ---------------------
    identifier {memdiag}
    device partition=\Device\HarddiskVolume2
    path \EFI\Microsoft\Boot\memtest.efi
    description Windows Memory Diagnostic
    locale en-US
    inherit {globalsettings}
    badmemoryaccess Yes

    EMS Settings
    ------------
    identifier {emssettings}
    bootems No

    Debugger Settings
    -----------------
    identifier {dbgsettings}
    debugtype Serial
    debugport 1
    baudrate 115200

    RAM Defects
    -----------
    identifier {badmemory}

    Global Settings
    ---------------
    identifier {globalsettings}
    inherit {dbgsettings}
    {emssettings}
    {badmemory}

    Boot Loader Settings
    --------------------
    identifier {bootloadersettings}
    inherit {globalsettings}
    {hypervisorsettings}

    Hypervisor Settings
    -------------------
    identifier {hypervisorsettings}
    hypervisordebugtype Serial
    hypervisordebugport 1
    hypervisorbaudrate 115200

    Resume Loader Settings
    ----------------------
    identifier {resumeloadersettings}
    inherit {globalsettings}

    Device options
    --------------
    identifier {6b122b70-c21c-11e2-be6f-f4b7e274ee4a}
    description Windows Recovery
    ramdisksdidevice partition=\Device\HarddiskVolume1
    ramdisksdipath \Recovery\WindowsRE\boot.sdi



    LastRegBack: 2014-09-27 21:39

    ==================== End Of Log ============================
     
  20. vonnie360

    vonnie360 TS Rookie Topic Starter Posts: 22

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2014 01
    Ran by Computer1 at 2014-10-04 21:55:44
    Running from C:\Users\Computer1\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    µTorrent (HKLM-x32\...\uTorrent) (Version: 2.2.1 - )
    Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0.1 - Adobe Systems Incorporated)
    Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.170 - Adobe Systems Incorporated)
    Adobe Photoshop Lightroom 5.2 64-bit (HKLM\...\{54E6C675-3AD4-42E4-957F-31666ABF1603}) (Version: 5.2.1 - Adobe)
    Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
    Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
    Backup Manager v4 (x32 Version: 4.0.0.0071 - NTI Corporation) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    BitRaider Web Client (HKLM-x32\...\BitRaider Web Client) (Version: 1.1.9.9 - BitRaider, LLC)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.59.96 - Broadcom Corporation)
    Broadcom Card Reader Driver Installer (HKLM\...\{F0A7DF2F-0BE0-470F-B137-D7A19F977189}) (Version: 15.4.7.1 - Broadcom Corporation)
    Canon PRO-100 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_PRO-100_series) (Version: - Canon Inc.)
    Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3318_45364 - CyberLink Corp.)
    CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3318_45364 - CyberLink Corp.) Hidden
    CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4427.52 - CyberLink Corp.)
    CyberLink PowerDVD 10 (x32 Version: 10.0.4427.52 - CyberLink Corp.) Hidden
    Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    DiskAid 6.5.6.0 (HKLM\...\DiskAid_is1) (Version: 6.5.6.0 - DigiDNA)
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    Dritek Radio Controller (HKLM-x32\...\RadioController) (Version: 2.02.2001.0803 - Dritek System Inc.)
    eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
    FlacSquisher 1.2.1 (HKLM-x32\...\FlacSquisher) (Version: 1.2.1 - FlacSquisher)
    Game Channels (HKLM-x32\...\WildTangentGameProvider-gateway-main) (Version: 7.1.0.17 - WildTangent, Inc.)
    Gateway Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3011 - Gateway Incorporated)
    Gateway MyBackup (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0071 - NTI Corporation)
    Gateway Power Management (HKLM\...\{E438A632-CADC-49E4-9492-C9F50F9AE37F}) (Version: 7.01.3001 - Gateway Incorporated)
    Gateway Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3012 - Gateway Incorporated)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
    Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
    Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
    Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Gateway Incorporated)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
    iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
    Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.670 - Oracle)
    Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
    Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.220 - Oracle)
    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Kepler 7.0 (HKLM-x32\...\Kepler 7.0) (Version: - )
    Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.10 - Gateway)
    Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3006 - Gateway Incorporated)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Microsoft App Update for microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe (x64) (Version: 1.0.0.0 - Microsoft Corporation) Hidden
    Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
    Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word 2007 (HKLM-x32\...\WORD) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Word 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
    Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Mozilla Firefox 30.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 en-US)) (Version: 30.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
    Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Nero 12 Essentials OEM.a01 (HKLM-x32\...\{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}) (Version: 12.5.00000 - Nero AG)
    Nero ControlCenter (x32 Version: 11.0.14500.0.45 - Nero AG) Hidden
    Nero ControlCenter Help (CHM) (x32 Version: 12.0.0003 - Nero AG) Hidden
    Nero Core Components (x32 Version: 11.0.16900.1.27 - Nero AG) Hidden
    Nero Express (x32 Version: 12.0.16001 - Nero AG) Hidden
    Nero Express Help (CHM) (x32 Version: 12.0.1000 - Nero AG) Hidden
    Nero Launcher (x32 Version: 12.0.3000 - Nero AG) Hidden
    Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
    Nitro Reader 3 (HKLM\...\{9EA981E5-EE67-4662-86F1-58937D31FE07}) (Version: 3.5.6.5 - Nitro)
    Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
    Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
    Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
    Star Wars The Old Republic (HKLM-x32\...\swtor_swtor) (Version: 7.0.0.38 - Bioware/EA)
    Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
    Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
    The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
    The Sims™ 3 Ambitions (HKLM-x32\...\{910F4A29-1134-49E0-AD8B-56E4A3152BD1}) (Version: 4.0.87 - Electronic Arts)
    The Sims™ 3 High-End Loft Stuff (HKLM-x32\...\{71828142-5A24-4BD0-97E7-976DA08CE6CF}) (Version: 3.0.38 - Electronic Arts)
    The Sims™ 3 Late Night (HKLM-x32\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
    The Sims™ 3 Pets (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
    The Sims™ 3 Supernatural (HKLM-x32\...\{B37DAFA5-717D-41F8-BDFB-3A4B68C0B3A1}) (Version: 15.0.135 - Electronic Arts)
    The Sims™ 3 World Adventures (HKLM-x32\...\{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}) (Version: 2.0.86 - Electronic Arts)
    Torchlight 2 (HKLM-x32\...\Torchlight 2_is1) (Version: - Martin)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_WORD_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_WORD_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-001B-0000-0000-0000000FF1CE}_WORD_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_WORD_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
    Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_WORD_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    WildTangent Games App (x32 Version: 4.0.11.2 - WildTangent) Hidden
    Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
    Zoom Player (remove only) (HKLM-x32\...\ZoomPlayer) (Version: - )
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    18-09-2014 04:39:24 Installed The Sims 3
    22-09-2014 00:50:41 avast! antivirus system restore point
    24-09-2014 04:17:29 restore point 9/23 1st
    28-09-2014 01:04:22 ComboFix created restore point

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
    Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {463CB4C8-619B-4324-A89D-36F03274F21C} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-21] (AVAST Software)
    Task: {5F641409-9BC8-4B2B-AE9C-06E790D7B2D8} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-09-19] (CyberLink)
    Task: {9A8D13E7-D7AA-49A1-80B8-30BC21B01A09} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)
    Task: {A36B2880-B441-4B89-85DA-6E2A51E1B372} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-16] (Google Inc.)
    Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
    Task: {AA0F398C-788E-4CBC-AA5D-01D1267C630F} - System32\Tasks\ALU => C:\Program Files (x86)\Gateway\Live Updater\updater.exe [2012-11-06] ()
    Task: {B077317F-5737-4152-83C6-A78D3E073D3F} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-29] (Synaptics Incorporated)
    Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
    Task: {CB3C31F0-AED9-44D9-9437-8C64CF1A1AA3} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Gateway\Live Updater\liveupdater_agent.exe [2012-06-21] ()
    Task: {D4BE0CE5-AD3D-42CB-88B5-08E702D680C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-16] (Google Inc.)
    Task: {D6769A6C-D3D6-47CA-84DA-3A93DEA967C4} - System32\Tasks\Power Management => C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe [2012-12-13] (Acer Incorporated)
    Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-03-13 01:30 - 2014-03-13 01:30 - 00249472 _____ () C:\Program Files\Smart Menu\WinStartMenuLauncher.exe
    2014-09-05 07:10 - 2014-09-05 07:10 - 02362456 _____ () C:\Program Files\Smart Menu\Smart Menu.exe
    2014-09-05 06:31 - 2014-09-05 06:31 - 00035840 _____ () C:\Program Files\Smart Menu\ShowStartBtnHook.dll
    2014-07-09 03:25 - 2014-07-09 03:25 - 00860160 _____ () C:\Program Files\Smart Menu\libGLESv2.dll
    2014-07-09 03:25 - 2014-07-09 03:25 - 00052736 _____ () C:\Program Files\Smart Menu\libEGL.dll
    2014-07-09 02:31 - 2014-07-09 02:31 - 01043968 _____ () C:\Program Files\Smart Menu\platforms\qwindows.dll
    2014-07-09 02:28 - 2014-07-09 02:28 - 00030208 _____ () C:\Program Files\Smart Menu\imageformats\qgif.dll
    2014-07-09 02:28 - 2014-07-09 02:28 - 00236032 _____ () C:\Program Files\Smart Menu\imageformats\qjpeg.dll
    2012-12-27 01:19 - 2012-10-23 11:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2014-09-21 17:52 - 2014-09-21 17:52 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
    2014-10-04 21:22 - 2014-10-04 21:22 - 02859008 _____ () C:\Program Files\AVAST Software\Avast\defs\14100401\algo.dll
    2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2012-11-02 17:38 - 2012-11-02 17:38 - 00465384 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\sqlite3.dll
    2012-11-02 17:37 - 2012-11-02 17:37 - 00125504 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\MailConverter32.dll
    2012-11-02 17:38 - 2012-11-02 17:38 - 00155712 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\VolumeSnapshot.dll
    2012-11-02 17:37 - 2012-11-02 17:37 - 00118336 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\Online.dll
    2012-11-02 17:37 - 2012-11-02 17:37 - 01081408 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\ACE.dll
    2012-11-02 17:37 - 2012-11-02 17:37 - 00052288 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\OsSettingPort.dll
    2012-11-02 17:37 - 2012-11-02 17:37 - 00727616 _____ () C:\Program Files (x86)\NTI\Gateway MyBackup\OutlookShadow.dll
    2014-09-21 17:52 - 2014-09-21 17:52 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2013-03-19 13:38 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-2298785408-665061886-3143229245-500 - Administrator - Disabled)
    Computer1 (S-1-5-21-2298785408-665061886-3143229245-1001 - Administrator - Enabled) => C:\Users\Computer1
    Guest (S-1-5-21-2298785408-665061886-3143229245-501 - Limited - Disabled)

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (10/04/2014 09:56:02 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}


    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
    Percentage of memory in use: 23%
    Total physical RAM: 3909.27 MB
    Available physical RAM: 3006.99 MB
    Total Pagefile: 6469.27 MB
    Available Pagefile: 5449.58 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.74 MB

    ==================== Drives ================================

    Drive c: (Gateway) (Fixed) (Total:449.19 GB) (Free:277.27 GB) NTFS
    Drive d: (May 29 2014) (CDROM) (Total:3.09 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 6FC645BA)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  21. vonnie360

    vonnie360 TS Rookie Topic Starter Posts: 22

    It's doing it again :(
     
  22. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Any browser opened when it happens?


    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  23. vonnie360

    vonnie360 TS Rookie Topic Starter Posts: 22

    Yeah it seems to only do it when Chrome is open. But its not a pop up... I think it did it before when I was watching a movie and I caught google running in the background. Okay next step!
     
  24. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Reset Chrome...
    Click on "Customize and control Google Chrome":
    [​IMG]
    Click "Settings" then "Show advanced settings" at the bottom of the screen.
    Click "Reset browser settings" button.
    Restart Chrome.

    If the above didn't help....

    Reinstall Chrome...
    If you want to save your bookmarks...
    How to Backup Bookmarks in Google Chrome
    • Close all Chrome windows and tabs.
    • Go to the Start menu > Control Panel. (Windows 8 users: Learn how to access the Control Panel)
    • Click Programs and Features.
    • Double-click Google Chrome.
    • Click Uninstall from the confirmation dialog. Delete your user profile information, like your browser preferences, bookmarks, and history, by selecting the "Also delete your browsing data" checkbox.
    Install fresh copy.
     
  25. vonnie360

    vonnie360 TS Rookie Topic Starter Posts: 22

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-10-2014 01
    Ran by Computer1 at 2014-10-05 17:27:41 Run:1
    Running from C:\Users\Computer1\Desktop\malware erradication
    Loaded Profile: Computer1 (Available profiles: Computer1)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    S3 BRDriver64; \??\C:\ProgramData\BitRaider\BRDriver64.sys [X]
    S3 EuMusDesignVirtualAudioCableWdm_lcs; \SystemRoot\system32\DRIVERS\vaclcskd.sys [X]
    S1 MpKsl2d43e123; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{468E9BDD-A462-4F7E-85CD-99A3A14AA30E}\MpKsl2d43e123.sys [X]
    C:\Users\Computer1\AppData\Local\Temp\Quarantine.exe

    *****************

    BRDriver64 => Service deleted successfully.
    EuMusDesignVirtualAudioCableWdm_lcs => Service deleted successfully.
    MpKsl2d43e123 => Service deleted successfully.
    C:\Users\Computer1\AppData\Local\Temp\Quarantine.exe => Moved successfully.

    ==== End of Fixlog ====
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...