[What format should my USB flash drive be for backing up some files...?]

Okay thanks everyone...!

I shall format it to fat32

[What format should my USB flash drive be for backing up some files...?]

Thanks for your replies so far!

Um, so would FAT32 work?

Does it need to be the same format as the hard drive on my computer?

I tried reading those links but they confused me a bit...

If I copy the files I want to onto the flash drive, I'd be able to copy them back onto the computer if/when needed if its either FAT32 or NTFS format..?

[What format should my USB flash drive be for backing up some files...?]

Stupid question, but I want to make sure I do this right.

I have a Windows Vista computer and I would like to know what format my 32GB USB flash drive needs to be so I can copy some files onto it (Which I hope is the same as backing up).

I tried searching on Google but all I could find was how to install WIndows from a flash drive onto a computer...

 

Thank you.

[Can an .mp3 file contain Malware?]

Thanks everyone for the infomation you have provided me!

I appreciate your time.

[Can an .mp3 file contain Malware?]

Thanks for the information!

But, what does file size have to do with it being malicious or not?

[Can an .mp3 file contain Malware?]

Thank you for all of your answers!

So if no antivirus on VirusTotal flags it as malicious, it should be safe?

 

Also, I had another question, can .AVI files be malicious or contain malware aswell? Or can... just any file be malicious?

[Can an .mp3 file contain Malware?]

Okay thank you.

So if I scanned an .mp3 file with Avast, SUPERAntiSpyware and Malwarebytes and it doesn't detect as a threat, it should be safe?

Thanks again.

[Can an .mp3 file contain Malware?]

I am wondering if .mp3 files could contain any sort of malware in any way?

 

I am not talking about a file that is named music.mp3 but the file type is an .exe being hidden by windows. I am talking about a real .mp3 file.

I also would preferably like someone to answer who knows what they are talking about.

I've been searching on the internet and many say yes and no... So I am still not sure.

 

Also if an .mp3 file could contain something malicious, would an antivirus or antimalware scanner detect it?

 

Thank you.

[What do these Firefox Add-ons do?]

Hello,

 

I've been looking at my Add-ons in firefox and have noticed a few which... I don't rememeber downloading BUT they have been there for a long time. I know nothing about them and I have not had them activated for a while so I'm guessing I don't need them. Could someone explain to me what these Add-ons do exactly?

 

Extensions:

 

Microsoft .NET Framework Assistant 0.0.0

 

Plugins:

 

RealPlayer Version Plugin 6.0.12.448

 

RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) 6.0.12.448

 

Shockwave for Director 12.0.0.112

 

Windows Presentation Foundation 3.5.30729.1

 

I tried doing some research (...Not alot) about them but I couldn't find much or didn't understand really what they're meant for...

 

Thanks

[Will there be a MBAM Pro sale for Christmas...?]

Wait, you can buy MBAM from more than 1 place? Where else can I buy MBAM then?

[Will there be a MBAM Pro sale for Christmas...?]

Just wondering, will there be a MBAM Pro sale or discount for Christmas...?

[Is this combination of add-ons bad?]

Thank you everyone for your anwsers!!

[[SOLVED] How do you uninstall MBAE?]

I did exit Malwarebytes Anti-Exploit and closed all other applications but the message still said:

Malwarebytes Anti-Exploit uninstall complete.

 

Some elements could not be removed. These can be removed manually.

 

I uninstalled it on my other computer then reinstalled it and it didn't have this message.

 

Also, when you say to uninstall MBAE, you mean with windows, in Programs and features?

 

Thankyou for a reply.

[Is this combination of add-ons bad?]

Well what I meant by bad was useless (Like more than one doing the same thing..?) or incompatible with each other... I guess I didnt explain very well.

I don't have much knowledge of how web browser extensions and add-ons work really...

[[SOLVED] How do you uninstall MBAE?]

This may seem like a stupid question but how do you properly uninstall Malwarebytes Anti-Exploit..?

I've tried searching around and I couldn't find anything... maybe I missed it..

I unisntalled with windows but then I got this message:

 

Malwarebytes Anti-Exploit uninstall complete.

 

Some elements could not be removed. These can be removed manually.

 

I don't know but this makes me feel like I've done something wrong.

Is this normal?

 

After it was uninstalled this way I checked in program files and the MBAE folder was still there so I just deleted it. Is this the elements that could not be removed during uninstallation?

 

I installed MBAE again and I noticed there is a file called mbam-uninstaller.exe.. So I double clicked on it and a black box popped up for less than a second... then nothing. Maybe I need to run as administrator or something..?

 

Again, sorry for stupid question.

 

Also the reason why I want to reinstall it is because the first time I installed it Avast Behavior Shield warned me about an untrusted program trying to modify a protected resource.

Curiously, I clicked Deny then Malwarebytes said something about install failed, terminating process or something.

 

 

So I decided to uninstall then reinstall and allow it next time but then I was unsure about uninstalling.

 

Thanks.

[Malwarebytes Pro and Avast! question]

Since these instuctions you are having trouble following are for Avast 6, you must have Avast 7, 8 or 9.

Each are slightly differant.

So I followed those instructions you posted and made my own version to explain how to do it in Avast 8 and 7 (Because thats the versions I have). I don't have Avast 9 or 2014 or whatever is the latest so I'm not sure. It would help if you told us what verison you have.

 

You can check by going into Maintenance then Update. At the bottom is where it should say what Program Version you have.

 

Anyway, here they are:

 

Avast 8:

 

Open Avast! user interface

Click on Security at the top right corner

Click on Antivirus on the left

Click on Behavior Shield

Click on Settings near the stop and start buttons

Click on Trusted Processes

Click on browse
Navigate to C:Program Files\Malwarebytes' Anti-Malware and click once on mbam.exe and click Open Note: For 64 bit Windows versions this will be Program Files (x86)

Do the same for the following files:

    mbamgui.exe
    mbamservice.exe

Click on OK

 

---------------------

 

Avast 7:

 

Click on Real-time shields on the left

Click on Behavior Shield

Click on Expert Settings

Click on Trusted processes

Navigate to C:Program Files\Malwarebytes' Anti-Malware and click once on mbam.exe and click Open Note: For 64 bit Windows versions this will be Program Files (x86)
Do the same for the following files:

    mbamgui.exe
    mbamservice.exe

 

Click on OK

 

---------------------

[Is this combination of add-ons bad?]

Don't know if this is a stupid question.. but I would like to know if this combination of Extensions for Firefox were bad or useless or conflicted with each other? (NOTE I dont have all of these downloaded yet, I wanted to know before I did)

Adblock Plus

Avast! WebRep

DoNotTrackMe

MaskMe

RequestPolicy

NoScript

 

Thanks. I have Windows Vista with Avast Free.

[I Might Have A Rootkit...?]

Sorry for the delay, I ran OTC it with Avast shields disabled.

[I Might Have A Rootkit...?]

Thank you so much!

One thing I should mention, when OTC was cleaning up, avast blocked something... Not sure if I should've disabled the shields... :/

But heres what Avast blocked:

Program: C:\Users\michelle\Desktop\OTC.exe

Action: Deny

Target: \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\catchme

Would that have affected the operation of OTC? Should I re-run it with Avast real-time shields off?

Thanks again! I appreciate what you do here on the forums!

[I Might Have A Rootkit...?]

Here we go:

Results of screen317's Security Check version 0.99.77

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 11

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

avast! Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Malwarebytes Anti-Malware version 1.75.0.1300

Adobe Flash Player 11.9.900.117

Adobe Reader XI

Mozilla Firefox (25.0.1)

````````Process Check: objlist.exe by Laurent````````

AVAST Software Avast AvastSvc.exe

AVAST Software Avast AvastUI.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

Kind of funny how it says my antivirus is up to date when Avast is still 7 when the new one is 9...

Doesn't matter, I will update it soon.

Thanks again.

[I Might Have A Rootkit...?]

So you didn't find any signs of infection?

Everything seems fine. I actually didn't find any problems with the computer after clicking that link in the email I just.. wanted to be sure, since I do banking and stuff on this computer. I guess Avast got the infection before it got to the computer!

But, Im curious of what AdwCleaner deleted? Just junk?

Thanks for your help, I appreciate it.

[I Might Have A Rootkit...?]

I hope this is the right AdwCleaner log because after the computer restarted it didn't pop up automatically.

Also, I should mention that when AdwCleaner asked me to restart and I clicked 'Yes' to restart the computer, I saw Avast said it blocked something for one second then it shut down. I didn't get any time to read what it it was at all, all I saw was an orange Avast box, which usually means on of the real-time shields blocked something. Anyway, here are is the log:

# AdwCleaner v3.012 - Report created 17/11/2013 at 21:32:39

# Updated 11/11/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : michelle - MICHELLE-PC

# Running from : C:\Users\michelle\Desktop\AdwCleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16457

-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\michelle\AppData\Roaming\Mozilla\Firefox\Profiles\pb73dy6u.default\prefs.js ]

Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]

Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

*************************

AdwCleaner[R0].txt - [1658 octets] - [17/11/2013 21:28:34]

AdwCleaner[s0].txt - [1595 octets] - [17/11/2013 21:32:39]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1655 octets] ##########

Here the Malwarebytes one:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Database version: v2013.11.17.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

michelle :: MICHELLE-PC [administrator]

17/11/2013 9:57:03 PM

mbam-log-2013-11-17 (21-57-03).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 211189

Time elapsed: 4 minute(s), 18 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Thanks.

[I Might Have A Rootkit...?]

Combofix scan is done! The only thing is, the Avast icon doesn't show up on the taskbar like it normally does, its still running right? I manually re-enabled the shields again after Combofix was done and it says the shields are working...

Anyway, heres the log:

ComboFix 13-11-16.01 - michelle 17/11/2013 11:53:20.6.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.6072.4539 [GMT 8:00]

Running from: c:\users\michelle\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\FlashPlayerApp.exe

.

.

((((((((((((((((((((((((( Files Created from 2013-10-17 to 2013-11-17 )))))))))))))))))))))))))))))))

.

.

2013-11-17 03:58 . 2013-11-17 03:58 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-11-17 03:58 . 2013-11-17 03:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-11-17 03:11 . 2013-11-17 03:11 9310 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS

2013-11-17 03:11 . 2013-11-17 03:11 8646 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS

2013-11-17 03:11 . 2013-11-17 03:11 8613 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS

2013-11-17 03:11 . 2013-11-17 03:11 6429 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS

2013-11-17 03:11 . 2013-11-17 03:11 63115 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS

2013-11-17 03:11 . 2013-11-17 03:11 5927 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS

2013-11-17 03:11 . 2013-11-17 03:11 4599 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS

2013-11-17 03:11 . 2013-11-17 03:11 8288 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS

2013-11-17 03:11 . 2013-11-17 03:11 6910 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS

2013-11-17 03:11 . 2013-11-17 03:11 6208 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS

2013-11-17 03:11 . 2013-11-17 03:11 18541 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS

2013-11-17 03:11 . 2013-11-17 03:11 1651 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS

2013-11-17 03:10 . 2013-11-17 03:10 8782 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS

2013-11-17 03:10 . 2013-11-17 03:10 7271 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS

2013-11-17 03:10 . 2013-11-17 03:10 51852 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS

2013-11-17 03:10 . 2013-11-17 03:10 23327 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS

2013-11-17 03:10 . 2013-11-17 03:10 20719 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS

2013-11-16 14:06 . 2013-11-16 14:32 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-11-16 14:06 . 2013-11-16 14:06 116440 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-11-17 03:14 . 2011-04-25 10:59 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll

2013-11-17 03:14 . 2011-05-06 00:51 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2013-11-16 14:05 . 2013-02-22 15:42 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2013-10-10 02:55 . 2011-12-19 21:21 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-17 06:37 . 2011-03-27 07:14 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2013-09-17 06:37 . 2011-03-27 07:13 336208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-11-08 6604568]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"BigPondWirelessBroadbandCM"="c:\program files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe" [2011-12-19 6137432]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]

R3 massfilter_lte;LTE Device Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_lte.sys;c:\windows\SYSNATIVE\drivers\massfilter_lte.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 zgdcat;ZTE Datacard AT Port;c:\windows\system32\DRIVERS\zgdcat.sys;c:\windows\SYSNATIVE\DRIVERS\zgdcat.sys [x]

R3 zgdcdiag;ZTE Datacard Diagnostics Port;c:\windows\system32\DRIVERS\zgdcdiag.sys;c:\windows\SYSNATIVE\DRIVERS\zgdcdiag.sys [x]

R3 zgdcmdm;ZTE Datacard Modem;c:\windows\system32\DRIVERS\zgdcmdm.sys;c:\windows\SYSNATIVE\DRIVERS\zgdcmdm.sys [x]

R3 zgdcnet;ZTE Datacard Network Adapter;c:\windows\system32\DRIVERS\zgdcnet.sys;c:\windows\SYSNATIVE\DRIVERS\zgdcnet.sys [x]

R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

R4 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe;c:\program files\TOSHIBA\TECO\TecoService.exe [x]

R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [x]

S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys;c:\windows\SYSNATIVE\DRIVERS\thpdrv.sys [x]

S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS;c:\windows\SYSNATIVE\DRIVERS\Thpevm.SYS [x]

S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys;c:\windows\SYSNATIVE\DRIVERS\tos_sps64.sys [x]

S1 aswKbd;aswKbd; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [x]

S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 regi;regi;c:\windows\system32\drivers\regi.sys;c:\windows\SYSNATIVE\drivers\regi.sys [x]

S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]

S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]

S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]

S2 SwiCardDetectSvc;Sierra Wireless Card Detection Service;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe;c:\program files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [x]

S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys;c:\windows\SYSNATIVE\DRIVERS\TVALZFL.sys [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys;c:\windows\SYSNATIVE\DRIVERS\hidshim.sys [x]

S3 nuvotonhidcir;Nuvoton HID CIR Receiver;c:\windows\system32\DRIVERS\nuvotonhidcir.sys;c:\windows\SYSNATIVE\DRIVERS\nuvotonhidcir.sys [x]

S3 nuvotonir;Nuvoton CIR Transceiver;c:\windows\system32\DRIVERS\nuvotonir.sys;c:\windows\SYSNATIVE\DRIVERS\nuvotonir.sys [x]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys;c:\windows\SYSNATIVE\DRIVERS\pgeffect.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192se.sys [x]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-11-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 02:55]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-06 709976]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-10 10103840]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-03-10 896032]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 10.0.0.138

FF - ProfilePath - c:\users\michelle\AppData\Roaming\Mozilla\Firefox\Profiles\pb73dy6u.default\

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe

HKLM-Run-HDMICtrlMan - c:\program files (x86)\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe

HKLM-Run-00TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1973585710-1515046713-2421341157-1001\Software\SecuROM\License information*]

"datasecu"=hex:25,15,87,64,f1,b8,dd,5e,91,be,63,db,b0,bb,53,e4,46,c4,74,6e,5e,

2a,37,dc,1c,a2,5d,47,5e,30,73,42,0e,3e,71,8d,cb,8c,a9,79,1e,4d,1c,d2,b0,56,\

"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-11-17 12:00:57

ComboFix-quarantined-files.txt 2013-11-17 04:00

.

Pre-Run: 635,949,359,104 bytes free

Post-Run: 637,600,137,216 bytes free

.

- - End Of File - - 987B76695C966AE9E4B6B5B81CE106FB

[I Might Have A Rootkit...?]

Hello, I'm back!

I had another look and I found the scan log, but theres also one called: System Log. I posted that one too just in case.

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

www.malwarebytes.org

Database version: v2013.11.16.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

michelle :: MICHELLE-PC [administrator]

16/11/2013 10:06:20 PM

mbar-log-2013-11-16 (22-06-20).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled:

Objects scanned: 239633

Time elapsed: 24 minute(s), 55 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.07.0.1007

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED

CPU speed: 1.729000 GHz

Memory total: 6367399936, free: 3785261056

Downloaded database version: v2013.11.16.03

Downloaded database version: v2013.10.11.02

=======================================

Initializing...

------------ Kernel report ------------

11/16/2013 22:06:17

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\DRIVERS\compbatt.sys

\SystemRoot\system32\DRIVERS\BATTC.SYS

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\iaStor.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\msahci.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\system32\DRIVERS\TVALZ.SYS

\SystemRoot\system32\DRIVERS\tos_sps64.sys

\SystemRoot\system32\DRIVERS\Thpevm.SYS

\SystemRoot\system32\DRIVERS\thpdrv.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\aswSnx.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\Drivers\aswKbd.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\Drivers\aswTdi.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\Drivers\aswrdr2.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\System32\Drivers\aswSP.SYS

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\intelppm.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\system32\DRIVERS\nvBridge.kmd

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\HECIx64.sys

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\DRIVERS\risdpe64.sys

\SystemRoot\system32\DRIVERS\rimspe64.sys

\SystemRoot\system32\DRIVERS\rixdpe64.sys

\SystemRoot\system32\DRIVERS\rtl8192se.sys

\SystemRoot\system32\DRIVERS\vwifibus.sys

\SystemRoot\system32\DRIVERS\Rt64win7.sys

\SystemRoot\system32\DRIVERS\nuvotonir.sys

\SystemRoot\system32\DRIVERS\nuvotonhidcir.sys

\SystemRoot\system32\DRIVERS\hidshim.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\tdcmdpst.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\DRIVERS\TVALZFL.sys

\SystemRoot\system32\DRIVERS\tosrfec.sys

\SystemRoot\system32\DRIVERS\CmBatt.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\circlass.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\drivers\nvhda64v.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\system32\DRIVERS\hidir.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_iaStor.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\Drivers\dvb7700all.sys

\SystemRoot\System32\Drivers\BdaSup.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\pgeffect.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Windows\system32\drivers\aswMonFlt.sys

\SystemRoot\System32\Drivers\aswFsBlk.SYS

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\drivers\peauth.sys

\??\C:\windows\system32\drivers\regi.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\clbcatq.dll

\Windows\System32\ws2_32.dll

\Windows\System32\urlmon.dll

\Windows\System32\ole32.dll

\Windows\System32\msctf.dll

\Windows\System32\user32.dll

\Windows\System32\kernel32.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\shell32.dll

\Windows\System32\lpk.dll

\Windows\System32\usp10.dll

\Windows\System32\Wldap32.dll

\Windows\System32\msvcrt.dll

\Windows\System32\imm32.dll

\Windows\System32\normaliz.dll

\Windows\System32\psapi.dll

\Windows\System32\comdlg32.dll

\Windows\System32\oleaut32.dll

\Windows\System32\advapi32.dll

\Windows\System32\gdi32.dll

\Windows\System32\difxapi.dll

\Windows\System32\nsi.dll

\Windows\System32\setupapi.dll

\Windows\System32\sechost.dll

\Windows\System32\iertutil.dll

\Windows\System32\wininet.dll

\Windows\System32\shlwapi.dll

\Windows\System32\imagehlp.dll

\Windows\System32\comctl32.dll

\Windows\System32\crypt32.dll

\Windows\System32\KernelBase.dll

\Windows\System32\devobj.dll

\Windows\System32\wintrust.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\msasn1.dll

----------- End -----------

Done!

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa80083b5060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IAAStorageDevice-1\

Lower Device Object: 0xfffffa8006356050

Lower Device Driver Name: \Driver\iaStor\

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa80083b5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80083b5b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa80083b5060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8008308710, DeviceName: \Device\THPDRV1\, DriverName: \Driver\Thpdrv\

DevicePointer: 0xfffffa8006353e40, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa8006356050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: F5E84D00

Partition information:

Partition 0 type is Other (0x27)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 3072000

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 3074048 Numsec = 1439358976

Partition file system is NTFS

Partition is bootable

Partition 2 type is HIDDEN (0x17)

Partition is NOT ACTIVE.

Partition starts at LBA: 1442433024 Numsec = 22714368

Partition is not bootable

Hidden partition VBR is not infected.

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...

Done!

Scan finished

=======================================

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_1_3074048_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_2_1442433024_i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam...

Removal finished

I shall try Combofix now...

[I Might Have A Rootkit...?]

Okay, Malwarebytes Anti-Rootkit finished scanning. It didn't find anything so I guess theres no log to post?

Thank you for helping me so far but I have to go right now, but I will be back tomorrow to continue doing anything else that is needed.

Thanks, see ya.