Solved Rootkit warning keeps coming back

C

circusboy01

Posts: 757   +16
Yesterday I got a Rootkit warning, Said it was a Win 64: Evo-gen (Susp) I followed instructions, and ran a boot time scan. At around 60% complete it found 3 instances of a Win 32 (not the win 64 like the warning said)
It gave me choices as to what to do. I chose repair all. The scan finished, and I got back on line. I started scanning with all my other protections SAS, MAM etc. AS I was doing this the warning showed up again.I ran another boot time scan. It came out clean. No files corrupted. (or words to that effect) Got the warning again. Scan came up clean again.
I continued using my computer, and after a while I got the message again. Since the boot time scan had come up clean two times in a row I just Xed it out. It came up two or three more times, so I decided to shut my computer down for the night.
Today I got on line, and the warning showed up again. So I ran the boot time scan again. This time it found one instance of the Win32 (again, Not the Win64 that I was warned about) This time instead of choosing repair, I choose fix all instantly. All that did was move it to the chest?? THe scan finished , and I got back on line. After a while I got the Warning again. I ran,a boot time scan, and it came out clean Was on the computer again, and got another warning Xed it out.

What's going on, and how can I fix it?
As it stands now I'm kind of worried about using my computer. So. I am going to write a couple important E-mail and shut my computer down. I will turn it back on periodically to see if there's an answer to my post
Thanks.
 
You've been to this forum before so you should know the drill....

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Guess I messed up already. I made it to what I think is the Save file drop box. The one that has the long File Name window. Right? Couldn't find anything that said "Desktop "
However the Mbam scan came back clean. Should I just go onto the next step?
 
If your downloads go somewhere else simply cut and paste them to your Desktop.

I need to see all logs even if nothing has been detected.
 
Broni, I'm sorry for being such a dunce. I ran an mbam scan again, and followed the instructions that started with "on desktop click history tab" .I know I followed the directions correctly, But. the word desktop does not show up in the "save file dialog box"
You say if your downloads go somewhere else.( By downloads I assume you mean scan logs) simply cut and paste them to your desktop. That would be fine if I knew where they were.
Should I pick another choice in the "save file dialog box, and copy and paste it to my desktop from there?
 
No, not logs.
Logs pop-up after scan is completed.
I'm talking about programs you download.
If they download somewhere else than Desktop simply move them to Desktop after downloading (cut/paste).

If you want to retrieve MBAM log use second option:

  • open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
 
I followed instructions again, and click "Copy to Clipboard" then clicked O.K.
Now how do I get to the clipboard so I can send the log?
I think it has something to do with the print/scan key. But when I tap it nothing happens
 
Sorry don't know where the reply box you refer to is.
But I did find Desktop in the dialog box. I right clicked and hit expand. Continued to folow instructions I finally ended up with th
alwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/6/2014
Scan Time: 8:26:13 AM
Logfile: RSL.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.07.01
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


Is this what you wanted?
 
Internet Explorer: 11.0.9600.17344 BrowserJavaVersion: 10.71.2
Run by R.W.Solema at 11:34:11 on 2014-11-07
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.6120 [GMT -8:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskeng.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Greenshot\Greenshot.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
C:\Program Files\Start Menu X\StartMenuX.exe
C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
C:\Program Files (x86)\jmesoft\hotkey.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\System32\svchost.exe -k swprv
C:\windows\system32\vssvc.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com/?fr=hp-avast&type=odc179
uSearch Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=odc179
uSearch Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
mStart Page = hxxps://www.yahoo.com/?fr=hp-avast&type=odc179
mSearch Bar = hxxps://www.yahoo.com/?fr=hp-avast&type=odc179
mSearch Page = hxxps://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
uProxyServer = hxxp=127.0.0.1:49293;https=127.0.0.1:49293
uProxyOverride = <-loopback>;<local>
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [StartMenuX57] "C:\Program Files\Start Menu X\StartMenuX.exe"
mRun: [LenovoFSC] C:\Program Files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe
mRun: [jmekey] C:\Program Files (x86)\jmesoft\hotkey.exe
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [ZALFree] "C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" /MINIMIZED
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRunOnce: [WLStart] "C:\Program Files (x86)\Windows Live\Installer\wlstart.exe" /nosearch /nohomepage
dRunOnce: [SPReview] "C:\windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WNA1100\WNA1100.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\REALPL~1.LNK - C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe
uPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{08118354-E1AC-4114-B126-EF807A27983C} : DHCPNameServer = 209.18.47.61 209.18.47.62
Notify: SDWinLogon - SDWinLogon.dll
AppInit_DLLs= C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = www.google.com
x64-BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [Unattend0000000001{BFA3D12B-66DD-4617-923A-E864BC7D20B5}] C:\Windows\test.bat
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Greenshot] C:\Program Files\Greenshot\Greenshot.exe
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: WB - C:\Program Files (x86)\Stardock\WindowBlinds\fast64.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\R.W.Solema\AppData\Roaming\Mozilla\Firefox\Profiles\mxbcgzf7.default\
FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/?fr=hp-avast&type=odc179
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/yhs/search
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\windows\System32\drivers\aswRvrt.sys [2014-3-6 65776]
R0 aswVmm;avast! VM Monitor;C:\windows\System32\drivers\aswVmm.sys [2014-3-6 267632]
R0 SCMNdisP;General NDIS Protocol Driver;C:\windows\System32\drivers\SCMNdisP.sys [2014-3-6 25312]
R1 aswSnx;aswSnx;C:\windows\System32\drivers\aswsnx.sys [2014-3-6 1050432]
R1 aswSP;aswSP;C:\windows\System32\drivers\aswsp.sys [2014-3-6 436624]
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [2014-6-26 63000]
R1 JSWPSLWF;JumpStart Wireless Filter Driver;C:\windows\System32\drivers\jswpslwfx.sys [2014-3-6 26624]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 aswHwid;avast! HardwareID;C:\windows\System32\drivers\aswHwid.sys [2014-5-4 29208]
R2 aswMonFlt;aswMonFlt;C:\windows\System32\drivers\aswMonFlt.sys [2014-3-6 83280]
R2 aswStm;aswStm;C:\windows\System32\drivers\aswstm.sys [2014-3-6 116728]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-11-7 50344]
R2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [2014-10-1 242912]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [2014-6-26 441144]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2014-7-30 39568]
R2 RealPlayer Cloud Service;RealPlayer Cloud Service;C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [2014-5-27 1141848]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [2014-7-30 23552]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-7-6 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-7-6 171928]
R2 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-9-16 4799760]
R2 VBoxAswDrv;VBoxAsw Support Driver;C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [2014-11-7 271752]
R2 WSWNA1100;WSWNA1100;C:\Program Files (x86)\NETGEAR\WNA1100\WifiSvc.exe [2014-3-6 278528]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;C:\windows\System32\drivers\athurx.sys [2014-3-6 1827328]
R3 AvastVBoxSvc;AvastVBox COM Service;C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2014-11-7 4012248]
R3 fwndis;Emsisoft Firewall NDIS driver;C:\windows\System32\drivers\fwndis64.sys [2014-8-14 35336]
R3 keycrypt;keycrypt;C:\windows\System32\drivers\KeyCrypt64.sys [2014-8-6 25568]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\windows\System32\drivers\nx6000.sys [2010-12-2 31744]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2014-10-19 272600]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2014-10-19 941784]
R3 SuperIO;Lenovo ASD HWM Driver;C:\windows\System32\drivers\spio.sys [2009-6-5 11848]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-7-6 1738168]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2014-7-20 21712]
S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2014-10-2 58056]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2014-3-31 1512640]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-10-14 111616]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;C:\Program Files (x86)\NETGEAR\WNA1100\jswpsapi.exe [2014-3-6 954368]
S3 LEqdUsb;Logicool SetPoint Unifying KMDF USB Filter;C:\windows\System32\drivers\LEqdUsb.sys [2013-5-22 77592]
S3 LHidEqd;Logicool SetPoint Unifying KMDF HID Filter;C:\windows\System32\drivers\LHidEqd.sys [2013-5-22 13080]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2014-3-8 19456]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\windows\System32\drivers\Rtnic64.sys [2009-6-10 51712]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2014.SP3\RpcAgentSrv.exe [2014-8-26 73712]
S3 ssmirrdr;ssmirrdr;C:\windows\System32\drivers\ssmirrdr.sys [2011-3-14 10112]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2014-3-8 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2014-3-6 1255736]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 mkvtccivnf64;mkvtccivnf64;C:\Program Files\010\mkvtccivnf64.exe run options=01100010100000000000000000000000 sourceguid=92B36EB2-53CA-4C72-9832-65CCF55DEDB1 --> C:\Program Files\010\mkvtccivnf64.exe run options=01100010100000000000000000000000 sourceguid=92B36EB2-53CA-4C72-9832-65CCF55DEDB1 [?]
.
=============== Created Last 30 ================
.
2014-11-07 19:00:57 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C2839E53-29DB-42B8-BDC2-F8D5127BB795}\offreg.dll
2014-11-07 18:58:49 -------- d-----w- C:\ProgramData\Sophos
2014-11-07 18:58:30 73728 ----a-r- C:\Users\R.W.Solema\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-11-07 18:58:30 73728 ----a-r- C:\Users\R.W.Solema\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-11-07 18:58:30 73728 ----a-r- C:\Users\R.W.Solema\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-11-07 18:58:26 -------- d-----w- C:\Program Files (x86)\Sophos
2014-11-07 18:45:28 -------- d-----w- C:\Users\R.W.Solema\AppData\Roaming\Dropbox
2014-11-07 18:40:58 -------- d-----w- C:\windows\SysWow64\vbox
2014-11-07 18:40:58 -------- d-----w- C:\windows\System32\vbox
2014-11-07 18:29:34 43152 ----a-w- C:\windows\avastSS.scr
2014-11-07 18:01:49 -------- d-----w- C:\Users\R.W.Solema\AppData\Roaming\rmi
2014-11-07 12:16:40 11627712 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C2839E53-29DB-42B8-BDC2-F8D5127BB795}\mpengine.dll
2014-11-05 20:24:06 -------- d-----w- C:\Program Files (x86)\DCoder Image Source
2014-11-05 20:24:00 -------- d-----w- C:\Program Files (x86)\DirectVobSub
2014-11-05 20:23:33 -------- d-----w- C:\Program Files (x86)\MadVR
2014-11-05 20:23:18 -------- d-----w- C:\Program Files (x86)\LAV Filters
2014-11-05 20:23:04 -------- d-----w- C:\Program Files (x86)\Bass Audio Decoder
2014-11-05 20:22:58 112640 ----a-w- C:\windows\SysWow64\ff_vfw.dll
2014-11-05 20:22:57 -------- d-----w- C:\Program Files (x86)\ffdshow
2014-11-05 20:21:09 -------- d-----w- C:\ProgramData\Zoom Player
2014-11-05 20:21:09 -------- d-----w- C:\Program Files (x86)\Zoom Player
2014-11-04 21:44:41 -------- d-----w- C:\Program Files (x86)\Quintessential Media Player
2014-11-03 02:33:23 -------- d-----w- C:\Program Files (x86)\ConvertHelper
2014-10-30 20:48:18 -------- d-----w- C:\Program Files\Reason
2014-10-28 00:40:11 -------- d-----w- C:\Users\R.W.Solema\AppData\Roaming\IcoFX2X
2014-10-28 00:39:42 -------- d-----w- C:\ProgramData\IcoFX2X
2014-10-28 00:39:39 -------- d-----w- C:\Program Files (x86)\IcoFX 2
2014-10-22 19:13:26 -------- d-----w- C:\Users\R.W.Solema\AppData\Local\CrashDumps
2014-10-20 01:38:37 941784 ----a-w- C:\windows\System32\drivers\Rt64win7.sys
2014-10-20 01:38:37 73800 ----a-w- C:\windows\System32\RtNicProp64.dll
2014-10-20 01:38:21 272600 ----a-w- C:\windows\System32\drivers\RtsUStor.sys
2014-10-20 01:38:18 9890008 ----a-w- C:\windows\SysWow64\RsCRIcon.dll
2014-10-20 01:35:47 -------- d-----w- C:\ProgramData\ProductData
2014-10-20 01:35:38 -------- d-----w- C:\Program Files (x86)\IObit
2014-10-19 01:35:57 -------- d-----w- C:\Users\R.W.Solema\AppData\Roaming\COWON
2014-10-19 01:26:05 -------- d-----w- C:\Program Files (x86)\Common Files\COWON
2014-10-19 01:26:04 -------- d-----w- C:\Program Files (x86)\JetAudio
2014-10-19 01:22:51 -------- d-----w- C:\Users\R.W.Solema\AppData\Roaming\0F1L1I1P0H1L1E1E1F
2014-10-18 21:30:25 56496 ----a-w- C:\windows\SysWow64\wbhelp2.dll
2014-10-18 21:30:25 544768 ----a-w- C:\windows\SysWow64\wbocx.ocx
2014-10-18 21:30:25 258352 ----a-w- C:\windows\SysWow64\unicows.dll
2014-10-18 21:30:24 4608 ----a-w- C:\windows\SysWow64\W95INF32.DLL
2014-10-18 21:30:24 33968 ----a-w- C:\windows\SysWow64\anim.dll
2014-10-18 21:30:24 2272 ----a-w- C:\windows\SysWow64\W95INF16.DLL
2014-10-18 21:30:24 1706800 ----a-w- C:\windows\SysWow64\gdiplus.dll
2014-10-14 22:26:36 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-14 22:18:53 507392 ----a-w- C:\windows\System32\aepdu.dll
2014-10-14 22:17:56 3179520 ----a-w- C:\windows\System32\rdpcorets.dll
2014-10-13 01:31:57 -------- d-----w- C:\Users\R.W.Solema\AppData\Local\Eraser 6
2014-10-12 00:25:53 -------- d-----w- C:\Program Files\MPC-HC
2014-10-09 09:02:23 -------- d-----w- C:\Program Files (x86)\Ruiware
.
==================== Find3M ====================
.
2014-11-07 18:29:35 65776 ----a-w- C:\windows\System32\drivers\aswRvrt.sys
2014-11-07 18:29:35 267632 ----a-w- C:\windows\System32\drivers\aswVmm.sys
2014-11-07 18:29:35 116728 ----a-w- C:\windows\System32\drivers\aswstm.sys
2014-11-07 18:29:34 93568 ----a-w- C:\windows\System32\drivers\aswRdr2.sys
2014-11-07 18:29:34 83280 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys
2014-11-07 18:29:34 29208 ----a-w- C:\windows\System32\drivers\aswHwid.sys
2014-11-07 18:29:24 1050432 ----a-w- C:\windows\System32\drivers\aswsnx.sys
2014-11-07 17:37:21 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-10-28 13:34:58 275080 ------w- C:\windows\System32\MpSigStub.exe
2014-10-20 01:39:42 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-20 01:39:42 701104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-10-20 01:38:37 107552 ----a-w- C:\windows\System32\RTNUninst64.dll
2014-10-10 02:05:59 276480 ----a-w- C:\windows\System32\generaltel.dll
2014-10-10 02:00:38 424448 ----a-w- C:\windows\System32\aeinv.dll
2014-10-01 18:11:26 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-10-01 18:11:16 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-10-01 18:11:12 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-09-29 00:58:48 3198976 ----a-w- C:\windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\windows\SysWow64\qdvd.dll
2014-09-19 07:36:08 505416 ----a-w- C:\windows\SysWow64\msvcp71.dll
2014-09-19 07:36:08 353864 ----a-w- C:\windows\SysWow64\msvcr71.dll
2014-09-19 01:56:02 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\windows\SysWow64\wininet.dll
2014-09-18 02:00:42 3241472 ----a-w- C:\windows\System32\msi.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\windows\SysWow64\msi.dll
2014-09-13 01:58:18 77312 ----a-w- C:\windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\windows\SysWow64\packager.dll
2014-09-09 22:11:04 2048 ----a-w- C:\windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-09-05 02:11:09 6584320 ----a-w- C:\windows\System32\mstscax.dll
2014-09-05 01:52:41 5703168 ----a-w- C:\windows\SysWow64\mstscax.dll
2014-09-04 05:23:20 424448 ----a-w- C:\windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\windows\SysWow64\rastls.dll
2014-08-29 01:18:30 25568 ----a-w- C:\windows\System32\drivers\KeyCrypt64.sys
2014-08-23 02:07:00 404480 ----a-w- C:\windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
2014-08-19 03:11:28 693176 ----a-w- C:\windows\System32\winload.efi
2014-08-19 03:10:10 616352 ----a-w- C:\windows\System32\winresume.efi
2014-08-19 03:08:04 503808 ----a-w- C:\windows\System32\srcore.dll
2014-08-19 03:08:04 50176 ----a-w- C:\windows\System32\srclient.dll
2014-08-19 03:08:03 63488 ----a-w- C:\windows\System32\setbcdlocale.dll
2014-08-19 03:07:51 58880 ----a-w- C:\windows\System32\appidapi.dll
2014-08-19 03:07:51 32256 ----a-w- C:\windows\System32\appidsvc.dll
2014-08-19 03:07:33 296960 ----a-w- C:\windows\System32\rstrui.exe
2014-08-19 03:07:11 17920 ----a-w- C:\windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11 146944 ----a-w- C:\windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39 43008 ----a-w- C:\windows\SysWow64\srclient.dll
2014-08-19 02:41:22 50688 ----a-w- C:\windows\SysWow64\appidapi.dll
2014-08-19 02:06:56 61440 ----a-w- C:\windows\System32\drivers\appid.sys
.
============= FINISH: 11:34:46.06 ===============
 
Thought I already did. Is this it? I know some of the things you want me to zip & attach, and others you want me to cut and paste. But I only know how to copy and paste. Hope that's alright.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 3/6/2014 3:49:25 PM
System Uptime: 11/7/2014 10:47:45 AM (1 hours ago)
.
Motherboard: LENOVO | | To be filled by O.E.M.
Processor: Pentium(R) Dual-Core CPU E5800 @ 3.20GHz | CPU 1 | 3203/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 906 GiB total, 833.597 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_CLEANHLP\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_CLEANHLP\0000
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_A2DDA\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_A2DDA\0000
Service:
.
==== System Restore Points ===================
.
RP165: 11/3/2014 12:32:56 PM - Driver Booster : Java Runtime Environment 32 bit
RP166: 11/3/2014 12:32:56 PM - Windows Update
RP164: 11/3/2014 11:28:32 PM - avast! antivirus system restore point
RP163: 11/4/2014 12:20:43 AM - Restore Operation
RP167: 11/4/2014 11:30:19 AM - avast! antivirus system restore point
RP168: 11/4/2014 11:32:53 AM - Restore Operation
RP169: 11/4/2014 11:41:52 AM - Windows Update
RP170: 11/4/2014 11:55:51 AM - Restore Operation
RP171: 11/4/2014 12:05:54 PM - Windows Update
RP172: 11/4/2014 1:03:52 PM - Revo Uninstaller's restore point - Extended Update
RP173: 11/4/2014 1:25:02 PM - Installed Windows Media Player Firefox Plugin
RP174: 11/4/2014 1:30:25 PM - Restore Operation
RP175: 11/4/2014 2:05:37 PM - avast! antivirus system restore point
RP176: 11/4/2014 2:09:31 PM - Windows Update
RP177: 11/7/2014 10:27:48 AM - avast! antivirus system restore point
RP178: 11/7/2014 10:57:47 AM - Installed Sophos Virus Removal Tool.
RP179: 11/7/2014 11:02:17 AM - Revo Uninstaller's restore point - Sophos Virus Removal Tool
.
==== Installed Programs ======================
.
7-Zip 9.22beta
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
AntiLogger Free version 1.7.2.390
Avast Free Antivirus
Bass Audio Decoder (remove only)
Best Buy pc app
CCleaner
CPUID CPU-Z 1.70
D3DX10
DCoder Image Source (remove only)
Desktop Calendar 7.0.0.6 Retail
DirectVobSub (remove only)
Driver Booster 2
EasyDuplicateFinder v4.7
eReg
FanSpeedControl
ffdshow v1.3.4533 [2014-09-29]
Foxit Cloud
Foxit Reader
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Greenshot 1.1.9.13
Intel(R) Graphics Media Accelerator Driver
Java 7 Update 71
Java Auto Updater
jetAudio Basic
jetAudio Packages
Junk Mail filter update
LAV Filters 0.63.0
Lenovo Driver and Application Installation
Lenovo Rescue System
LVT
LXH-JME2207FN Hotkey Driver
MadVR (remove only)
Malwarebytes Anti-Exploit version 1.04.1.1012
Malwarebytes Anti-Malware version 2.0.3.1025
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2010
Microsoft OneDrive
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 33.0.3 (x86 en-US)
Mozilla Maintenance Service
MPC-HC 1.7.7 (64-bit)
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
NETGEAR WNA1100 wireless USB 2.0 adapter
NirSoft Wireless Network Watcher
Photo Common
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer Cloud
Realtek Card Reader
Realtek Ethernet Controller All-In-One Windows Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
Revo Uninstaller 1.95
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Should I Remove It
SiSoftware Sandra Lite 2014.SP3
SopCast 3.9.2
SpeedFan (remove only)
Spybot - Search & Destroy
SpywareBlaster 5.0
Start Menu X version 5.2
SUPERAntiSpyware
TeamViewer 9
UpdateService
Vistumbler
VLC media player
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinPatrol
YTD Video Downloader 4.8.4
Zoom Player (remove only)
.
==== Event Viewer Messages From Past Week ========
.
11/7/2014 7:20:24 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
11/7/2014 4:11:14 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.
11/7/2014 4:11:14 AM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Updating Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/7/2014 10:50:30 AM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/7/2014 10:50:29 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
11/5/2014 7:10:31 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
11/4/2014 4:58:40 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSWNA1100 service.
11/4/2014 4:57:31 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
10/31/2014 1:59:41 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
10/31/2014 1:59:41 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
.
==== End Of File ===========================
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download
51a5f31352b88-icon_MBAR.png
Malwarebytes Anti-Rootkit to your desktop.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click "Next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"
 
RogueKiller V10.0.4.0 [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : R.W.Solema [Administrator]
Mode : Delete -- Date : 11/08/2014 04:22:29

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 21 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-289670154-1285097819-147057498-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49293;https=127.0.0.1:49293 -> Not selected
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-289670154-1285097819-147057498-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:49293;https=127.0.0.1:49293 -> Not selected
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com -> Not selected
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.com/?fr=hp-avast&type=odc179 -> Not selected
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-289670154-1285097819-147057498-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.com/?fr=hp-avast&type=odc179 -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-289670154-1285097819-147057498-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://www.yahoo.com/?fr=hp-avast&type=odc179 -> Not selected
[PUM.SearchPage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Search Page : https://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms} -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-289670154-1285097819-147057498-1001\Software\Microsoft\Internet Explorer\Main | Search Page : https://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms} -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-289670154-1285097819-147057498-1001\Software\Microsoft\Internet Explorer\Main | Search Page : https://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms} -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{08118354-E1AC-4114-B126-EF807A27983C} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{08118354-E1AC-4114-B126-EF807A27983C} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)] -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{08118354-E1AC-4114-B126-EF807A27983C} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)] -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-289670154-1285097819-147057498-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-289670154-1285097819-147057498-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-289670154-1285097819-147057498-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-289670154-1285097819-147057498-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 42 (Driver: Not loaded [0xc000036b]) ¤¤¤
[IAT:Inl] (firefox.exe @ mbae.dll) USER32.dll - PeekMessageA : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23990 (push dword 0x72d23990|ret )
[IAT:Inl] (firefox.exe @ SHELL32.dll) USER32.dll - PeekMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23a40 (push dword 0x72d23a40|ret )
[IAT:Inl] (firefox.exe @ SHELL32.dll) USER32.dll - GetMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d238f0 (push dword 0x72d238f0|ret )
[IAT:Inl] (firefox.exe @ SHELL32.dll) USER32.dll - IsDialogMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d237d0 (push dword 0x72d237d0|ret )
[IAT:Inl] (firefox.exe @ SHLWAPI.dll) USER32.dll - PeekMessageA : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23990 (push dword 0x72d23990|ret )
[IAT:Inl] (firefox.exe @ SHLWAPI.dll) USER32.dll - GetMessageA : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23850 (push dword 0x72d23850|ret )
[IAT:Inl] (firefox.exe @ OLEAUT32.dll) USER32.dll - GetMessageA : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23850 (push dword 0x72d23850|ret )
[IAT:Inl] (firefox.exe @ OLEAUT32.dll) USER32.dll - GetMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d238f0 (push dword 0x72d238f0|ret )
[IAT:Inl] (firefox.exe @ ole32.dll) USER32.dll - GetMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d238f0 (push dword 0x72d238f0|ret )
[IAT:Inl] (firefox.exe @ ole32.dll) USER32.dll - PeekMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23a40 (push dword 0x72d23a40|ret )
[IAT:Inl] (firefox.exe @ MSCTF.dll) USER32.dll - PeekMessageA : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23990 (push dword 0x72d23990|ret )
[IAT:Inl] (firefox.exe @ MSCTF.dll) USER32.dll - GetMessageA : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23850 (push dword 0x72d23850|ret )
[IAT:Inl] (firefox.exe @ MSCTF.dll) USER32.dll - GetMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d238f0 (push dword 0x72d238f0|ret )
[IAT:Inl] (firefox.exe @ MSCTF.dll) USER32.dll - PeekMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23a40 (push dword 0x72d23a40|ret )
[IAT:Inl] (firefox.exe @ WINMM.dll) USER32.dll - GetMessageA : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23850 (push dword 0x72d23850|ret )
[IAT:Inl] (firefox.exe @ WINMM.dll) USER32.dll - PeekMessageA : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23990 (push dword 0x72d23990|ret )
[IAT:Inl] (firefox.exe @ WINMM.dll) USER32.dll - PeekMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23a40 (push dword 0x72d23a40|ret )
[IAT:Inl] (firefox.exe @ xul.dll) USER32.dll - GetMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d238f0 (push dword 0x72d238f0|ret )
[IAT:Inl] (firefox.exe @ xul.dll) USER32.dll - PeekMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23a40 (push dword 0x72d23a40|ret )
[IAT:Inl] (firefox.exe @ UxTheme.dll) USER32.dll - PeekMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23a40 (push dword 0x72d23a40|ret )
[IAT:Inl] (firefox.exe @ comctl32.dll) USER32.dll - GetMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d238f0 (push dword 0x72d238f0|ret )
[IAT:Inl] (firefox.exe @ comctl32.dll) USER32.dll - IsDialogMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d237d0 (push dword 0x72d237d0|ret )
[IAT:Inl] (firefox.exe @ comctl32.dll) USER32.dll - PeekMessageA : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23990 (push dword 0x72d23990|ret )
[IAT:Inl] (firefox.exe @ comctl32.dll) USER32.dll - PeekMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23a40 (push dword 0x72d23a40|ret )
[IAT:Inl] (firefox.exe @ wbemcomn.dll) USER32.dll - PeekMessageA : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23990 (push dword 0x72d23990|ret )
[IAT:Inl] (firefox.exe @ MMDevApi.dll) USER32.dll - PeekMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23a40 (push dword 0x72d23a40|ret )
[IAT:Inl] (firefox.exe @ dxgi.dll) USER32.dll - PeekMessageA : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23990 (push dword 0x72d23990|ret )
[IAT:Inl] (firefox.exe @ explorerframe.dll) USER32.dll - PeekMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23a40 (push dword 0x72d23a40|ret )
[IAT:Inl] (firefox.exe @ DUser.dll) USER32.dll - PeekMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23a40 (push dword 0x72d23a40|ret )
[IAT:Inl] (firefox.exe @ DUser.dll) USER32.dll - PeekMessageA : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23990 (push dword 0x72d23990|ret )
[IAT:Inl] (firefox.exe @ DUser.dll) USER32.dll - GetMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d238f0 (push dword 0x72d238f0|ret )
[IAT:Inl] (firefox.exe @ DUser.dll) USER32.dll - GetMessageA : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23850 (push dword 0x72d23850|ret )
[IAT:Inl] (firefox.exe @ DUI70.dll) USER32.dll - GetMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d238f0 (push dword 0x72d238f0|ret )
[IAT:Inl] (firefox.exe @ mfplat.dll) USER32.dll - PeekMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23a40 (push dword 0x72d23a40|ret )
[IAT:Inl] (firefox.exe @ mf.dll) USER32.dll - PeekMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23a40 (push dword 0x72d23a40|ret )
[IAT:Inl] (firefox.exe @ ATL.DLL) USER32.dll - PeekMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23a40 (push dword 0x72d23a40|ret )
[IAT:Inl] (firefox.exe @ SkyDriveShell.dll) USER32.dll - PeekMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23a40 (push dword 0x72d23a40|ret )
[IAT:Inl] (firefox.exe @ Telemetry.dll) USER32.dll - PeekMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23a40 (push dword 0x72d23a40|ret )
[IAT:Inl] (firefox.exe @ urlmon.dll) USER32.dll - PeekMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23a40 (push dword 0x72d23a40|ret )
[IAT:Inl] (firefox.exe @ urlmon.dll) USER32.dll - PeekMessageA : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23990 (push dword 0x72d23990|ret )
[IAT:Inl] (firefox.exe @ netprofm.dll) USER32.dll - PeekMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d23a40 (push dword 0x72d23a40|ret )
[IAT:Inl] (firefox.exe @ netprofm.dll) USER32.dll - GetMessageW : C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL @ 0x72d238f0 (push dword 0x72d238f0|ret )

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] mxbcgzf7.default : user_pref("browser.startup.homepage", "https://www.yahoo.com/?fr=hp-avast&type=odc179"); -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST31000528AS ATA Device +++++
--- User ---
[MBR] 70915943fda3a80a431baee66ef4ec29
[BSP] 075998d902da19fae1c196936c3245fd : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 928093 MB
2 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 1900941312 | Size: 25675 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_11082014_040731.log - RKreport_DEL_11082014_040808.log - RKreport_SCN_11082014_040144.log - RKreport_SCN_11082014_042103.log
 
Malwarebytes Anti-Rootkit BETA 1.08.0.1001
www.malwarebytes.org

Database version: v2014.11.08.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17358
R.W.Solema :: COMPZILLA [administrator]

11/8/2014 5:01:24 AM
mbar-log-2014-11-08 (05-01-24).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 319899
Time elapsed: 9 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 
=======================================
Initializing...
------------ Kernel report ------------
11/08/2014 04:45:43
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\scmndisp.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\jswpslwfx.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\fwndis64.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\spio.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\athurx.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\RtsUStor.sys
\SystemRoot\System32\Drivers\nx6000.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\KeyCrypt64.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\spsys.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007cf0060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80077b4680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007cf0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007cf0b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007cf0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80077b8520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80077b4680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A702EEF0

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1900734464

Partition 2 type is Other (0x12)
Partition is NOT ACTIVE.
Partition starts at LBA: 1900941312 Numsec = 52583856

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Scan finished
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
Downloaded database version: v2014.11.08.07
Downloaded database version: v2014.11.08.01
=======================================
Initializing...
------------ Kernel report ------------
11/08/2014 05:01:15
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\scmndisp.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\SysWOW64\speedfan.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\drivers\aswSnx.sys
\SystemRoot\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\jswpslwfx.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\fwndis64.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\spio.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\athurx.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\Drivers\RtsUStor.sys
\SystemRoot\System32\Drivers\nx6000.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\KeyCrypt64.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\drivers\aswStm.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\aswHwid.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8007cf0060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80077b4680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8007cf0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8007cf0b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8007cf0060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80077b8520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa80077b4680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: A702EEF0

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 206848 Numsec = 1900734464

Partition 2 type is Other (0x12)
Partition is NOT ACTIVE.
Partition starts at LBA: 1900941312 Numsec = 52583856

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-I.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

Don't get me wrong. I don't want to quit untill you tell me to. But. For what it's worth. The Rootkit warning didn;t show up at all yesterday, and, so far it hasn't shown up today,
 
Very good :)

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Very Important! Temporarily disable your anti-virus and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Broni I copy and pasted the C\combofix "txt" here and xed out of TS because I had to leave. for a while Now it's gone, I'm going to start again.
 
.W.Solema 11/09/2014 18:02:52.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8157.6674 [GMT -8:00]
Running from: c:\users\R.W.Solema\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.pol
c:\users\R.W.Solema\AppData\Local\Adobe\downloader.dll
c:\windows\SysWow64\_WKERNEL.syl
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2014-10-10 to 2014-11-10 )))))))))))))))))))))))))))))))
.
.
2014-11-10 02:09 . 2014-11-10 02:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-10 01:51 . 2014-11-10 01:51 -------- d-s---w- c:\windows\SysWow64\Microsoft
2014-11-08 12:45 . 2014-11-08 13:11 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-11-08 11:46 . 2014-11-08 12:16 34808 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-11-08 11:46 . 2014-11-08 11:46 -------- d-----w- c:\programdata\RogueKiller
2014-11-07 18:58 . 2014-11-07 18:59 -------- d-----w- c:\programdata\Sophos
2014-11-07 18:58 . 2014-11-07 18:58 73728 ----a-r- c:\users\R.W.Solema\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-11-07 18:58 . 2014-11-07 18:58 73728 ----a-r- c:\users\R.W.Solema\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2014-11-07 18:58 . 2014-11-07 18:58 73728 ----a-r- c:\users\R.W.Solema\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2014-11-07 18:58 . 2014-11-07 18:58 -------- d-----w- c:\program files (x86)\Sophos
2014-11-07 18:45 . 2014-11-07 18:45 -------- d-----w- c:\users\R.W.Solema\AppData\Roaming\Dropbox
2014-11-07 18:40 . 2014-11-07 18:45 -------- d-----w- c:\windows\SysWow64\vbox
2014-11-07 18:40 . 2014-11-07 18:45 -------- d-----w- c:\windows\system32\vbox
2014-11-07 18:01 . 2014-11-07 18:02 -------- d-----w- c:\users\R.W.Solema\AppData\Roaming\rmi
2014-11-07 12:16 . 2014-10-20 10:37 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C2839E53-29DB-42B8-BDC2-F8D5127BB795}\mpengine.dll
2014-11-05 20:24 . 2014-11-05 20:24 -------- d-----w- c:\program files (x86)\DCoder Image Source
2014-11-05 20:24 . 2014-11-05 20:24 -------- d-----w- c:\program files (x86)\7-Zip
2014-11-05 20:24 . 2014-11-05 20:24 -------- d-----w- c:\program files (x86)\DirectVobSub
2014-11-05 20:23 . 2014-11-08 12:59 -------- d-----w- c:\program files (x86)\MadVR
2014-11-05 20:23 . 2014-11-05 20:23 -------- d-----w- c:\program files (x86)\LAV Filters
2014-11-05 20:23 . 2014-11-05 20:23 -------- d-----w- c:\program files (x86)\Bass Audio Decoder
2014-11-05 20:22 . 2014-09-29 20:23 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2014-11-05 20:22 . 2014-11-05 20:22 -------- d-----w- c:\program files (x86)\ffdshow
2014-11-05 20:21 . 2014-11-05 20:21 -------- d-----w- c:\programdata\Zoom Player
2014-11-05 20:21 . 2014-11-05 20:21 -------- d-----w- c:\program files (x86)\Zoom Player
2014-11-04 21:44 . 2014-11-04 22:02 -------- d-----w- c:\program files (x86)\Quintessential Media Player
2014-11-03 02:33 . 2014-11-04 08:24 -------- d-----w- c:\program files (x86)\ConvertHelper
2014-10-30 20:48 . 2014-10-30 20:48 -------- d-----w- c:\program files\Reason
2014-10-28 00:40 . 2014-10-28 00:41 -------- d-----w- c:\users\R.W.Solema\AppData\Roaming\IcoFX2X
2014-10-28 00:39 . 2014-10-28 00:39 -------- d-----w- c:\programdata\IcoFX2X
2014-10-28 00:39 . 2014-11-04 08:24 -------- d-----w- c:\program files (x86)\IcoFX 2
2014-10-22 19:13 . 2014-11-04 20:08 -------- d-----w- c:\users\R.W.Solema\AppData\Local\CrashDumps
2014-10-20 01:38 . 2014-10-20 01:38 941784 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2014-10-20 01:38 . 2014-10-20 01:38 73800 ----a-w- c:\windows\system32\RtNicProp64.dll
2014-10-20 01:38 . 2014-10-20 01:38 272600 ----a-w- c:\windows\system32\drivers\RtsUStor.sys
2014-10-20 01:38 . 2014-10-20 01:38 9890008 ----a-w- c:\windows\SysWow64\RsCRIcon.dll
2014-10-20 01:35 . 2014-11-04 22:02 -------- d-----w- c:\programdata\ProductData
2014-10-20 01:35 . 2014-10-20 01:35 -------- d-----w- c:\program files (x86)\IObit
2014-10-19 01:35 . 2014-11-04 08:24 -------- d-----w- c:\users\R.W.Solema\AppData\Roaming\COWON
2014-10-19 01:26 . 2014-11-04 08:24 -------- d-----w- c:\program files (x86)\Common Files\COWON
2014-10-19 01:26 . 2014-11-04 08:24 -------- d-----w- c:\program files (x86)\JetAudio
2014-10-19 01:22 . 2014-10-19 01:22 -------- d-----w- c:\users\R.W.Solema\AppData\Roaming\0F1L1I1P0H1L1E1E1F
2014-10-18 21:30 . 2010-07-26 05:23 56496 ----a-w- c:\windows\SysWow64\wbhelp2.dll
2014-10-18 21:30 . 2010-07-26 05:23 544768 ----a-w- c:\windows\SysWow64\wbocx.ocx
2014-10-18 21:30 . 2010-07-26 05:23 258352 ----a-w- c:\windows\SysWow64\unicows.dll
2014-10-18 21:30 . 2010-07-26 05:23 33968 ----a-w- c:\windows\SysWow64\anim.dll
2014-10-18 21:30 . 2010-07-26 05:23 1706800 ----a-w- c:\windows\SysWow64\gdiplus.dll
2014-10-18 21:30 . 2010-07-26 05:23 4608 ----a-w- c:\windows\SysWow64\W95INF32.DLL
2014-10-18 21:30 . 2010-07-26 05:23 2272 ----a-w- c:\windows\SysWow64\W95INF16.DLL
2014-10-14 22:27 . 2014-11-04 22:00 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-10-14 22:26 . 2014-10-14 22:26 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-14 22:26 . 2014-11-04 22:00 -------- d-----w- c:\program files (x86)\Java
2014-10-14 22:18 . 2014-10-10 02:05 276480 ----a-w- c:\windows\system32\generaltel.dll
2014-10-14 22:17 . 2014-08-29 02:07 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2014-10-13 01:31 . 2014-10-13 01:31 -------- d-----w- c:\users\R.W.Solema\AppData\Local\Eraser 6
2014-10-12 00:25 . 2014-10-12 00:25 -------- d-----w- c:\program files\MPC-HC
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-09 23:25 . 2014-09-06 01:27 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin
2014-11-08 13:01 . 2014-03-27 07:45 131800 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-08 12:45 . 2014-03-27 07:45 96472 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-28 13:34 . 2014-03-07 00:27 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-10-20 01:39 . 2014-03-19 07:45 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-20 01:39 . 2014-03-19 07:45 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-20 01:38 . 2014-06-12 22:03 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2014-10-15 10:00 . 2014-03-07 01:21 103265616 ----a-w- c:\windows\system32\MRT.exe
2014-10-02 21:32 . 2012-07-17 21:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-10-01 18:11 . 2014-03-27 07:45 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 18:11 . 2014-03-07 02:30 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-25 02:08 . 2014-09-30 18:47 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-09-30 18:47 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-19 07:36 . 2014-05-28 05:05 505416 ----a-w- c:\windows\SysWow64\msvcp71.dll
2014-09-19 07:36 . 2014-05-28 05:05 353864 ----a-w- c:\windows\SysWow64\msvcr71.dll
2014-09-09 22:11 . 2014-09-24 01:08 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 01:08 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-08-29 01:18 . 2014-08-06 23:35 25568 ----a-w- c:\windows\system32\drivers\KeyCrypt64.sys
2014-08-23 02:07 . 2014-08-27 19:28 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-27 19:28 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-10-02 21:28 223432 ----a-w- c:\users\R.W.Solema\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-10-02 21:28 223432 ----a-w- c:\users\R.W.Solema\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-10-02 21:28 223432 ----a-w- c:\users\R.W.Solema\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-10-01 7767832]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2014-09-26 6482200]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"StartMenuX26"="c:\program files\Start Menu X\StartMenuX.exe" [2014-06-03 7690048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LenovoFSC"="c:\program files (x86)\Lenovo\FanSpeedControl\LenovoFSC.exe" [2009-07-29 49152]
"jmekey"="c:\program files (x86)\jmesoft\hotkey.exe" [2009-07-16 114688]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-14 222504]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-12-13 135536]
"Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2014-08-30 440632]
"ZALFree"="c:\program files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe" [2014-08-29 12724456]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2014-09-19 296520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-09-27 271744]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files (x86)\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WNA1100 Smart Wizard.lnk - c:\program files (x86)\NETGEAR\WNA1100\WNA1100.exe [2014-3-6 4562944]
RealPlayer Cloud Service UI.lnk - c:\program files (x86)\Real\RealPlayer\RPDS\Bin64\rpsystray.exe [2014-5-27 1022048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\KEYCRY~1\KeyCrypt32(3).dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RealPlayerUpdateSvc;RealPlayer Update Service;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe;c:\program files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe;c:\program files (x86)\NETGEAR\WNA1100\jswpsapi.exe [x]
R3 LEqdUsb;Logicool SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x]
R3 LHidEqd;Logicool SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2014.SP3\RpcAgentSrv.exe;c:\program files\SiSoftware\SiSoftware Sandra Lite 2014.SP3\RpcAgentSrv.exe [x]
R3 ssmirrdr;ssmirrdr;c:\windows\system32\DRIVERS\ssmirrdr.sys;c:\windows\SYSNATIVE\DRIVERS\ssmirrdr.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 mkvtccivnf64;mkvtccivnf64;c:\program files\010\mkvtccivnf64.exe run options=01100010100000000000000000000000 sourceguid=92B36EB2-53CA-4C72-9832-65CCF55DEDB1;c:\program files\010\mkvtccivnf64.exe run options=01100010100000000000000000000000 sourceguid=92B36EB2-53CA-4C72-9832-65CCF55DEDB1 [x]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys;c:\windows\SYSNATIVE\DRIVERS\scmndisp.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
S1 JSWPSLWF;JumpStart Wireless Filter Driver;c:\windows\system32\DRIVERS\jswpslwfx.sys;c:\windows\SYSNATIVE\DRIVERS\jswpslwfx.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 RealPlayer Cloud Service;RealPlayer Cloud Service;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe;c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 WSWNA1100;WSWNA1100;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe;c:\program files (x86)\NETGEAR\WNA1100\WifiSvc.exe [x]
S3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
S3 fwndis;Emsisoft Firewall NDIS driver;c:\windows\system32\DRIVERS\fwndis64.sys;c:\windows\SYSNATIVE\DRIVERS\fwndis64.sys [x]
S3 keycrypt;keycrypt;c:\windows\system32\DRIVERS\KeyCrypt64.sys;c:\windows\SYSNATIVE\DRIVERS\KeyCrypt64.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SuperIO;Lenovo ASD HWM Driver;c:\windows\system32\DRIVERS\spio.sys;c:\windows\SYSNATIVE\DRIVERS\spio.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-11-06 12:47 1089352 ----a-w- c:\program files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-19 01:39]
.
2014-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-07 03:55]
.
2014-11-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-03-07 03:55]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-10-02 21:28 262344 ----a-w- c:\users\R.W.Solema\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-10-02 21:28 262344 ----a-w- c:\users\R.W.Solema\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-10-02 21:28 262344 ----a-w- c:\users\R.W.Solema\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2000-01-01 163384]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2000-01-01 387640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2000-01-01 418360]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2000-01-01 11786344]
"Greenshot"="c:\program files\Greenshot\Greenshot.exe" [2014-05-13 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\KEYCRY~1\KeyCrypt64(3).dll
.
------- Supplementary Scan -------
.
uStart Page = https://www.yahoo.com/?fr=hp-avast&type=odc179
uLocal Page = c:\windows\system32\blank.htm
mStart Page = https://www.yahoo.com/?fr=hp-avast&type=odc179
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = https://search.yahoo.com/yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
mSearch Bar = https://www.yahoo.com/?fr=hp-avast&type=odc179
uInternet Settings,ProxyOverride = <-loopback>;<local>
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
FF - ProfilePath - c:\users\R.W.Solema\AppData\Roaming\Mozilla\Firefox\Profiles\mxbcgzf7.default\
FF - prefs.js: browser.search.defaulturl - hxxps://search.yahoo.com/yhs/search
FF - prefs.js: browser.search.selectedEngine - Yahoo! (Avast)
FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/?fr=hp-avast&type=odc179
FF - prefs.js: keyword.URL - hxxps://search.yahoo.com/yhs/search
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-289670154-1285097819-147057498-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-289670154-1285097819-147057498-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_189_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_189.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-11-09 18:11:14
ComboFix-quarantined-files.txt 2014-11-10 02:11
ComboFix2.txt 2014-11-10 00:16
.
Pre-Run: 889,573,089,280 bytes free
Post-Run: 889,254,359,040 bytes free
.
- - End Of File - - FCB766A462D679E440E2AF8148CD440F
A36C5E4F47E84449FF07ED3517B43A31
 
Looks good.

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.



redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



redtarget.gif
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
AdwCleaner v4.101 - Report created 09/11/2014 at 18:45:38
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : R.W.Solema - COMPZILLA
# Running from : C:\Users\R.W.Solema\Downloads\adwcleaner_4.101.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : mkvtccivnf64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer
Folder Deleted : C:\Program Files (x86)\eSupport.com
Folder Deleted : C:\Program Files (x86)\GreenTree Applications
Folder Deleted : C:\Program Files\010
Folder Deleted : C:\Users\R.W.Solema\AppData\Local\eSupport.com
Folder Deleted : C:\Users\R.W.Solema\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Folder Deleted : C:\Users\R.W.Solema\AppData\Roaming\DigitalSites
Folder Deleted : C:\Users\R.W.Solema\AppData\Roaming\Systweak
Folder Deleted : C:\Users\R.W.Solema\AppData\Roaming\DriverTurbo
Folder Deleted : C:\Users\R.W.Solema\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck

***** [ Scheduled Tasks ] *****

Task Deleted : Driver Booster Scan
Task Deleted : Driver Booster Update
Task Deleted : LaunchSignup
Task Deleted : RocketTab Update Task
Task Deleted : RocketTab

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\ParetoLogic
Key Deleted : HKCU\Software\Search Extensions
Key Deleted : HKCU\Software\SecuredDownload
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SpeedMaxPC
Key Deleted : HKCU\Software\systweak
Key Deleted : HKLM\SOFTWARE\systweak
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344


-\\ Mozilla Firefox v33.0.3 (x86 en-US)

[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_aw_14_42_ff&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtC0EtByEtAzy0D0D0ByCtN0D0Tzu0StCtDtBtBtN1L2XzutAtFtBtFtCtFyDtN1L1Czu0S0P0D0YtN1L[...]
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_aw_14_42_ff&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtC0EtByEtAzy0D0D0ByCtN0D0Tzu0StCtDtBtBtN1L2XzutAtFtBtFtCtFyDtN1L1Czu0S0P0D0YtN[...]
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_aw_14_42_ff&cd=2XzuyEtN2Y1L1QzuyEyEtAyB0EyCtC0EtByEtAzy0D0D0ByCtN0D0Tzu0StCtDtBtBtN1L2XzutAtFtBtFtCtFyDtN1L1Czu0S0P0D0Y[...]
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxps://search.yahoo.com/yhs/search");
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.browser.search.defaultenginename.prev", "Yahoo");
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.browser.search.defaultenginename.savedPrev", "true");
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.browser.search.defaultenginename.tb", "Ask Web Search");
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.browser.search.selectedEngine.prev", "Yahoo");
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.browser.search.selectedEngine.savedPrev", "true");
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.browser.search.selectedEngine.tb", "Ask Web Search");
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.browser.startup.homepage.savedPrev", "true");
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.browser.startup.page.savedPrev", 1);
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.browser.startup.page.tb", 1);
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.firstKnownVersion", "6.72.4.59451");
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=A7942060-53E8-429D-A082-27654FCD8A98&n=780c9bb3&p2=^XP^xdm880^YYA^us&si=CJ77q_Pd9sACFU2Rfgod3nQAF[...]
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.hp.enabled", true);
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.hp.guardType", "HPR");
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.hp.user.defined", false);
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installKeysSource", "LocalStorage");
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installType", "XPI");
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.contextKey", "");
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2014092211");
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "^XP^xdm880^YYA^us");
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "CJ77q_Pd9sACFU2Rfgod3nQAFQ");
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "A7942060-53E8-429D-A082-27654FCD8A98");
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.isCompliantUninstallImplementation", true);
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1411454581757");
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.lastKnownVersion", "6.72.4.59451");
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", true);
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", true);
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", true);
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", true);
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.partnerPixelFired", false);
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.successUrl", "hxxp://download.televisionfanatic.com/installComplete.jhtml");
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.toolbarCollapsed", false);
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "93550");
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled", true);
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "televisionfanatic@mindspark.com");
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "televisionfanatic@mindspark.com");
[mxbcgzf7.default\prefs.js] - Line Deleted : user_pref("extensions.toolbar_OVO2-SP@apn.ask.com.install-event-fired", true);

-\\ Google Chrome v38.0.2125.111


*************************

AdwCleaner[R0].txt - [1837 octets] - [26/05/2014 00:23:09]
AdwCleaner[R1].txt - [9878 octets] - [09/11/2014 18:43:40]
AdwCleaner[S0].txt - [1591 octets] - [26/05/2014 00:24:36]
AdwCleaner[S1].txt - [9826 octets] - [09/11/2014 18:45:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [9886 octets] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Home Premium x64
Ran by R.W.Solema on Sun 11/09/2014 at 19:11:17.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted the following from C:\Users\R.W.Solema\AppData\Roaming\mozilla\firefox\profiles\mxbcgzf7.default\prefs.js

user_pref("extensions.64ffxtbr@TelevisionFanatic.com.install-event-fired", true);
Emptied folder: C:\Users\R.W.Solema\AppData\Roaming\mozilla\firefox\profiles\mxbcgzf7.default\minidumps [24 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 11/09/2014 at 19:20:20.31
End of JRT log
 
Broni; The rootkit warning showed up today. First time in 3 days Does that mean we haven't gotten rid of it yet? Or, that it came back?
Here's some info I didn't give you before:

file name
SVC:jswpsapi>C:\...jswpsapi.exe
Rootkit name?
win32:Evo-gen[sugt] ( not sure if sugt is right, sloppy hand writing,)
Did not follow instructions to run boottime scan, as I am working with you.

Quick question. Should I be keeping my pc off, and only turn it on when I'm working with you?
 
Last edited:
You must log in or register to reply here.

Similar threads

midian182
  • Locked
Microsoft issues warning on China's use of generative AI to disrupt US elections
2
Replies
41
Views
525
GodisanAtheist
GodisanAtheist
P
Starting problems
Replies
4
Views
292
captaincranky
captaincranky
M
Virus warning popup
Replies
1
Views
543
Mark Fuller
M

Latest posts

Back