TechSpot

Unknown Rootkit infection Explorer modified

By ogahm
Jan 21, 2015
  1. ANYONE that recognizes these symptons please help me IDENTIFY this infection!

    I plugged a friends Seagate Expansion drive (SRD00F1) into my machine's usb port and Windows Vista started to load the drivers and then stopped. I went to My Computer and the machine can't see the drive at all. After this I started to see the following occurring:

    1) All the normal column names in Explorer are gone, Author is the only one showing. All of the common ones are unavailable when I try to choose details by right clicking the column header, Filename, Date Created/Created, Size etc...

    2) Many windows won't open, specifically Control Panel windows like "Backup and Restore Center", System, regedit.exe.

    3) Explorer shows no filenames or folder names.

    4) The "Start Search" feature of the Start Bar returns nothing.

    5) In My computer the sizes of the drives and free space are in bytes, not KB or MB.

    It seems like some rootkit has replaced Explorer.exe, but I can't figure out which one. The external drive that caused the infection hasn't been used in months, so it can't be something brand new.

    Any assistance on identifying this infection and/or removing it would be greatly appreciated.

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 1/16/2015
    Scan Time: 1:19:00 PM
    Logfile: MBAMScan.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.01.16.11
    Rootkit Database: v2015.01.14.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows Vista Service Pack 2
    CPU: x64
    File System: NTFS
    User: Shake

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 335334
    Time Elapsed: 7 min, 43 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Enabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 5
    PUP.Optional.MyPCBackup.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MyPC Backup, Quarantined, [aea326d143467db9100aafc22ed5a957],
    PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Search-Protect, Quarantined, [5af7fbfc2f5a0333112ee0ad2bd8b14f],
    PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-1027772261-2917165354-2662933974-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLAPLUGINS\@tnt2npapi.com/Plugin, Quarantined, [a5acb7408aff0630577c0ca8a162817f],
    PUP.Optional.TidyNetwork.A, HKU\S-1-5-21-1027772261-2917165354-2662933974-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{7D834389-C771-4037-A6AC-9B96BAD6DEEE}, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, HKLM\SOFTWARE\CLASSES\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}, Quarantined, [282909eea3e64de96ad567d3fa0939c7],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 10
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2, Delete-on-Reboot, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Common, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles, Delete-on-Reboot, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075, Delete-on-Reboot, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\Cache, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2, Delete-on-Reboot, [282909eea3e64de96ad567d3fa0939c7],
    PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\2.0.0.1895, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
    PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\Profiles, Delete-on-Reboot, [282909eea3e64de96ad567d3fa0939c7],
    PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\Profiles\11075, Quarantined, [282909eea3e64de96ad567d3fa0939c7],

    Files: 53
    PUP.Optional.SearchProtect.A, C:\Windows\System32\Tasks\Search-Protect, Quarantined, [d77a3cbbaedb0c2aaa93deaffa098779],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\Autorun.inf, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\crx.tar, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\GameApps.ini, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\GameConsole.exe, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\GameEngine.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\GLOBALUNINSTALL.TNT, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\hmac.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\iestage2.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\IEToolbar.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\IEToolbar64.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\INSTALL.TNT, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\LastSession.log, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\log.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\MinecraftShims64.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\npTNT2.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\PARTNER.TNT, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\passport.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\passport64.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\pinnedSearch.htm, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\pinnedSearch_FindWide.htm, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\pinnedSearch_Freshy.htm, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\progress.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\regsvr.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\RemoteSkin.wms, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\sqlite.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\TNT2User.exe, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\TNT2UserPS.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\TNT2UserPS64.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\TntMagicDel.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\UnInjLib.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\UnInjLib64.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\UNINSTALL.TNT, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\UninstallDlg.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\untar.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\UPDATE.TNT, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\xpi.tar, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\zipunzip.1.dll, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Common\GameConsole.exe, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\inst.ini, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\LastSession.log, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\os11075.xml, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\PARTNER.1.TNT, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\partner.dat, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\runt.ini, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\toolbar11075@freshy.com.xpi, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Users\Shake\AppData\Local\TNT2\Profiles\11075\yah11075.xml, Quarantined, [361b18dfd8b1f343b48a2812d72c7789],
    PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\TNT2UserPS.dll, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
    PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\TNT2UserPS64.dll, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
    PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\2.0.0.1895\IEToolbar.dll, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
    PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\2.0.0.1895\IEToolbar64.dll, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
    PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\Profiles\11075\passport.dll, Quarantined, [282909eea3e64de96ad567d3fa0939c7],
    PUP.Optional.TidyNetwork.A, C:\Program Files (x86)\TNT2\Profiles\11075\passport64.dll, Quarantined, [282909eea3e64de96ad567d3fa0939c7],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    Here is the DDS.txt:

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16592
    Run by Shake at 17:09:02 on 2015-01-19
    Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.6133.3253 [GMT -7:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Ati2evxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\ehome\ehRecvr.exe
    C:\Windows\ehome\ehsched.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\AVAST Software\Avast\avastui.exe
    C:\Windows\System32\wbem\unsecapp.exe
    C:\Windows\System32\wbem\WmiPrvSE.exe
    C:\Windows\ehome\ehshell.exe
    C:\Windows\ehome\ehRec.exe
    C:\Windows\ehome\ehVid.exe
    C:\Windows\System32\notepad.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxps://www.google.com/
    uSearch Bar = Preserve
    uDefault_Page_URL = hxxp://search.us.com/?guid={7D834389-C771-4037-A6AC-9B96BAD6DEEE}
    mWinlogon: Userinit = userinit.exe,
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    mRun: [LiveUpdate 5] "C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe" /reminder
    mRun: [NCUpdateHelper] "C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe"
    mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
    mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: SoftwareSASGeneration = dword:1
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
    TCP: NameServer = 192.168.1.1
    TCP: Interfaces\{BDD833F9-552B-413B-A541-7C01A695658A} : DHCPNameServer = 192.168.1.1
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.99\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
    x64-mPolicies-Explorer: NoActiveDesktop = dword:1
    x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    x64-mPolicies-System: SoftwareSASGeneration = dword:1
    x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
    x64-mASetup: {7070D8E0-650A-46b3-B03C-9497582E6A74} - C:\Windows\System32\soundschemes.exe /AddRegistration
    x64-mASetup: {B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24} - C:\Windows\System32\soundschemes2.exe /AddRegistration
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Shake\AppData\Roaming\Mozilla\Firefox\Profiles\bxglrmeu.default\
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\PDFlite\npPdfViewer.dll
    FF - plugin: C:\Users\Shake\AppData\Local\TNT2\2.0.0.1895\npTNT2.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2015-1-18 65776]
    R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2015-1-18 267632]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswsnx.sys [2015-1-18 1050432]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2015-1-18 436624]
    R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2015-1-18 29208]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswmonflt.sys [2015-1-18 87912]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2015-1-18 50344]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2015-1-1 167424]
    R3 hcw18bda;Hauppauge WinTV 418 Driver;C:\Windows\System32\drivers\hcw18bda.sys [2014-5-11 912896]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
    S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2014-10-24 90776]
    S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\System32\drivers\htcnprot.sys [2012-12-7 36928]
    S3 HtcVCom32;HTC Diagnostic Port;C:\Windows\System32\drivers\HtcVComV64.sys [2009-7-30 118872]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
    S3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2014-5-11 14136]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
    .
    =============== File Associations ===============
    .
    FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    ShellExec: tonegen.exe: open="C:\Program Files (x86)\NCH Software\ToneGen\tonegen" "%L"
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2015-01-18 17:36:04 87912 ----a-w- C:\Windows\System32\drivers\aswmonflt.sys
    2015-01-18 17:36:02 1050432 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
    2015-01-18 17:34:01 65264 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
    2015-01-18 17:34:00 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2015-01-18 17:34:00 436624 ----a-w- C:\Windows\System32\drivers\aswSP.sys
    2015-01-18 17:34:00 364512 ----a-w- C:\Windows\System32\aswBoot.exe
    2015-01-18 17:34:00 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
    2015-01-18 17:34:00 267632 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
    2015-01-18 17:33:59 64752 ----a-w- C:\Windows\System32\drivers\aswRdr.sys
    2015-01-18 17:33:56 43152 ----a-w- C:\Windows\avastSS.scr
    2014-12-22 04:08:46 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-12-22 04:08:46 701616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2014-10-27 23:04:52 1852168 ----a-w- C:\Users\Shake\AppData\Roaming\BeFrugal.com-Install.exe
    2014-10-27 20:32:45 17870336 ----a-w- C:\Windows\System32\mshtml.dll
    2014-10-27 20:13:57 2339840 ----a-w- C:\Windows\System32\jscript9.dll
    2014-10-27 20:12:24 10921472 ----a-w- C:\Windows\System32\ieframe.dll
    2014-10-27 20:07:15 1388032 ----a-w- C:\Windows\System32\urlmon.dll
    2014-10-27 20:06:55 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2014-10-27 20:05:41 1494016 ----a-w- C:\Windows\System32\inetcpl.cpl
    2014-10-27 20:05:26 237056 ----a-w- C:\Windows\System32\url.dll
    2014-10-27 20:05:13 86016 ----a-w- C:\Windows\System32\jsproxy.dll
    2014-10-27 20:04:52 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2014-10-27 20:04:38 2157056 ----a-w- C:\Windows\System32\iertutil.dll
    2014-10-27 20:04:37 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2014-10-27 20:04:29 816640 ----a-w- C:\Windows\System32\jscript.dll
    2014-10-27 20:04:26 729088 ----a-w- C:\Windows\System32\msfeeds.dll
    2014-10-27 20:04:09 453120 ----a-w- C:\Windows\System32\dxtmsft.dll
    2014-10-27 20:03:59 282112 ----a-w- C:\Windows\System32\dxtrans.dll
    2014-10-27 20:03:57 55296 ----a-w- C:\Windows\System32\msfeedsbs.dll
    2014-10-27 20:03:54 11264 ----a-w- C:\Windows\System32\msfeedssync.exe
    2014-10-27 20:03:41 96768 ----a-w- C:\Windows\System32\mshtmled.dll
    2014-10-27 20:03:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2014-10-27 20:03:21 12800 ----a-w- C:\Windows\System32\mshta.exe
    2014-10-27 20:03:05 248320 ----a-w- C:\Windows\System32\ieui.dll
    2014-10-27 19:10:22 12366848 ----a-w- C:\Windows\SysWow64\mshtml.dll
    2014-10-27 19:05:44 1810944 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2014-10-27 19:02:37 9739776 ----a-w- C:\Windows\SysWow64\ieframe.dll
    2014-10-27 18:59:41 1139712 ----a-w- C:\Windows\SysWow64\urlmon.dll
    2014-10-27 18:59:06 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2014-10-27 18:58:19 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2014-10-27 18:57:36 231936 ----a-w- C:\Windows\SysWow64\url.dll
    2014-10-27 18:57:18 65536 ----a-w- C:\Windows\SysWow64\jsproxy.dll
    2014-10-27 18:56:58 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2014-10-27 18:56:40 421376 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2014-10-27 18:56:15 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
    2014-10-27 18:56:10 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
    2014-10-27 18:56:08 1802752 ----a-w- C:\Windows\SysWow64\iertutil.dll
    2014-10-27 18:55:50 41472 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
    2014-10-27 18:55:44 353792 ----a-w- C:\Windows\SysWow64\dxtmsft.dll
    2014-10-27 18:55:39 223232 ----a-w- C:\Windows\SysWow64\dxtrans.dll
    2014-10-27 18:55:32 10752 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
    2014-10-27 18:55:28 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
    2014-10-27 18:55:20 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2014-10-27 18:55:17 11776 ----a-w- C:\Windows\SysWow64\mshta.exe
    2014-10-27 18:54:43 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
    2014-10-24 01:04:29 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2014-10-24 01:03:40 499200 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2014-10-24 00:39:49 77312 ----a-w- C:\Windows\System32\packager.dll
    2014-10-24 00:39:19 656384 ----a-w- C:\Windows\System32\kerberos.dll
    .
    ============= FINISH: 17:10:26.56 ===============
    Attach.txt:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista™ Ultimate
    Boot Device: \Device\HarddiskVolume2
    Install Date: 5/11/2014 6:27:33 AM
    System Uptime: 1/19/2015 4:12:58 AM (13 hours ago)
    .
    Motherboard: MSI | | MSI X58 PLATINUM SLI(MS-7522)
    Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz | CPU 1 | 2533/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 2048 GiB total, 77.743 GiB free.
    D: is FIXED (NTFS) - 1397 GiB total, 34.322 GiB free.
    E: is FIXED (NTFS) - 149 GiB total, 8.228 GiB free.
    F: is CDROM ()
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Video Controller
    Device ID: PCI\VEN_1002&DEV_72A0&SUBSYS_E191174B&REV_00\4&12B3CBB2&0&0118
    Manufacturer:
    Name: Video Controller
    PNP Device ID: PCI\VEN_1002&DEV_72A0&SUBSYS_E191174B&REV_00\4&12B3CBB2&0&0118
    Service:
    .
    ==== System Restore Points ===================
    .
    RP263: 4/30/2014 12:00:08 AM - Scheduled Checkpoint
    RP264: 5/1/2014 3:56:28 AM - Scheduled Checkpoint
    RP265: 5/2/2014 12:00:08 AM - Scheduled Checkpoint
    RP266: 5/3/2014 4:30:55 AM - Scheduled Checkpoint
    RP267: 5/4/2014 12:14:55 AM - Scheduled Checkpoint
    RP268: 5/5/2014 12:00:05 AM - Scheduled Checkpoint
    RP269: 5/6/2014 11:41:46 PM - Scheduled Checkpoint
    RP270: 5/8/2014 5:43:03 AM - Scheduled Checkpoint
    RP271: 5/9/2014 12:01:05 AM - Scheduled Checkpoint
    RP272: 5/10/2014 6:40:18 AM - Scheduled Checkpoint
    RP179: 11/23/2014 6:05:32 AM - Scheduled Checkpoint
    RP180: 11/27/2014 5:27:39 AM - Scheduled Checkpoint
    RP181: 12/1/2014 8:29:19 PM - Scheduled Checkpoint
    RP182: 12/3/2014 1:04:18 AM - Scheduled Checkpoint
    RP183: 12/4/2014 9:33:47 AM - Scheduled Checkpoint
    RP184: 12/5/2014 12:55:40 PM - Scheduled Checkpoint
    RP185: 12/7/2014 3:56:40 PM - Scheduled Checkpoint
    RP186: 12/9/2014 8:02:03 AM - Scheduled Checkpoint
    RP187: 12/10/2014 12:00:04 AM - Scheduled Checkpoint
    RP188: 12/10/2014 8:12:55 PM - Scheduled Checkpoint
    RP189: 12/11/2014 6:07:02 PM - Scheduled Checkpoint
    RP190: 12/14/2014 7:55:53 AM - Scheduled Checkpoint
    RP191: 12/23/2014 12:21:09 AM - Scheduled Checkpoint
    RP192: 12/24/2014 12:19:47 AM - Scheduled Checkpoint
    RP193: 12/25/2014 12:00:12 AM - Scheduled Checkpoint
    RP194: 12/26/2014 4:12:32 AM - Scheduled Checkpoint
    RP195: 12/27/2014 8:23:10 AM - Scheduled Checkpoint
    RP196: 12/29/2014 3:00:42 AM - Scheduled Checkpoint
    RP197: 12/30/2014 12:00:32 AM - Scheduled Checkpoint
    RP198: 12/31/2014 12:23:56 AM - Scheduled Checkpoint
    RP199: 1/1/2015 12:24:23 AM - Scheduled Checkpoint
    RP200: 1/1/2015 3:12:51 AM - Device Driver Package Install: HTC Corporation Ports (COM & LPT)
    RP201: 1/1/2015 3:13:26 AM - Device Driver Package Install: HTC Corporation Modems
    RP202: 1/1/2015 3:15:36 AM - Device Driver Package Install: HTC, Corporation
    RP204: 1/1/2015 3:16:46 AM - Device Driver Package Install: HTC Corporation Network adapters
    RP203: 1/1/2015 3:16:46 AM - Device Driver Package Install: HTC Network Protocol
    RP205: 1/1/2015 3:19:25 AM - Device Driver Package Install: HTC Corporation Portable Devices
    RP206: 1/1/2015 3:21:29 AM - Installed HTC Sync.
    RP207: 1/2/2015 12:00:32 AM - Scheduled Checkpoint
    RP208: 1/3/2015 6:49:36 AM - Scheduled Checkpoint
    RP209: 1/4/2015 6:47:08 AM - Scheduled Checkpoint
    RP210: 1/5/2015 10:04:45 AM - Scheduled Checkpoint
    RP211: 1/6/2015 12:00:22 AM - Scheduled Checkpoint
    RP212: 1/7/2015 12:32:08 AM - Scheduled Checkpoint
    RP213: 1/8/2015 12:31:55 AM - Scheduled Checkpoint
    RP214: 1/9/2015 1:49:00 AM - Scheduled Checkpoint
    RP215: 1/10/2015 12:25:01 AM - Scheduled Checkpoint
    RP216: 1/11/2015 12:41:43 AM - Scheduled Checkpoint
    RP217: 1/12/2015 4:03:36 AM - Scheduled Checkpoint
    RP218: 1/13/2015 12:00:27 AM - Scheduled Checkpoint
    RP219: 1/14/2015 12:00:23 AM - Scheduled Checkpoint
    RP273: 1/15/2015 12:19:08 AM - Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
    RP220: 1/15/2015 9:58:55 PM - Installed HiJackThis
    RP221: 1/16/2015 3:28:46 PM - Scheduled Checkpoint
    RP222: 1/17/2015 5:52:16 PM - Tweaking.com - Windows Repair
    RP223: 1/17/2015 7:46:31 PM - Restore Operation
    RP224: 1/17/2015 8:31:45 PM - Tweaking.com - Windows Repair
    RP225: 1/18/2015 10:31:46 AM - avast! antivirus system restore point
    RP226: 1/19/2015 4:56:40 AM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20 (x64 edition)
    Adobe AIR
    Adobe Flash Player 15 ActiveX
    Adobe Flash Player 16 NPAPI
    Avast Free Antivirus
    File Association Manager
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HTC BMP USB Driver
    HTC Driver Installer
    HTC Sync
    IPTInstaller
    Lineage II
    Live Update 5
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft .NET Framework 4.5.1
    Microsoft Application Error Reporting
    Microsoft Help Viewer 1.0
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU
    Microsoft SQL Server System CLR Types
    Microsoft Visual C# 2010 Express - ENU
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
    Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
    Mozilla Firefox 35.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP3 Parser
    NCH Tone Generator
    NCSOFT Game Launcher
    PDFlite 1.0.0.0
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    RedMon - Redirection Port Monitor
    Search-Protect
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
    Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
    System Requirements Lab for Intel
    TNT2-11075 Toolbar
    Tweaking.com - Windows Repair (All in One)
    Ultimate Extras sounds from Microsoft® Tinker™
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    VLC media player 2.1.3
    WavePad Sound Editor
    Windows Sound Schemes
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/19/2015 5:10:28 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    1/19/2015 4:15:09 AM, Error: Service Control Manager [7023] - The Superfetch service terminated with the following error: The operating system is not presently configured to run this application.
    1/19/2015 4:13:31 AM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
    1/17/2015 9:04:01 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    1/17/2015 8:44:25 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 00242151589A has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    1/17/2015 5:43:28 PM, Error: Microsoft-Windows-TaskScheduler [412] - Task Scheduler service failed to launch tasks triggered by computer startup. Additional Data: Error Value: 2147942405. User Action: restart task scheduler service.
    1/17/2015 1:21:06 PM, Error: Service Control Manager [7034] - The Ati External Event Utility service terminated unexpectedly. It has done this 1 time(s).
    1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Windows Media Center Scheduler Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Windows Media Center Receiver Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
    1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Software Licensing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/17/2015 1:21:06 PM, Error: Service Control Manager [7031] - The Internet Pass-Through Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    1/16/2015 1:54:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Beep
    1/15/2015 9:45:14 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    1/15/2015 9:44:47 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    1/14/2015 11:36:01 PM, Error: EventLog [6008] - The previous system shutdown at 11:31:51 PM on 1/14/2015 was unexpected.
    .
    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit (MBAR) to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
    NOTE. If you see This version requires you to completely exit the Anti Malware application message right click on the Malwarebytes Anti-Malware icon in the system tray and click on Exit.
     
  3. ogahm

    ogahm TS Rookie Topic Starter Posts: 23

    Hi, thanks for the help. MBAR says I need to restart to load DDA driver, so I'm posting RogueKiller log now.
    RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows Vista (6.0.6002 Service Pack 2) 64 bits version
    Started in : Normal mode
    User : Shake [Administrator]
    Mode : Delete -- Date : 01/21/2015 17:28:51

    ¤¤¤ Processes : 1 ¤¤¤
    [Suspicious.Path] hh.exe(4940) -- C:\Windows\hh.exe[7] -> Killed [TermProc]

    ¤¤¤ Registry : 26 ¤¤¤
    [PUP] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_3724\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Not selected
    [PUP] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_3724\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670} -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\aswMBR (\??\C:\Users\Shake\AppData\Local\Temp\aswMBR.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\uftcaaow (\??\C:\Users\Shake\AppData\Local\Temp\uftcaaow.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswMBR (\??\C:\Users\Shake\AppData\Local\Temp\aswMBR.sys) -> Not selected
    [Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uftcaaow (\??\C:\Users\Shake\AppData\Local\Temp\uftcaaow.sys) -> Not selected
    [PUM.SearchPage] (X64) HKEY_USERS\RK_ogahm_ON_D_BFE3\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.SearchPage] (X86) HKEY_USERS\RK_ogahm_ON_D_BFE3\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
    [PUM.StartMenu] (X64) HKEY_USERS\RK_Ogahm_ON_E_F584\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Not selected
    [PUM.StartMenu] (X64) HKEY_USERS\RK_Ogahm_ON_E_F584\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Not selected
    [PUM.StartMenu] (X64) HKEY_USERS\RK_Ogahm_ON_E_F584\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\RK_Ogahm_ON_E_F584\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2 -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\RK_Ogahm_ON_E_F584\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Not selected
    [PUM.StartMenu] (X86) HKEY_USERS\RK_Ogahm_ON_E_F584\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_FECC\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_D_FECC\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_3724\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_E_3724\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_FECC\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_D_FECC\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_3724\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_E_3724\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 1 ¤¤¤
    [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: +++++
    --- User ---
    [MBR] d52b6c94ab88eb597a626c558ef066dd
    [BSP] 032aa462bf6135e663515264a45430ec : HP MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 2097151 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: +++++
    --- User ---
    [MBR] abfb3e90302b99f36625230530d60ca6
    [BSP] b3e6f15bc5b780c5389857b261735cee : HP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1430797 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive2: +++++
    --- User ---
    [MBR] b94225a5ee61e4b224745a8c3e6291cb
    [BSP] e9bab177c34b1b6844ceea4adaced0ae : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 152625 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_SCN_01162015_125917.log - RKreport_SCN_01212015_171305.log
     
  4. ogahm

    ogahm TS Rookie Topic Starter Posts: 23

    Hi, thanks for the help, had some issues running MBAR and had to uninstall MBAM.
    Malwarebytes Anti-Rootkit BETA 1.08.3.1004
    www.malwarebytes.org

    Database version:
    main: v2015.01.22.01
    rootkit: v2015.01.14.01

    Windows Vista Service Pack 2 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Shake :: MASTERSHAKE [administrator]

    1/21/2015 6:05:32 PM
    mbar-log-2015-01-21 (18-05-32).txt

    Scan type: Quick scan
    Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
    Scan options disabled:
    Objects scanned: 335079
    Time elapsed: 9 minute(s), 46 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 1
    C:\Users\Shake\AppData\Local\Temp\W.exe (Trojan.Downloader) -> Delete on reboot. [37324cae9eeb52e4282c36e19d671de3]

    Physical Sectors Detected: 0
    (No malicious items detected)

    (end)
     
  5. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      If the connection is not there use restore point you created prior to running Combofix.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  6. ogahm

    ogahm TS Rookie Topic Starter Posts: 23

    Here is the log.
    ComboFix 15-01-18.01 - Shake 01/21/2015 20:56:21.1.8 - x64
    Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.1.1033.18.6133.3807 [GMT -7:00]
    Running from: c:\users\Shake\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AV: Emsisoft Anti-Malware *Disabled/Updated* {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
    SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Emsisoft Anti-Malware *Disabled/Updated* {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2014-12-22 to 2015-01-22 )))))))))))))))))))))))))))))))
    .
    .
    2015-01-22 04:06 . 2015-01-22 04:06 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-01-18 17:37 . 2015-01-18 17:37 -------- d-----w- c:\users\Shake\AppData\Roaming\AVAST Software
    2015-01-18 17:35 . 2015-01-20 11:15 -------- d-----w- c:\program files\Google
    2015-01-18 17:34 . 2015-01-20 11:15 -------- d-----w- c:\program files (x86)\Google
    2015-01-18 17:34 . 2015-01-20 05:43 -------- d-----w- c:\users\Shake\AppData\Local\Google
    2015-01-18 17:34 . 2015-01-18 17:34 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2015-01-18 17:34 . 2015-01-18 17:34 267632 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2015-01-18 17:34 . 2015-01-18 17:34 436624 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2015-01-18 17:34 . 2015-01-18 17:34 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2015-01-18 17:34 . 2015-01-18 17:36 87912 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
    2015-01-18 17:34 . 2015-01-18 17:34 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
    2015-01-18 17:34 . 2015-01-18 17:33 64752 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2015-01-18 17:34 . 2015-01-18 17:36 1050432 ----a-w- c:\windows\system32\drivers\aswsnx.sys
    2015-01-18 17:34 . 2015-01-18 17:34 364512 ----a-w- c:\windows\system32\aswBoot.exe
    2015-01-18 17:33 . 2015-01-18 17:33 43152 ----a-w- c:\windows\avastSS.scr
    2015-01-18 17:32 . 2015-01-18 17:32 -------- d-----w- c:\program files\AVAST Software
    2015-01-18 17:29 . 2015-01-18 17:32 -------- d-----w- c:\programdata\AVAST Software
    2015-01-18 03:59 . 2015-01-20 20:40 -------- d-----w- c:\windows\system32\catroot2
    2015-01-18 03:43 . 2015-01-18 03:43 -------- d-----w- c:\windows\SysWow64\wbem\Performance
    2015-01-18 03:18 . 2015-01-09 09:07 73840 ----a-w- c:\program files (x86)\Mozilla Firefox\wow_helper.exe
    2015-01-18 03:18 . 2015-01-09 09:06 915376 ----a-w- c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe
    2015-01-18 00:51 . 2015-01-18 00:51 -------- d-----w- C:\RegBackup
    2015-01-17 23:47 . 2015-01-17 23:47 -------- d-----w- c:\program files (x86)\Tweaking.com
    2015-01-17 10:48 . 2015-01-17 10:49 -------- d-----w- c:\program files (x86)\Mozilla Firefox(1)
    2015-01-16 21:01 . 2015-01-21 21:11 -------- d-----w- C:\FRST
    2015-01-16 19:47 . 2015-01-22 00:01 -------- d-----w- c:\programdata\RogueKiller
    2015-01-16 04:59 . 2015-01-16 04:59 -------- d-----w- c:\program files (x86)\Trend Micro
    2015-01-16 04:46 . 2015-01-16 04:46 -------- d-----w- C:\$RECYCLE(0).BIN
    2015-01-16 04:16 . 2015-01-16 20:16 -------- d-----w- c:\programdata\Malwarebytes
    2015-01-16 04:16 . 2015-01-22 04:04 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
    2015-01-16 04:08 . 2015-01-16 04:08 -------- d-----w- c:\users\Shake\AppData\Roaming\WinPatrol
    2015-01-16 04:08 . 2015-01-16 04:08 -------- d-----w- c:\programdata\InstallMate
    2015-01-16 04:08 . 2015-01-16 04:08 -------- d-----w- c:\program files (x86)\Ruiware
    2015-01-13 18:31 . 2015-01-13 18:31 -------- d-----w- c:\users\Shake\AppData\Roaming\JAM Software
    2015-01-07 21:56 . 2015-01-07 22:44 -------- d-----w- c:\users\Shake\AppData\Local\Microsoft Games
    2015-01-01 10:16 . 2015-01-22 00:53 -------- d-----w- c:\users\Shake\AppData\Local\Downloaded Installations
    2015-01-01 10:15 . 2015-01-01 10:15 -------- d-----w- c:\program files (x86)\Spirent Communications
    2015-01-01 10:12 . 2015-01-22 00:53 -------- d-----w- c:\program files (x86)\HTC
    2015-01-01 10:12 . 2015-01-01 10:12 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
    2015-01-01 10:12 . 2015-01-01 10:12 -------- d-----w- c:\program files (x86)\MSXML 4.0
    2014-12-23 08:34 . 2014-12-23 08:34 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC7E0793-0F11-4E1F-B761-72FC95696C96}\offreg.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-12-22 04:08 . 2014-05-12 09:43 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-12-22 04:08 . 2014-05-12 09:43 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-10-31 03:07 . 2014-10-31 03:05 188128 ----a-w- c:\programdata\Microsoft\VCSExpress\10.0\1033\ResourceCache.dll
    2014-10-27 20:32 . 2014-11-19 20:16 17870336 ----a-w- c:\windows\system32\mshtml.dll
    2014-10-27 20:13 . 2014-11-19 20:16 2339840 ----a-w- c:\windows\system32\jscript9.dll
    2014-10-27 20:12 . 2014-11-19 20:16 10921472 ----a-w- c:\windows\system32\ieframe.dll
    2014-10-27 20:07 . 2014-11-19 20:16 1388032 ----a-w- c:\windows\system32\urlmon.dll
    2014-10-27 20:06 . 2014-11-19 20:16 1392128 ----a-w- c:\windows\system32\wininet.dll
    2014-10-27 20:05 . 2014-11-19 20:16 1494016 ----a-w- c:\windows\system32\inetcpl.cpl
    2014-10-27 20:05 . 2014-11-19 20:16 237056 ----a-w- c:\windows\system32\url.dll
    2014-10-27 20:05 . 2014-11-19 20:16 86016 ----a-w- c:\windows\system32\jsproxy.dll
    2014-10-27 20:04 . 2014-11-19 20:16 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2014-10-27 20:04 . 2014-11-19 20:16 2157056 ----a-w- c:\windows\system32\iertutil.dll
    2014-10-27 20:04 . 2014-11-19 20:16 599040 ----a-w- c:\windows\system32\vbscript.dll
    2014-10-27 20:04 . 2014-11-19 20:16 816640 ----a-w- c:\windows\system32\jscript.dll
    2014-10-27 20:04 . 2014-11-19 20:16 729088 ----a-w- c:\windows\system32\msfeeds.dll
    2014-10-27 20:04 . 2014-11-19 20:16 453120 ----a-w- c:\windows\system32\dxtmsft.dll
    2014-10-27 20:03 . 2014-11-19 20:16 282112 ----a-w- c:\windows\system32\dxtrans.dll
    2014-10-27 20:03 . 2014-11-19 20:16 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
    2014-10-27 20:03 . 2014-11-19 20:16 11264 ----a-w- c:\windows\system32\msfeedssync.exe
    2014-10-27 20:03 . 2014-11-19 20:16 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2014-10-27 20:03 . 2014-11-19 20:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2014-10-27 20:03 . 2014-11-19 20:16 12800 ----a-w- c:\windows\system32\mshta.exe
    2014-10-27 20:03 . 2014-11-19 20:16 248320 ----a-w- c:\windows\system32\ieui.dll
    2014-10-27 19:05 . 2014-11-19 20:16 1810944 ----a-w- c:\windows\SysWow64\jscript9.dll
    2014-10-27 18:59 . 2014-11-19 20:16 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2014-10-27 18:58 . 2014-11-19 20:16 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2014-10-27 18:56 . 2014-11-19 20:16 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2014-10-27 18:56 . 2014-11-19 20:16 421376 ----a-w- c:\windows\SysWow64\vbscript.dll
    2014-10-27 18:55 . 2014-11-19 20:16 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2014-10-27 18:55 . 2014-11-19 20:16 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
    "WMPNSCFG"="c:\program files (x86)\Windows Media Player\WMPNSCFG.exe" [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "LiveUpdate 5"="c:\program files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe" [2014-03-05 322544]
    "NCUpdateHelper"="c:\program files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe" [2014-05-14 526240]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-18 5227112]
    "emsisoft anti-malware"="c:\program files (x86)\emsisoft anti-malware\a2guard.exe" [2014-12-31 4997872]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]
    S1 a2injectiondriver;a2injectiondriver;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2dix64.sys [x]
    S1 a2util;a-squared Malware-IDS utility driver;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2util64.sys [x]
    S2 a2AntiMalware;Emsisoft Protection Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x]
    S3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [x]
    .
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    Themes
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2015-01-18 17:33 860984 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Shake\AppData\Roaming\Mozilla\Firefox\Profiles\bxglrmeu.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-{6E4293AD-DA06-4ABE-A098-DF6843B2BEC1} - (no file)
    SafeBoot-CleanHlp
    SafeBoot-CleanHlp.sys
    Toolbar-{6E4293AD-DA06-4ABE-A098-DF6843B2BEC1} - (no file)
    WebBrowser-{6E4293AD-DA06-4ABE-A098-DF6843B2BEC1} - (no file)
    AddRemove-ToneGen - c:\program files (x86)\NCH Software\ToneGen\tonegen.exe
    AddRemove-WavePad - c:\program files (x86)\NCH Software\WavePad\wavepad.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    Completion time: 2015-01-21 21:09:01
    ComboFix-quarantined-files.txt 2015-01-22 04:09
    ComboFix2.txt 2015-01-16 04:46
    .
    Pre-Run: 86,117,183,488 bytes free
    Post-Run: 85,202,690,048 bytes free
    .
    - - End Of File - - DFA038D5B3031165358CEF9907088D54
    5C616939100B85E558DA92B899A0FC36
     
  7. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  8. ogahm

    ogahm TS Rookie Topic Starter Posts: 23

    Posting now so not to lose reports running Farbar, will post Farbar report in a minute.
    # AdwCleaner v4.108 - Report created 22/01/2015 at 01:46:54
    # Updated 17/01/2015 by Xplode
    # Database : 2015-01-22.2 [Live]
    # Operating System : Windows (TM) Vista Ultimate Service Pack 2 (64 bits)
    # Username : Shake - MASTERSHAKE
    # Running from : C:\Users\Shake\Downloads\adwcleaner_4.108.exe
    # Option : Clean

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****

    [!] Folder Deleted : C:\ProgramData\NCH Software
    [!] Folder Deleted : C:\Program Files (x86)\FileAssociationManager
    [!] Folder Deleted : C:\Program Files (x86)\NCH Software
    [!] Folder Deleted : C:\Users\Shake\AppData\Roaming\FileAssociationManager
    [!] Folder Deleted : C:\Users\Shake\AppData\Roaming\NCH Software

    ***** [ Scheduled Tasks ] *****

    Task Deleted : FileAssociationManagerUpdater

    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKCU\Software\TNT2
    Key Deleted : HKCU\Software\AppDataLow\Software\Safer-Surf

    ***** [ Browsers ] *****

    -\\ Internet Explorer v9.0.8112.16592


    -\\ Mozilla Firefox v35.0 (x86 en-US)


    *************************

    AdwCleaner[R0].txt - [3493 octets] - [15/06/2014 19:17:04]
    AdwCleaner[R1].txt - [3537 octets] - [14/07/2014 19:04:53]
    AdwCleaner[R2].txt - [1467 octets] - [22/01/2015 01:43:59]
    AdwCleaner[S0].txt - [3451 octets] - [15/06/2014 19:18:08]
    AdwCleaner[S1].txt - [3565 octets] - [14/07/2014 19:10:50]
    AdwCleaner[S2].txt - [1386 octets] - [22/01/2015 01:46:54]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1446 octets] ##########
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.1 (12.28.2014:1)
    OS: Windows (TM) Vista Ultimate x64
    Ran by Shake on Thu 01/22/2015 at 1:57:11.55
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Emptied folder: C:\Users\Shake\AppData\Roaming\mozilla\firefox\profiles\bxglrmeu.default\minidumps [9 files]



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 01/22/2015 at 2:04:56.83
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  9. ogahm

    ogahm TS Rookie Topic Starter Posts: 23

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-01-2015
    Ran by Shake (administrator) on MASTERSHAKE on 22-01-2015 02:11:16
    Running from C:\Users\Shake\Downloads
    Loaded Profiles: Shake (Available profiles: Shake)
    Platform: Windows Vista (TM) Ultimate Service Pack 2 (X64) OS Language: English (United States)
    Internet Explorer Version 9 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (Microsoft Corporation) C:\Windows\System32\SLsvc.exe
    (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
    (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
    (Microsoft Corporation) C:\Windows\ehome\ehsched.exe
    () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    (Microsoft Corporation) C:\Windows\ehome\ehtray.exe
    (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
    (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
    (Thisisu) C:\Users\Shake\Downloads\JRT.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
    (Farbar) C:\Users\Shake\Downloads\FRST64(1).exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM-x32\...\Run: [LiveUpdate 5] => C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe [322544 2014-03-05] ()
    HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [526240 2014-05-14] (NCSOFT Corporation)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-18] (AVAST Software)
    HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4997872 2014-12-31] (Emsisoft GmbH)
    HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
    HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\...\Run: [WMPNSCFG] => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
    HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1027772261-2917165354-2662933974-1000 -> {85157EC9-F09F-46DE-86FC-D2093E74E663} URL = http://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11075
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    Toolbar: HKLM-x32 - No Name - {6E4293AD-DA06-4ABE-A098-DF6843B2BEC1} - No File
    Toolbar: HKU\S-1-5-21-1027772261-2917165354-2662933974-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.22.0.cab
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Shake\AppData\Roaming\Mozilla\Firefox\Profiles\bxglrmeu.default
    FF DefaultSearchEngine: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
    FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin-x32: @mozilla.zeniko.ch/PDFlite_Browser_Plugin -> C:\Program Files (x86)\PDFlite\npPdfViewer.dll (Simon Bünzli)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-18]

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-18]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2014-12-31] (Emsisoft GmbH)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-18] (AVAST Software)
    S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3071632 2014-05-06] (INCA Internet Co., Ltd.)
    R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
    S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-20] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH)
    R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)
    R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)
    R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH)
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-18] ()
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-18] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [64752 2015-01-18] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-18] ()
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-18] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-18] (AVAST Software)
    R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2015-01-18] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-18] ()
    S1 Beep; No ImagePath
    R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)
    R3 hcw18bda; C:\Windows\System32\drivers\hcw18bda.sys [912896 2010-09-20] (Hauppauge Computer Works, Inc)
    S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [118872 2009-07-30] (QUALCOMM Incorporated)
    S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-21] ()
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 MFE_RR; \??\C:\Users\Shake\AppData\Local\Temp\mfe_rr.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-22 02:11 - 2015-01-22 02:11 - 00009418 _____ () C:\Users\Shake\Downloads\FRST.txt
    2015-01-22 02:08 - 2015-01-22 02:08 - 02126848 _____ (Farbar) C:\Users\Shake\Downloads\FRST64(1).exe
    2015-01-22 02:04 - 2015-01-22 02:04 - 00000769 _____ () C:\Users\Shake\Desktop\JRT.txt
    2015-01-22 01:57 - 2015-01-22 01:57 - 00000000 ____D () C:\Windows\ERUNT
    2015-01-22 01:55 - 2015-01-22 01:55 - 01707939 _____ (Thisisu) C:\Users\Shake\Downloads\JRT.exe
    2015-01-22 01:43 - 2015-01-22 01:43 - 02186752 _____ () C:\Users\Shake\Downloads\adwcleaner_4.108.exe
    2015-01-21 21:09 - 2015-01-21 21:09 - 00011127 _____ () C:\ComboFix.txt
    2015-01-21 20:49 - 2011-06-25 23:45 - 00256000 _____ () C:\Windows\PEV.exe
    2015-01-21 20:49 - 2010-11-07 10:20 - 00208896 _____ () C:\Windows\MBR.exe
    2015-01-21 20:49 - 2009-04-19 21:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
    2015-01-21 20:49 - 2000-08-30 17:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
    2015-01-21 20:49 - 2000-08-30 17:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
    2015-01-21 20:49 - 2000-08-30 17:00 - 00098816 _____ () C:\Windows\sed.exe
    2015-01-21 20:49 - 2000-08-30 17:00 - 00080412 _____ () C:\Windows\grep.exe
    2015-01-21 20:49 - 2000-08-30 17:00 - 00068096 _____ () C:\Windows\zip.exe
    2015-01-21 20:48 - 2015-01-21 21:07 - 00000000 ____D () C:\Windows\erdnt
    2015-01-21 20:46 - 2015-01-21 20:46 - 05608785 ____R (Swearware) C:\Users\Shake\Downloads\ComboFix.exe
    2015-01-21 17:58 - 2015-01-21 18:34 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2015-01-21 17:58 - 2015-01-21 18:31 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2015-01-21 17:53 - 2015-01-21 17:53 - 00000000 ____D () C:\Windows\system32\appmgmt
    2015-01-21 17:33 - 2015-01-21 17:33 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Shake\Downloads\mbar-1.08.3.1004(1).exe
    2015-01-21 17:01 - 2015-01-21 17:01 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
    2015-01-21 17:00 - 2015-01-21 17:00 - 15431256 _____ () C:\Users\Shake\Downloads\RogueKiller.exe
    2015-01-21 16:50 - 2015-01-21 19:04 - 00010302 _____ () C:\Users\Shake\Downloads\SystemLook.txt
    2015-01-21 16:49 - 2015-01-21 16:49 - 00096256 _____ () C:\Users\Shake\Downloads\SystemLook_x64.exe
    2015-01-21 16:10 - 2015-01-21 16:10 - 00010511 _____ () C:\Users\Shake\Downloads\MBAMScan.txt
    2015-01-21 15:58 - 2015-01-21 15:59 - 00010511 _____ () C:\MBAMScan.txt
    2015-01-21 15:47 - 2015-01-21 15:47 - 109640712 _____ (Sophos Limited) C:\Users\Shake\Downloads\Sophos Virus Removal Tool(1).exe
    2015-01-21 15:43 - 2015-01-21 15:43 - 00380416 _____ () C:\Users\Shake\Downloads\9nxl45cf.exe
    2015-01-21 15:25 - 2015-01-21 15:25 - 05198336 _____ (AVAST Software) C:\Users\Shake\Downloads\aswMBR(1).exe
    2015-01-21 15:05 - 2015-01-21 15:05 - 00000000 ____D () C:\Users\Shake\Downloads\RootRepeal(1)
    2015-01-21 15:04 - 2015-01-21 15:04 - 00000000 ____D () C:\Users\Shake\Downloads\RootkitRevealer
    2015-01-21 15:02 - 2015-01-21 15:02 - 00000000 ____D () C:\Users\Shake\Downloads\TMRBLog
    2015-01-21 15:00 - 2015-01-21 15:01 - 00000310 _____ () C:\Users\Shake\Downloads\RootkitRemover_20150121_150052.log
    2015-01-21 15:00 - 2015-01-21 15:00 - 08656400 _____ (Trend Micro Inc.) C:\Users\Shake\Downloads\RootkitBuster_v5_1061(1).exe
    2015-01-21 15:00 - 2015-01-21 15:00 - 01020640 _____ () C:\Users\Shake\Downloads\antirootkit.exe
    2015-01-21 15:00 - 2015-01-21 15:00 - 00783120 _____ (McAfee, Inc.) C:\Users\Shake\Downloads\rootkitremover(1).exe
    2015-01-21 14:59 - 2015-01-21 14:59 - 00464491 _____ () C:\Users\Shake\Downloads\RootRepeal(1).zip
    2015-01-21 14:59 - 2015-01-21 14:59 - 00231390 _____ () C:\Users\Shake\Downloads\RootkitRevealer.zip
    2015-01-20 20:22 - 2015-01-20 20:22 - 00000017 _____ () C:\Users\Shake\Downloads\b0rscit0.bat
    2015-01-20 19:14 - 2015-01-20 19:19 - 00177074 _____ () C:\TDSSKiller.3.0.0.43_20.01.2015_19.14.03.txt
    2015-01-20 19:13 - 2015-01-19 18:44 - 04188824 _____ (Kaspersky Lab ZAO) C:\Users\Shake\Downloads\TDSSKiller.exe
    2015-01-20 19:06 - 2015-01-20 19:06 - 00380416 _____ () C:\Users\Shake\Downloads\b0rscit0.exe
    2015-01-20 18:17 - 2015-01-20 18:20 - 00000000 ____D () C:\Users\Shake\Virustemp
    2015-01-20 18:10 - 2015-01-20 18:11 - 00028507 _____ () C:\Users\Shake\Downloads\Addition201501201810.txt
    2015-01-20 18:09 - 2015-01-20 18:15 - 00041262 _____ () C:\Users\Shake\Downloads\FRST201501201809.txt
    2015-01-20 18:06 - 2015-01-20 18:06 - 02126848 _____ (Farbar) C:\Users\Shake\Downloads\FRST64.exe
    2015-01-20 17:59 - 2015-01-20 17:59 - 00000000 ____D () C:\ProgramData\Sophos
    2015-01-20 17:57 - 2015-01-20 17:57 - 00001990 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
    2015-01-20 17:57 - 2015-01-20 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
    2015-01-20 17:57 - 2015-01-20 17:57 - 00000000 ____D () C:\Program Files (x86)\Sophos
    2015-01-20 17:55 - 2015-01-20 17:55 - 00464491 _____ () C:\Users\Shake\Downloads\RootRepeal.zip
    2015-01-20 17:54 - 2015-01-20 17:54 - 08656400 _____ (Trend Micro Inc.) C:\Users\Shake\Downloads\RootkitBuster_v5_1061.exe
    2015-01-20 17:52 - 2015-01-20 17:52 - 109552400 _____ (Sophos Limited) C:\Users\Shake\Downloads\Sophos Virus Removal Tool.exe
    2015-01-20 17:03 - 2015-01-20 17:03 - 00000310 _____ () C:\Users\Shake\Downloads\RootkitRemover_20150120_170319.log
    2015-01-20 09:57 - 2015-01-20 20:40 - 04738431 _____ () C:\Users\Shake\Downloads\CBS.log
    2015-01-20 03:54 - 2015-01-20 03:54 - 00007422 _____ () C:\Users\Shake\Downloads\ESET SCAN 2015012003.txt
    2015-01-20 01:34 - 2015-01-20 01:34 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Shake\Downloads\mbam-setup-2.0.4.1028.exe
    2015-01-20 01:26 - 2015-01-20 01:26 - 00000000 ____D () C:\Program Files (x86)\ESET
    2015-01-20 01:25 - 2015-01-20 01:25 - 02347384 _____ (ESET) C:\Users\Shake\Downloads\esetsmartinstaller_enu.exe
    2015-01-20 00:29 - 2015-01-20 00:29 - 00002412 _____ () C:\Users\Shake\Downloads\aswMBRScan201501192330.txt
    2015-01-20 00:29 - 2015-01-20 00:29 - 00000512 _____ () C:\Users\Shake\Downloads\MBR.dat
    2015-01-19 23:37 - 2015-01-19 23:38 - 05198336 _____ (AVAST Software) C:\Users\Shake\Downloads\aswMBR.exe
    2015-01-19 23:35 - 2015-01-21 15:02 - 00000000 ____D () C:\Users\Shake\Pavark
    2015-01-19 23:34 - 2015-01-19 23:34 - 00783120 _____ (McAfee, Inc.) C:\Users\Shake\Downloads\rootkitremover.exe
    2015-01-19 23:34 - 2015-01-19 23:34 - 00000310 _____ () C:\Users\Shake\Downloads\RootkitRemover_20150119_233412.log
    2015-01-19 23:30 - 2015-01-19 23:30 - 01472131 _____ () C:\Users\Shake\Downloads\vba32arkit.zip
    2015-01-19 23:30 - 2015-01-19 23:30 - 00000000 ____D () C:\Users\Shake\Downloads\vba32arkit
    2015-01-19 23:18 - 2015-01-19 23:22 - 00010818 _____ () C:\Users\Shake\Downloads\Result.txt
    2015-01-19 23:18 - 2015-01-19 23:18 - 00957952 _____ (Farbar) C:\Users\Shake\Downloads\ListParts64.exe
    2015-01-19 23:01 - 2015-01-19 23:01 - 00000000 ____D () C:\Users\Shake\Downloads\ProcessExplorer
    2015-01-19 21:30 - 2015-01-19 21:30 - 00001960 _____ () C:\Users\Shake\Desktop\HiJackThis.lnk
    2015-01-19 21:30 - 2015-01-19 21:30 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
    2015-01-19 21:29 - 2015-01-19 21:29 - 01402880 _____ () C:\Users\Shake\Downloads\HiJackThis.msi
    2015-01-19 21:26 - 2015-01-19 21:26 - 00037888 _____ (Soeperman Enterprises Ltd.) C:\Users\Shake\Downloads\ADSSpy.exe
    2015-01-19 19:34 - 2015-01-19 19:34 - 00000627 _____ () C:\Users\Shake\Desktop\Reports - Shortcut.lnk
    2015-01-19 19:33 - 2015-01-19 19:33 - 00000000 ____D () C:\ProgramData\Emsisoft
    2015-01-19 19:24 - 2015-01-22 02:01 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
    2015-01-19 19:24 - 2015-01-19 19:24 - 00000930 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
    2015-01-19 19:24 - 2015-01-19 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
    2015-01-19 18:49 - 2015-01-19 18:51 - 172997016 _____ (Emsisoft Ltd. ) C:\Users\Shake\Downloads\EmsisoftAntiMalwareSetup.exe
    2015-01-19 18:43 - 2015-01-19 18:44 - 00002458 _____ () C:\Users\Shake\Desktop\Rkill.txt
    2015-01-19 18:42 - 2015-01-19 18:42 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Shake\Downloads\rkill.exe
    2015-01-19 18:25 - 2015-01-19 18:25 - 00012757 _____ () C:\Users\Shake\Downloads\DDS.txt
    2015-01-19 18:25 - 2015-01-19 18:25 - 00010792 _____ () C:\Users\Shake\Downloads\Attach.txt
    2015-01-19 17:35 - 2015-01-19 17:35 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Shake\Downloads\mbar-1.08.3.1004.exe
    2015-01-19 17:14 - 2015-01-19 17:15 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\Google
    2015-01-19 17:10 - 2015-01-19 17:10 - 00012757 _____ () C:\Users\Shake\Desktop\dds.txt
    2015-01-19 17:10 - 2015-01-19 17:10 - 00010802 _____ () C:\Users\Shake\Desktop\attach.txt
    2015-01-19 17:05 - 2015-01-19 17:05 - 00688992 ____R (Swearware) C:\Users\Shake\Downloads\dds.com
    2015-01-18 10:38 - 2015-01-18 10:38 - 00003180 _____ () C:\Windows\System32\Tasks\avastBCLRestartS-1-5-21-1027772261-2917165354-2662933974-1000
    2015-01-18 10:37 - 2015-01-18 10:37 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\AVAST Software
    2015-01-18 10:36 - 2015-01-18 10:36 - 00001827 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2015-01-18 10:36 - 2015-01-18 10:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2015-01-18 10:35 - 2015-01-22 01:52 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
    2015-01-18 10:35 - 2015-01-20 04:15 - 00000000 ____D () C:\Program Files\Google
    2015-01-18 10:34 - 2015-01-20 04:15 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-01-18 10:34 - 2015-01-19 22:43 - 00000000 ____D () C:\Users\Shake\AppData\Local\Google
    2015-01-18 10:34 - 2015-01-18 10:36 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
    2015-01-18 10:34 - 2015-01-18 10:36 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
    2015-01-18 10:34 - 2015-01-18 10:34 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2015-01-18 10:34 - 2015-01-18 10:34 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
    2015-01-18 10:34 - 2015-01-18 10:34 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
    2015-01-18 10:34 - 2015-01-18 10:34 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
    2015-01-18 10:34 - 2015-01-18 10:34 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
    2015-01-18 10:34 - 2015-01-18 10:34 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
    2015-01-18 10:34 - 2015-01-18 10:33 - 00064752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr.sys
    2015-01-18 10:33 - 2015-01-18 10:33 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2015-01-18 10:32 - 2015-01-18 10:32 - 00000000 ____D () C:\Program Files\AVAST Software
    2015-01-18 10:29 - 2015-01-18 10:32 - 00000000 ____D () C:\ProgramData\AVAST Software
    2015-01-18 10:29 - 2015-01-18 10:29 - 05006864 _____ (AVAST Software) C:\Users\Shake\Downloads\avast_free_antivirus_setup_online.exe
    2015-01-17 20:31 - 2015-01-17 20:31 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MASTERSHAKE-Microsoft®-Windows-Vista™-Ultimate-(64-bit).dat
    2015-01-17 20:30 - 2015-01-17 20:30 - 00001994 _____ () C:\Users\Shake\Desktop\Tweaking.com - Windows Repair (All in One).lnk
    2015-01-17 20:30 - 2015-01-17 20:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2015-01-17 20:29 - 2015-01-17 20:29 - 09842552 _____ () C:\Users\Shake\Downloads\tweaking.com_windows_repair_aio_setup.exe
    2015-01-17 20:17 - 2015-01-17 20:17 - 00243416 _____ () C:\Users\Shake\Downloads\Firefox Setup Stub 35.0.exe
    2015-01-17 17:51 - 2015-01-17 17:51 - 00000000 ____D () C:\RegBackup
    2015-01-17 16:47 - 2015-01-17 16:47 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2015-01-17 03:48 - 2015-01-17 03:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox(1)
    2015-01-16 14:05 - 2015-01-17 12:55 - 00024280 _____ () C:\Users\Shake\Downloads\Addition201501161402.txt
    2015-01-16 14:04 - 2015-01-17 12:54 - 00021393 _____ () C:\Users\Shake\Downloads\FRST201501161404.txt
    2015-01-16 14:01 - 2015-01-22 02:11 - 00000000 ____D () C:\FRST
    2015-01-16 12:47 - 2015-01-21 17:01 - 00000000 ____D () C:\ProgramData\RogueKiller
    2015-01-16 12:32 - 2015-01-16 12:32 - 00465298 _____ () C:\Users\Shake\Downloads\RootRepeal.rar
    2015-01-15 21:59 - 2015-01-15 21:59 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
    2015-01-15 21:46 - 2015-01-15 21:46 - 00000000 ____D () C:\$RECYCLE(0).BIN
    2015-01-15 21:38 - 2015-01-21 21:09 - 00000000 ____D () C:\Qoobox
    2015-01-15 21:16 - 2015-01-22 01:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2015-01-15 21:16 - 2015-01-16 13:16 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-01-15 21:15 - 2015-01-21 21:04 - 00000000 ____D () C:\Users\Shake\Desktop\mbar
    2015-01-15 21:08 - 2015-01-15 21:08 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\WinPatrol
    2015-01-15 21:08 - 2015-01-15 21:08 - 00000000 ____D () C:\ProgramData\InstallMate
    2015-01-15 21:08 - 2015-01-15 21:08 - 00000000 ____D () C:\Program Files (x86)\Ruiware
    2015-01-13 11:31 - 2015-01-13 11:31 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\JAM Software
    2015-01-07 14:56 - 2015-01-07 15:44 - 00000000 ____D () C:\Users\Shake\AppData\Local\Microsoft Games
    2015-01-01 03:43 - 2015-01-01 03:43 - 00000000 ____D () C:\Users\Shake\Documents\My Photos
    2015-01-01 03:23 - 2015-01-01 03:23 - 00003534 _____ () C:\Windows\System32\Tasks\Launch HTC Sync Loader
    2015-01-01 03:16 - 2015-01-21 17:53 - 00000000 ____D () C:\Users\Shake\AppData\Local\Downloaded Installations
    2015-01-01 03:15 - 2015-01-01 03:20 - 00010544 _____ () C:\Windows\DPINST.LOG
    2015-01-01 03:15 - 2015-01-01 03:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
    2015-01-01 03:15 - 2015-01-01 03:15 - 00000000 ____D () C:\Program Files (x86)\Spirent Communications
    2015-01-01 03:12 - 2015-01-21 17:53 - 00000000 ____D () C:\Program Files (x86)\HTC
    2015-01-01 03:12 - 2015-01-01 03:12 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
    2015-01-01 03:12 - 2015-01-01 03:12 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
    2015-01-01 03:12 - 2015-01-01 03:12 - 00000000 ____D () C:\ProgramData\Adobe
    2015-01-01 03:12 - 2015-01-01 03:12 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
    2015-01-01 03:12 - 2015-01-01 03:12 - 00000000 ____D () C:\Program Files (x86)\Adobe
    2015-01-01 03:04 - 2015-01-01 03:06 - 165708080 _____ (HTC Corporation ) C:\Users\Shake\Downloads\setup_3.3.63.exe
    2015-01-01 03:00 - 2015-01-01 03:01 - 95270347 _____ (HTC_WWE ) C:\Users\Shake\Downloads\AQUA_Cingular_US_634526440942972924_01_131968_Commercial.exe

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-01-22 01:58 - 2014-08-16 10:27 - 00000000 ____D () C:\Users\Shake\AppData\Local\CrashDumps
    2015-01-22 01:56 - 2008-02-06 02:04 - 01599190 _____ () C:\Windows\system32\PerfStringBackup.INI
    2015-01-22 01:56 - 2008-02-06 02:03 - 00690954 _____ () C:\Windows\system32\perfh019.dat
    2015-01-22 01:56 - 2008-02-06 02:03 - 00143506 _____ () C:\Windows\system32\perfc019.dat
    2015-01-22 01:54 - 2008-01-20 18:53 - 01759420 _____ () C:\Windows\WindowsUpdate.log
    2015-01-22 01:51 - 2006-11-02 08:40 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2015-01-22 01:51 - 2006-11-02 08:21 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    2015-01-22 01:51 - 2006-11-02 08:21 - 00003760 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    2015-01-22 01:51 - 2006-11-02 08:06 - 00000000 ___RD () C:\Users\Public\Recorded TV
    2015-01-22 01:50 - 2006-11-02 08:39 - 00059036 _____ () C:\Windows\PFRO.log
    2015-01-22 01:48 - 2006-11-02 08:40 - 00025864 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
    2015-01-22 01:46 - 2014-06-15 19:16 - 00000000 ____D () C:\AdwCleaner
    2015-01-21 21:09 - 2006-11-02 06:33 - 00000000 __RHD () C:\Users\Default
    2015-01-21 21:06 - 2006-11-02 05:34 - 00000215 _____ () C:\Windows\system.ini
    2015-01-21 18:19 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\MSAgent64
    2015-01-20 19:12 - 2014-08-01 21:15 - 04168247 _____ () C:\Users\Shake\Downloads\tdsskiller.zip
    2015-01-20 18:17 - 2014-05-11 05:20 - 00000000 ____D () C:\Users\Shake
    2015-01-19 22:08 - 2014-10-08 11:47 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\Awesomium
    2015-01-17 21:00 - 2014-05-11 05:23 - 00049168 _____ () C:\Users\Shake\AppData\Local\GDIPFONTCACHEV1.DAT
    2015-01-17 20:58 - 2014-12-08 15:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2015-01-17 20:58 - 2006-11-02 08:21 - 00236768 _____ () C:\Windows\system32\FNTCACHE.DAT
    2015-01-17 20:49 - 2006-11-02 05:34 - 00000180 _____ () C:\Windows\win.ini
    2015-01-17 20:43 - 2014-05-13 04:59 - 01599190 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2015-01-17 20:18 - 2014-12-08 15:20 - 00000900 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2015-01-17 20:18 - 2014-12-08 15:20 - 00000888 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2015-01-17 20:18 - 2014-12-08 15:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2015-01-17 19:57 - 2006-11-02 06:34 - 00000000 ____D () C:\Windows\system32\Msdtc
    2015-01-17 19:55 - 2014-11-24 19:22 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
    2015-01-17 19:55 - 2014-09-30 14:21 - 00000000 ____D () C:\Users\Shake\Downloads\Sin.City.A.Dame.to.Kill.2014.WEBRip.CAMAUDIO.XviD-AQOS
    2015-01-17 19:55 - 2014-09-30 01:51 - 00000000 ____D () C:\Users\Shake\Downloads\Good.People.2014.HDRip.XViD-j****[ETRG]
    2015-01-17 19:55 - 2014-09-30 01:50 - 00000000 ____D () C:\Users\Shake\Downloads\What.If.2013.HDRip.XviD-SaM[ETRG]
    2015-01-17 19:55 - 2014-09-30 01:46 - 00000000 ____D () C:\Users\Shake\Downloads\Sin.City.A.Dame.to.Kill.For.2014.HDRip.XviD-SaM[ETRG]
    2015-01-17 19:55 - 2014-09-30 01:46 - 00000000 ____D () C:\Users\Shake\Downloads\Kite.2014.BRRip.XViD-j****[ETRG]
    2015-01-17 19:55 - 2014-09-30 01:27 - 00000000 ____D () C:\Users\Shake\Downloads\Falcon.Rising.2014.HDRip.XViD-j****[ETRG]
    2015-01-17 19:55 - 2014-09-30 01:25 - 00000000 ____D () C:\Users\Shake\Downloads\White.Bird.in.a.Blizzard.2014.HDRip.XViD-j****[ETRG]
    2015-01-17 19:55 - 2014-09-30 01:25 - 00000000 ____D () C:\Users\Shake\Downloads\Run.Like.Hell.2014.HDRip.XViD-j****[ETRG]
    2015-01-17 19:55 - 2014-09-30 01:25 - 00000000 ____D () C:\Users\Shake\Downloads\Are.You.Here.2013.HDRip.XViD.AC3-j****[ETRG]
    2015-01-17 19:55 - 2014-09-23 01:33 - 00000000 ____D () C:\Users\Shake\Downloads\Transformers.Age.of.Extinction.2014.HDRip.XViD.AC3-j****[ETRG]
    2015-01-17 19:55 - 2014-09-23 01:12 - 00000000 ____D () C:\Users\Shake\Downloads\The.Giver.2014.REPACK.HDRip.XviD-SaM[ETRG]
    2015-01-17 19:55 - 2014-09-23 01:04 - 00000000 ____D () C:\Users\Shake\Downloads\American.Muscle.2014.DVDRip.XViD-j****[ETRG]
    2015-01-17 19:55 - 2014-09-23 01:03 - 00000000 ____D () C:\Users\Shake\Downloads\7500.2014.BRRip.XViD-j****[ETRG]
    2015-01-17 19:55 - 2014-09-23 01:00 - 00000000 ____D () C:\Users\Shake\Downloads\Honeymoon.2014.HDRip.XViD-j****[ETRG]
    2015-01-17 19:55 - 2014-09-23 00:56 - 00000000 ____D () C:\Users\Shake\Downloads\Life.of.Crime.2013.HDRip.XViD.AC3-j****[ETRG]
    2015-01-17 19:55 - 2014-09-23 00:52 - 00000000 ____D () C:\Users\Shake\Downloads\Operation.Rogue.2014.DVDRip.XViD-j****[ETRG]
    2015-01-17 19:55 - 2014-09-23 00:49 - 00000000 ____D () C:\Users\Shake\Downloads\The.Raid.2.2014.BDRip.x264-GECKOS[rarbg]
    2015-01-17 19:55 - 2014-09-23 00:34 - 00000000 ____D () C:\Users\Shake\Downloads\Edge.of.Tomorrow.2014.HDRip.XViD-j****[ETRG]
    2015-01-17 19:55 - 2014-09-23 00:31 - 00000000 ____D () C:\Users\Shake\Downloads\The.Rover.2014.HDRip.XviD-SaM[ETRG]
    2015-01-17 19:55 - 2014-09-23 00:29 - 00000000 ____D () C:\Users\Shake\Downloads\bp-towdvds
    2015-01-17 19:55 - 2014-09-23 00:28 - 00000000 ____D () C:\Users\Shake\Downloads\Tammy 2014 READNFO WEBRIP SUB XVID AC3 ACAB
    2015-01-17 19:55 - 2014-09-23 00:25 - 00000000 ____D () C:\Users\Shake\Downloads\The.Longest.Week.2014.HDRip.XviD.AC3-EVO
    2015-01-17 19:55 - 2014-09-23 00:24 - 00000000 ____D () C:\Users\Shake\Downloads\Live.Nude.Girls.2014.HDRip.XviD.AC3-EVO
    2015-01-17 19:55 - 2014-09-23 00:17 - 00000000 ____D () C:\Users\Shake\Downloads\RoboCop (2014) DVDRip XviD-MAXSPEED
    2015-01-17 19:55 - 2014-09-23 00:03 - 00000000 ____D () C:\Users\Shake\Downloads\Chef.2014.HDRip.XViD.AC3-j****[ETRG]
    2015-01-17 19:55 - 2014-09-22 23:50 - 00000000 ____D () C:\Users\Shake\Downloads\Batman.Assault.on.Arkham.2014.HDRip.XviD.AC3-EVO
    2015-01-17 19:55 - 2014-09-22 23:48 - 00000000 ____D () C:\Users\Shake\Downloads\Third.Person.2013.BRRip.XviD-SaM[ETRG]
    2015-01-17 19:55 - 2014-09-22 23:48 - 00000000 ____D () C:\Users\Shake\Downloads\The.Hornet's.Nest.2014.HDRip.XViD-j****[ETRG]
    2015-01-17 19:55 - 2014-09-22 23:47 - 00000000 ____D () C:\Users\Shake\Downloads\The Lego Movie (2014) DVDRip XviD-MAXSPEED
    2015-01-17 19:55 - 2014-09-22 23:47 - 00000000 ____D () C:\Users\Shake\Downloads\Oculus [2013] HDRip XViD j****[ETRG]
    2015-01-17 19:55 - 2014-09-22 23:47 - 00000000 ____D () C:\Users\Shake\Downloads\Into.The.Storm.2014.FIRST.CAM.XviD.MP3-RARBG
    2015-01-17 19:55 - 2014-09-22 23:47 - 00000000 ____D () C:\Users\Shake\Downloads\Boyhood.2014.720p.WEBRip.HC.XviD.MP3-RARBG
    2015-01-17 19:55 - 2014-09-22 23:25 - 00000000 ____D () C:\Users\Shake\Downloads\The.Expendables.3.2014.DVDSCR.Xvid-DiNGO
    2015-01-17 19:55 - 2014-09-22 23:09 - 00000000 ____D () C:\Users\Shake\Downloads\The.November.Man.2014.HC.WEBRip.XviD.MP3-RARBG
    2015-01-17 19:55 - 2014-09-22 23:04 - 00000000 ____D () C:\Users\Shake\Downloads\Reclaim.2014.HDRip.XViD-j****[ETRG]
    2015-01-17 19:55 - 2014-09-22 23:04 - 00000000 ____D () C:\Users\Shake\Downloads\Lost.Time.2014.HDRip.XviD.AC3-EVO
    2015-01-17 19:55 - 2014-09-22 23:04 - 00000000 ____D () C:\Users\Shake\Downloads\Dawn.Of.The.Planet.Of.The.Apes.2014.TS.XviD.MP3-RARBG
    2015-01-17 19:55 - 2014-09-22 23:00 - 00000000 ____D () C:\Users\Shake\Downloads\Edge.of.Tomorrow.2014.1080p.WEBRip.HC.XviD.MP3-RARBG
    2015-01-17 19:55 - 2014-09-22 22:22 - 00000000 ____D () C:\Users\Shake\Downloads\The.Signal.2014.HDRip.XViD-j****[ETRG]
    2015-01-17 19:55 - 2014-09-22 22:21 - 00000000 ____D () C:\Users\Shake\Downloads\The.Captive.2014.DVDRip.XviD-EVO
    2015-01-17 19:55 - 2014-09-22 22:05 - 00000000 ____D () C:\Users\Shake\Downloads\The.Prince.2014.HDRip.XviD-AQOS
    2015-01-17 19:55 - 2014-09-22 22:04 - 00000000 ____D () C:\Users\Shake\Downloads\No.Good.Deed.2014.FIRST.CAM.XviD.MP3-RARBG
    2015-01-17 19:55 - 2014-09-22 21:51 - 00000000 ____D () C:\Users\Shake\Downloads\Transcendence (2014) DVDRip XviD-MAXSPEED
    2015-01-17 19:55 - 2014-09-22 21:51 - 00000000 ____D () C:\Users\Shake\Downloads\The.Inbetweeners.2.2014.HDRip.XviD.MP3-RARBG
    2015-01-17 19:55 - 2014-09-22 21:51 - 00000000 ____D () C:\Users\Shake\Downloads\Moms.Night.Out.2014.HDRip.XviD-SaM[ETRG]
    2015-01-17 19:55 - 2014-09-22 21:51 - 00000000 ____D () C:\Users\Shake\Downloads\Lets.Be.Cops.2014.CAM.CLEAN.NOSUBS.X264.AAC-RARBG
    2015-01-17 19:55 - 2014-09-02 03:51 - 00000000 ____D () C:\Users\Shake\Downloads\Begin.Again.2013.HDRip.XviD.AC3-EVO
    2015-01-17 19:55 - 2014-06-30 16:40 - 00000000 ____D () C:\Users\Shake\Downloads\Under.the.Skin.2013.HDRip.XViD.j****[ETRG]
    2015-01-17 19:55 - 2014-06-30 16:37 - 00000000 ____D () C:\Users\Shake\Downloads\They.Came.Together.2014.HDRip.XViD.j****[ETRG]
    2015-01-17 19:55 - 2014-06-23 21:10 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\dvdcss
    2015-01-17 19:55 - 2014-06-23 20:58 - 00000000 ____D () C:\Users\Shake\Downloads\Swelter.2014.BRRip.XViD-j****[ETRG]
    2015-01-17 19:55 - 2014-06-23 20:57 - 00000000 ____D () C:\Users\Shake\Downloads\The Fault In Our Stars 2014 CAM READNFO XViD-BL4CKP34RL
    2015-01-17 19:55 - 2014-06-23 20:57 - 00000000 ____D () C:\Users\Shake\Downloads\bp-bmwsa
    2015-01-17 19:55 - 2014-06-18 07:49 - 00000000 ____D () C:\Users\Shake\Downloads\X-Men.Days.Of.Future.Past.2014.HD-TS.XVID.AC3.HQ.Hive-CM8
    2015-01-17 19:55 - 2014-06-18 07:13 - 00000000 ____D () C:\Users\Shake\Downloads\A.Fighting.Man.2014.HDRip.XviD-SaM[ETRG]
    2015-01-17 19:55 - 2014-06-18 07:05 - 00000000 ____D () C:\Users\Shake\Downloads\The Immigrant [2014] BDRip XviD-SaM[ETG]
    2015-01-17 19:55 - 2014-06-18 07:00 - 00000000 ____D () C:\Users\Shake\Downloads\Mr. Peabody & Sherman[2014] HC HDRip XViD j****[ETRG]
    2015-01-17 19:55 - 2014-06-18 06:50 - 00000000 ____D () C:\Users\Shake\Downloads\Enemy.2013.LIMITED.BRRip.XviD-SaM[ETRG]
    2015-01-17 19:55 - 2014-06-18 06:50 - 00000000 ____D () C:\Users\Shake\Downloads\Anchorman 2 The Legend Continues [2013] HDRip XViD j****[ETRG]
    2015-01-17 19:55 - 2014-06-17 00:39 - 00000000 ____D () C:\Users\Shake\Downloads\Edge of Tomorrow 2014 TS x264 AC3 TiTAN
    2015-01-17 19:55 - 2014-06-12 06:22 - 00000000 ____D () C:\Users\Shake\Downloads\Louie.S04E03.720p.HDTV.x264-KILLERS[rarbg]
    2015-01-17 19:55 - 2014-06-11 14:04 - 00000000 ____D () C:\Users\Shake\Downloads\Louie Season 2 Complete 720p
    2015-01-17 19:55 - 2014-06-11 03:45 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\uTorrent
    2015-01-17 19:55 - 2014-05-14 23:40 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\vlc
    2015-01-17 19:55 - 2014-05-11 05:20 - 00000000 ___RD () C:\Users\Shake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2015-01-17 19:55 - 2014-05-11 05:20 - 00000000 ___RD () C:\Users\Shake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-01-17 19:55 - 2006-11-02 08:06 - 00000000 ____D () C:\Program Files\Windows Journal
    2015-01-17 19:55 - 2006-11-02 06:34 - 00000000 ____D () C:\Windows\system32\spool
    2015-01-17 19:55 - 2006-11-02 05:33 - 64225280 _____ () C:\Windows\system32\config\software_previous
    2015-01-17 19:55 - 2006-11-02 05:33 - 64225280 _____ () C:\Windows\system32\config\components_previous
    2015-01-17 19:55 - 2006-11-02 05:33 - 19922944 _____ () C:\Windows\system32\config\system_previous
    2015-01-17 19:55 - 2006-11-02 05:33 - 01572864 _____ () C:\Windows\system32\config\default_previous
    2015-01-17 19:55 - 2006-11-02 05:33 - 00262144 _____ () C:\Windows\system32\config\security_previous
    2015-01-17 19:55 - 2006-11-02 05:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous
    2015-01-17 19:54 - 2006-11-02 06:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-01-17 19:54 - 2006-11-02 06:33 - 00000000 ____D () C:\Windows\registration
    2015-01-16 13:52 - 2006-11-02 08:15 - 00000000 ____D () C:\Windows\WindowsMobile
    2015-01-15 22:23 - 2014-05-23 16:43 - 00000010 _____ () C:\Users\Shake\AppData\Local\sponge.last.runtime.cache
    2015-01-15 14:05 - 2014-05-14 15:40 - 00007578 _____ () C:\Users\Shake\Documents\Bills Paid.txt
    2015-01-15 01:15 - 2014-05-23 16:47 - 00324667 _____ () C:\Users\Shake\AppData\Local\census.cache
    2015-01-15 01:15 - 2014-05-23 16:47 - 00198589 _____ () C:\Users\Shake\AppData\Local\ars.cache
    2015-01-13 10:48 - 2014-05-11 14:39 - 00020569 _____ () C:\Windows\DirectX.log
    2015-01-01 03:34 - 2006-11-02 08:26 - 00074418 _____ () C:\Windows\setupact.log
    2015-01-01 03:12 - 2014-05-12 02:43 - 00000000 ____D () C:\Users\Shake\AppData\Roaming\Adobe
    2015-01-01 03:12 - 2014-05-12 02:42 - 00000000 ____D () C:\Users\Shake\AppData\Local\Adobe
    2014-12-31 18:53 - 2014-11-24 18:48 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software

    ==================== Files in the root of some directories =======
    2014-05-23 16:47 - 2015-01-15 01:15 - 0198589 _____ () C:\Users\Shake\AppData\Local\ars.cache
    2014-05-23 16:47 - 2015-01-15 01:15 - 0324667 _____ () C:\Users\Shake\AppData\Local\census.cache
    2014-05-11 05:22 - 2014-05-11 05:38 - 0000732 _____ () C:\Users\Shake\AppData\Local\d3d9caps64.dat
    2014-05-11 05:41 - 2014-07-01 00:34 - 0025600 _____ () C:\Users\Shake\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-10-30 20:07 - 2014-10-30 20:07 - 0966992 _____ () C:\Users\Shake\AppData\Local\dd_ADONETEntityFrameworkTools_enu_MSI04E5.txt
    2014-10-30 19:57 - 2014-10-30 20:03 - 0129226 _____ () C:\Users\Shake\AppData\Local\dd_depcheck_VCS_EXP_100.txt
    2014-10-30 20:02 - 2014-10-30 20:02 - 0350996 _____ () C:\Users\Shake\AppData\Local\dd_dw20shared_x86_msi0135.txt
    2014-10-30 19:57 - 2014-10-30 19:57 - 0000002 _____ () C:\Users\Shake\AppData\Local\dd_error_vcs_xcor_100.txt
    2014-10-30 20:07 - 2014-10-30 20:07 - 0339476 _____ () C:\Users\Shake\AppData\Local\dd_HelpSetup_MSI0519.txt
    2014-10-30 19:57 - 2014-10-30 20:08 - 0564352 _____ () C:\Users\Shake\AppData\Local\dd_install_vcs_xcor_100.txt
    2014-10-30 20:03 - 2014-10-30 20:03 - 1540754 _____ () C:\Users\Shake\AppData\Local\dd_netfx_dtp0220.txt
    2014-10-30 20:06 - 2014-10-30 20:07 - 1632638 _____ () C:\Users\Shake\AppData\Local\dd_SharedManagementObjects_MSI047D.txt
    2014-10-30 20:06 - 2014-10-30 20:06 - 0213308 _____ () C:\Users\Shake\AppData\Local\dd_SQLCEToolsForVS2007_MSI043B.txt
    2014-10-30 20:06 - 2014-10-30 20:06 - 0500828 _____ () C:\Users\Shake\AppData\Local\dd_SQLSysClrTypes_msi044C.txt
    2014-10-30 20:05 - 2014-10-30 20:06 - 0688896 _____ () C:\Users\Shake\AppData\Local\dd_SSCERuntime_64_MSI0407.txt
    2014-10-30 20:05 - 2014-10-30 20:05 - 0712880 _____ () C:\Users\Shake\AppData\Local\dd_SSCERuntime_MSI03C9.txt
    2014-06-15 19:04 - 2014-06-15 19:05 - 0436724 _____ () C:\Users\Shake\AppData\Local\dd_vcredistMSI04CA.txt
    2014-06-15 19:04 - 2014-06-15 19:05 - 0015590 _____ () C:\Users\Shake\AppData\Local\dd_vcredistUI04CA.txt
    2014-10-30 20:02 - 2014-10-30 20:03 - 0467036 _____ () C:\Users\Shake\AppData\Local\dd_VC_Red_MSI0187.txt
    2014-10-30 20:02 - 2014-10-30 20:02 - 0340340 _____ () C:\Users\Shake\AppData\Local\dd_vc_runtime_x64_msi016D.txt
    2014-10-30 20:03 - 2014-10-30 20:03 - 1291236 _____ () C:\Users\Shake\AppData\Local\dd_vsexpbsln64_10001EF.txt
    2014-10-30 20:03 - 2014-10-30 20:05 - 13196158 _____ () C:\Users\Shake\AppData\Local\dd_VSMsiLog0279.txt
    2014-05-23 16:21 - 2014-05-23 16:21 - 0000036 _____ () C:\Users\Shake\AppData\Local\housecall.guid.cache
    2014-05-23 16:43 - 2015-01-15 22:23 - 0000010 _____ () C:\Users\Shake\AppData\Local\sponge.last.runtime.cache
    2014-10-30 19:57 - 2014-10-30 20:08 - 0005278 _____ () C:\Users\Shake\AppData\Local\uxeventlog.txt
    2014-05-14 05:09 - 2014-05-14 05:09 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Some content of TEMP:
    ====================
    C:\Users\Shake\AppData\Local\Temp\Quarantine.exe
    C:\Users\Shake\AppData\Local\Temp\sqlite3.dll


    Some zero byte size files/folders:
    ==========================
    C:\Windows\System32\atiumdag.dll
    C:\Windows\System32\atiumdva.dll

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-01-22 01:57

    ==================== End Of Log ============================
     
  10. ogahm

    ogahm TS Rookie Topic Starter Posts: 23

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 19-01-2015
    Ran by Shake at 2015-01-22 02:12:00
    Running from C:\Users\Shake\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Emsisoft Anti-Malware (Disabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
    AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Emsisoft Anti-Malware (Disabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
    AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    3.4.2.35702 - BitTorrent Inc.)
    7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.870 - Adobe Systems Incorporated)
    Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
    Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
    Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
    HTC BMP USB Driver (HKLM-x32\...\{31A559C1-9E4D-423B-9DD3-34A6C5398752}) (Version: 1.0.5375 - HTC)
    HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.5.0.001 - HTC Corporation)
    IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.8 - HTC)
    Lineage II (HKLM-x32\...\{23664DA8-8872-4CF4-A2F2-327CC539823B}) (Version: 4.0.0.2 - NC Interactive, LLC)
    Live Update 5 (HKLM-x32\...\{E8BAA541-D161-4C9B-85BF-01F05A56BD7F}}_is1) (Version: 5.0.115 - MSI)
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
    Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{4E968D9C-21A7-4915-B698-F7AEB913541D}) (Version: 10.50.1447.4 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
    Microsoft SQL Server System CLR Types (HKLM-x32\...\{2A2F3AE8-246A-4252-BB26-1BEB45627074}) (Version: 10.50.1447.4 - Microsoft Corporation)
    Microsoft Visual C# 2010 Express - ENU (HKLM-x32\...\Microsoft Visual C# 2010 Express - ENU) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU (HKLM\...\{BCA26999-EC22-3007-BB79-638913079C9A}) (Version: 10.0.30319 - Microsoft Corporation)
    Mozilla Firefox 35.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 en-US)) (Version: 35.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    NCH Tone Generator (HKLM-x32\...\ToneGen) (Version: 3.12 - NCH Software)
    NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
    PDFlite 1.0.0.0 (HKLM-x32\...\PDFlite) (Version: 1.0.0.0 - Amnis Technology Ltd)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 6.252.1109.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
    RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
    Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
    System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
    Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.3 - Tweaking.com)
    Ultimate Extras sounds from Microsoft® Tinker™ (HKLM\...\UltSounds2) (Version: - Microsoft Corporation)
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
    VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.02 - NCH Software)
    Windows Sound Schemes (HKLM\...\UltSounds) (Version: - Microsoft Corporation)

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    01-05-2014 02:56:28 Scheduled Checkpoint
    01-05-2014 23:00:08 Scheduled Checkpoint
    03-05-2014 03:30:55 Scheduled Checkpoint
    03-05-2014 23:14:55 Scheduled Checkpoint
    04-05-2014 23:00:05 Scheduled Checkpoint
    06-05-2014 22:41:46 Scheduled Checkpoint
    08-05-2014 04:43:03 Scheduled Checkpoint
    08-05-2014 23:01:05 Scheduled Checkpoint
    10-05-2014 05:40:18 Scheduled Checkpoint
    23-12-2014 00:21:09 Scheduled Checkpoint
    24-12-2014 00:19:47 Scheduled Checkpoint
    25-12-2014 00:00:12 Scheduled Checkpoint
    26-12-2014 04:12:32 Scheduled Checkpoint
    27-12-2014 08:23:10 Scheduled Checkpoint
    29-12-2014 03:00:42 Scheduled Checkpoint
    30-12-2014 00:00:32 Scheduled Checkpoint
    31-12-2014 00:23:56 Scheduled Checkpoint
    01-01-2015 00:24:23 Scheduled Checkpoint
    01-01-2015 03:12:51 Device Driver Package Install: HTC Corporation Ports (COM & LPT)
    01-01-2015 03:13:26 Device Driver Package Install: HTC Corporation Modems
    01-01-2015 03:15:36 Device Driver Package Install: HTC, Corporation
    01-01-2015 03:16:46 Device Driver Package Install: HTC Corporation Network adapters
    01-01-2015 03:16:46 Device Driver Package Install: HTC Network Protocol
    01-01-2015 03:19:25 Device Driver Package Install: HTC Corporation Portable Devices
    01-01-2015 03:21:29 Installed HTC Sync.
    02-01-2015 00:00:32 Scheduled Checkpoint
    03-01-2015 06:49:36 Scheduled Checkpoint
    04-01-2015 06:47:08 Scheduled Checkpoint
    05-01-2015 10:04:45 Scheduled Checkpoint
    06-01-2015 00:00:22 Scheduled Checkpoint
    07-01-2015 00:32:08 Scheduled Checkpoint
    08-01-2015 00:31:55 Scheduled Checkpoint
    09-01-2015 01:49:00 Scheduled Checkpoint
    10-01-2015 00:25:01 Scheduled Checkpoint
    11-01-2015 00:41:43 Scheduled Checkpoint
    12-01-2015 04:03:36 Scheduled Checkpoint
    13-01-2015 00:00:27 Scheduled Checkpoint
    14-01-2015 00:00:23 Scheduled Checkpoint
    15-01-2015 00:19:08 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
    15-01-2015 21:58:55 Installed HiJackThis
    16-01-2015 15:28:46 Scheduled Checkpoint
    17-01-2015 17:52:16 Tweaking.com - Windows Repair
    17-01-2015 19:46:31 Restore Operation
    17-01-2015 20:31:45 Tweaking.com - Windows Repair
    18-01-2015 10:31:46 avast! antivirus system restore point
    19-01-2015 04:56:40 Scheduled Checkpoint
    19-01-2015 21:30:10 Installed HiJackThis
    20-01-2015 13:39:53 Scheduled Checkpoint
    20-01-2015 17:56:48 Installed Sophos Virus Removal Tool.
    21-01-2015 17:52:00 Removed HTC Sync.
    21-01-2015 18:15:04 Malwarebytes Anti-Rootkit Restore Point

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2006-11-02 05:34 - 2015-01-17 20:49 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {0BC4EB4F-626F-4DB9-9895-761249E8144F} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
    Task: {5EF69DC2-D525-489E-A524-2089CC814281} - System32\Tasks\avastBCLRestartS-1-5-21-1027772261-2917165354-2662933974-1000 => Firefox.exe
    Task: {66DBF1DB-CACD-4CB1-BADF-FF1499AC9FF8} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-18] (AVAST Software)

    ==================== Loaded Modules (whitelisted) =============

    2008-06-03 02:35 - 2008-06-03 02:35 - 00116736 _____ () C:\Windows\system32\atitmm64.dll
    2014-05-14 23:01 - 2013-08-26 05:12 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
    2015-01-01 03:16 - 2012-12-07 17:26 - 00167424 _____ () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
    2015-01-22 01:53 - 2015-01-22 01:53 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012201\algo.dll
    2015-01-18 10:33 - 2015-01-18 10:33 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-12-08 15:20 - 2015-01-09 02:05 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2014-12-21 21:04 - 2014-12-21 21:08 - 16843952 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\60070219.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\60070219.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)


    ========================= Accounts: ==========================

    Administrator (S-1-5-21-1027772261-2917165354-2662933974-500 - Administrator - Disabled)
    Guest (S-1-5-21-1027772261-2917165354-2662933974-501 - Limited - Disabled)
    Shake (S-1-5-21-1027772261-2917165354-2662933974-1000 - Administrator - Enabled) => C:\Users\Shake

    ==================== Faulty Device Manager Devices =============

    Name: Video Controller
    Description: Video Controller
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============

    Microsoft Office Sessions:
    =========================

    CodeIntegrity Errors:
    ===================================
    Date: 2015-01-22 02:11:53.532
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-22 02:11:53.386
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-22 02:11:53.240
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-22 02:11:53.086
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-21 20:56:42.232
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-21 20:56:42.075
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-21 20:56:41.856
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-21 20:56:41.686
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-21 18:35:46.916
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

    Date: 2015-01-21 18:35:46.768
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7 CPU 920 @ 2.67GHz
    Percentage of memory in use: 27%
    Total physical RAM: 6133.2 MB
    Available physical RAM: 4471.49 MB
    Total Pagefile: 10432.74 MB
    Available Pagefile: 8319.13 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.86 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:2048 GB) (Free:86.87 GB) NTFS
    Drive d: () (Fixed) (Total:1397.26 GB) (Free:34.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    Drive e: () (Fixed) (Total:149.05 GB) (Free:11.25 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 2794.5 GB) (Disk ID: 70177B72)
    Partition 1: (Not Active) - (Size=2048 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 1397.3 GB) (Disk ID: 4E3F0AC9)
    Partition 1: (Active) - (Size=1397.3 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 1BE2A512)
    Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

    ==================== End Of Log ============================
     
  11. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  12. ogahm

    ogahm TS Rookie Topic Starter Posts: 23

    Issues still remain.
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
    Ran by Shake at 2015-01-22 13:51:28 Run:3
    Running from C:\Users\Shake\Downloads
    Loaded Profiles: Shake (Available profiles: Shake)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKLM-x32 - No Name - {6E4293AD-DA06-4ABE-A098-DF6843B2BEC1} - No File
    Toolbar: HKU\S-1-5-21-1027772261-2917165354-2662933974-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    S1 Beep; No ImagePath
    S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
    S3 MFE_RR; \??\C:\Users\Shake\AppData\Local\Temp\mfe_rr.sys [X]
    S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
    S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
    C:\Users\Shake\AppData\Local\Temp\Quarantine.exe
    C:\Users\Shake\AppData\Local\Temp\sqlite3.dll
    C:\Windows\System32\atiumdag.dll
    C:\Windows\System32\atiumdva.dll

    *****************

    "HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value not found.
    HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{6E4293AD-DA06-4ABE-A098-DF6843B2BEC1} => value deleted successfully.
    HKCR\Wow6432Node\CLSID\{6E4293AD-DA06-4ABE-A098-DF6843B2BEC1} => Key not found.
    HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
    HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
    Beep => Service deleted successfully.
    IpInIp => Service deleted successfully.
    MFE_RR => Service deleted successfully.
    NwlnkFlt => Service deleted successfully.
    NwlnkFwd => Service deleted successfully.
    "C:\Users\Shake\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
    "C:\Users\Shake\AppData\Local\Temp\sqlite3.dll" => File/Directory not found.
    C:\Windows\System32\atiumdag.dll => Moved successfully.
    C:\Windows\System32\atiumdva.dll => Moved successfully.

    ==== End of Fixlog 13:51:28 ====
     
  13. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  14. ogahm

    ogahm TS Rookie Topic Starter Posts: 23

    TFC ran fine, note, it rebooted without warning, just wanted you to know.
    Sophos found some stuff, but it's all very old backup stuff of kids games and actually some virus removal tools.
    I don't know if this helps, but I have a parallel load of Windows Vista (32 bit) loaded on this machine. Perhaps scanning from that load would give us some different options?

    Farbar Service Scanner Version: 17-01-2015
    Ran by Shake (administrator) on 22-01-2015 at 15:01:48
    Running from "C:\Users\Shake\Downloads"
    Microsoft® Windows Vista™ Ultimate Service Pack 2 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcsvc.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed

    **** End of log ****
    2015-01-21 00:59:32.920 Sophos Virus Removal Tool version 2.5.4
    2015-01-21 00:59:32.921 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-01-21 00:59:32.921 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-01-21 00:59:32.921 Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x100 PT=0x1 WOW64
    2015-01-21 00:59:32.921 Checking for updates...
    2015-01-21 00:59:41.642 Option all = no
    2015-01-21 00:59:41.642 Option recurse = yes
    2015-01-21 00:59:41.642 Option archive = no
    2015-01-21 00:59:41.643 Option service = yes
    2015-01-21 00:59:41.643 Option confirm = yes
    2015-01-21 00:59:41.643 Option sxl = yes
    2015-01-21 00:59:41.644 Option max-data-age = 35
    2015-01-21 00:59:41.644 Option EnableSafeClean = yes
    2015-01-21 00:59:43.549 Option vdl-logging = yes
    2015-01-21 00:59:43.603 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-01-21 00:59:43.603 Machine ID: 78c1b8c441544700a605f6a48d8daab2
    2015-01-21 00:59:43.605 Component SVRTcli.exe version 2.5.4
    2015-01-21 00:59:43.606 Component control.dll version 2.5.4
    2015-01-21 00:59:43.606 Component SVRTservice.exe version 2.5.4
    2015-01-21 00:59:43.606 Component engine\osdp.dll version 1.44.1.2183
    2015-01-21 00:59:43.607 Component engine\veex.dll version 3.58.3.2183
    2015-01-21 00:59:43.607 Component engine\savi.dll version 8.1.5.2183
    2015-01-21 00:59:43.608 Component rkdisk.dll version 1.5.30.0
    2015-01-21 00:59:43.609 Version info: Product version 2.5.4
    2015-01-21 00:59:43.610 Version info: Detection engine 3.58.3
    2015-01-21 00:59:43.610 Version info: Detection data 5.08
    2015-01-21 00:59:43.610 Version info: Build date 11/11/2014
    2015-01-21 00:59:43.610 Version info: Data files added 613
    2015-01-21 00:59:43.610 Version info: Last successful update (not yet updated)
    2015-01-21 00:59:46.664 Update progress: proxy server not available
    2015-01-21 00:59:46.799 Update error: failed to read remote metadata (error 4)
    Cannot locate server for http://dci.sophosupd.com/update/b/bc/bbcef2551cd45c789b4a74bb6417cfb3.xml

    2015-01-21 01:07:35.945 SafeClean bin directory is empty.
    2015-01-21 01:07:35.945 Error level 0

    2015-01-21 01:07:38.340 Scan cancelled by user.
    2015-01-21 01:07:38.340

    ------------------------------------------------------------

    2015-01-21 01:20:43.651 Sophos Virus Removal Tool version 2.5.4
    2015-01-21 01:20:43.651 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-01-21 01:20:43.651 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-01-21 01:20:43.651 Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x100 PT=0x1 WOW64
    2015-01-21 01:20:43.652 Checking for updates...
    2015-01-21 01:20:51.972 Option all = no
    2015-01-21 01:20:51.972 Option recurse = yes
    2015-01-21 01:20:51.972 Option archive = no
    2015-01-21 01:20:51.972 Option service = yes
    2015-01-21 01:20:51.972 Option confirm = yes
    2015-01-21 01:20:51.972 Option sxl = yes
    2015-01-21 01:20:51.974 Option max-data-age = 35
    2015-01-21 01:20:51.974 Option EnableSafeClean = yes
    2015-01-21 01:20:52.026 Option vdl-logging = yes
    2015-01-21 01:20:52.031 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-01-21 01:20:52.031 Machine ID: 78c1b8c441544700a605f6a48d8daab2
    2015-01-21 01:20:52.032 Component SVRTcli.exe version 2.5.4
    2015-01-21 01:20:52.033 Component control.dll version 2.5.4
    2015-01-21 01:20:52.033 Component SVRTservice.exe version 2.5.4
    2015-01-21 01:20:52.033 Component engine\osdp.dll version 1.44.1.2183
    2015-01-21 01:20:52.034 Component engine\veex.dll version 3.58.3.2183
    2015-01-21 01:20:52.034 Component engine\savi.dll version 8.1.5.2183
    2015-01-21 01:20:52.035 Component rkdisk.dll version 1.5.30.0
    2015-01-21 01:20:52.035 Version info: Product version 2.5.4
    2015-01-21 01:20:52.036 Version info: Detection engine 3.58.3
    2015-01-21 01:20:52.036 Version info: Detection data 5.08
    2015-01-21 01:20:52.036 Version info: Build date 11/11/2014
    2015-01-21 01:20:52.036 Version info: Data files added 613
    2015-01-21 01:20:52.036 Version info: Last successful update (not yet updated)
    2015-01-21 01:20:57.793 Update progress: proxy server not available
    2015-01-21 01:21:09.644 Downloading updates...
    2015-01-21 01:21:09.647 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-01-21 01:21:09.647 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-01-21 01:21:09.647 Update progress: [I49502] Found supplement IDE509 LATEST
    2015-01-21 01:21:09.647 Update progress: [I49502] Found supplement IDE510 LATEST
    2015-01-21 01:21:09.647 Update progress: [I49502] Found supplement IDE511 LATEST
    2015-01-21 01:21:09.647 Update progress: [I49502] Found supplement IDE512 LATEST
    2015-01-21 01:21:09.647 Update progress: [I49502] Found supplement IDE513 LATEST
    2015-01-21 01:21:09.647 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-01-21 01:21:09.647 Update progress: [I19463] Syncing product SAVIW32 48
    2015-01-21 01:21:11.692 Update progress: [I19463] Syncing product IDE509 177
    2015-01-21 01:21:14.331 Installing updates...
    2015-01-21 01:21:14.933 Error level 1
    2015-01-21 01:21:14.951 Update progress: [I19463] Syncing product IDE510 179
    2015-01-21 01:21:14.951 Update progress: [I19463] Syncing product IDE511 170
    2015-01-21 01:21:14.951 Update progress: [I19463] Syncing product IDE512 92
    2015-01-21 01:21:14.951 Update progress: [I19463] Syncing product IDE513 1
    2015-01-21 01:22:03.400 Update successful
    2015-01-21 01:22:13.842 Option all = no
    2015-01-21 01:22:13.842 Option recurse = yes
    2015-01-21 01:22:13.842 Option archive = no
    2015-01-21 01:22:13.842 Option service = yes
    2015-01-21 01:22:13.842 Option confirm = yes
    2015-01-21 01:22:13.842 Option sxl = yes
    2015-01-21 01:22:13.843 Option max-data-age = 35
    2015-01-21 01:22:13.843 Option EnableSafeClean = yes
    2015-01-21 01:22:13.898 Option vdl-logging = yes
    2015-01-21 01:22:13.903 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-01-21 01:22:13.903 Machine ID: 78c1b8c441544700a605f6a48d8daab2
    2015-01-21 01:22:13.904 Component SVRTcli.exe version 2.5.4
    2015-01-21 01:22:13.905 Component control.dll version 2.5.4
    2015-01-21 01:22:13.905 Component SVRTservice.exe version 2.5.4
    2015-01-21 01:22:13.905 Component engine\osdp.dll version 1.44.1.2183
    2015-01-21 01:22:13.906 Component engine\veex.dll version 3.58.3.2183
    2015-01-21 01:22:13.906 Component engine\savi.dll version 8.1.5.2183
    2015-01-21 01:22:13.907 Component rkdisk.dll version 1.5.30.0
    2015-01-21 01:22:13.907 Version info: Product version 2.5.4
    2015-01-21 01:22:13.907 Version info: Detection engine 3.58.3
    2015-01-21 01:22:13.907 Version info: Detection data 5.08G
    2015-01-21 01:22:13.907 Version info: Build date 11/11/2014
    2015-01-21 01:22:13.907 Version info: Data files added 613
    2015-01-21 01:22:13.908 Version info: Last successful update 1/20/2015 6:22:03 PM

    2015-01-21 01:31:24.386 SafeClean bin directory is empty.
    2015-01-21 01:31:24.386 Error level 0

    2015-01-21 01:31:26.002 Scan cancelled by user.
    2015-01-21 01:31:26.002

    ------------------------------------------------------------

    2015-01-22 22:14:13.173 Sophos Virus Removal Tool version 2.5.4
    2015-01-22 22:14:13.173 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

    2015-01-22 22:14:13.173 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

    2015-01-22 22:14:13.173 Windows version 6.0 SP 2.0 Service Pack 2 build 6002 SM=0x100 PT=0x1 WOW64
    2015-01-22 22:14:13.173 Checking for updates...
    2015-01-22 22:14:27.155 Update progress: proxy server not available
    2015-01-22 22:14:30.863 Option all = no
    2015-01-22 22:14:30.863 Option recurse = yes
    2015-01-22 22:14:30.863 Option archive = no
    2015-01-22 22:14:30.863 Option service = yes
    2015-01-22 22:14:30.863 Option confirm = yes
    2015-01-22 22:14:30.863 Option sxl = yes
    2015-01-22 22:14:30.864 Option max-data-age = 35
    2015-01-22 22:14:30.864 Option EnableSafeClean = yes
    2015-01-22 22:14:30.983 Option vdl-logging = yes
    2015-01-22 22:14:31.026 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-01-22 22:14:31.026 Machine ID: 78c1b8c441544700a605f6a48d8daab2
    2015-01-22 22:14:31.063 Component SVRTcli.exe version 2.5.4
    2015-01-22 22:14:31.063 Component control.dll version 2.5.4
    2015-01-22 22:14:31.063 Component SVRTservice.exe version 2.5.4
    2015-01-22 22:14:31.064 Component engine\osdp.dll version 1.44.1.2183
    2015-01-22 22:14:31.064 Component engine\veex.dll version 3.58.3.2183
    2015-01-22 22:14:31.064 Component engine\savi.dll version 8.1.5.2183
    2015-01-22 22:14:31.078 Component rkdisk.dll version 1.5.30.0
    2015-01-22 22:14:31.078 Version info: Product version 2.5.4
    2015-01-22 22:14:31.079 Version info: Detection engine 3.58.3
    2015-01-22 22:14:31.079 Version info: Detection data 5.08G
    2015-01-22 22:14:31.080 Version info: Build date 11/11/2014
    2015-01-22 22:14:31.080 Version info: Data files added 613
    2015-01-22 22:14:31.080 Version info: Last successful update 1/20/2015 6:22:03 PM
    2015-01-22 22:14:34.452 Downloading updates...
    2015-01-22 22:14:34.458 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
    2015-01-22 22:14:34.458 Update progress: [I49502] Found supplement SAVIW32 LATEST
    2015-01-22 22:14:34.458 Update progress: [I49502] Found supplement IDE509 LATEST
    2015-01-22 22:14:34.458 Update progress: [I49502] Found supplement IDE510 LATEST
    2015-01-22 22:14:34.458 Update progress: [I49502] Found supplement IDE511 LATEST
    2015-01-22 22:14:34.458 Update progress: [I49502] Found supplement IDE512 LATEST
    2015-01-22 22:14:34.458 Update progress: [I49502] Found supplement IDE513 LATEST
    2015-01-22 22:14:34.458 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
    2015-01-22 22:14:34.458 Update progress: [I19463] Syncing product SAVIW32 48
    2015-01-22 22:14:34.458 Update progress: [I19463] Syncing product IDE509 177
    2015-01-22 22:14:34.673 Update progress: [I19463] Syncing product IDE510 179
    2015-01-22 22:14:34.673 Update progress: [I19463] Syncing product IDE511 170
    2015-01-22 22:14:34.673 Update progress: [I19463] Syncing product IDE512 105
    2015-01-22 22:14:35.058 Installing updates...
    2015-01-22 22:14:35.659 Error level 1
    2015-01-22 22:14:36.113 Update progress: [I19463] Syncing product IDE513 1
    2015-01-22 22:14:36.240 Update successful
    2015-01-22 22:14:44.601 Option all = no
    2015-01-22 22:14:44.602 Option recurse = yes
    2015-01-22 22:14:44.602 Option archive = no
    2015-01-22 22:14:44.602 Option service = yes
    2015-01-22 22:14:44.602 Option confirm = yes
    2015-01-22 22:14:44.602 Option sxl = yes
    2015-01-22 22:14:44.603 Option max-data-age = 35
    2015-01-22 22:14:44.603 Option EnableSafeClean = yes
    2015-01-22 22:14:44.655 Option vdl-logging = yes
    2015-01-22 22:14:44.693 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
    2015-01-22 22:14:44.693 Machine ID: 78c1b8c441544700a605f6a48d8daab2
    2015-01-22 22:14:44.695 Component SVRTcli.exe version 2.5.4
    2015-01-22 22:14:44.695 Component control.dll version 2.5.4
    2015-01-22 22:14:44.695 Component SVRTservice.exe version 2.5.4
    2015-01-22 22:14:44.696 Component engine\osdp.dll version 1.44.1.2183
    2015-01-22 22:14:44.696 Component engine\veex.dll version 3.58.3.2183
    2015-01-22 22:14:44.696 Component engine\savi.dll version 8.1.5.2183
    2015-01-22 22:14:44.697 Component rkdisk.dll version 1.5.30.0
    2015-01-22 22:14:44.697 Version info: Product version 2.5.4
    2015-01-22 22:14:44.698 Version info: Detection engine 3.58.3
    2015-01-22 22:14:44.698 Version info: Detection data 5.08G
    2015-01-22 22:14:44.699 Version info: Build date 11/11/2014
    2015-01-22 22:14:44.699 Version info: Data files added 626
    2015-01-22 22:14:44.699 Version info: Last successful update 1/22/2015 3:14:36 PM

    2015-01-22 22:34:15.675 Could not open C:\System Volume Information\{0b4694db-a279-11e4-a0d8-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.675 Could not open C:\System Volume Information\{1cc86690-9f34-11e4-b8b0-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.676 Could not open C:\System Volume Information\{23a9df20-9fcc-11e4-a24f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.677 Could not open C:\System Volume Information\{23a9df74-9fcc-11e4-a24f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.677 Could not open C:\System Volume Information\{2dc738ba-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.678 Could not open C:\System Volume Information\{2dc738cd-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.679 Could not open C:\System Volume Information\{2dc738ec-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.679 Could not open C:\System Volume Information\{2dc738ff-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.680 Could not open C:\System Volume Information\{2dc73934-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.680 Could not open C:\System Volume Information\{2dc73947-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.681 Could not open C:\System Volume Information\{2dc7395e-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.682 Could not open C:\System Volume Information\{2dc73971-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.682 Could not open C:\System Volume Information\{2dc739ba-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.683 Could not open C:\System Volume Information\{2dc739be-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.684 Could not open C:\System Volume Information\{2dc739c3-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.684 Could not open C:\System Volume Information\{2dc739c7-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.685 Could not open C:\System Volume Information\{2dc739cb-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.685 Could not open C:\System Volume Information\{2dc739cf-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.686 Could not open C:\System Volume Information\{2dc739d3-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.686 Could not open C:\System Volume Information\{2dc73a5b-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.687 Could not open C:\System Volume Information\{2dc73a93-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.688 Could not open C:\System Volume Information\{2dc73aa7-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.688 Could not open C:\System Volume Information\{2dc73ac5-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.689 Could not open C:\System Volume Information\{2dc73ad5-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.689 Could not open C:\System Volume Information\{2dc73af1-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.690 Could not open C:\System Volume Information\{2dc73b0d-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.691 Could not open C:\System Volume Information\{2dc73b2b-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.691 Could not open C:\System Volume Information\{2dc73b46-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.692 Could not open C:\System Volume Information\{2dc73b5c-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.692 Could not open C:\System Volume Information\{2dc73b81-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.693 Could not open C:\System Volume Information\{2dc73ba0-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.694 Could not open C:\System Volume Information\{2dc73bcb-8a69-11e4-861f-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.694 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.695 Could not open C:\System Volume Information\{42b5e90e-9c8b-11e4-ab92-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.695 Could not open C:\System Volume Information\{45a20008-a1d2-11e4-a8cb-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.696 Could not open C:\System Volume Information\{83e83733-a095-11e4-8aac-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.696 Could not open C:\System Volume Information\{99bb777c-9dc1-11e4-8836-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.697 Could not open C:\System Volume Information\{b3491070-9ebd-11e4-9fc3-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.698 Could not open C:\System Volume Information\{c548093a-a0cc-11e4-90bf-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.698 Could not open C:\System Volume Information\{c54809ad-a0cc-11e4-90bf-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.699 Could not open C:\System Volume Information\{ec223072-9eaa-11e4-936e-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.699 Could not open C:\System Volume Information\{ec223076-9eaa-11e4-936e-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:34:15.700 Could not open C:\System Volume Information\{f569d800-a1b2-11e4-8e51-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 22:39:44.479 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
    2015-01-22 22:39:44.481 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
    2015-01-22 22:39:46.297 Could not open C:\Windows\System32\config\COMPONENTS
    2015-01-22 22:39:46.340 Could not open C:\Windows\System32\config\RegBack\COMPONENTS
    2015-01-22 22:39:46.353 Could not open C:\Windows\System32\config\RegBack\DEFAULT
    2015-01-22 22:39:46.355 Could not open C:\Windows\System32\config\RegBack\SAM
    2015-01-22 22:39:46.358 Could not open C:\Windows\System32\config\RegBack\SECURITY
    2015-01-22 22:39:46.361 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
    2015-01-22 22:39:46.363 Could not open C:\Windows\System32\config\RegBack\SYSTEM
    2015-01-22 22:59:32.327 Could not open D:\Boot\BCD
    2015-01-22 23:06:15.696 >>> Virus 'Mal/Emogen-Y' found in file D:\Users\ogahm\Desktop\Win32kDiag.exe
    2015-01-22 23:06:15.696 >>> Virus 'Mal/Emogen-Y' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-01-22 23:06:15.696 >>> Virus 'Mal/Emogen-Y' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-01-22 23:06:15.696 >>> Virus 'Mal/Emogen-Y' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-01-22 23:06:36.533 >>> Virus 'Mal/KeyGen-M' found in file D:\Users\ogahm\Documents\Aria Backup\#Download\Ipswitch Wsftp Pro 2006 Plus Crack\WSFTP_Pro 2006 Keygen.exe
    2015-01-22 23:06:36.533 >>> Virus 'Mal/KeyGen-M' found in file D:\Users\ogahm\Documents\Aria Backup\#Download\Ipswitch Wsftp Pro 2006 Plus Crack\WSFTP_Pro 2006 Keygen.exe
    2015-01-22 23:06:36.533 >>> Virus 'Mal/KeyGen-M' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-01-22 23:06:36.533 >>> Virus 'Mal/KeyGen-M' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-01-22 23:06:36.533 >>> Virus 'Mal/KeyGen-M' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-01-22 23:07:38.213 >>> Virus 'Mal/KeyGen-M' found in file D:\Users\ogahm\Documents\Aria Backup\Documents and Settings\Administrator\Desktop\Nero\Nero5518crack.zip\Keygen.exe
    2015-01-22 23:07:38.213 Disinfection not offered
    2015-01-22 23:10:07.853 >>> Virus 'Troj/KeyGen-DP' found in file D:\Users\ogahm\Downloads\Adobe CS4 Master Collection\Adobe CS4 Keygen.exe
    2015-01-22 23:10:07.853 >>> Virus 'Troj/KeyGen-DP' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-01-22 23:10:07.853 >>> Virus 'Troj/KeyGen-DP' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-01-22 23:10:07.853 >>> Virus 'Troj/KeyGen-DP' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-01-22 23:10:23.603 >>> Virus 'Mal/Generic-S' found in file D:\Users\ogahm\Downloads\Axiom Flash Drive Utilities\UtilityC\AP_V14.exe
    2015-01-22 23:10:23.603 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-01-22 23:10:23.603 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-01-22 23:10:23.603 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-01-22 23:10:40.607 >>> Virus 'Mal/Generic-S' found in file D:\Users\ogahm\Downloads\Axiom Flash Drive Utilities\UtilityC.zip
    2015-01-22 23:10:40.607 >>> Virus 'Mal/Generic-S' found in file D:\Users\ogahm\Downloads\Axiom Flash Drive Utilities\UtilityC.zip
    2015-01-22 23:10:40.607 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-01-22 23:10:40.607 >>> Virus 'Mal/Generic-S' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-01-22 23:10:40.607 >>> Virus 'Mal/Generic-S' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-01-22 23:11:58.546 >>> Virus 'Mal/Behav-053' found in file D:\Users\ogahm\Downloads\Freeware\Old From Parents computer\#TommyTemp\E\Documents and Settings\Thomas\Desktop\RealPlayer 8 Plus Key Generator.exe
    2015-01-22 23:11:58.546 >>> Virus 'Mal/Behav-053' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-01-22 23:11:58.546 >>> Virus 'Mal/Behav-053' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-01-22 23:11:58.546 >>> Virus 'Mal/Behav-053' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-01-22 23:13:24.608 Could not check D:\Users\ogahm\Downloads\Freeware\Old From Parents computer\Matt's Kids Old C Drive\Old Computer\C\DOC\DIR25.DOC\FIL208.DOC (corrupt)
    2015-01-22 23:13:24.726 Could not check D:\Users\ogahm\Downloads\Freeware\Old From Parents computer\Matt's Kids Old C Drive\Old Computer\C\DOC\DIR25.DOC\FIL223.DOC (corrupt)
    2015-01-22 23:13:24.737 Could not check D:\Users\ogahm\Downloads\Freeware\Old From Parents computer\Matt's Kids Old C Drive\Old Computer\C\DOC\DIR25.DOC\FIL224.DOC (corrupt)
    2015-01-22 23:13:24.750 Could not check D:\Users\ogahm\Downloads\Freeware\Old From Parents computer\Matt's Kids Old C Drive\Old Computer\C\DOC\DIR25.DOC\FIL225.DOC (corrupt)
    2015-01-22 23:13:24.796 Could not check D:\Users\ogahm\Downloads\Freeware\Old From Parents computer\Matt's Kids Old C Drive\Old Computer\C\DOC\DIR25.DOC\FIL228.DOC (corrupt)
    2015-01-22 23:13:24.833 Could not check D:\Users\ogahm\Downloads\Freeware\Old From Parents computer\Matt's Kids Old C Drive\Old Computer\C\DOC\DIR25.DOC\FIL230.DOC (corrupt)
    2015-01-22 23:15:19.689 >>> Virus 'Mal/KeyGen-M' found in file D:\Users\ogahm\Downloads\Freeware\Old From Parents computer\Mirc\IRC stuff\m56kgmIRC v5.6Keygen.zip\tno_mi56.exe
    2015-01-22 23:15:19.689 Disinfection not offered
    2015-01-22 23:15:19.831 >>> Virus 'Mal/KeyGen-M' found in file D:\Users\ogahm\Downloads\Freeware\Old From Parents computer\Mirc\IRC stuff\m56kgmirc.zip\tno_mi56.exe
    2015-01-22 23:15:19.831 Disinfection not offered
    2015-01-22 23:15:20.095 >>> Virus 'Mal/KeyGen-M' found in file D:\Users\ogahm\Downloads\Freeware\Old From Parents computer\Mirc\IRC stuff\mirc_5.6_and_above_keygen.zip\tno_mi56.exe
    2015-01-22 23:15:20.095 Disinfection not offered
    2015-01-22 23:16:26.179 >>> Virus 'Mal/Bckdr-BE' found in file D:\Users\ogahm\Downloads\Stuff from dadbasement (good stuff)\Windows XP SP2 Keygen + Key Changer + WGA Validation (1.4.389.0)\2) Windows Keygen\Keygen.exe
    2015-01-22 23:16:26.179 >>> Virus 'Mal/Bckdr-BE' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-01-22 23:16:26.179 >>> Virus 'Mal/Bckdr-BE' found in file HKU\S-1-5-21-1027772261-2917165354-2662933974-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-01-22 23:16:26.179 >>> Virus 'Mal/Bckdr-BE' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
    2015-01-22 23:37:37.695 Could not open E:\System Volume Information\{2e652b1a-9c7b-11e4-b622-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 23:37:37.695 Could not open E:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 23:37:37.696 Could not open E:\System Volume Information\{4f4fc20a-d569-11e3-9b9c-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 23:37:37.697 Could not open E:\System Volume Information\{4f4fc232-d569-11e3-9b9c-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 23:37:37.697 Could not open E:\System Volume Information\{4f4fc243-d569-11e3-9b9c-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 23:37:37.698 Could not open E:\System Volume Information\{4f4fc254-d569-11e3-9b9c-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 23:37:37.698 Could not open E:\System Volume Information\{6a742667-ced9-11e3-9f55-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 23:37:37.699 Could not open E:\System Volume Information\{6a742678-ced9-11e3-9f55-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 23:37:37.699 Could not open E:\System Volume Information\{6a742689-ced9-11e3-9f55-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 23:37:37.700 Could not open E:\System Volume Information\{6a74269a-ced9-11e3-9f55-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 23:37:37.700 Could not open E:\System Volume Information\{6a7426ab-ced9-11e3-9f55-00242151589a}{3808876b-c176-4e48-b7ae-04046e6cc752}
    2015-01-22 23:51:23.608 The following items will be cleaned up:
    2015-01-22 23:51:23.608 Mal/Emogen-Y
    2015-01-22 23:51:23.608 Mal/KeyGen-M
    2015-01-22 23:51:23.608 Troj/KeyGen-DP
    2015-01-22 23:51:23.608 Mal/Generic-S
    2015-01-22 23:51:23.608 Mal/Behav-053
    2015-01-22 23:51:23.608 Mal/Bckdr-BE
    2015-01-22 23:51:23.608 Mal/KeyGen-M
    2015-01-22 23:51:23.608 Mal/KeyGen-M
    2015-01-22 23:51:23.608 Mal/KeyGen-M
    2015-01-22 23:51:23.609 Mal/KeyGen-M
     
  15. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Security Check?
     
  16. ogahm

    ogahm TS Rookie Topic Starter Posts: 23

    Oops, I didn't see that reply, thought I was waiting, so sorry. I'll find the log if I can.
    Is there any way you can ask others if they recognize the infection? Certainly seems like a root-kit, but I don't know which one, most have custom fixes.
    I do have the external drive that holds the infection. I was thinking of plugging it in and seeing if the virus scanner will see what is happening and put a name on it. I'd probably want a better scanner than Avast. I think I can get a Kaspersky license. Or do you have a suggestion for what the best virus scanner is today?
     
  17. ogahm

    ogahm TS Rookie Topic Starter Posts: 23

    Results of screen317's Security Check version 0.99.95
    Windows Vista Service Pack 2 x64 (UAC is enabled)
    Internet Explorer 9
    Internet Explorer 8
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Emsisoft Anti-Malware
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java 64-bit 8 Update 31
    Adobe Flash Player 16.0.0.235
    Mozilla Firefox (35.0)
    ````````Process Check: objlist.exe by Laurent````````
    Emsisoft Anti-Malware a2service.exe
    Emsisoft Anti-Malware a2guard.exe
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast avastui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0 %
    ````````````````````End of Log``````````````````````
     
  18. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    We actually didn't find much, mostly some adware. Definitely no rootkit present.
    What are the current issues?
     
  19. ogahm

    ogahm TS Rookie Topic Starter Posts: 23

    Current issues are the same as when this started.
    1) All the normal column names in Explorer are gone, Author is the only one showing. All of the common ones are unavailable when I try to choose details by right clicking the column header, Filename, Date Created/Created, Size etc...
    2) Many windows won't open, specifically Control Panel windows like "Backup and Restore Center", System, regedit.exe.
    3) Explorer shows no filenames or folder names.
    4) The "Start Search" feature of the Start Bar returns nothing.
    5) In My computer the sizes of the drives and free space are in bytes, not KB or MB.
    This all started right as soon as I tried to read that infected drive. It's gotta be a rootkit, or something new, we'd have detected it by now if it was a normal malware infection.
    I've tried SFC many times, it seems to work, but after rebooting and running SFC again, it seems to have just not done anything, and says it found more errors. Over and over.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    As I said in my previous reply....your issues are NOT malware related as we didn't find much.

    Download Windows Repair (All in One) from this site

    Install the program then run it.

    NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
    NOTE 2. Disable your antivirus program before running Windows Repair.


    Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
    If the tool that the Check Disk is needed click on Do It button next to 2. Check Disk.
    In that case make sure you restart computer.

    [​IMG]


    Once the above is done go to Step 4 and allow it to run System File Check by clicking on Do It button:

    [​IMG]


    Go to Step 5 and under "System Restore" click on Create button:

    [​IMG]


    Go to Repairs tab and click Open Repairs button.

    [​IMG]

    In next window....
    Leave all checkmarks as they're.
    Click on Start Repairs button.

    [​IMG]

    Post Windows Repair log which is located in the following folder:
    64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
    32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
     
  21. ogahm

    ogahm TS Rookie Topic Starter Posts: 23

    I have run SFC many times, it keeps telling me that it made corrections and to reboot, when I run it again I get the same result. I've looked at the CBS.log but it's pretty cryptic. I see one set of entries that worry me, ru-RU is Russian, I don't have any language packs loaded that I know of. SecPol.msc is one of the files that I can't open, and why would it be the Russian version at all? I went to system32 and ran it, it has English in the first two, but odd characters in the 3rd and 4th column headers.
    The following entry happens every time I run SFC and is always the 80th POQ and 161 POQ, the last entry before it stops.
    Now that I've looked at the log more closely, it appears that none of the repairs are actually happening, it just keeps repeating the same repairs every time I run it, it claims success, but apparently it's not really doing anything. Just shoot me.
    ************************************************
    2015-01-17 17:30:17, Info CSI 000001b5 Hashes for file member \??\C:\Windows\System32\ru-RU\secpol.msc do not match actual file [l:20{10}]"secpol.msc" :
    Found: {l:32 b:fzZDVNgjX7rPS4CwuGu1yMKTxJcxgF6SVquMolcKxCw=} Expected: {l:32 b:2ColJ4zcTsIcODHfw4i0OhMQxgZrWJWL7dn2SeJ+CTM=}
    2015-01-17 17:30:17, Info CSI 000001b6 [SR] Repairing corrupted file [ml:520{260},l:58{29}]"\??\C:\Windows\System32\ru-RU"\[l:20{10}]"secpol.msc" from store
    2015-01-17 17:30:17, Info CSI 000001b7 WARNING: File [l:20{10}]"secpol.msc" in [l:58{29}]"\??\C:\Windows\System32\ru-RU" switching ownership
    Old: Microsoft-Windows-SecurityConfigurationManagement-PolicyTools-Ex.Resources, Version = 6.0.6001.18000, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"ru-RU", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
    New: Microsoft-Windows-SecurityConfigurationManagement-PolicyTools.Resources, Version = 6.0.6000.16386, pA = PROCESSOR_ARCHITECTURE_AMD64 (9), Culture = [l:10{5}]"ru-RU", VersionScope = 1 nonSxS, PublicKeyToken = {l:8 b:31bf3856ad364e35}, Type neutral, TypeName neutral, PublicKey neutral
    ********************************************************
     
    Last edited: Jan 24, 2015
  22. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Those folders are in every Windows installation.
    Nothing malicious about them.

    Did you finish running all steps?
    Same issues after you finished?
     
  23. ogahm

    ogahm TS Rookie Topic Starter Posts: 23

    Current issues are the same as when this started.
    1) All the normal column names in Explorer are gone, Author is the only one showing. All of the common ones are unavailable when I try to choose details by right clicking the column header, Filename, Date Created/Created, Size etc...
    2) Many windows won't open, specifically Control Panel windows like "Backup and Restore Center", System, regedit.exe.
    3) Explorer shows no filenames or folder names.
    4) The "Start Search" feature of the Start Bar returns nothing.

    5) In My computer the sizes of the drives and free space are in bytes, not KB or MB.
     
  24. ogahm

    ogahm TS Rookie Topic Starter Posts: 23

    The last step didn't complete correctly so I wanted to wait. The hashes are wrong on that file and it's not getting repaired, none of the other repairs are happening either, just like when you have a rootkit infection. I'll try the repairs and see what happens.
     
  25. ogahm

    ogahm TS Rookie Topic Starter Posts: 23

    Tweaking.com - Windows Repair v2.10.3
    --------------------------------------------------------------------------------

    System Variables
    --------------------------------------------------------------------------------
    OS: Windows Vista (TM) Ultimate
    OS Architecture: 64-bit
    OS Version: 6.0.6002
    OS Service Pack: Service Pack 2
    Computer Name: MASTERSHAKE
    Windows Drive: C:\
    Windows Path: C:\Windows
    Program Files: C:\Program Files
    Program Files (x86): C:\Program Files (x86)
    Current Profile:
    Current Profile SID: S-1-5-21-1027772261-2917165354-2662933974-1000
    Current Profile Classes: S-1-5-21-1027772261-2917165354-2662933974-1000_Classes
    Profiles Location: C:\Users
    Profiles Location 2: C:\Windows\ServiceProfiles
    Local Settings AppData: C:\Users\Shake\AppData\Local
    --------------------------------------------------------------------------------

    System Information
    --------------------------------------------------------------------------------
    System Up Time: 0 Days 00:02:32

    Process Count: 23
    Commit Total: 563.48 MB
    Commit Limit: 10.10 GB
    Commit Peak: 587.88 MB
    Handle Count: 6354
    Kernel Total: 245.28 MB
    Kernel Paged: 178.92 MB
    Kernel Non Paged: 66.36 MB
    System Cache: 605.43 MB
    Thread Count: 331
    --------------------------------------------------------------------------------

    Memory Before Cleaning with CleanMem
    --------------------------------------------------------------------------------
    Memory Total: 5.99 GB
    Memory Used: 730.36 MB(11.9084%)
    Memory Avail.: 5.28 GB
    --------------------------------------------------------------------------------

    Cleaning Memory Before Starting Repairs...

    Memory After Cleaning with CleanMem
    --------------------------------------------------------------------------------
    Memory Total: 5.99 GB
    Memory Used: 626.57 MB(10.216%)
    Memory Avail.: 5.38 GB
    --------------------------------------------------------------------------------

    Starting Repairs...
    Started at (1/24/2015 11:46:33 PM)

    Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
    Total Missing 'InstallDate' Fixed: 0
    01 - Reset Registry Permissions 01/03
    HKEY_CURRENT_USER & Sub Keys
    Start (1/24/2015 11:46:36 PM)
    Running Repair Under Current User Account
    Done (1/24/2015 11:46:43 PM)

    01 - Reset Registry Permissions 02/03
    HKEY_LOCAL_MACHINE & Sub Keys
    Start (1/24/2015 11:46:43 PM)
    Running Repair Under System Account
    Done (1/24/2015 11:51:16 PM)

    01 - Reset Registry Permissions 03/03
    HKEY_CLASSES_ROOT & Sub Keys
    Start (1/24/2015 11:51:16 PM)
    Running Repair Under System Account
    Done (1/24/2015 11:52:28 PM)

    03 - Reset Service Permissions
    Start (1/24/2015 11:52:28 PM)
    Running Repair Under System Account
    Done (1/24/2015 11:52:34 PM)

    04 - Register System Files
    Start (1/24/2015 11:52:34 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/24/2015 11:53:08 PM)

    05 - Repair WMI
    Start (1/24/2015 11:53:08 PM)

    Starting Security Center So We Can Export The Security Info.

    Exporting Antivirus Info...
    Emsisoft Anti-Malware Exported.
    avast! Antivirus Exported.

    Exporting AntiSpyware Info...
    Windows Defender Exported.
    Emsisoft Anti-Malware Exported.
    avast! Antivirus Exported.

    Exporting 3rd Party Firewall Info...
    No Firewall Products Reported.

    Running Repair Under Current User Account
    Done (1/24/2015 11:58:01 PM)

    06 - Repair Windows Firewall
    Start (1/24/2015 11:58:01 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/24/2015 11:58:28 PM)

    07 - Repair Internet Explorer
    Start (1/24/2015 11:58:28 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/24/2015 11:58:48 PM)

    08 - Repair MDAC/MS Jet
    Start (1/24/2015 11:58:48 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/24/2015 11:58:54 PM)

    09 - Repair Hosts File
    Start (1/24/2015 11:58:54 PM)
    Running Repair Under System Account
    Done (1/24/2015 11:58:55 PM)

    10 - Remove Policies Set By Infections
    Start (1/24/2015 11:58:55 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/24/2015 11:59:04 PM)

    11 - Repair Start Menu Icons Removed By Infections
    Start (1/24/2015 11:59:04 PM)
    Running Repair Under System Account
    Done (1/24/2015 11:59:05 PM)

    12 - Repair Icons
    Start (1/24/2015 11:59:05 PM)
    Running Repair Under Current User Account
    Done (1/24/2015 11:59:07 PM)

    13 - Repair Winsock & DNS Cache
    Start (1/24/2015 11:59:07 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/24/2015 11:59:17 PM)

    15 - Repair Proxy Settings
    Start (1/24/2015 11:59:17 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/24/2015 11:59:19 PM)

    17 - Repair Windows Updates
    Start (1/24/2015 11:59:19 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
    Done (1/24/2015 11:59:48 PM)

    18 - Repair CD/DVD Missing/Not Working
    Start (1/24/2015 11:59:48 PM)
    iTunes not found, not applying UpperFilters iTunes Reg Key
    Done (1/24/2015 11:59:48 PM)

    19 - Repair Volume Shadow Copy Service
    Start (1/24/2015 11:59:48 PM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/25/2015 12:00:13 AM)

    21 - Repair MSI (Windows Installer)
    Start (1/25/2015 12:00:13 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/25/2015 12:00:23 AM)

    23.01 - Repair bat Association
    Start (1/25/2015 12:00:23 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/25/2015 12:00:25 AM)

    23.02 - Repair cmd Association
    Start (1/25/2015 12:00:25 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/25/2015 12:00:27 AM)

    23.03 - Repair com Association
    Start (1/25/2015 12:00:27 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/25/2015 12:00:29 AM)

    23.04 - Repair Directory Association
    Start (1/25/2015 12:00:29 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/25/2015 12:00:31 AM)

    23.05 - Repair Drive Association
    Start (1/25/2015 12:00:31 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/25/2015 12:00:33 AM)

    23.06 - Repair exe Association
    Start (1/25/2015 12:00:33 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/25/2015 12:00:35 AM)

    23.07 - Repair Folder Association
    Start (1/25/2015 12:00:35 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/25/2015 12:00:37 AM)

    23.08 - Repair inf Association
    Start (1/25/2015 12:00:37 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/25/2015 12:00:39 AM)

    23.09 - Repair lnk (Shortcuts) Association
    Start (1/25/2015 12:00:39 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/25/2015 12:00:41 AM)

    23.10 - Repair msc Association
    Start (1/25/2015 12:00:41 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/25/2015 12:00:43 AM)

    23.11 - Repair reg Association
    Start (1/25/2015 12:00:43 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/25/2015 12:00:45 AM)

    23.12 - Repair scr Association
    Start (1/25/2015 12:00:45 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/25/2015 12:00:47 AM)

    24 - Repair Windows Safe Mode
    Start (1/25/2015 12:00:47 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/25/2015 12:00:49 AM)

    25 - Repair Print Spooler
    Start (1/25/2015 12:00:49 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/25/2015 12:00:52 AM)

    26 - Restore Important Windows Services
    Start (1/25/2015 12:00:52 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/25/2015 12:00:58 AM)

    27 - Set Windows Services To Default Startup
    Start (1/25/2015 12:00:58 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/25/2015 12:01:05 AM)

    31 - Repair Windows 'New' Submenu
    Start (1/25/2015 12:01:05 AM)
    Running Repair Under Current User Account
    Running Repair Under System Account
    Done (1/25/2015 12:01:07 AM)

    Cleaning up empty logs...

    All Selected Repairs Done.
    Done at (1/25/2015 12:01:07 AM)
    Total Repair Time: 00:14:35


    ...YOU MUST RESTART YOUR SYSTEM...
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...